In my case I had two diffrenet external IP address and wanted to route port 80 to different PCs. So I registered one domain that I wanted to go to PC A and gave it an IP address of 1.2.3.10. The second domain that I wanted to goto PC B I assiged it an IP address of 1.2.3.20. I took the interface out of the loop alltogether since they physically will be comming down the same wire into the same NIC. So my rules look like this:
$IPTABLES -t nat -A PREROUTING -p tcp -d $EXT1_IP --dport $HTTP_PORT -j DNAT --to-destination $HTTP1_IP:$HTTP_PORT $IPTABLES -t nat -A PREROUTING -p tcp -d $EXT2_IP --dport $HTTP_PORT -j DNAT --to-destination $HTTP2_IP:$HTTP_PORT So in this case yes it sees it as comming from the same interface but I don't put the interface in my rule anywhere. ----- Original Message ----- From: "Designer Seven" <[EMAIL PROTECTED]> To: "Chris Hoeschen" <[EMAIL PROTECTED]>; "Netfilter Mailing List" <[EMAIL PROTECTED]> Sent: Thursday, May 02, 2002 3:20 AM Subject: Re: Can I filter on alias interfaces? > Hi Chris, > > So, does that mean traffic coming in on 10.0.0.254 (which is eth0:1) will be > seen as coming into eth0 in general? If so,... I think I'll be okay. > > Thanks, > D. > > --- Chris Hoeschen <[EMAIL PROTECTED]> wrote: > > I needed to do the same thing but I could not, I ended up filtering by the > > IP address and taking the interface out all together. > > > > > > ----- Original Message ----- > > From: "Designer Seven" <[EMAIL PROTECTED]> > > To: "Netfilter Mailing List" <[EMAIL PROTECTED]> > > Sent: Wednesday, May 01, 2002 9:15 PM > > Subject: Can I filter on alias interfaces? > > > > > > > Hi all, > > > > > > I have a firewall with two interfaces on the same ethernet. I'm wondering > > if I > > > can filter by "virtual/alias" interfaces? > > > > > > For example, let's say I have 2 "real" interfaces and a "virtual": > > > > > > (Network A) <--> eth0 + eth0:1 (Firewall) eth1 <--> (Network B) > > > > > > Say for example: > > > > > > eth0 = 10.0.0.253/24 > > > eth0:1 = 10.0.0.254/24 > > > > > > devices/systems in Network A may have either 10.0.0.253 or 10.0.0.254 as > > their > > > default gateway when communicating to Network B. > > > > > > Which of the following would be correct? > > > > > > Scenario 1: > > > iptables -A FORWARD -i eth0 -o eth1 -s <network A> -d <network B> -j > > ACCEPT > > > iptables -A FORWARD -i eth0:1 -o eth1 -s <network A> -d <network B> -j > > ACCEPT > > > > > > Scenario 2: > > > iptables -A FORWARD -i eth0 -o eth1 -s <network A> -d <network B> -j > > ACCEPT > > > > > > Thanks for any help, > > > D. > > > __________________________________________________ > Do You Yahoo!? > Yahoo! Health - your guide to health and wellness > http://health.yahoo.com
