I want to test shorewall6 in a scenario with several virtual machines. Each virtual machine has the interface eth0. With IPv4, I would assign an IP-alias to eth0:1 and so would have eth0 and eth0:1 as interfaces for shorewall6. How is this done with IPv6? Viele Grüße Andreas Rittershofer -- ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today''s security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
On 07/05/2012 12:35 AM, Andreas Rittershofer wrote:> I want to test shorewall6 in a scenario with several virtual > machines. Each virtual machine has the interface eth0. > > With IPv4, I would assign an IP-alias to eth0:1 and so would have > eth0 and eth0:1 as interfaces for shorewall6. > > How is this done with IPv6?I am unclear on the question; are you asking how to assign both an IPv4 and an IPv6 address to an interface? If you are using your distribution''s network config tools, the answer is distribution-dependent. For example, on Debian-based systems the name ''eth0'' is used for both the IPv4 and IPv6 interfaces. /etc/network/interfaces: auto eth2 iface eth2 inet static address 172.20.1.254 netmask 255.255.255.0 network 172.20.1.0 broadcast 172.20.1.255 iface eth2 inet6 static address 2001:470:b:787::1 netmask 64 Manually, you can simply use ''ip addr add'' the same way as you would for IPv4. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today''s security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
Am 05.07.2012 um 16:17 schrieb Tom Eastep:> On 07/05/2012 12:35 AM, Andreas Rittershofer wrote: >> I want to test shorewall6 in a scenario with several virtual >> machines. Each virtual machine has the interface eth0. >> >> With IPv4, I would assign an IP-alias to eth0:1 and so would have >> eth0 and eth0:1 as interfaces for shorewall6. >> >> How is this done with IPv6? > > I am unclear on the question; are you asking how to assign both an IPv4 > and an IPv6 address to an interface? If you are using yourNo, this is not my problem. I have ONE virtual machine which I want to use for testing shorewall6. This virtual machine has one network interface: eth0 With IPv4 it would be no problem to assign this interface two ip-addresses AND to have two interface names: eth0:0 and eth0:1 for example. But I want to test shorewall6. How do I assign this interface two IPv6-addresses in a way that I have two interface names - one for each IPv6-address? I need two different interface names for the configuration of shorewall6, because our real firewall has two physical network interfaces and I want to test the setup with this virtual machine. Viele Grüße Andreas Rittershofer -- ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today''s security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
On Thu, Jul 5, 2012 at 10:44 AM, Andreas Rittershofer <andreas@rittershofer.de> wrote:> > Am 05.07.2012 um 16:17 schrieb Tom Eastep: > >> On 07/05/2012 12:35 AM, Andreas Rittershofer wrote: >>> I want to test shorewall6 in a scenario with several virtual >>> machines. Each virtual machine has the interface eth0. >>> >>> With IPv4, I would assign an IP-alias to eth0:1 and so would have >>> eth0 and eth0:1 as interfaces for shorewall6. >>> >>> How is this done with IPv6? >> >> I am unclear on the question; are you asking how to assign both an IPv4 >> and an IPv6 address to an interface? If you are using your > > No, this is not my problem. > > I have ONE virtual machine which I want to use for testing shorewall6. This virtual machine has one network interface: eth0 > > With IPv4 it would be no problem to assign this interface two ip-addresses AND to have two interface names: eth0:0 and eth0:1 for example. But I want to test shorewall6. > > How do I assign this interface two IPv6-addresses in a way that I have two interface names - one for each IPv6-address? > > I need two different interface names for the configuration of shorewall6, because our real firewall has two physical network interfaces and I want to test the setup with this virtual machine. >I''d just give the VM a second virtual NIC. Is some cases aliased interfaces function differently than physical ones so you''ll get a better test this way. Brad C ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today''s security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
Am 05.07.2012 um 17:53 schrieb Brad Clarke:> On Thu, Jul 5, 2012 at 10:44 AM, Andreas Rittershofer > <andreas@rittershofer.de> wrote: >> >> Am 05.07.2012 um 16:17 schrieb Tom Eastep: >> >>> On 07/05/2012 12:35 AM, Andreas Rittershofer wrote: >>>> I want to test shorewall6 in a scenario with several virtual >>>> machines. Each virtual machine has the interface eth0. >>>> >>>> With IPv4, I would assign an IP-alias to eth0:1 and so would have >>>> eth0 and eth0:1 as interfaces for shorewall6. >>>> >>>> How is this done with IPv6? >>> >>> I am unclear on the question; are you asking how to assign both an IPv4 >>> and an IPv6 address to an interface? If you are using your >> >> No, this is not my problem. >> >> I have ONE virtual machine which I want to use for testing shorewall6. This virtual machine has one network interface: eth0 >> >> With IPv4 it would be no problem to assign this interface two ip-addresses AND to have two interface names: eth0:0 and eth0:1 for example. But I want to test shorewall6. >> >> How do I assign this interface two IPv6-addresses in a way that I have two interface names - one for each IPv6-address? >> >> I need two different interface names for the configuration of shorewall6, because our real firewall has two physical network interfaces and I want to test the setup with this virtual machine. >> > > I''d just give the VM a second virtual NIC. Is some cases aliased > interfaces function differently than physical ones so you''ll get a > better test this way. >And exactly this is my problem. How do I do this with IPv6-addresses? eth0:0 and eth0:1 as with IPv4 won''t work. Viele Grüße Andreas Rittershofer -- ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today''s security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
Am 05.07.2012 um 09:35 schrieb Andreas Rittershofer:> > With IPv4, I would assign an IP-alias to eth0:1 and so would have eth0 and eth0:1 as interfaces for shorewall6. > > How is this done with IPv6?Solution: Definition of a second network interface in <machine>.xml, redefinition of the vm, restart, now eth0 and eth1 are available. Viele Grüße Andreas Rittershofer -- ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today''s security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
On 07/05/2012 11:45 AM, Andreas Rittershofer wrote:> > Am 05.07.2012 um 09:35 schrieb Andreas Rittershofer: > >> >> With IPv4, I would assign an IP-alias to eth0:1 and so would have eth0 and eth0:1 as interfaces for shorewall6. >> >> How is this done with IPv6? > > > Solution: Definition of a second network interface in <machine>.xml, redefinition of the vm, restart, now eth0 and eth1 are available.You should also note that eth0:1 is *NOT* an interface; see http://www.shorewall.net/Shorewall_and_Aliased_Interfaces.html -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today''s security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
On 07/05/2012 11:45 AM, Andreas Rittershofer wrote:> > Am 05.07.2012 um 09:35 schrieb Andreas Rittershofer: > >> >> With IPv4, I would assign an IP-alias to eth0:1 and so would have eth0 and eth0:1 as interfaces for shorewall6. >> >> How is this done with IPv6? > > > Solution: Definition of a second network interface in <machine>.xml, redefinition of the vm, restart, now eth0 and eth1 are available.And which virtualization solution are you using? -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today''s security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
Am 05.07.2012 um 21:17 schrieb Tom Eastep:> On 07/05/2012 11:45 AM, Andreas Rittershofer wrote: >> >> Am 05.07.2012 um 09:35 schrieb Andreas Rittershofer: >> >>> >>> With IPv4, I would assign an IP-alias to eth0:1 and so would have eth0 and eth0:1 as interfaces for shorewall6. >>> >>> How is this done with IPv6? >> >> >> Solution: Definition of a second network interface in <machine>.xml, redefinition of the vm, restart, now eth0 and eth1 are available. > > You should also note that eth0:1 is *NOT* an interface; see > http://www.shorewall.net/Shorewall_and_Aliased_Interfaces.html >Yes, it''s not an interface, it''s an alias. But within IPv4 this alias name would be enough in order to specify the network path to be used. And IPv6 does not know aliaes for interfaces, this was my problem. Viele Grüße Andreas Rittershofer -- ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today''s security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
Am 05.07.2012 um 22:40 schrieb Tom Eastep:> On 07/05/2012 11:45 AM, Andreas Rittershofer wrote: >> >> Am 05.07.2012 um 09:35 schrieb Andreas Rittershofer: >> >>> >>> With IPv4, I would assign an IP-alias to eth0:1 and so would have eth0 and eth0:1 as interfaces for shorewall6. >>> >>> How is this done with IPv6? >> >> >> Solution: Definition of a second network interface in <machine>.xml, redefinition of the vm, restart, now eth0 and eth1 are available. > > And which virtualization solution are you using?KVM, qemu, libivrtd. The definition of the vm in /etc/libvirtd/qemu/<machine>.xml got a second NIC and now I have eth0 and eth1 within the vm. Viele Grüße Andreas Rittershofer -- ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today''s security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
On 7/5/2012 12:38 PM, Andreas Rittershofer wrote:> Am 05.07.2012 um 17:53 schrieb Brad Clarke: > >> On Thu, Jul 5, 2012 at 10:44 AM, Andreas Rittershofer >> <andreas@rittershofer.de> wrote: >>> Am 05.07.2012 um 16:17 schrieb Tom Eastep: >>> >>>> On 07/05/2012 12:35 AM, Andreas Rittershofer wrote: >>>>> I want to test shorewall6 in a scenario with several virtual >>>>> machines. Each virtual machine has the interface eth0. >>>>> >>>>> With IPv4, I would assign an IP-alias to eth0:1 and so would have >>>>> eth0 and eth0:1 as interfaces for shorewall6. >>>>> >>>>> How is this done with IPv6? >>>> I am unclear on the question; are you asking how to assign both an IPv4 >>>> and an IPv6 address to an interface? If you are using your >>> No, this is not my problem. >>> >>> I have ONE virtual machine which I want to use for testing shorewall6. This virtual machine has one network interface: eth0 >>> >>> With IPv4 it would be no problem to assign this interface two ip-addresses AND to have two interface names: eth0:0 and eth0:1 for example. But I want to test shorewall6. >>> >>> How do I assign this interface two IPv6-addresses in a way that I have two interface names - one for each IPv6-address? >>> >>> I need two different interface names for the configuration of shorewall6, because our real firewall has two physical network interfaces and I want to test the setup with this virtual machine. >>> >> I''d just give the VM a second virtual NIC. Is some cases aliased >> interfaces function differently than physical ones so you''ll get a >> better test this way. >> > > And exactly this is my problem. > > How do I do this with IPv6-addresses? eth0:0 and eth0:1 as with IPv4 won''t work. > > > Viele Grüße > > Andreas Rittershofer >After configuring the 2nd NIC in the VM, for Red Hat and derivatives configure ifcfg-eth0 and ifcfg-eth1 in /etc/sysconfig/network-scrips. Along with the usual configuration, in each file use: IPV6INIT=yes IPV6ADDR=fdbd:68bf:4504:f18b:3::1/64 Of course, assign a different address for each one. Bill ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today''s security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
Am 06.07.2012 um 12:13 schrieb Bill Shirley:>> >> How do I do this with IPv6-addresses? eth0:0 and eth0:1 as with IPv4 won''t work.> After configuring the 2nd NIC in the VM, for Red Hat and derivativesYes, that''s the key - after aliases won''t work with IPv6-addresses. The setup depends on the linux distribution, I''m using Debian, but there''s no problem. Viele Grüße Andreas Rittershofer -- ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today''s security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/