Marko Vojinovic wrote:
On Wednesday 23 August 2006 17:09, Marko Vojinovic wrote:
Short version:
My eth2 device is supposed to listen to two different IP addresses, so I
created an alias, eth2:1.
From what I can figure, and I could be quite wrong, using alias devices
is deprecated. I've been using /sbin/ip alot to configure devices and
routes.
Here's a made up example that you may be able to use as a base for what
you are trying to do.
/sbin/ip address add 10.0.0.1/24 device eth1
/sbin/ip address add 10.0.0.2/24 device eth1
/sbin/ip link set device eth1 up
# eth1 now has 2 IPs and is up. You can check that with either ifconfig
# or with /sbin/ip link list -or- /sbin/ip address list
# if you need you can specify that all traffic for that subnet be routed
# through that device
/sbin/ip route add 10.0.0.0/24 device eth1
# or that it be your default route
/sbin/ip route add default via 10.0.0.1(or 2) device eth1
/sbin/ip is very powerful. I highly recommend it to anyone doing
anything at all with networks.
Hope that helps,
Mike Wright
However, I cannot communicate to it unless the
firewall is down. As for the firewall, I am not so comfortable with
iptables, so I use firestarter as a gui to it. But there is no (obvious)
way to configure it for eth2:1...
So, how are ethernet aliases implemented in general and what is their
interaction with iptables like? I need to have the working eth2:1 with
firewall being up, how? :-(
I give up. It seems there is no way to make firestarter work with aliases. It
requires exactly one 'internet' device and one 'local' device. It is possible
to make eth2:1 work by manually inserting a couple of rules in iptables, but
they eventually get overwritten the next time firestarter is started. In
principle, I could make a cron job check iptables periodically and insert the
rules if necessary, but that would be too ugly hack.
Ping works because iptables are set to be transparent to icmp packets.
At this point half of the configuration I made on the machine is useless since
httpd, dhcpd and named are not able to go through the eth2:1 device, and I
need to rethink the design of the whole thing.
Or give up firestarter, master iptables skills and tweak them manually every
time (which is equally painful)...
Oh, well... :-(
Best regards,
Mark
--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list