Hey...thank you Charles & Tom for the expeditious response! Let me see if I can address you both...
O.K., so I gather that I need to do 2 things:
1.) Take Charles suggestion and "add entries for eth0:0, eth0:1, etc., along with the entry for eth0", and 2.) Tom's suggestion "ADD_SNAT_ALIASES=Yes in shorewall.conf". Is that right?
Charles, how do I "add entries" as you suggest (I don't know how to do that :-( )? Here's what I have:
auto eth0 iface eth0 inet static address 66.60.172.201 netmask 255.255.255.0 braodcast 66.60.172.255 gateway 66.60.172.205
Do I then add this for the next address...
auto eth0:0 iface eth0 inet static address 66.60.172.202 netmask 255.255.255.0 braodcast 66.60.172.255 gateway 66.60.172.205
auto eth0:1
iface eth0 inet static
address 66.60.172.203
netmask 255.255.255.0
braodcast 66.60.172.255
gateway 66.60.172.205
Etc, etc...
Is this right?
Yes, although you don't need to duplicate the gateway entry on any but the main eth0 entry.
You can also do it the way Tom mentioned (adding an 'up' clause to your eth0 definition...there's almost always more than one way to do something in linux!).
Also, just out of curiosity, what do you mean when you said, "With the masq entry you list above, you'll be round-robining through source IP's for outbound traffic, which I doubt is what you really want."? What's wrong with that???
It means the source IP of the traffic you send to the internet (or anything else on the 'upstream' side of your firewall) will dynamically rotate between the various IP's you have assigned. You will have to be *VERY* careful that your firewall rules take this into account, and you may have problems with some applications that open multiple connections, or anything that expects your IP to be constant.
Tom: If I "ADD_SNAT_ALIASES=Yes in shorewall.conf", do I need to change ADD_IP_ALIASES to "No" or should I leave it to it's default "Yes"?
Once I have made the "correct" modifications, ip addr should show all of the addresses, and I "should" be able to ping them all, shouldn't I???
You should be able to ping all assigned IP's, assuming the firewall rules allow it (you can allow/prevent just about anything with iptables).
-- Charles Steinkuehler [EMAIL PROTECTED]
------------------------------------------------------- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
