[linux-help] Re: IPAlias,IP Masq. port forwarding

[Ivailo Chipev <ivak@xxxxxxxxxxxxxxx>]

-- =



hi all,

hope this exceprt from IP-Masquerading-HOWTO helps you:


7.24.  Can IP Masquerade work with only ONE Ethernet network card (IP
  Aliasing)?

  Yes and no. With the "IP Alias" kernel feature, users can setup
  multiple aliased interfaces such as eth0:1, eth0:2, etc but its is NOT
  recommended to use aliased interfaces for IP Masquerading.  Why?
  Providing a secure firewall becomes very difficult with a single NIC
  card.  In addition to this, you will experience an abnormal amount of
  errors on this link since incoming packets will almost simultaneously
  be sent out at the same time.  Because of all this and NIC cards now
  cost less than $10, I highly recommend to just get a NIC card for each
  MASQed network segment.

  Users should also understand that IP Masquerading will only work out a
  physical interface such as eth0, eth1, etc.  MASQing out an aliased
  interface such as "eth0:1, eth1:1, etc" will NOT work.  In other
  words, the following WILL NOT WORK:


  =B7  /sbin/ipfwadm -F -a m -W eth0:1 -S 192.168.0.0/24 -D 0.0.0.0/0

  =B7  /sbin/ipchains -A forward -i eth0:1 -s 192.168.0.0/24 -j MASQ"

  If you are still interested in using aliased interfaces, you need to
  enable the "IP Alias" feature in the kernel.  You will then need to
  re-compile and reboot.   Once running the new kernel, you need to
  configure Linux to use the new interface (i.e. /dev/eth0:1, etc.).
  After that, you can treat it as a normal Ethernet interface with some
  restrictions like the one above.


---

 ivailo "ivak" chipev
 dekster's lab ltd. - it research and media development

 3 ianko sakazov blvd, apt.7, 1505 sofia, bulgaria

 [ http://www.deksterslab.net/ ]
 [ mailto:ivak@xxxxxxxxxxxxxxx ]

 ---
-- This is the linux-help@xxxxxxxxx list.  To unsubscribe,
visit http://tmp2.complete.org/cgi-bin/listargate-aclug.cgi