I have a 2 ethernet card machine that is performing firewalling (ipchains)
and masquerading. My INTERNET-side ethernet card has 2 addresses:
eth0 192.168.1.240 (addresses changed for security)
eth0:0 192.168.1.241
I want the address used for masqueraded connections to be that of the
eth0:0 (192.168.1.241); I can make the .240 work easily, but I want to
seperate out administrative chores of the firewall machine (DNS, mail,
etc) from users MASQ connections.
When I MASQ through eth0:0, no packets leave the machine. I would think
this may indicate a routing problem, but I can telnet in on the eth0:0
address, and establish a connection. But, if I change my routing table
from:
DESTINATION GATEWAY MASK INTERFACE
192.168.1.0 * 255.255.255.128 eth0
default 192.168.1.254 0.0.0.0 eth0
to:
192.168.1.0 * 255.255.255.128 eth0
192.168.1.0 * 255.255.255.128 eth0:0
192...168.1.254 * 255.255.255.255 eth0:0
default 192.168.1.254 0.0.0.0 eth0:0
then the masquerading also works. Does it make sense that I have to
change my local network route and my default route over to the aliased
address, just so that will be the return address used on masqueraded
connections?
The ipchains command I am using is:
ipchains -A forward -i eth0:0 -s 10.0.0.0/8 -d 0/0 -j MASQ
I'm running RedHat5.1 on a Pentium with a patched 2.0.35 kernel (patched
for ipchains).
Please advise, because I'd like to implement this cleanly and correctly.
Mike
[EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
For daily digest info, email [EMAIL PROTECTED]
