Re: ip-alias and NAT doesn't work

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 2003.07.29 15:01, Rupali Kasralikar wrote:
> Hi,
> 
> Further to ip-alias - NAT and ip-alias.
> Any help on this one would be much appreciated.
> 
> I have very simple configuration.
> 1>
> Linux machine with ip address -
> eth0:    192.168.2.2/24
> eth0:0    172.16.10.10/24
> 
> I have NAT enable on eth0 of Linux machine.
> Output of
> >ipchains -L -n -t nat
> Chain POSTROUTING (policy ACCEPT)
> target     prot  opt source    destination
> 
> MASQUERADE  all  --  172.16.2.0/24        0.0.0.0/0
> 
> 
> Also I have dialup connection on linux machine (ppp
> interface) to connect to public network.
> 
> 2> another NT machine with ip address,
> 172.16.10.8/24
> 
> I can ping from NT machine to 172.16.10.10 as well
> 192.168.2.2 on Linux machine.
> Also I can ping to 192.168.10.8 of NT machine from
> Linux box.
> 
> Now my question is, if I try to ping to public IP from
> NT machine (i.e esentially from ip alias interface) I
> don't see connectivity (no ICMP echo reply) to outside
> world. I can connect otherwise (i.e ppp is up and
> running)
> 
> Does alias interface needs to add masquerading rule as
> well?
> 
> Thanks
> 
> __________________________________
> Do you Yahoo!?
> Yahoo! SiteBuilder - Free, easy-to-use web site design software
> http://sitebuilder.yahoo.com
> -
> : send the line "unsubscribe linux-net"
> in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
> 

The short answer is "don't/can't use IP aliases with IPtables/
NetFilter". You will need to use iproute2 (by Alexey Kuznetsov) to 
assign extra IPs to a single interface (device).

ip address show
or
ip addr show

will show all the interfaces and their layer2/layer3 info.

"ip address add ..." will let you add addresses.

"ip -help" will give you all the options.

hth,
Aamchi Mumbai.

-- 
Ranjeet Shetye
Senior Software Engineer
Zultys Technologies
Ranjeet dot Shetye2 at Zultys dot com
http://www.zultys.com/
--
The views, opinions, and judgements expressed in this message are 
solely those of the author. The message contents have not been reviewed 
or approved by Zultys.
-
: send the line "unsubscribe linux-net" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [Netdev]     [Ethernet Bridging]     [Linux 802.1Q VLAN]     [Linux Wireless]     [Kernel Newbies]     [Security]     [Linux for Hams]     [Netfilter]     [Git]     [Bugtraq]     [Yosemite News and Information]     [MIPS Linux]     [ARM Linux]     [Linux RAID]     [Linux PCI]     [Linux Admin]     [Samba]

  Powered by Linux