From: Askar Ali Khan <askarali@gmail.com>
To: =?unknown-8bit?q?Dott=2E_Francesco_Chicchiricc=F2?=
<francesco.chicchiricco@eposse.it>,
netfilter <netfilter@lists.netfilter.org>
Subject: Re: Virtual interfaces
Date: Wed, 7 Jul 2004 14:27:37 +0500 [thread overview]
Message-ID: <a0f69e504070702275db522e6@mail.gmail.com> (raw)
In-Reply-To: <200407051642.19090.francesco.chicchiricco@eposse.it>
Hi Dott
On Mon, 5 Jul 2004 16:42:11 +0200, Dott. Francesco Chicchiriccò
<francesco.chicchiricco@eposse.it> wrote:
> Hi,
> after spending some time with iptables and linux virtual interfaces, I've
> decided to ask.
>
> I have a Linux BOX acting as a router among different LANs. I'm doing some
> filtering (only ssh traffic coming from a certain MAC addrress can go from
> one LAN to another, an so on):
>
> iptables -t filter -P FORWARD DROP
> iptables -A FORWARD -i eth0 -s 192.168.0.0/24 -p TCP -m mac --mac-source
> $whiskey_MAC -d 192.168.10.0/24 --dport 22 -j ACCEPT
>
> With physical interfaces only, all works well. When a try to filter traffic
> between 2 LANs attached to the same physical interface but with 2 different
> virtual IPs, it starts messing. Nothing works, I can't even log packets.
Netfilter doesn't allow things like eth0:1 (it won't accept the
colon), so all you do is use the normal interface name (eth0).
Regards
Askar
>
> Is that a known bug? Am I just misunderstanding?
> Please help.
> --
> ##################################################################
>
> "Computer Science is no more about computers than astronomy
> is about telescopes." (E. W. Dijkstra)
>
> Dott. Francesco Chicchiriccò
> Amministratore unico
> Tel 3290573276
>
> ePOSSE S.r.l.
> Sede operativa: Via dei Marrucini, 11 65127 Pescara
> Tel / FAX 0854503336
> http://www.eposse.it
>
> ##################################################################
>
>
>
next prev parent reply other threads:[~2004-07-07 9:27 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-07-05 14:42 Virtual interfaces Dott. Francesco Chicchiriccò
2004-07-07 9:27 ` Askar Ali Khan [this message]
2004-07-07 13:50 ` Aleksandar Milivojevic
[not found] <a0f69e5040704225918359fec@mail.gmail.com>
2004-07-05 6:27 ` virtual interfaces ip tables
2004-07-05 6:49 ` Ming-Ching Tiew
-- strict thread matches above, loose matches on Subject: below --
2004-07-05 4:54 ip tables
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=a0f69e504070702275db522e6@mail.gmail.com \
--to=askarali@gmail.com \
--cc=francesco.chicchiricco@eposse.it \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.