An Interface with alias

An Interface with alias

[Usuário do Sistema]

Hello everyone,

I'm going to add a new Interface in the my firewall iptables Linux Red Hat 5.6.


so... I wonder if is very bad or what can happen when I do alias on a
interface for more the one network. for exemplo:


eth0 has ip 172.16.30.1/30
eth0.1 172.16.30.5/30
eth0.2 172.16.30.9/30


I wish drop any packages between theses network. any traffic between
the network 172.16.30.0/30 and 172.16.30.4/30 must dropped by
iptables.

I'm disabled any filter as follow bellow

for eee in /proc/sys/net/ipv4/conf/*/rp_filter; do
echo 0 > $eee
done


I wonder there is any problem or uninsured with my firewall iptables ?!?!




thanks





















I don't know if this is maillist correct if didn't is please tell me
other options

Re: An Interface with alias

[Andrew Beverley]

On Fri, 2012-01-20 at 15:46 -0200, Usuário do Sistema wrote:
> so... I wonder if is very bad or what can happen when I do alias on a
> interface for more the one network. for exemplo:
...
> I wish drop any packages between theses network. any traffic between
> the network 172.16.30.0/30 and 172.16.30.4/30 must dropped by
> iptables.

That sounds a bit messy, and I don't even know if it's possible. Why not
just use multiple physical network interfaces?

Even if you got it working, if the computers on the 2 separate networks
had their netmask incorrectly configured, then you'd get traffic passing
directly between them without even going to the Linux box.

Andy

Re: An Interface with alias

[Usuário do Sistema]

Thank you Andy,

Why not just use multiple physical network interfaces?

because shortage of interfaces physical.





Em 1 de fevereiro de 2012 17:08, Andrew Beverley <andy@andybev.com> escreveu:
> On Fri, 2012-01-20 at 15:46 -0200, Usuário do Sistema wrote:
>> so... I wonder if is very bad or what can happen when I do alias on a
>> interface for more the one network. for exemplo:
> ...
>> I wish drop any packages between theses network. any traffic between
>> the network 172.16.30.0/30 and 172.16.30.4/30 must dropped by
>> iptables.
>
> That sounds a bit messy, and I don't even know if it's possible. Why not
> just use multiple physical network interfaces?
>
> Even if you got it working, if the computers on the 2 separate networks
> had their netmask incorrectly configured, then you'd get traffic passing
> directly between them without even going to the Linux box.
>
> Andy
>
>

Re: An Interface with alias

[Lloyd Standish]

On Wed, 01 Feb 2012 13:34:40 -0600, Usuário do Sistema <maiconlp@ig.com.br> wrote:

> Thank you Andy,
>Why not just use multiple physical network interfaces?
>because shortage of interfaces physical.

I would suggest, then, adding vlan virtual interfaces via a smart switch.  Smart switches are now very inexpensive.  This will allow multiple network interfaces connected to a single physical interface.  I have used this to solve exactly the same problem (shortage of physical NICs.)

-- 
Lloyd