Hi All, I am new to shorewall and have a newbie question. When shorewall is adding IP aliases (which it finds in NAT table) it seems to be adding aliases to the loopback. Is this done for a particular reason? Also, when I do ifconfig -a I dont see the aliases. is there a way to see them? Val _________________________________________________________________ Chat with friends online, try MSN Messenger: http://messenger.msn.com
On Wed, 1 May 2002, Val Vechnyak wrote:> Hi All, > > I am new to shorewall and have a newbie question. > > When shorewall is adding IP aliases (which it finds in NAT table) it seems > to be adding aliases to the loopback. Is this done for a particular reason? >It adds the address on whichever interface is named in the INTERFACE column.> Also, when I do ifconfig -a I dont see the aliases. is there a way to see > them?ip addr show <interface> -Tom -- Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ teastep@shorewall.net
Thanks Tom,
However, ip addr show brought me to another question.
I have a 25 network ( 126 IPs), but here is what it shows.
2: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 100
link/ether 00:02:b3:5c:00:98 brd ff:ff:ff:ff:ff:ff
inet 65.213.121.70/25 brd 65.213.121.127 scope global eth0
inet 65.213.121.50/32 scope global eth0
inet 65.213.121.51/32 scope global eth0
I guess it is not picking up broadcast address. I have broadcast address
specified inside the interfaces file (i.e. it is NOT set to detect). These
aliases seem to be on a 32 net.
On my other system, where aliases are done via real files in
etc/sysconfig/network-scripts it looks different. Here is what I see
2: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 100
link/ether 00:08:c7:db:cc:e2 brd ff:ff:ff:ff:ff:ff
inet 65.211.35.254/25 brd 65.211.35.255 scope global eth0
inet 65.211.35.200/25 brd 65.211.35.255 scope global secondary eth0:200
inet 65.211.35.201/25 brd 65.211.35.255 scope global secondary eth0:201
inet 65.211.35.202/25 brd 65.211.35.255 scope global secondary eth0:202
inet 65.211.35.203/25 brd 65.211.35.255 scope global secondary eth0:203
inet 65.211.35.205/25 brd 65.211.35.255 scope global secondary eth0:205
inet 65.211.35.206/25 brd 65.211.35.255 scope global secondary eth0:206
Thanks in advance,
Val
>From: Tom Eastep <teastep@shorewall.net>
>To: Val Vechnyak <vechnyak@hotmail.com>
>CC: "shorewall-users@shorewall.net"
<shorewall-users@shorewall.net>
>Subject: Re: [Shorewall-users] Aliases are added to the loopback?
>Date: Wed, 1 May 2002 12:55:26 -0700 (Pacific Daylight Time)
>
>On Wed, 1 May 2002, Val Vechnyak wrote:
>
> > Hi All,
> >
> > I am new to shorewall and have a newbie question.
> >
> > When shorewall is adding IP aliases (which it finds in NAT table) it
>seems
> > to be adding aliases to the loopback. Is this done for a particular
>reason?
> >
>
>It adds the address on whichever interface is named in the INTERFACE
>column.
>
> > Also, when I do ifconfig -a I dont see the aliases. is there a way to
>see
> > them?
>
>ip addr show <interface>
>
>-Tom
>--
>Tom Eastep \ Shorewall - iptables made easy
>AIM: tmeastep \ http://www.shorewall.net
>ICQ: #60745924 \ teastep@shorewall.net
>
_________________________________________________________________
Chat with friends online, try MSN Messenger: http://messenger.msn.com
On Wed, 1 May 2002, Val Vechnyak wrote:> Thanks Tom, > > However, ip addr show brought me to another question. > > I have a 25 network ( 126 IPs), but here is what it shows. > > 2: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 100 > link/ether 00:02:b3:5c:00:98 brd ff:ff:ff:ff:ff:ff > inet 65.213.121.70/25 brd 65.213.121.127 scope global eth0 > inet 65.213.121.50/32 scope global eth0 > inet 65.213.121.51/32 scope global eth0 > > I guess it is not picking up broadcast address. I have broadcast address > specified inside the interfaces file (i.e. it is NOT set to detect). These > aliases seem to be on a 32 net. >It doesn''t make any difference given that the addresses that Shorewall has added are within the same subnet. Specifying the netmask/broadcast again for each address is redundant. Note that if you wanted to add addresses in a DIFFERENT subnet then Shorewall would be doing the wrong thing and you would have to turn off IP_ADD_ALIASES and configure the addresses youself.> On my other system, where aliases are done via real files in > etc/sysconfig/network-scripts it looks different. Here is what I see > > 2: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 100 > link/ether 00:08:c7:db:cc:e2 brd ff:ff:ff:ff:ff:ff > inet 65.211.35.254/25 brd 65.211.35.255 scope global eth0 > inet 65.211.35.200/25 brd 65.211.35.255 scope global secondary eth0:200 > inet 65.211.35.201/25 brd 65.211.35.255 scope global secondary eth0:201 > inet 65.211.35.202/25 brd 65.211.35.255 scope global secondary eth0:202 > inet 65.211.35.203/25 brd 65.211.35.255 scope global secondary eth0:203 > inet 65.211.35.205/25 brd 65.211.35.255 scope global secondary eth0:205 > inet 65.211.35.206/25 brd 65.211.35.255 scope global secondary eth0:206 >Sure -- and it also puts the pretty eth0:nnn on each address; those don''t serve any purpose except to make legacy tools like ifconfig happy. -Tom -- Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ teastep@shorewall.net