[Firewall] Multiple (aliased) external IPs on one interface?

Lonnie Abelbeck lists at lonnie.abelbeck.com
Mon Jun 10 18:55:00 CEST 2013


Rich,

iptables can not handle alias labels such as eth0:0, instead you can use the associated IP address, for example:
--
ip addr add 1.2.3.10/32 dev eth0 label eth0:1
ip addr add 1.2.3.11/32 dev eth0 label eth0:2
--
Then prefix the AIF rule with "1.2.3.10#" or "1.2.3.11#" for NAT_FORWARD_TCP and such, for example:

NAT_FORWARD_TCP="1.2.3.10#0/0~8008>10.10.10.10~80"


Lonnie


On Jun 10, 2013, at 10:41 AM, Rich wrote:

> Hi,
> 
> I have a server with multiple IP addresses for the one interface (so I can run separate ssl services on 443).
> 
> The IPs were set up with the (Debian) ip command:
> 
>    ip addr add 1.2.3.4/24  dev eth0 label eth0:0
> 
> 
> When I enter eth0:0 in as an interface as an external interface in the firewall config, it says "eth0:0 does not exist (yet?)" on restarting the firewall, which I think means it's not working.
> 
> Can Arno-Iptables-Firewall handle this scenario? (and then, is it possible to open different ports on the different interfaces?)
> 
> Thanks,
> 
> Rich
> 
> _______________________________________________
> Firewall mailing list
> Firewall at rocky.eld.leidenuniv.nl
> http://rocky.eld.leidenuniv.nl/mailman/listinfo/firewall
> Arno's (Linux IPTABLES Firewall) Homepage:
> http://rocky.eld.leidenuniv.nl
> 
> 



More information about the Firewall mailing list