From: "Jack Bowling" <jbinpg@shaw.ca>
> ** Reply to message from Hidemasa Yamakawa <yamakawa@TCSAmerica.com> on
Fri, 06
> Dec 2002 10:16:19 -0500
>
>
> > Hi, all,
> >
> > I assigned 2 ip address to one ethernet card.
> > One is eth0 and another is eth0:1.
> > INPUT and FORWARD policy is DROP
> > When I input
> > iptables -A INPUT -i eth0:1 -j ACCEPT
> > I got warning
> > Warning: wierd character in interface `eth0:1' (No aliases, :, ! or *).
> > and no packet come through this interface.
> > Kindly advice please.
>
> Iptables is not lying to you. It does not like the old standard alias
syntax in
> its rules.
Think about it a minute. Iptables is a security tool. Aliases
mean the data is on the "eth0" network ready to be sniffed if
you try to have two different addresses on two different
virtual networks on one "eth0". So it is quite logical for it
to refuse to support such an idiot configuration.
And as Jack mentioned right way to do routing is with routing
hardware. But routing between two networks on a single wire
is just a wee bit boggling. There's no "security" in that
arrangement. Is it a historical thing that is combining the
computers from two different companies that had different
addresses? It MAY be easier to simply readdress one set. But
a forced routing could also solve the issue. The "route"
command should do nicely to force the routing.
{^_^}
--
Psyche-list mailing list
Psyche-list@redhat.com
https://listman.redhat.com/mailman/listinfo/psyche-list
