And what about antispoofing ?? Designer Seven wrote: > Hi Chris, > > So, does that mean traffic coming in on 10.0.0.254 (which is eth0:1) will be > seen as coming into eth0 in general? If so,... I think I'll be okay. > > Thanks, > D. > > --- Chris Hoeschen <[EMAIL PROTECTED]> wrote: > >>I needed to do the same thing but I could not, I ended up filtering by the >>IP address and taking the interface out all together. >> >> >>----- Original Message ----- >>From: "Designer Seven" <[EMAIL PROTECTED]> >>To: "Netfilter Mailing List" <[EMAIL PROTECTED]> >>Sent: Wednesday, May 01, 2002 9:15 PM >>Subject: Can I filter on alias interfaces? >> >> >> >>>Hi all, >>> >>>I have a firewall with two interfaces on the same ethernet. I'm wondering >> >>if I >> >>>can filter by "virtual/alias" interfaces? >>> >>>For example, let's say I have 2 "real" interfaces and a "virtual": >>> >>>(Network A) <--> eth0 + eth0:1 (Firewall) eth1 <--> (Network B) >>> >>>Say for example: >>> >>>eth0 = 10.0.0.253/24 >>>eth0:1 = 10.0.0.254/24 >>> >>>devices/systems in Network A may have either 10.0.0.253 or 10.0.0.254 as >> >>their >> >>>default gateway when communicating to Network B. >>> >>>Which of the following would be correct? >>> >>>Scenario 1: >>>iptables -A FORWARD -i eth0 -o eth1 -s <network A> -d <network B> -j
>> >>ACCEPT >> >>>iptables -A FORWARD -i eth0:1 -o eth1 -s <network A> -d <network B> -j >> >>ACCEPT >> >>>Scenario 2: >>>iptables -A FORWARD -i eth0 -o eth1 -s <network A> -d <network B> -j >> >>ACCEPT >> >>>Thanks for any help, >>>D. >> > > > __________________________________________________ > Do You Yahoo!? > Yahoo! Health - your guide to health and wellness > http://health.yahoo.com > -- Alex Senin System Engineer Bladefusion, Ltd. 6 Magshimim St. P.O.Box 7086 Israel 49127 Main 972-3-9127010 Fax 972-3-9217011
