Re: ipchains

From: Bruce (
Date: Thu Jun 01 2000 - 03:25:43 EST

On the contrary...
Masquerading explicitly requires physical interfaces to function.

You MUST be very careful. RTFM :-)) (Sorry)

# less /etc/doc/howto/en/IP-Masquerade-HOWTO.gz Section 7:23 in SuSE 6.4
Starts at about line 4620!!!

Masquerading DOESN'T work using aliased interfaces.
It uses explicity devices -
eg eth0.

There may be an error in your software!


>>Anyhoo I figured while experimenting with this stuff I could get away with
>>one NIC in gateway 2 and use IP aliasing to give it an IP address on each
>>subnet so that I could work out how to drive all this new fangled fancy
>>ipchains stuff.
>>Well, it doesn't work. Seems you need two hardware interfaces to get
>>forwarding / masquerading to work.
>You shouldn't need two physical interfaces to make this work. Now, I
>haven't dug through the source code (since it always worked for me), so I
>can't be entirely sure of that in all situations, but it definitely works
>with one physical interface in some situations. I am currently masq'ing
>with one ethernet card, although the second interface is a PPP tunnel, and
>not an ethernet alias, so the config (simply) looks like this:
>ipchains -A forward -i ppp0 -j MASQ
>But I don't see any reason why:
>ipchains -A forward -i eth0:0 -j MASQ
>wouldn't work. Of course, someone here will probably chime in and tell me
>why I'm wrong.. :-)
>That's for masquerading, of course, and I'm not sure why you'd need to do
>anything more than forwarding, but that's what you said.. ;-) Maybe you
>could send us the commands you were using to make it work, and the ones
>you're trying now? It's usually a bit easier to debug if we know what
>you're actually telling the interfaces to do.
>Nick Bastin
>Software Developer
>OPNET Technologies
>To unsubscribe from this list: send the line "unsubscribe linux-net" in
>the body of a message to

