From mboxrd@z Thu Jan 1 00:00:00 1970 From: Aleksandar Milivojevic Subject: Re: again problem with alias / virtual interface Date: Mon, 19 Jul 2004 14:35:34 -0500 Sender: netfilter-admin@lists.netfilter.org Message-ID: <40FC2286.3070005@pbl.ca> References: Mime-Version: 1.0 Content-Transfer-Encoding: 7bit Return-path: In-Reply-To: Errors-To: netfilter-admin@lists.netfilter.org List-Help: List-Post: List-Subscribe: , List-Id: List-Unsubscribe: , List-Archive: Content-Type: text/plain; charset="us-ascii"; format="flowed" To: netfilter@lists.netfilter.org Batstru wrote: > Hi all! > I wrote days ago: I have a problem with virutal interface and iptables: > my pc has 2 network interface, one with a private network address and the > other one with [snip] > -A INPUT -p tcp -m tcp -m state -i eth1:1 -d 82.186.92.91 --dport 25 --state > NEW -j ACCEPT And here is the error. As me (and I believe Antony, possibly others) already told you, Netfilter does not know about virtual interfaces. Virtual interfaces are abstractions that exist in higher levels of kernel than Netfilter is. Netfilter is concerned only on which *physical* interface the packet is. Replace "-i eth1:1" with "-i eth1" in above rule (and same for all other virtual interfaces you have) and you'll be fine: -A INPUT -p tcp -m tcp -m state -i eth1 -d 82.186.92.91 --dport 25 --state NEW -j ACCEPT -- Aleksandar Milivojevic Pollard Banknote Limited Systems Administrator 1499 Buffalo Place Tel: (204) 474-2323 ext 276 Winnipeg, MB R3T 1L7