From mboxrd@z Thu Jan 1 00:00:00 1970 From: Mike Pepe Subject: Re: forwarding ports from aliased ip addresses Date: Thu, 09 Jun 2005 17:53:27 -0400 Message-ID: <42A8BA57.7000402@doki-doki.net> References: <42A4C90B.8040306@doki-doki.net> Mime-Version: 1.0 Content-Transfer-Encoding: 7bit Return-path: In-Reply-To: <42A4C90B.8040306@doki-doki.net> List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: netfilter-bounces@lists.netfilter.org Errors-To: netfilter-bounces@lists.netfilter.org Content-Type: text/plain; charset="us-ascii"; format="flowed" To: netfilter@lists.netfilter.org So, nobody on the list knows if this is even possible? I've been running all different sorts of combinations and I can't get it to work. Surely this is something not entirely out of the ordinary. I can't imagine having to build another firewall box just to add another IP and rules only for an alias. Mike Pepe wrote: > Hi all. I'm new to the list but not to netfiler. > > I have a firewall built, with eth5 on the internet. It accepts > connections on a few ports from allowed hosts and forwards them to boxes > in the DMZ. It works great. > > I have another client that wants a box configured similarly. I would > like to add another internet ip as eth5:1 and then forward certain ports > on that new IP to a different box in the DMZ. > > using -i eth5:1 doesn't work. > > Is this even possible? I've been up and down the man page and I can't > seem to figure out a way to differentiate the alias from the "normal" > ip. I guess I could add another network card and duplicate the scripts > but this seems so wasteful to me. > > Hoping someone can help me with this! > > thanks > > -Mike