Michael,
Thanks for your response. It turns out part of the problem was a
cockpit error on my part, otherwise know as an error in the packet
filter. Rather than debugging it at the moment, I basically stripped
everything out not related to the forward/masq/NAT function.
The result is that IP aliasing is now working, but forwarding is not.
I can, for example, telnet to the box from the outside using the second
IP address. Forwarding, however, to the aliased interface is still
hosed.
I wonder if I'm trying to do something that the kernel is plain not
designed to do?
-- Rob
--On 09/20/00 11:15:24 AM -0500 "Michael R. Jinks"
<[EMAIL PROTECTED]> wrote:
> can't help too much with the main issue; i've always thought that you
> _should_ be able to forward/masq/NAT an aliased interface, and it
> kind of cuts down on the utility of the whole thing if you can't.
> but i haven't tried to do it myself in a while (since before ipchains
> was available actually) so my experience is probably irrelevant. you
> might want to look into the firewalling code being developed for the
> 2.4.x series of kernels, it is reportedly a complete rewrite (again)
> and they may have this problem solved.
>
> as an aside, though, i can tell you that for some reason ip aliasing
> has never been written as a module, it's either available in the
> kernel (apparently the one you have has it turned on) or it's not.
> you can get a nice tour of the linux kernel, even if you don't plan
> on installing a custom one yourself, by installing the source code
> for the kernel version you're running, cd'ing to the base directory,
> and typing "make xconfig".
>
> hth,
> -m
>
> On Tue, Sep 19, 2000 at 11:01:21PM -0700, Rob Tanner wrote:
>> Hi all,
>>
>> I have Redhat 6.2 installed along with VMWare 2 with NT4 installed
>> in the VMWare virtual machine. I'm doing some development work on
>> that other platform, and I need to be able to access its services
>> from the net. I wrote an /sbin/ipchains packet filter including
>> forwarding and masquerading the VMWare net (vmnet1).
>>
>> Here's the problem: simply forwarding and masquerading to the
>> external interface means all outbound traffic goes out as my main
>> address. There is no way (that I know of) to initiate a TCP session
>> from the outside since masquerading works just like NAT.
>>
>> I haven't yet discovered in Redhat specific IP aliasing
>> documentation and I don't have an ip_alias.o kernel module (nor
>> have I found source code). But, ifconfig eth0:0 <ipaddress> works
>> and creates an alias I can ping externally, so I presume that IP
>> aliasing is compiled into the kernel by default.
>>
>> Since forwarding/masquerading from vmnet1 to eth0 works just as
>> advertised, why can't I likewise forward/masquerade to eth0:0?
>>
>> Thanks,
>> Rob
>>
>>
>> _ _ _ _ _ _ _ _ _ _
>> /\_\_\_\_\ /\_\ /\_\_\_\_\_\
>> /\/_/_/_/_/ /\/_/ \/_/_/_/_/_/ QUIDQUID LATINE DICTUM
>> SIT, /\/_/__\/_/ __ /\/_/ /\/_/ PROFUNDUM VIDITUR
>> /\/_/_/_/_/ /\_\ /\/_/ /\/_/
>> /\/_/ \/_/ /\/_/_/\/_/ /\/_/ (Whatever is said in Latin
>> \/_/ \/_/ \/_/_/_/_/ \/_/ appears profound)
>>
>> Rob Tanner
>> McMinnville, Oregon
>> [EMAIL PROTECTED]
>>
>>
>>
>> _______________________________________________
>> Redhat-list mailing list
>> [EMAIL PROTECTED]
>> https://listman.redhat.com/mailman/listinfo/redhat-list
>
> --
> Michael Jinks, IB
> Systems Administrator, CCCP
> finger [EMAIL PROTECTED] for public key
> Vote Duke! http://www.entertaindom.com/pages/duke2000/home.jsp
>
>
>
> _______________________________________________
> Redhat-list mailing list
> [EMAIL PROTECTED]
> https://listman.redhat.com/mailman/listinfo/redhat-list
_ _ _ _ _ _ _ _ _ _
/\_\_\_\_\ /\_\ /\_\_\_\_\_\
/\/_/_/_/_/ /\/_/ \/_/_/_/_/_/ QUIDQUID LATINE DICTUM SIT,
/\/_/__\/_/ __ /\/_/ /\/_/ PROFUNDUM VIDITUR
/\/_/_/_/_/ /\_\ /\/_/ /\/_/
/\/_/ \/_/ /\/_/_/\/_/ /\/_/ (Whatever is said in Latin
\/_/ \/_/ \/_/_/_/_/ \/_/ appears profound)
Rob Tanner
McMinnville, Oregon
[EMAIL PROTECTED]
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
