Hi Chris, So, does that mean traffic coming in on 10.0.0.254 (which is eth0:1) will be seen as coming into eth0 in general? If so,... I think I'll be okay.
Thanks, D. --- Chris Hoeschen <[EMAIL PROTECTED]> wrote: > I needed to do the same thing but I could not, I ended up filtering by the > IP address and taking the interface out all together. > > > ----- Original Message ----- > From: "Designer Seven" <[EMAIL PROTECTED]> > To: "Netfilter Mailing List" <[EMAIL PROTECTED]> > Sent: Wednesday, May 01, 2002 9:15 PM > Subject: Can I filter on alias interfaces? > > > > Hi all, > > > > I have a firewall with two interfaces on the same ethernet. I'm wondering > if I > > can filter by "virtual/alias" interfaces? > > > > For example, let's say I have 2 "real" interfaces and a "virtual": > > > > (Network A) <--> eth0 + eth0:1 (Firewall) eth1 <--> (Network B) > > > > Say for example: > > > > eth0 = 10.0.0.253/24 > > eth0:1 = 10.0.0.254/24 > > > > devices/systems in Network A may have either 10.0.0.253 or 10.0.0.254 as > their > > default gateway when communicating to Network B. > > > > Which of the following would be correct? > > > > Scenario 1: > > iptables -A FORWARD -i eth0 -o eth1 -s <network A> -d <network B> -j > ACCEPT > > iptables -A FORWARD -i eth0:1 -o eth1 -s <network A> -d <network B> -j > ACCEPT > > > > Scenario 2: > > iptables -A FORWARD -i eth0 -o eth1 -s <network A> -d <network B> -j > ACCEPT > > > > Thanks for any help, > > D. __________________________________________________ Do You Yahoo!? Yahoo! Health - your guide to health and wellness http://health.yahoo.com
