What if you did a user defined chain and jumped to it? Something like this: ipchains -A forward -i eth0:0 -j domorestuff (notice lower case) . . . ipchains -A domorestuff -s LAN/24 -j MASQ ipchains -A domorestuff -j LOG ipchains -A domorestuff -j DROP . . . So the only way you get to the domorestuff chain is if the other condition is true with your Internet interface. It's been a while since I used ipchains and so I might be getting my syntax mixed up with iptables. - Greg -----Original Message----- From: Javier Miguel Rodriguez [mailto:javier@talika.fie.us.es] Sent: Sunday, January 13, 2002 8:25 AM To: lartc@mailman.ds9a.nl Subject: [LARTC] ip alias and ipchains Hello I am trying to build a highly available firewall. I am using ultramonkey (http://ultramonkey.sourceforge.net/) and everything works fine... but I need to do -j MASQ over -i eth0:0 and this does not work. Here is my network setup Internet<---- Cluster of Firewalls<---> DMZ eth0:0 eth1:0 =09 | | LAN The default gateway of LAN is 192.168.2.125 (eth1:0 on both nodes of cluster, this work greats) I have a DSL connection to Internet, so I only have a valid IP address I need to do something like ipchains -A forward -i eth0:0 -j -s LAN/24 -j MASQ How can I achieve this? I am using kernel 2.2.20+freeswan 1.92 on both nodes. Thank you in advance and greetings from Seville (Spain)! --=20 Javier Miguel Rodr=EDguez. (GUFO) Miembro del grupo Linux de la Facultad de Inform=E1tica de Sevilla = -o) http://talika.fie.us.es/linux = /\\ Linux Registered User #145051. = _\_V _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: = http://ds9a.nl/lartc/
