Re: Need help with network aliases and firewall (FC4)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Marko Vojinovic wrote:
On Wednesday 23 August 2006 17:09, Marko Vojinovic wrote:

Short version:

My eth2 device is supposed to listen to two different IP addresses, so I
created an alias, eth2:1.

From what I can figure, and I could be quite wrong, using alias devices is deprecated. I've been using /sbin/ip alot to configure devices and routes.

Here's a made up example that you may be able to use as a base for what you are trying to do.

/sbin/ip address add 10.0.0.1/24 device eth1
/sbin/ip address add 10.0.0.2/24 device eth1
/sbin/ip link set device eth1 up

# eth1 now has 2 IPs and is up.  You can check that with either ifconfig
#  or with /sbin/ip link list -or- /sbin/ip address list

# if you need you can specify that all traffic for that subnet be routed
#  through that device

/sbin/ip route add 10.0.0.0/24 device eth1

# or that it be your default route

/sbin/ip route add default via 10.0.0.1(or 2) device eth1

/sbin/ip is very powerful. I highly recommend it to anyone doing anything at all with networks.

Hope that helps,
Mike Wright

However, I cannot communicate to it unless the
firewall is down. As for the firewall, I am not so comfortable with
iptables, so I use firestarter as a gui to it. But there is no (obvious)
way to configure it for eth2:1...

So, how are ethernet aliases implemented in general and what is their
interaction with iptables like? I need to have the working eth2:1 with
firewall being up, how? :-(


I give up. It seems there is no way to make firestarter work with aliases. It requires exactly one 'internet' device and one 'local' device. It is possible to make eth2:1 work by manually inserting a couple of rules in iptables, but they eventually get overwritten the next time firestarter is started. In principle, I could make a cron job check iptables periodically and insert the rules if necessary, but that would be too ugly hack.

Ping works because iptables are set to be transparent to icmp packets.

At this point half of the configuration I made on the machine is useless since httpd, dhcpd and named are not able to go through the eth2:1 device, and I need to rethink the design of the whole thing.

Or give up firestarter, master iptables skills and tweak them manually every time (which is equally painful)...

Oh, well... :-(

Best regards,
Mark


--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux