"Steve Hansel" <[EMAIL PROTECTED]> writes:
>
> I'm still stuck on my question: Are you absolutely sure that the -W
> and -V options tell masquerading which port to send out, and don't act
> as a filter. i.e. if the packet isn't going out this port, the
> masquerading rule doesn't apply.
It is the latter behavior. The ROUTE TABLE determines through which
interface a packet will be sent (masqueraded or not), and then the
firewall ruleset is consulted to see what behavior to allow (reject,
deny, allow, allow with masq).
> > >It was my impression that -W and -V were used for filtering (just
> > >like -S and -D), and not to tell the kernel which interface to use.
> > >i.e. in your top 3 lines would only be applied if the packet came
> > >in on eth0:0.
> >
> > No, the -W and -V commands specifies what is the OUTGOING interface.
In this case, David was telling you that the -W/V switches specify the
outgoing (as opposed to the incoming) interface for forwarding purposes.
Here he means that it "specifies" for the filtering/matching purposes,
not that it "specifies" which interface the packet should be sent to.
As I noted, that's determined by the routing subsystem, and the firewall
ruleset can only advise whether to take the action or not.
As regards aliasing, I wonder if the firewall code simply doesn't
understand aliased interfaces at all. You might need to simply give
the ruleset the "eth0" name, because it might not understand what
"eth0:1" means. Or that information may simply not be available at
that particular level in the kernel. Hard to say without consulting a
developer.
--
[EMAIL PROTECTED] (Fuzzy Fox) || "Nothing takes the taste out of peanut
sometimes known as David DeSimone || butter quite like unrequited love."
http://www.dallas.net/~fox/ || -- Charlie Brown
_______________________________________________
Masq maillist - [EMAIL PROTECTED]
http://tiffany.indyramp.com/mailman/listinfo/masq
Admin requests can be handled by web (above) or [EMAIL PROTECTED]
