From: Greg Scott <GregScott@InfraSupportEtc.com>
To: lartc@vger.kernel.org
Subject: RE: [LARTC] ip alias and ipchains
Date: Mon, 14 Jan 2002 05:16:32 +0000 [thread overview]
Message-ID: <marc-lartc-101098465000910@msgid-missing> (raw)
In-Reply-To: <marc-lartc-101093238220845@msgid-missing>
What if you did a user defined chain and jumped to it?
Something like this:
ipchains -A forward -i eth0:0 -j domorestuff (notice lower case)
.
.
.
ipchains -A domorestuff -s LAN/24 -j MASQ
ipchains -A domorestuff -j LOG
ipchains -A domorestuff -j DROP
.
.
.
So the only way you get to the domorestuff chain is if the other
condition is true with your Internet interface.
It's been a while since I used ipchains and so I might be
getting my syntax mixed up with iptables.
- Greg
-----Original Message-----
From: Javier Miguel Rodriguez [mailto:javier@talika.fie.us.es]
Sent: Sunday, January 13, 2002 8:25 AM
To: lartc@mailman.ds9a.nl
Subject: [LARTC] ip alias and ipchains
Hello
I am trying to build a highly available firewall. I am using
ultramonkey (http://ultramonkey.sourceforge.net/) and everything works
fine... but I need to do -j MASQ over -i eth0:0 and this does not work.
Here is my network setup
Internet<---- Cluster of Firewalls<---> DMZ
eth0:0 eth1:0
|
|
LAN
The default gateway of LAN is 192.168.2.125 (eth1:0 on both nodes of
cluster, this work greats)
I have a DSL connection to Internet, so I only have a valid IP address
I need to do something like
ipchains -A forward -i eth0:0 -j -s LAN/24 -j MASQ
How can I achieve this? I am using kernel 2.2.20+freeswan 1.92 on both
nodes.
Thank you in advance and greetings from Seville (Spain)!
--
Javier Miguel Rodríguez. (GUFO)
Miembro del grupo Linux de la Facultad de Informática de Sevilla -o)
http://talika.fie.us.es/linux /\\
Linux Registered User #145051. _\_V
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://ds9a.nl/lartc/
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://ds9a.nl/lartc/
prev parent reply other threads:[~2002-01-14 5:16 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2002-01-13 14:24 [LARTC] ip alias and ipchains Javier Miguel Rodriguez
2002-01-14 5:16 ` Greg Scott [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=marc-lartc-101098465000910@msgid-missing \
--to=gregscott@infrasupportetc.com \
--cc=lartc@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.