What if you did a user defined chain and jumped to it?
Something like this:
ipchains -A forward -i eth0:0 -j domorestuff (notice lower case)
.
.
.
ipchains -A domorestuff -s LAN/24 -j MASQ
ipchains -A domorestuff -j LOG
ipchains -A domorestuff -j DROP
.
.
.
So the only way you get to the domorestuff chain is if the other
condition is true with your Internet interface.
It''s been a while since I used ipchains and so I might be
getting my syntax mixed up with iptables.
- Greg
-----Original Message-----
From: Javier Miguel Rodriguez [mailto:javier@talika.fie.us.es]
Sent: Sunday, January 13, 2002 8:25 AM
To: lartc@mailman.ds9a.nl
Subject: [LARTC] ip alias and ipchains
Hello
I am trying to build a highly available firewall. I am using
ultramonkey (http://ultramonkey.sourceforge.net/) and everything works
fine... but I need to do -j MASQ over -i eth0:0 and this does not work.
Here is my network setup
Internet<---- Cluster of Firewalls<---> DMZ
eth0:0 eth1:0
|
|
LAN
The default gateway of LAN is 192.168.2.125 (eth1:0 on both nodes of
cluster, this work greats)
I have a DSL connection to Internet, so I only have a valid IP address
I need to do something like
ipchains -A forward -i eth0:0 -j -s LAN/24 -j MASQ
How can I achieve this? I am using kernel 2.2.20+freeswan 1.92 on both
nodes.
Thank you in advance and greetings from Seville (Spain)!
--
Javier Miguel Rodríguez. (GUFO)
Miembro del grupo Linux de la Facultad de Informática de Sevilla -o)
http://talika.fie.us.es/linux /\\
Linux Registered User #145051. _\_V
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://ds9a.nl/lartc/