On Saturday 08 June 2002 3:54 pm, [EMAIL PROTECTED] wrote: > eth0 - connects to the internet > eth1 - internal network with private ip addresses > eth2 - internal network with routable ip's
Okay - I understand that. I very much hope you mean that you have a public IP on eth0, and your ISP has given you another batch of IP addresses to go on the machines on eth2, and the ISP is routing these to you via the address on eth0 ? It would not be a good setup if you were trying to put a public IP on eth0 which is from the same subnet as the routable IPs on eth2. It's possible to do this, but a lot more technically challenging... > What I want to do - eth0 has a routable ip and masquerades the internal > network which enters eth1 Okay, no problem. > (or eth2, I haven't plug in the cable yet :D); Don't understand. If eth2 has routable IPs (by which I assume you mean IP addresses which have been assigned to you, not ones from the ranges 10.x.y.z, 172.16.a.b, 192.168.c.d), then why would you want to masquerade them behind eth0 ? > eth0:1 will route the network with valid internet ip addresses which > enters eth2 to the internet No, I do not understand what you mean by this. What are you trying to use eth0:1 for ? > (speaking of which, I assume I must input rules > for eth0:1's ip address too, but in the iptables syntax is it allowed to > refer to the alias as eth0:1 or I must use only its ip?) You cannot use the name "eth0:1" in netfilter rules. It doesn't like the colon. You can, however, use "eth0", which is the real interface these packets are coming in on, and/or you can use the destination IP address, which will identify where they were headed. So iptables -A INPUT -i eth0 -p tcp --dport 22 -j ACCEPT will allow SSH packets which are sent to the address you've put on eth0:1 (it will also allow packets sent to the address you've put on eth0, eth0:2, etc...) iptables -A INPUT -i eth0 -d a.b.c.d -p tcp --dport 22 -j ACCEPT will allow SSH packets coming in on eth0, eth:1, eth0:2 etc provided the destination address is a.b.c.d Hope this explains how you can work with eth0:1 and netfilter rules. Give us some more detail on the actual addresses you intend to put on eth0, eth1 and eth2, and the subnets attached to these interfaces (you can obfuscate any public IPs you've been given so long as it's still possible to tell one subnet from the others), and we might be able to help some more. . Antony.
