alias

alias

[=?unknown-8bit?q?J=F6rgen?= Danielsson]

Hello

I have a little question that perhaps someone knows
the answer to.

Is it inpossible to use a alias in a rule. With that I
mean refer to a interface called eth1:0.

I get this from every version of iptable i have tried
(1.2.2, 1.2.4, 1.2.6a):

Warning: wierd character in interface `eth1:0' (No
aliases, :, ! or *).

/Jörgen

__________________________________________________
Do You Yahoo!?
Yahoo! - Official partner of 2002 FIFA World Cup
http://fifaworldcup.yahoo.com

Re: alias

[Antony Stone]

On Monday 03 June 2002 8:59 pm, "Jörgen" Danielsson wrote:

> Is it inpossible to use a alias in a rule. With that I
> mean refer to a interface called eth1:0.

Correct.

Why do you want to refer to the name ?   If you want to specify the interface 
a packet is coming in on, use the plain name (eg eth1).   If you want to 
specify the address a packet was going to, use -d aa.bb.cc.dd

I can't think of another reason you should need the interface name.


Antony.

Re: alias

[Alin Nastac]

There is a solution:
    ip addr add w.x.y.z/bits dev eth0 label eth00

and use -i/-o eth00 in iptables.

In fact, I believe you could use any alphanumeric characters after 
'eth0'. I'm not sure.

Jörgen Danielsson wrote:

>Hello
>
>I have a little question that perhaps someone knows
>the answer to.
>
>Is it inpossible to use a alias in a rule. With that I
>mean refer to a interface called eth1:0.
>
>I get this from every version of iptable i have tried
>(1.2.2, 1.2.4, 1.2.6a):
>
>Warning: wierd character in interface `eth1:0' (No
>aliases, :, ! or *).
>
>/Jörgen
>
>__________________________________________________
>Do You Yahoo!?
>Yahoo! - Official partner of 2002 FIFA World Cup
>http://fifaworldcup.yahoo.com
>

Re: alias

[=?unknown-8bit?q?J=F6rgen?= Danielsson]

Hello

is that label thing supposed to be addad when setting
the interface with ifconfig ?

No option called label there (slackware 8)

/Jörgen 

--- Alin Nastac <mrness@technosoft.ro> wrote:
> There is a solution:
>     ip addr add w.x.y.z/bits dev eth0 label eth00
> 
> and use -i/-o eth00 in iptables.
> 
> In fact, I believe you could use any alphanumeric
> characters after 
> 'eth0'. I'm not sure.
> 
> Jörgen Danielsson wrote:
> 
> >Hello
> >
> >I have a little question that perhaps someone knows
> >the answer to.
> >
> >Is it inpossible to use a alias in a rule. With
> that I
> >mean refer to a interface called eth1:0.
> >
> >I get this from every version of iptable i have
> tried
> >(1.2.2, 1.2.4, 1.2.6a):
> >
> >Warning: wierd character in interface `eth1:0' (No
> >aliases, :, ! or *).
> >
> >/Jörgen
> >
> >__________________________________________________
> >Do You Yahoo!?
> >Yahoo! - Official partner of 2002 FIFA World Cup
> >http://fifaworldcup.yahoo.com
> >
> 
> 


__________________________________________________
Do You Yahoo!?
Yahoo! Health - your guide to health and wellness
http://health.yahoo.com

Re: alias

[=?unknown-8bit?q?J=F6rgen?= Danielsson]

Running a firewall with 6 diff networks, and using a
default policy that is drop, then as far as i know you
have to add -i and -o option to forward rules in order
for them to work. Or am I wrong there (quite new to
this, hehe)?

/Jörgen


--- Antony Stone <Antony@Soft-Solutions.co.uk> wrote:
> On Monday 03 June 2002 8:59 pm, "Jörgen" Danielsson
> wrote:
> 
> > Is it inpossible to use a alias in a rule. With
> that I
> > mean refer to a interface called eth1:0.
> 
> Correct.
> 
> Why do you want to refer to the name ?   If you want
> to specify the interface 
> a packet is coming in on, use the plain name (eg
> eth1).   If you want to 
> specify the address a packet was going to, use -d
> aa.bb.cc.dd
> 
> I can't think of another reason you should need the
> interface name.
> 
> 
> Antony.
> 


__________________________________________________
Do You Yahoo!?
Yahoo! - Official partner of 2002 FIFA World Cup
http://fifaworldcup.yahoo.com

Re: alias

[Antony Stone]

On Monday 03 June 2002 11:03 pm, "Jörgen" Danielsson wrote:

> Running a firewall with 6 diff networks, and using a
> default policy that is drop, then as far as i know you
> have to add -i and -o option to forward rules in order
> for them to work. Or am I wrong there ?

Well, you don't *have* to, but it's a good idea.

However, I still think you can do everything you want to just by calling them 
eth1, and not trying to use eth1:0, eth1:1 etc.


Antony.

Re: alias

[=?unknown-8bit?q?J=F6rgen?= Danielsson]

The problem is that on 2 of the nics have to have 2
ip's each, and the only way to have more than one ip
on a nic is by using alias, as far as i know, and then
they get names like eth1:0 and so on. I have not seen
any other possibility for names in slack.

But would it work if i specify it as eth1 in the rule
and use the ip aswell, sounds weird if that would
work.

/Jörgen

--- Antony Stone <Antony@Soft-Solutions.co.uk> wrote:
> On Monday 03 June 2002 11:03 pm, "Jörgen" Danielsson
> wrote:
> 
> > Running a firewall with 6 diff networks, and using
> a
> > default policy that is drop, then as far as i know
> you
> > have to add -i and -o option to forward rules in
> order
> > for them to work. Or am I wrong there ?
> 
> Well, you don't *have* to, but it's a good idea.
> 
> However, I still think you can do everything you
> want to just by calling them 
> eth1, and not trying to use eth1:0, eth1:1 etc.
> 
> 
> Antony.
> 


__________________________________________________
Do You Yahoo!?
Yahoo! - Official partner of 2002 FIFA World Cup
http://fifaworldcup.yahoo.com

Re: alias

[Antony Stone]

On Monday 03 June 2002 11:15 pm, "Jörgen" Danielsson wrote:

> The problem is that on 2 of the nics have to have 2
> ip's each, and the only way to have more than one ip
> on a nic is by using alias, as far as i know, and then
> they get names like eth1:0 and so on. I have not seen
> any other possibility for names in slack.

Actually, it is not the only way, the preferred method these days is to use 
the iproute2 functions, which will add another address to your interface 
without giving the alias a new name:

ip addr add w.x.y.z/bits dev eth0

(unless you use the 'label' option which Alin Nastac suggested earlier:

ip addr add w.x.y.z/bits dev eth0 label eth00)

And no, this is not ifconfig, this is newer and more powerful.

> But would it work if i specify it as eth1 in the rule
> and use the ip aswell, sounds weird if that would
> work.

Yes, that is what I am saying - if you want to specify the interface, call it 
eth1; if you want to specify the destination address, then use that.   Use 
both together if you want.

eg:

ifconfig eth1 192.168.1.5
ifconfig eth1:1 192.168.1.9

iptables -i eth1 -d 192.168.1.9 -j ACCEPT

or whatever.....


Antony.