Re: An "arp ... pub" replacement?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 2020-10-26 18:02, Steve Hill wrote:


1. Add aliases for all of the addresses onto the internet NIC of the firewall.  You used to be able to create an /etc/sysconfig/network-scripts/ifcfg-eth0-range0 file with the address range in it and have the network scripts automatically add the aliases. Unfortunately NetworkManager no longer seems to support this.  Also this feels quite messy because you end up with a lot of addresses attached to the NIC, and strictly speaking those addresses don't really belong to the firewall since they are intended to be forwarded through to internal machines.


This appears the correct solution to me. Your additional IPs definitely belong to the 198.51 interface of your firewall, if you look at them
from the point of view of the ISP router.
The fact that your firewall is doing DNAT to many LAN machines is a detail that only the firewall must be aware of (iptables rules).

Maybe your problem is just in how to achieve this with NetworkManager, which is probably not the right tool for these "non desktop" setups.
With good old ifcfg scripts you do not even need aliases anymore, I achieve a similar configuration through:

  IPADDR=x.x.x.2
  NETMASK=255.255.255.254 (this is to catch the router at x.x.x.1, your correct mask is another possible option here)
  IPADDR0=x.x.x.3
  NETMASK0=255.255.255.255
  IPADDR1=x.x.x.4
  NETMASK1=255.255.255.255
  ...and so on

(for IPV6 you would need IPV6ADDR and a single line with IPV6ADDR_SECONDARIES).

This works for me on Centos7, but I do not think Fedora has broken the network scripts yet.
To be honest my case is a few IPs (5) and not on the same subnetwork (so called "portable IPs" in cloud setups), but it should work for you too.
(the logic starts in this line in /etc/sysconfig/network-scripts/network-functions: "    for idx in '' {0..255} ; do" )

Best regards.

--
   Roberto Ragusa    mail at robertoragusa.it
_______________________________________________
users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux