From: Michal Soltys <soltys@ziu.info>
To: Kumar Swamy <kswamy@barracuda.com>
Cc: "netfilter@vger.kernel.org" <netfilter@vger.kernel.org>
Subject: Re: iptables and virtual NIC
Date: Thu, 28 Jul 2011 17:04:42 +0200 [thread overview]
Message-ID: <4E317A8A.4000508@ziu.info> (raw)
In-Reply-To: <65C6A498BB5BF245BD7195255041FA2E04C751C4A5@bn-scl-be03.Cudanet.local>
On 11-07-28 12:05, Kumar Swamy wrote:
> Hello folks,
>
> I am a newbie to iptables and experimenting some stuff. So please excuse me, if this has already been discussed.
>
> I have a linux gateway which has a physical interface (eth0 ) and multiple virtual interfaces ( eth0:1, eth0:2), each has dynamic IP configured.
> I want to create an iptables rule for IP masquerading on eth0 , but packets going out on other interfaces should be left untouched. Is this possible?
>
> I tried
> -A POSTROUTING -o eth0 -j MASQUERADE
> But it seems packet going out on virtual NICs ( aliases) are also hitting this rule.
> Is there any way to solve this problem without using SNAT? Since I have IP address configured dynamically, there is no easy way to do SNAT.
>
> Thanks
In addition to what Jan said about eth:N
MASQUERADE target picks only a primary addresses with global scope. Make
sure during address assignment (you can adjust what dhclient or dhcpcd
does with shell scripting) that only one of the addresses have global
scope (and it's the primary address).
prev parent reply other threads:[~2011-07-28 15:04 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-07-28 10:05 iptables and virtual NIC Kumar Swamy
2011-07-28 11:53 ` Jan Engelhardt
2011-07-28 12:00 ` Pandu Poluan
2011-07-28 15:21 ` Jan Engelhardt
2011-07-28 15:28 ` Tyler J. Wagner
2011-07-28 15:04 ` Michal Soltys [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4E317A8A.4000508@ziu.info \
--to=soltys@ziu.info \
--cc=kswamy@barracuda.com \
--cc=netfilter@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox