Add an IP alias to ethernet interface
Andy wrote: I was incorrect, it does work. However: 1. It uses the old style aliasing scheme as used by ifconfig. 2. It only works because the ip command just ignores the :n on the interface name. You are correct! ip addr show only shows the interfaces as eth0 ignoring the :0 etc. and ifconfig doesn't show the other ip's at all. So your solutions is better. Regards, Sebastian Homepage: http://www.secure-slinux.org -- http://linuxfromscratch.org/mailman/listinfo/lfs-dev FAQ: http://www.linuxfromscratch.org/faq/ Unsubscribe: See the above information page
Re: Add an IP alias to ethernet interface
Thanks for the reply Sebastian. /A lot of the information on the web that I came across is quite old and referred to either creating a whole new interface directory (eth0:0 - which of course didn't work), or using ifconfig. Why does that not work? It has been working for the last 2 years on my server! I was incorrect, it does work. However: 1. It uses the old style aliasing scheme as used by ifconfig. 2. It only works because the ip command just ignores the :n on the interface name. 3. Because the :n is ignored you might as well not have separate interface directories - just lump all your configuration files in the ifconfig.eth0 directory (calling them different names). 4. The correct way of identifying aliases (although optional) is using the 'label' argument to ip. This brings us back to the previous discussion, which I believe the outcome was that an ALIAS option should be added to the ipv4-static script. Regards, Andy -- http://linuxfromscratch.org/mailman/listinfo/lfs-dev FAQ: http://www.linuxfromscratch.org/faq/ Unsubscribe: See the above information page
Re: Add an IP alias to ethernet interface
Okay, I see. Nonetheless would it be possible to still either get the script altered anyway, or to add a note to the networking page of the book stating that it is just a matter of adding a second config file in the interface directory for a second address. I agree with Andy here. Regardless of the reason for alias/label, if it's used in iproute2, we should expose the functionality. This page I found on linux-ip.net seems to promote using labels when there are multiple addresses assigned to an interface. http://linux-ip.net/html/tools-ip-address.html Only if you also use ifconfig and want to avoid being confused. ;-) Unless someone knows problems that will be introduced, Can't say that I do. It just seems like every page I've read on adding extra IPs says add an alias, and it doesn't look like anyone knows that you only needed to do that with ifconfig; you don't need the alias anymore. I figured it'd be a bit of education, but in all honesty, it doesn't really matter very much. Correct. That's exactly what I thought (and read) until it was pointed out on this mailing list. I vote that you add the functionality to the script as discussed, but add a note explaining that a label is optional when adding an alias. Andy -- http://linuxfromscratch.org/mailman/listinfo/lfs-dev FAQ: http://www.linuxfromscratch.org/faq/ Unsubscribe: See the above information page
Add an IP alias to ethernet interface
/ On Jun 8, 2007, at 6:50 PM, /*Andrew Beverley*/ wrote: /A lot of the information on the web that I came across is quite old and referred to either creating a whole new interface directory (eth0:0 - which of course didn't work), or using ifconfig. Why does that not work? It has been working for the last 2 years on my server! /etc/sysconfig/network-devices$ ll drwxr-xr-x 2 root root 72 2006-06-04 01:38 ifconfig.eth0 drwxr-xr-x 2 root root 72 2006-06-12 13:57 ifconfig.eth0:0 drwxr-xr-x 2 root root 72 2006-11-28 01:15 ifconfig.eth0:1 drwxr-xr-x 2 root root 72 2006-11-28 01:11 ifconfig.eth0:2 -rwxr-xr-- 1 root root 2.6K 2006-06-03 22:38 ifdown -rwxr-xr-- 1 root root 2.5K 2006-06-03 22:38 ifup drwxr-xr-x 2 root root 120 2006-06-03 22:38 services cat ifconfig.eth0/ipv4 ONBOOT=yes SERVICE=ipv4-static IP=62.141.58.93 GATEWAY=62.141.58.65 PREFIX=26 BROADCAST=62.141.58.127 cat ifconfig.eth0\:0/ipv4 ONBOOT=yes SERVICE=ipv4-static IP=62.141.59.93 #GATEWAY=62.141.58.65 PREFIX=26 BROADCAST=62.141.59.127 etc. As far as I can see, there is no need to change anything in the scripts. Its enough to mention this possibility in the book. A change in the scripts is only necessary if you insist on wanting to use names which don't conform to ethX:Y - ie. aliases. The question is why bother since you don't have any added functionality by using aliases other than nice names? Sebastian Faulborn Homepage: http://www.secure-slinux.org -- http://linuxfromscratch.org/mailman/listinfo/lfs-dev FAQ: http://www.linuxfromscratch.org/faq/ Unsubscribe: See the above information page
Re: Add an IP alias to ethernet interface
On Thu, 2007-06-07 at 15:00 -0500, Zachary Kotlarek wrote: On Jun 6, 2007, at 6:34 PM, Bryan Kadzban wrote: I suspect the alias option exists in ip for compatibility with ifconfig, and no other reason. But I don't know that for sure. I believe that's correct. In the past the kernel supported aliases with independent statistics and the like, but that hasn't been true for years. Modern kernels don't treat aliases interfaces any different than secondary addresses on the main interface -- both interface statistics and iptables traversal treat all aliases just like the main interface, and the alternate label is only maintained to support legacy configurations and tools. Okay, I see. Nonetheless would it be possible to still either get the script altered anyway, or to add a note to the networking page of the book stating that it is just a matter of adding a second config file in the interface directory for a second address. A lot of the information on the web that I came across is quite old and referred to either creating a whole new interface directory (eth0:0 - which of course didn't work), or using ifconfig. Thanks, Andy -- http://linuxfromscratch.org/mailman/listinfo/lfs-dev FAQ: http://www.linuxfromscratch.org/faq/ Unsubscribe: See the above information page
Re: Add an IP alias to ethernet interface
On 6/8/07, Andrew Beverley [EMAIL PROTECTED] wrote: On Thu, 2007-06-07 at 15:00 -0500, Zachary Kotlarek wrote: On Jun 6, 2007, at 6:34 PM, Bryan Kadzban wrote: I suspect the alias option exists in ip for compatibility with ifconfig, and no other reason. But I don't know that for sure. I believe that's correct. In the past the kernel supported aliases with independent statistics and the like, but that hasn't been true for years. Modern kernels don't treat aliases interfaces any different than secondary addresses on the main interface -- both interface statistics and iptables traversal treat all aliases just like the main interface, and the alternate label is only maintained to support legacy configurations and tools. Okay, I see. Nonetheless would it be possible to still either get the script altered anyway, or to add a note to the networking page of the book stating that it is just a matter of adding a second config file in the interface directory for a second address. I agree with Andy here. Regardless of the reason for alias/label, if it's used in iproute2, we should expose the functionality. This page I found on linux-ip.net seems to promote using labels when there are multiple addresses assigned to an interface. http://linux-ip.net/html/tools-ip-address.html Unless someone knows problems that will be introduced, I'm gonna go ahead and try to get Andy's patch adapted to ipv4-static and get a blurb on ALIAS in the book. -- Dan -- http://linuxfromscratch.org/mailman/listinfo/lfs-dev FAQ: http://www.linuxfromscratch.org/faq/ Unsubscribe: See the above information page
Re: Add an IP alias to ethernet interface
-BEGIN PGP SIGNED MESSAGE- Hash: RIPEMD160 Dan Nicholson wrote: On 6/8/07, Andrew Beverley [EMAIL PROTECTED] wrote: Okay, I see. Nonetheless would it be possible to still either get the script altered anyway, or to add a note to the networking page of the book stating that it is just a matter of adding a second config file in the interface directory for a second address. I agree with Andy here. Regardless of the reason for alias/label, if it's used in iproute2, we should expose the functionality. This page I found on linux-ip.net seems to promote using labels when there are multiple addresses assigned to an interface. http://linux-ip.net/html/tools-ip-address.html Only if you also use ifconfig and want to avoid being confused. ;-) Unless someone knows problems that will be introduced, Can't say that I do. It just seems like every page I've read on adding extra IPs says add an alias, and it doesn't look like anyone knows that you only needed to do that with ifconfig; you don't need the alias anymore. I figured it'd be a bit of education, but in all honesty, it doesn't really matter very much. I'm gonna go ahead and try to get Andy's patch adapted to ipv4-static and get a blurb on ALIAS in the book. Sounds good to me. :-) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGaehkS5vET1Wea5wRA6OMAKCu9L0ccjeF+K/bCAL2BbYHGRD9uACfTLfB hpOj6kahSqWAdZecMP9rEhM= =6tlL -END PGP SIGNATURE- -- http://linuxfromscratch.org/mailman/listinfo/lfs-dev FAQ: http://www.linuxfromscratch.org/faq/ Unsubscribe: See the above information page
Re: Add an IP alias to ethernet interface
On Jun 8, 2007, at 8:59 AM, Dan Nicholson wrote: On 6/8/07, Andrew Beverley [EMAIL PROTECTED] wrote: I agree with Andy here. Regardless of the reason for alias/label, if it's used in iproute2, we should expose the functionality. This page I found on linux-ip.net seems to promote using labels when there are multiple addresses assigned to an interface. I don't know that it will cause any problems, other than it might lead people to believe that the primary interface and its other labels are treated differently. But you could make the same argument in the other direction -- people used to using named aliases will think that they can only assign 1 IP per interface -- so I don't have a strong opinion one way or the other, so long as the scripts support multiple address per interface label (or lack thereof). It's worth noting that iproute2 calls the field a label in the man page and specifically notes how it's different than Linux-2.0-style interface aliases: The address is a protocol (IP or IPv6) address attached to a network device. Each device must have at least one address to use the corresponding protocol. It is possible to have several different addresses attached to one device. These addresses are not discriminated, so that the term alias is not quite appropriate for them and we do not use it in this document. I'd suggest using the modern nomenclature, possibly including a similar note. Zach smime.p7s Description: S/MIME cryptographic signature -- http://linuxfromscratch.org/mailman/listinfo/lfs-dev FAQ: http://www.linuxfromscratch.org/faq/ Unsubscribe: See the above information page
Re: Add an IP alias to ethernet interface
On Wed, 2007-06-06 at 19:34 -0400, Bryan Kadzban wrote: Andrew Beverley wrote: Personally though, I think it would be useful to still include the ALIAS directive (it's only a few extra line of code). It may only be a few lines of code, but it's another entire service script, 90-some percent of which is copied from our existing script. ;-) There wouldn't be any need for an extra script. Although I wrote the second script, I realised that it was virtually identical to the existing one. Therefore, you can just add the few lines of code that deal with an alias argument into the existing ip4-static. I'll do this if you want, although those few lines can just be copied from the script that was originally sent. snip Plus the net-tools tarball is six years old. That's why iproute2 was created: net-tools wasn't being updated to take advantage of all the new kernel features that have been added to the networking stack in the past six years. True, but I still find myself using ifconfig because it's easier to remember the syntax :-) Andy Beverley -- http://linuxfromscratch.org/mailman/listinfo/lfs-dev FAQ: http://www.linuxfromscratch.org/faq/ Unsubscribe: See the above information page
Re: Add an IP alias to ethernet interface
-BEGIN PGP SIGNED MESSAGE- Hash: RIPEMD160 Andrew Beverley wrote: Therefore, you can just add the few lines of code that deal with an alias argument into the existing ip4-static. Oh, duh. You're right, this would work. True, but I still find myself using ifconfig because it's easier to remember the syntax :-) I would say that it's easier for me to remember ip's syntax: there aren't tons of options, for instance. I think it's just inertia. (I didn't use iproute2 for a while, myself, even after the book started installing it. But once I started using it, it got a lot easier than I remember ifconfig being.) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGZ+bsS5vET1Wea5wRA5Z0AKCKOT5YB9SVFz9xHDuc5+8vFrU4uwCgm5Jl Dj4vBr7dkAKE5kO14b1lUZY= =cYWx -END PGP SIGNATURE- -- http://linuxfromscratch.org/mailman/listinfo/lfs-dev FAQ: http://www.linuxfromscratch.org/faq/ Unsubscribe: See the above information page
Re: Add an IP alias to ethernet interface
El Jueves, 7 de Junio de 2007 05:00, Bryan Kadzban escribió: this list whose address isn't resolving again. It seems like it's taking these messages about a half hour to get delivered. The message I'm replying to was sent at 21:42 EDT, but wasn't delivered to my mail server until 22:04 EDT. Might be worth double-checking out what's going on with postfix.) That's a recurring problem not solved yet :-/ http://linuxfromscratch.org/pipermail/lfs-dev/2007-April/059300.html -- Manuel Canales Esparcia Usuario de LFS nº2886: http://www.linuxfromscratch.org LFS en castellano: http://www.escomposlinux.org/lfs-es http://www.lfs-es.info TLDP-ES: http://es.tldp.org -- http://linuxfromscratch.org/mailman/listinfo/lfs-dev FAQ: http://www.linuxfromscratch.org/faq/ Unsubscribe: See the above information page
Re: Add an IP alias to ethernet interface
On Jun 6, 2007, at 6:34 PM, Bryan Kadzban wrote: I suspect the alias option exists in ip for compatibility with ifconfig, and no other reason. But I don't know that for sure. I believe that's correct. In the past the kernel supported aliases with independent statistics and the like, but that hasn't been true for years. Modern kernels don't treat aliases interfaces any different than secondary addresses on the main interface -- both interface statistics and iptables traversal treat all aliases just like the main interface, and the alternate label is only maintained to support legacy configurations and tools. Zach smime.p7s Description: S/MIME cryptographic signature -- http://linuxfromscratch.org/mailman/listinfo/lfs-dev FAQ: http://www.linuxfromscratch.org/faq/ Unsubscribe: See the above information page
Re: Add an IP alias to ethernet interface
On Mon, 2007-06-04 at 19:22 -0400, Bryan Kadzban wrote: Andrew Beverley wrote: I've created an ipv4-alias script, please see attached. However, it is almost exactly the same as the ipv4-static script (it still needs all the same parameters as a normal static address), which makes me think that the ipv4-static script should just be updated so that it can deal with an ALIAS variable (similar to the script Rabenkind did). Would there be any problem with doing an: ip addr add addr/prefix dev eth0 (or equivalent) and dispensing with the aliased interface name? If so, it may be simpler to just add a second config file (with the same ipv4-static SERVICE) to the ifconfig.eth0 directory; then you wouldn't need a new service script. :-) Interesting, I never knew you could do that! Having spent a lot of time reading about multiple IP addresses per interface, I never came across an example like that. Personally though, I think it would be useful to still include the ALIAS directive (it's only a few extra line of code). Firstly it gives the script the ability to deal with more of the functionality of ip (I assume there is a reason to use the alias option), and secondly, using the above does not seem to be compatible with ifconfig (which I think most people probably still use) - the second IP address doesn't show in the output of ifconfig. Regards, Andy Beverley -- http://linuxfromscratch.org/mailman/listinfo/lfs-dev FAQ: http://www.linuxfromscratch.org/faq/ Unsubscribe: See the above information page
Re: Add an IP alias to ethernet interface
this list whose address isn't resolving again. It seems like it's taking these messages about a half hour to get delivered. The message I'm replying to was sent at 21:42 EDT, but wasn't delivered to my mail server until 22:04 EDT. Might be worth double-checking out what's going on with postfix.) Deskin Miller wrote: Alias interfaces let you run multiple independent copies of the same=20 network server from the same NIC, and have them be addressed=20 differently, have truly different DNS entries, and all use standard=20 port numbers. OK, but why does that require a different interface name? ;-) You should be able to do all of that by just adding a second IP to the same interface, without creating an alias. Aliases were required when using net-tools, but they shouldn't be required anymore. I am fairly sure that Apache (for instance) can run multiple copies of itself, each with a different Listen directive pointing at a different IP. AFAIK it does not require different interface names. (I think this is because the only way to bind to a specific interface by name is to use a non-portable ioctl. I'm not positive on that though. I do know that bind(2) can choose which NIC it listens on based on the IP address in the sockaddr_in structure that the server program passes to it, and that *is* portable.) I imagine they're a huge win for low-end Web hosting companies, who might put several Web servers/VMs Oh, I think I see where you're coming from; OK. VMs probably do require different interface names on the host, yes. But note that this ISP is not getting nearly as much separation as they may think between the VMs: an attacker can take down all their VMs just by changing which IP he targets, for instance. (Assuming there's some DoS available against each of them. The same logic applies to taking over each of the VMs, too, if the attacker has an exploit.) Maybe that's not an issue for these small hosts, though. If the second IP won't handle traffic that has to be separated for security reasons, then it may be OK. They're wonderfully useful for firewall rules, ... QOS ... I'm not sure how -i eth0:4 is any different from -d IP for alias 4 when someone can flip their traffic over to eth0:4 just by changing its destination IP. 802.1q VLANs, IMO, are a better way to separate your traffic, if your switches properly support that protocol. Firewall rules won't be any more *secure* if they use the alias, basically. (There may be other advantages though.) OTOH, if we're talking low-end hosting, there probably won't be any security reason for using an alias anyway. Hmm. Well, whatever. If it won't be too hard to maintain, then I suppose creating the alias is fine. :-) signature.asc Description: OpenPGP digital signature -- http://linuxfromscratch.org/mailman/listinfo/lfs-dev FAQ: http://www.linuxfromscratch.org/faq/ Unsubscribe: See the above information page
Re: Add an IP alias to ethernet interface
(Background: I needed a method to add an aliased IP address to an existing interface. No set out method is currently available in LFS to achieve this) I think this would be a worthwhile inclusion to LFS. Have you emailed lfs-dev or would you like me to? The right way to do this is to add a new service in /etc/sysconfig/network-devices/services. You could call it ipv4-alias or something. Copy ipv4-static for a template. It would be really simple since it's just one call to ip. Then you'd enable that service in /etc/sysconfig/network-devices/ifconfig.eth0 just like you do with dhcp or any other service. I've created an ipv4-alias script, please see attached. However, it is almost exactly the same as the ipv4-static script (it still needs all the same parameters as a normal static address), which makes me think that the ipv4-static script should just be updated so that it can deal with an ALIAS variable (similar to the script Rabenkind did). As for getting it in LFS, I would be find adding it to the contrib directory in lfs-bootscripts. Great. If you do want to keep it as a separate script, can I suggest a mention of it in the network script page of LFS (ch 7.13)? This is the first place I think most people would go to look for this sort of information. Andy Beverley ipv4-alias Description: application/shellscript -- http://linuxfromscratch.org/mailman/listinfo/lfs-dev FAQ: http://www.linuxfromscratch.org/faq/ Unsubscribe: See the above information page
Re: Add an IP alias to ethernet interface
On 6/4/07, Andrew Beverley [EMAIL PROTECTED] wrote: I've created an ipv4-alias script, please see attached. However, it is almost exactly the same as the ipv4-static script (it still needs all the same parameters as a normal static address), which makes me think that the ipv4-static script should just be updated so that it can deal with an ALIAS variable (similar to the script Rabenkind did). Script looks nice, and now I see how it works actually trying the commands. It looks like we could probably add an ALIAS config for ipv4-static. But what happens if the user sets a label as their only address? I.e., they only have a single config file in ifconfig.eth0 and it sets ALIAS=1 because having an alias sounds like a good idea? I'm honestly asking because I have no experience here. As for getting it in LFS, I would be find adding it to the contrib directory in lfs-bootscripts. Great. If you do want to keep it as a separate script, can I suggest a mention of it in the network script page of LFS (ch 7.13)? This is the first place I think most people would go to look for this sort of information. If it ends up being a separate scripts, I'll try to get it mentioned in the book. I'd prefer to just add it to the current ipv4-static script so long as it doesn't regress anything or add a big potential pitfall for newcomers. -- Dan -- http://linuxfromscratch.org/mailman/listinfo/lfs-dev FAQ: http://www.linuxfromscratch.org/faq/ Unsubscribe: See the above information page
Re: Add an IP alias to ethernet interface
On Mon, 2007-06-04 at 14:07 -0700, Dan Nicholson wrote: On 6/4/07, Andrew Beverley [EMAIL PROTECTED] wrote: I've created an ipv4-alias script, please see attached. However, it is almost exactly the same as the ipv4-static script (it still needs all the same parameters as a normal static address), which makes me think that the ipv4-static script should just be updated so that it can deal with an ALIAS variable (similar to the script Rabenkind did). Script looks nice, and now I see how it works actually trying the commands. It looks like we could probably add an ALIAS config for ipv4-static. But what happens if the user sets a label as their only address? I.e., they only have a single config file in ifconfig.eth0 and it sets ALIAS=1 because having an alias sounds like a good idea? I'm honestly asking because I have no experience here. I'm no expert either, but from what I've just tried I /think/ it still works. What happens when using the ALIAS is that the original interface (eg eth0) that was brought up is left without an IP address, but an alias is added to it that responds in the way that the original interface would respond if the IP address was attached directly to it. As for getting it in LFS, I would be find adding it to the contrib directory in lfs-bootscripts. Great. If you do want to keep it as a separate script, can I suggest a mention of it in the network script page of LFS (ch 7.13)? This is the first place I think most people would go to look for this sort of information. If it ends up being a separate scripts, I'll try to get it mentioned in the book. I'd prefer to just add it to the current ipv4-static script so long as it doesn't regress anything or add a big potential pitfall for newcomers. I also think it would be better in ipv4-static. Given that your average newcomer will copy most configuration files word for word, then as long as the ALIAS option is detailed in the amplifying text rather than in the example configuration file I don't think it would be a problem. However, even if they did put it in, from what I've seen above I don't think it matters greatly, although I'd like someone else to confirm that. Regards, Andy Beverley -- http://linuxfromscratch.org/mailman/listinfo/lfs-dev FAQ: http://www.linuxfromscratch.org/faq/ Unsubscribe: See the above information page
Re: Add an IP alias to ethernet interface
Andrew Beverley wrote: I've created an ipv4-alias script, please see attached. However, it is almost exactly the same as the ipv4-static script (it still needs all the same parameters as a normal static address), which makes me think that the ipv4-static script should just be updated so that it can deal with an ALIAS variable (similar to the script Rabenkind did). Would there be any problem with doing an: ip addr add addr/prefix dev eth0 (or equivalent) and dispensing with the aliased interface name? If so, it may be simpler to just add a second config file (with the same ipv4-static SERVICE) to the ifconfig.eth0 directory; then you wouldn't need a new service script. :-) signature.asc Description: OpenPGP digital signature -- http://linuxfromscratch.org/mailman/listinfo/lfs-dev FAQ: http://www.linuxfromscratch.org/faq/ Unsubscribe: See the above information page
