IP Aliasing

IP Aliasing

[Michael Montero]

I'm trying to set up 2 IP aliases on my firewall box.  It's Redhat 7.2.  I
believe I have the 2 alias (eth0:0 and eth0:1) set up properly.  Is there
anything in particular I need to do with iptables to activate these 2
interfaces?  I've attempted to execute rules with the interface specified
as eth0:0 and iptables does not seem to like that.  Anyone have any docs I
can read about proper IP aliasing under Redhat and what I need to do for
iptables?

Thanks!

Re: IP Aliasing

[George Georgalis]

On Fri, May 31, 2002 at 12:55:57PM -0400, Michael Montero wrote:
>I'm trying to set up 2 IP aliases on my firewall box.  It's Redhat 7.2.  I
>believe I have the 2 alias (eth0:0 and eth0:1) set up properly.  Is there
>anything in particular I need to do with iptables to activate these 2
>interfaces?  I've attempted to execute rules with the interface specified
>as eth0:0 and iptables does not seem to like that.  Anyone have any docs I
>can read about proper IP aliasing under Redhat and what I need to do for
>iptables?
>

I would try '-i eth0' for all you aliases and use '-i/-o address[/mask]'
if you refer to a particular subnet. Reasoning: the interface is being
aliased and iptables sees them all as eth0.

Let me know if this works ;^) I'll be trying it shortly.

// George

-- 
GEORGE GEORGALIS, System Admin/Architect    cell: 347-451-8229 
Security Services, Web, Mail,            mailto:george@galis.org 
File, Print, DB and DNS Servers.       http://www.galis.org/george 

Re: IP Aliasing

[j davis]

this does work, this is proablly a weekley question trailing the ever 
popular
Q   what ports for my game? This question has been asked 2 or three times 
just in the last few days...view the Virtual Host emails this week,

>From: George Georgalis <georgw@galis.org>
>To: Michael Montero <mmontero@mail.communityconnect.com>
>CC: netfilter@lists.samba.org
>Subject: Re: IP Aliasing
>Date: Fri, 31 May 2002 13:18:49 -0400
>MIME-Version: 1.0
>Received: from hotmail.com ([65.54.236.29]) by hotmail.com with Microsoft 
>SMTPSVC(5.0.2195.4905); Fri, 31 May 2002 10:29:25 -0700
>Received: from lists.samba.org ([198.186.203.85]) by hotmail.com with 
>Microsoft SMTPSVC(5.0.2195.4905); Fri, 31 May 2002 10:19:23 -0700
>Received: from va.samba.org (localhost [127.0.0.1])by lists.samba.org 
>(Postfix) with ESMTPid E5C4045C7; Fri, 31 May 2002 10:22:21 -0700 (PDT)
>Received: from trot.galis.org (ool-43530772.dyn.optonline.net 
>[67.83.7.114])by lists.samba.org (Postfix) with ESMTP id 4AD554109for 
><netfilter@lists.samba.org>; Fri, 31 May 2002 10:20:14 -0700 (PDT)
>Received: (from gx@localhost)by trot.galis.org (8.11.6/8.11.6) id 
>g4VHInI19140;Fri, 31 May 2002 13:18:49 -0400
>Delivered-To: netfilter@lists.samba.org
>Message-ID: <20020531131849.C17865@trot.haven.dom>
>References: <Pine.LNX.4.04.10205311254170.5797-100000@lysa>
>User-Agent: Mutt/1.2.5.1i
>In-Reply-To: <Pine.LNX.4.04.10205311254170.5797-100000@lysa>; from 
>mmontero@mail.communityconnect.com on Fri, May 31, 2002 at 12:55:57PM -0400
>Sender: netfilter-admin@lists.samba.org
>Errors-To: netfilter-admin@lists.samba.org
>X-BeenThere: netfilter@lists.samba.org
>X-Mailman-Version: 2.0.8
>Precedence: bulk
>List-Help: <mailto:netfilter-request@lists.samba.org?subject=help>
>List-Post: <mailto:netfilter@lists.samba.org>
>List-Subscribe: 
><http://lists.samba.org/listinfo/netfilter>,<mailto:netfilter-request@lists.samba.org?subject=subscribe>
>List-Id: netfilter user discussion list <netfilter.lists.samba.org>
>List-Unsubscribe: 
><http://lists.samba.org/listinfo/netfilter>,<mailto:netfilter-request@lists.samba.org?subject=unsubscribe>
>List-Archive: <http://lists.samba.org/pipermail/netfilter/>
>Return-Path: netfilter-admin@lists.samba.org
>X-OriginalArrivalTime: 31 May 2002 17:19:25.0848 (UTC) 
>FILETIME=[504C3180:01C208C7]
>
>On Fri, May 31, 2002 at 12:55:57PM -0400, Michael Montero wrote:
> >I'm trying to set up 2 IP aliases on my firewall box.  It's Redhat 7.2.  
>I
> >believe I have the 2 alias (eth0:0 and eth0:1) set up properly.  Is there
> >anything in particular I need to do with iptables to activate these 2
> >interfaces?  I've attempted to execute rules with the interface specified
> >as eth0:0 and iptables does not seem to like that.  Anyone have any docs 
>I
> >can read about proper IP aliasing under Redhat and what I need to do for
> >iptables?
> >
>
>I would try '-i eth0' for all you aliases and use '-i/-o address[/mask]'
>if you refer to a particular subnet. Reasoning: the interface is being
>aliased and iptables sees them all as eth0.
>
>Let me know if this works ;^) I'll be trying it shortly.
>
>// George
>
>--
>GEORGE GEORGALIS, System Admin/Architect    cell: 347-451-8229
>Security Services, Web, Mail,            mailto:george@galis.org
>File, Print, DB and DNS Servers.       http://www.galis.org/george




_________________________________________________________________
Chat with friends online, try MSN Messenger: http://messenger.msn.com

IP aliasing

[Ravi Kumar Munnangi]

I want to give more than one IP addresses to my NIC.
For this we have to enable the feature of IP alias
when configuring the kernel and recompile it.
Is there any way to check if the option is already
checked or not?
My next question is,
  After reconfiguring and recompiling, how can I give
IP addresses(aliases) to NIC?
  please tell me the commands to be used.

  Ravi kumar

__________________________________
Do you Yahoo!?
SBC Yahoo! DSL - Now only $29.95 per month!
http://sbc.yahoo.com
-
To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.linux-learn.org/faqs

Re: IP aliasing

[Eugene Teo]

Hi,

A little off-topic, but...

you don't have to enable ip alias. you can simply use
(1) ifconfig or (2) iproute2 tool.

iproute2's ip command is more convenient.

464  # ip link set dev $DEV up
465  # ip addr add dev $DEV w.x.y.z/24
466  # ip addr add dev $DEV p.q.r.s/16
467  # ip route add $DESTINATION via $GATEWAY src p.q.r.s 

Eugene
-- 
Eugene TEO @ Linux Users Group, Singapore <eugeneteo@lugs.org.sg>
GPG FP: D851 4574 E357 469C D308  A01E 7321 A38A 14A0 DDE5 
main(i){putchar(182623909>>(i-1)*5&31|!!(i<7)<<6)&&main(++i);}

<quote sender="Ravi Kumar Munnangi">
> I want to give more than one IP addresses to my NIC.
> For this we have to enable the feature of IP alias
> when configuring the kernel and recompile it.
> Is there any way to check if the option is already
> checked or not?
> My next question is,
>   After reconfiguring and recompiling, how can I give
> IP addresses(aliases) to NIC?
>   please tell me the commands to be used.
> 
>   Ravi kumar
> 
> __________________________________
> Do you Yahoo!?
> SBC Yahoo! DSL - Now only $29.95 per month!
> http://sbc.yahoo.com
> --
> Kernelnewbies: Help each other learn about the Linux kernel.
> Archive:       http://mail.nl.linux.org/kernelnewbies/
> FAQ:           http://kernelnewbies.org/faq/
> 

-
To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.linux-learn.org/faqs

Re: IP aliasing

[Master_PE]

On Wednesday 18 June 2003 16:03, Ravi Kumar Munnangi wrote:
> I want to give more than one IP addresses to my NIC.
> For this we have to enable the feature of IP alias
> when configuring the kernel and recompile it.
> Is there any way to check if the option is already
> checked or not?
> My next question is,
>   After reconfiguring and recompiling, how can I give
> IP addresses(aliases) to NIC?
>   please tell me the commands to be used.


Look for 7.4. IP Aliasing at Linux Networking HOWTO

-
To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.linux-learn.org/faqs

Re: IP aliasing

[Ravi]

Hi Ravi,

       Load the IP Alias module (you can skip this step if you compiled 
the module into the kernel):

/sbin/insmod /lib/modules/`uname -r`/ipv4/ip_alias.o




Setup the loopback, eth0, and all the IP addresses beginning with the 
main IP address for the eth0 interface:

for example:

/sbin/ifconfig lo 127.0.0.1
/sbin/ifconfig eth0 up
/sbin/ifconfig eth0 172.16.3.1
/sbin/ifconfig eth0:0 172.16.3.10
/sbin/ifconfig eth0:1 172.16.3.100



Setup the routes. First route the loopback, then the net, and finally, 
the various IP addresses starting with the default (originally 
allocated) one:

/sbin/route add -net 127.0.0.0
/sbin/route add -net 172.16.3.0 dev eth0
/sbin/route add -host 172.16.3.1 dev eth0
/sbin/route add -host 172.16.3.10 dev eth0:0
/sbin/route add -host 172.16.3.100 dev eth0:1
/sbin/route add default gw 172.16.3.200


Enjoy,
Ravi

Ravi Kumar Munnangi wrote:
> I want to give more than one IP addresses to my NIC.
> For this we have to enable the feature of IP alias
> when configuring the kernel and recompile it.
> Is there any way to check if the option is already
> checked or not?
> My next question is,
>   After reconfiguring and recompiling, how can I give
> IP addresses(aliases) to NIC?
>   please tell me the commands to be used.
> 
>   Ravi kumar
> 
> __________________________________
> Do you Yahoo!?
> SBC Yahoo! DSL - Now only $29.95 per month!
> http://sbc.yahoo.com
> --
> Kernelnewbies: Help each other learn about the Linux kernel.
> Archive:       http://mail.nl.linux.org/kernelnewbies/
> FAQ:           http://kernelnewbies.org/faq/
> 


-- 


The views presented in this mail are completely mine. The company is not
responsible for whatsoever.
------------------------------------------------------------------------
Ravi Kumar CH
Rendezvous On Chip (i) Pvt Ltd
Hyderabad, India
Ph: +91-40-2335 1214 / 1175 / 1184

ROC home page <http://www.roc.co.in>



-
To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.linux-learn.org/faqs

ip aliasing

[John Black]

i'm trying to setup my firewall to do ip aliasing.  i have two private ip 
address that i would like aliased.

if i run the command:
ifconfig eth0:0 10.10.10.11 (public address) netmask 255.255.255.0

then in my firewall script i have:
    iptables -t nat -A PREROUTING -d 192.168.180.181 -i eth0 \
                -j DNAT --to-destination 10.10.10.11

is this right?  since eth0 is the address connecting the firewall to the 
internet?

thanks
john 

Re: ip aliasing (nfcan: addressed to exclusive sender for this address)

[Jim Laurino]

On 2005.06.18 20:08, John Black - black@arbbs.net wrote:
> i'm trying to setup my firewall to do ip aliasing.  i have two private ip  
> address that i would like aliased.

I am not sure I understand what you mean by 'ip aliasing'.
DNAT can translate incoming destination addresses to new
destination addresses. This is usually done to allow
outside access to individual ports on hosts on your
private network.

If you wish to allow two hosts on the private network
to share one public ip address, then you probably want to use
masquerade (if the public ip address is assigned dynamically)
or SNAT (if the public ip address is static).

Source NAT can convert the source address of outgoing
packets from the private addresses of a group of hosts
on the private network into your shared, public ip address.
SNAT will also take care of the reverse translation
of destination addresses in reply packets from the outside.

> 
> if i run the command:
> ifconfig eth0:0 10.10.10.11 (public address) netmask 255.255.255.0
> 
> then in my firewall script i have:
>    iptables -t nat -A PREROUTING -d 192.168.180.181 -i eth0 \
>                -j DNAT --to-destination 10.10.10.11
> 
> is this right?  since eth0 is the address connecting the firewall to the  
> internet?

I think you have the two ip address fields backwards.

try -d 10.10.10.11
- This is the destination address as it arrives at the firewall.

try -j DNAT --to-destination 192.168.180.181
- This is the private destination address
  that the incoming public address should be translated to.

Also, you may need other rules to forward the packet
after the destination address has been translated.

-- 
Jim Laurino
nfcan.x.jimlaur@dfgh.net
Please reply to the list.
Only mail from the listserver reaches this address.