What happened to ip_alias. I found some reference to it being replaced in 2.4 Kernels, but replaced with what? Anyone know of some good documentation on this subject?? TIA, Kurt
On Tue, Jun 12, 2001 at 10:57:36PM -0700, streeterk wrote:> What happened to ip_alias. I found some reference to it being replaced in > 2.4 Kernels, but replaced with what? Anyone know of some good > documentation on this subject??It has disappeared, however, its functionality hasn''t (at least, partially). First of all, install the new iproute package, urls can be found in the howto. You can now assign multiple addresses to one interface using something like $ ip addr add 192.168.12.34/24 dev eth0 One thing to notice is that you will not have eth0:0 interfaces anymore. The second step is verifying your interface has picked up the change: you can see the addresses of your interfaces using $ ip addr Which now shows on my machine 2: eth0: <BROADCAST,MULTICAST,UP> mtu 1350 qdisc pfifo_fast qlen 100 inet 10.0.0.7/24 brd 10.255.255.255 scope global eth0 inet 192.168.12.34/24 scope global eth0 The last thing you might want to know is how to get rid of this extra address: $ ip addr del 192.168.12.34/24 dev eth0 does the trick. For more information, please read the iproute documentation. (Well, some pitfalls do exist, you cannot firewall on these interfaces anymore, however, you''ll have to rewrite your rules anyway because of the transition to iptables, so that shouldn''t be a problem) Regards, -- Q_. Jasper Spaans <j@sp3r.net> `~\ http://jsp.ds9a.nl/ Mr /\ Tel/Fax: +31-20-8749842 Zap Move ''.sig'' for great justice!
Jasper Spaans wrote:> > On Tue, Jun 12, 2001 at 10:57:36PM -0700, streeterk wrote: > > > What happened to ip_alias. I found some reference to it being replaced in > > 2.4 Kernels, but replaced with what? Anyone know of some good > > documentation on this subject?? > > It has disappeared, however, its functionality hasn''t (at least, partially).[--snip--]> (Well, some pitfalls do exist, you cannot firewall on these interfaces > anymore, however, you''ll have to rewrite your rules anyway because of the > transition to iptables, so that shouldn''t be a problem)Guys, excuse my ignorance, but can you point me to the original source of that information? It''s the very first time I heard of this and actually I am still able to use something like ''ifconfig eth0:0 x.x.x.x up''. And AFAIK it was never possible to use alias interfaces in firewalling. Maybe I missed some important information for years? (not impossible IMO ;-) Juri
What do you mean with "cannot firewall on those interfaces"? Regards, Daniel -----Original Message----- From: lartc-admin@mailman.ds9a.nl [mailto:lartc-admin@mailman.ds9a.nl]On Behalf Of Jasper Spaans Sent: Wednesday, June 13, 2001 9:30 AM To: streeterk Cc: LARTC@mailman.ds9a.nl Subject: Re: [LARTC] ip_alias?? (Well, some pitfalls do exist, you cannot firewall on these interfaces anymore, however, you''ll have to rewrite your rules anyway because of the transition to iptables, so that shouldn''t be a problem) Regards, -- Q_. Jasper Spaans <j@sp3r.net> `~\ http://jsp.ds9a.nl/ Mr /\ Tel/Fax: +31-20-8749842 Zap Move ''.sig'' for great justice! _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://ds9a.nl/2.4Routing/
http://defiant.coinet.com/iproute2/ip-cref/node18.html Regards, Daniel -----Original Message----- From: lartc-admin@mailman.ds9a.nl [mailto:lartc-admin@mailman.ds9a.nl]On Behalf Of Juri Haberland Sent: Wednesday, June 13, 2001 10:21 AM To: Jasper Spaans Cc: streeterk; LARTC@mailman.ds9a.nl Subject: Re: [LARTC] ip_alias?? Guys, excuse my ignorance, but can you point me to the original source of that information? It''s the very first time I heard of this and actually I am still able to use something like ''ifconfig eth0:0 x.x.x.x up''. And AFAIK it was never possible to use alias interfaces in firewalling. Maybe I missed some important information for years? (not impossible IMO ;-) Juri _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://ds9a.nl/2.4Routing/
Daniel Bergqvist wrote:> > http://defiant.coinet.com/iproute2/ip-cref/node18.htmlThanks, Daniel, but I meant the information about that ip_alias is deprecated in kernel 2.4 :-) Juri> -----Original Message----- > From: lartc-admin@mailman.ds9a.nl [mailto:lartc-admin@mailman.ds9a.nl]On > Behalf Of Juri Haberland > Sent: Wednesday, June 13, 2001 10:21 AM > To: Jasper Spaans > Cc: streeterk; LARTC@mailman.ds9a.nl > Subject: Re: [LARTC] ip_alias?? > Guys, excuse my ignorance, but can you point me to the original source > of that information? It''s the very first time I heard of this and > actually I am still able to use something like ''ifconfig eth0:0 x.x.x.x > up''. And AFAIK it was never possible to use alias interfaces in > firewalling. > > Maybe I missed some important information for years? (not impossible IMO > ;-)
Just a quick comment on the ip aliasing firewall, you can do it. A few years back when I was more good looking than rich I only had one NIC card but wanted to set up NAT behind someone else''s network(Technically becoming double NAT to get out to the real internet) and I had the same NIC handling both sides of the connection. Of course don''t try this at home unless you can''t afford the $20 a NIC goes for. The moral of the story: You can do it, but you should avoid it. (2.2 Kernel, I can''t testify as to 2.4, but if you really need to do it there are a number of fine 2.2 kernels available :) ) NIC IP aliasing: ip address add 192.168.0.1 dev eth0 Making a device alias for the nic(You were right): ifconfig eth0:0 192.168.0.1 up -David Talbot -----Original Message----- From: lartc-admin@mailman.ds9a.nl [mailto:lartc-admin@mailman.ds9a.nl]On Behalf Of Juri Haberland Sent: Wednesday, June 13, 2001 3:21 AM To: Jasper Spaans Cc: streeterk; LARTC@mailman.ds9a.nl Subject: Re: [LARTC] ip_alias?? Jasper Spaans wrote:> > On Tue, Jun 12, 2001 at 10:57:36PM -0700, streeterk wrote: > > > What happened to ip_alias. I found some reference to it being replacedin> > 2.4 Kernels, but replaced with what? Anyone know of some good > > documentation on this subject?? > > It has disappeared, however, its functionality hasn''t (at least,partially). [--snip--]> (Well, some pitfalls do exist, you cannot firewall on these interfaces > anymore, however, you''ll have to rewrite your rules anyway because of the > transition to iptables, so that shouldn''t be a problem)Guys, excuse my ignorance, but can you point me to the original source of that information? It''s the very first time I heard of this and actually I am still able to use something like ''ifconfig eth0:0 x.x.x.x up''. And AFAIK it was never possible to use alias interfaces in firewalling. Maybe I missed some important information for years? (not impossible IMO ;-) Juri _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://ds9a.nl/2.4Routing/
streeterk wrote:> > http://www.ibiblio.org/pub/micro/pc-stuff/Linux/docs/HOWTO/mini/IP-Alias > > ----- Original Message ----- > From: "Juri Haberland" <haberland@altus.de> > To: "Daniel Bergqvist" <daniel@netatonce.se> > Cc: <LARTC@mailman.ds9a.nl> > Sent: Wednesday, June 13, 2001 1:56 AM > Subject: Re: [LARTC] ip_alias?? > > > Daniel Bergqvist wrote: > > > > > > http://defiant.coinet.com/iproute2/ip-cref/node18.html > > > > Thanks, Daniel, but I meant the information about that ip_alias is > > deprecated in kernel 2.4 :-)Thanks, but that leads to another question: What are the benefits of using ip to assign another IP address to an existing interface instead of using ifconfig? Juri
> What are the benefits of using ip to assign another IP address to an > existing interface instead of using ifconfig?Using the ip tool more closely resembles what is actually going on at the kernel level. ifconfig has been hacked to allow the old syntax to work, but it adds ip addresses to an interface, supplying the address with an address identifier. However, it still is just another address on the interface. ifconfig will get confused if you add more addresses to a single interface without adding the ''pseudo-interface'' address identifiers. Doei, Arthur. (If this was too cryptic: I''m tired and drinking beer... :)) -- /\ / | arthurvl@sci.kun.nl | Work like you don''t need the money /__\ / | A friend is someone with whom | Love like you have never been hurt / \/__ | you can dare to be yourself | Dance like there''s nobody watching