On Monday 10 March 2003 06:02 am, Henning Riis Rasmussen wrote: > LAN0 (Local protected network) > WAN1 (Sister organisation) > INET2 (Internet) > Hence, I need WAN1 to have more than one IP address (i.e. 10.0.0.1/24, > 10.0.0.2/24 and 10.0.0.3/24). > > I assume I should use DNAT to provide the address translation needed > for the hosts on the LAN that must be visible on the WAN. But what am > I supposed to do about getting arp responses for the extra IP > addresses on the WAN1 interface? I recall using the kernel IP aliasing > option in previous setups, but this is no longer an option in kernel > 2.4.20 (as far as I can tell). > > What is the "correct" way to set this up? if WAN1 is eth0 with 10.0.0.1 presently, then try this: ifconfig eth0:1 10.0.0.2 netmask 255.255.255.0 ifconfig eth0:2 10.0.0.3 netmask 255.255.255.0 This creates an alias on eth0 adding 10.0.0.2 as an additional IP for that interface, then again for 10.0.0.3. Obviously the root interface needs to match the WAN interface. A subsequent 'ifconfig' will show these as additional interfaces on the same MAC. Packet info (RX and TX statistics) will show only on the root interface. In an iptables rule you can only use the root interface (eth0 in the above example) but can still match source or dest IP to distinguish one from another in most cases. j
