Re: ipchains

From: Nick Bastin (nbastin@mil3.com)
Date: Wed May 31 2000 - 23:21:38 EST


>Anyhoo I figured while experimenting with this stuff I could get away with
>one NIC in gateway 2 and use IP aliasing to give it an IP address on each
>subnet so that I could work out how to drive all this new fangled fancy
>ipchains stuff.
>
>Well, it doesn't work. Seems you need two hardware interfaces to get
>forwarding / masquerading to work.

You shouldn't need two physical interfaces to make this work. Now, I
haven't dug through the source code (since it always worked for me), so I
can't be entirely sure of that in all situations, but it definitely works
with one physical interface in some situations. I am currently masq'ing
with one ethernet card, although the second interface is a PPP tunnel, and
not an ethernet alias, so the config (simply) looks like this:

ipchains -A forward -i ppp0 -j MASQ

But I don't see any reason why:

ipchains -A forward -i eth0:0 -j MASQ

wouldn't work. Of course, someone here will probably chime in and tell me
why I'm wrong.. :-)

That's for masquerading, of course, and I'm not sure why you'd need to do
anything more than forwarding, but that's what you said.. ;-) Maybe you
could send us the commands you were using to make it work, and the ones
you're trying now? It's usually a bit easier to debug if we know what
you're actually telling the interfaces to do.

--
Nick Bastin
Software Developer
OPNET Technologies
-
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to majordomo@vger.rutgers.edu



This archive was generated by hypermail 2b29 : Wed Jun 07 2000 - 21:00:32 EST