Hi Rob,
IIRC, to do forwarding to an alias you have to use the IP address instead of
the interface name. However, according to what you need to accomplish, you
may be able to use the + symbol at the end of the interface name
(i.e. eth0+) to use any interface beginning with that name (man ipchains for
more info), it may or may not resolve your problem.
Have fun,
--
_________________________________________________________________
Brian Ashe CTO
[EMAIL PROTECTED] Dee-Web Software Services, LLC.
http://www.dee-web.com/
-----------------------------------------------------------------
You don't have to swim faster than the shark...
You just have to swim faster than the people you're with.
Wednesday, September 20, 2000, 12:59:45 PM, you wrote:
RT> Michael,
RT> Thanks for your response. It turns out part of the problem was a
RT> cockpit error on my part, otherwise know as an error in the packet
RT> filter. Rather than debugging it at the moment, I basically stripped
RT> everything out not related to the forward/masq/NAT function.
RT> The result is that IP aliasing is now working, but forwarding is not.
RT> I can, for example, telnet to the box from the outside using the second
RT> IP address. Forwarding, however, to the aliased interface is still
RT> hosed.
RT> I wonder if I'm trying to do something that the kernel is plain not
RT> designed to do?
RT> -- Rob
RT> --On 09/20/00 11:15:24 AM -0500 "Michael R. Jinks"
RT> <[EMAIL PROTECTED]> wrote:
>> can't help too much with the main issue; i've always thought that you
>> _should_ be able to forward/masq/NAT an aliased interface, and it
>> kind of cuts down on the utility of the whole thing if you can't.
>> but i haven't tried to do it myself in a while (since before ipchains
>> was available actually) so my experience is probably irrelevant. you
>> might want to look into the firewalling code being developed for the
>> 2.4.x series of kernels, it is reportedly a complete rewrite (again)
>> and they may have this problem solved.
>>
>> as an aside, though, i can tell you that for some reason ip aliasing
>> has never been written as a module, it's either available in the
>> kernel (apparently the one you have has it turned on) or it's not.
>> you can get a nice tour of the linux kernel, even if you don't plan
>> on installing a custom one yourself, by installing the source code
>> for the kernel version you're running, cd'ing to the base directory,
>> and typing "make xconfig".
>>
>> hth,
>> -m
>>
>> On Tue, Sep 19, 2000 at 11:01:21PM -0700, Rob Tanner wrote:
>>> Hi all,
>>>
>>> I have Redhat 6.2 installed along with VMWare 2 with NT4 installed
>>> in the VMWare virtual machine. I'm doing some development work on
>>> that other platform, and I need to be able to access its services
>>> from the net. I wrote an /sbin/ipchains packet filter including
>>> forwarding and masquerading the VMWare net (vmnet1).
>>>
>>> Here's the problem: simply forwarding and masquerading to the
>>> external interface means all outbound traffic goes out as my main
>>> address. There is no way (that I know of) to initiate a TCP session
>>> from the outside since masquerading works just like NAT.
>>>
>>> I haven't yet discovered in Redhat specific IP aliasing
>>> documentation and I don't have an ip_alias.o kernel module (nor
>>> have I found source code). But, ifconfig eth0:0 <ipaddress> works
>>> and creates an alias I can ping externally, so I presume that IP
>>> aliasing is compiled into the kernel by default.
>>>
>>> Since forwarding/masquerading from vmnet1 to eth0 works just as
>>> advertised, why can't I likewise forward/masquerade to eth0:0?
>>>
>>> Thanks,
>>> Rob
>>>
>>>
>>> _ _ _ _ _ _ _ _ _ _
>>> /\_\_\_\_\ /\_\ /\_\_\_\_\_\
>>> /\/_/_/_/_/ /\/_/ \/_/_/_/_/_/ QUIDQUID LATINE DICTUM
>>> SIT, /\/_/__\/_/ __ /\/_/ /\/_/ PROFUNDUM VIDITUR
>>> /\/_/_/_/_/ /\_\ /\/_/ /\/_/
>>> /\/_/ \/_/ /\/_/_/\/_/ /\/_/ (Whatever is said in Latin
>>> \/_/ \/_/ \/_/_/_/_/ \/_/ appears profound)
>>>
>>> Rob Tanner
>>> McMinnville, Oregon
>>> [EMAIL PROTECTED]
>>>
>>>
>>>
>>> _______________________________________________
>>> Redhat-list mailing list
>>> [EMAIL PROTECTED]
>>> https://listman.redhat.com/mailman/listinfo/redhat-list
>>
>> --
>> Michael Jinks, IB
>> Systems Administrator, CCCP
>> finger [EMAIL PROTECTED] for public key
>> Vote Duke! http://www.entertaindom.com/pages/duke2000/home.jsp
>>
>>
>>
>> _______________________________________________
>> Redhat-list mailing list
>> [EMAIL PROTECTED]
>> https://listman.redhat.com/mailman/listinfo/redhat-list
RT> _ _ _ _ _ _ _ _ _ _
RT> /\_\_\_\_\ /\_\ /\_\_\_\_\_\
RT> /\/_/_/_/_/ /\/_/ \/_/_/_/_/_/ QUIDQUID LATINE DICTUM SIT,
RT> /\/_/__\/_/ __ /\/_/ /\/_/ PROFUNDUM VIDITUR
RT> /\/_/_/_/_/ /\_\ /\/_/ /\/_/
RT> /\/_/ \/_/ /\/_/_/\/_/ /\/_/ (Whatever is said in Latin
RT> \/_/ \/_/ \/_/_/_/_/ \/_/ appears profound)
RT> Rob Tanner
RT> McMinnville, Oregon
RT> [EMAIL PROTECTED]
RT> _______________________________________________
RT> Redhat-list mailing list
RT> [EMAIL PROTECTED]
RT> https://listman.redhat.com/mailman/listinfo/redhat-list
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
