Hello all. I''m just about to set up a couple of firewalls using Linux Netfilter and I just discovered Shorewall yesterday. It looks fantastic. I had one question though about the 1.4 beta. In the changes, it states: Interface names of the form <device>:<integer> in /etc/shorewall/interfaces now generate an error. I don''t understand that. If it won''t take interfaces with the form "eth0:1" any more, then how are you now supposed to deal with multiple external IP addresses on one NIC? I have four "real" IP addresses from my ISP, and I want to use static NAT to route three of those to three of the internal machines behind the firewall. So far the only way I''ve seen to do that is to set up eth0:1, eth0:2, and eth0:3. Is there another way to assign multiple IP addresses to one NIC? Thanks. -- Dan ________________________________________________________________________ Dionysos@Dionysia.org Daniel G. Delaney www.Dionysia.org/~dionysos/
--On Saturday, March 01, 2003 11:24:56 AM -0500 Dan Delaney <dionysos@Dionysia.org> wrote:> Hello all. > > I''m just about to set up a couple of firewalls using Linux Netfilter > and I just discovered Shorewall yesterday. It looks fantastic. I had > one question though about the 1.4 beta. In the changes, it states: > > Interface names of the form <device>:<integer> in > /etc/shorewall/interfaces now generate an error. > > I don''t understand that. If it won''t take interfaces with the form > "eth0:1" any more, then how are you now supposed to deal with > multiple external IP addresses on one NIC? I have four "real" IP > addresses from my ISP, and I want to use static NAT to route three > of those to three of the internal machines behind the firewall. So > far the only way I''ve seen to do that is to set up eth0:1, eth0:2, > and eth0:3. Is there another way to assign multiple IP addresses to > one NIC? >a) Aliases of that form HAVE NEVER BEEN SUPPORTED by iptables!!! Shorewall just catches the error earlier under 1.4. b) If you read the Shorewall setup guide (http://www.shorewall.net/shorewall_setup_guide.htm), I think you''ll find that it will give you everything you need to know. c) There is also a FAQ (FAQ #18) that discusses this issue. -0Tom -- Tom Eastep \ Shorewall - iptables made easy Shoreline, \ http://www.shorewall.net Washington USA \ teastep@shorewall.net
--On Saturday, March 01, 2003 08:39:44 AM -0800 Tom Eastep <teastep@shorewall.net> wrote:> > a) Aliases of that form HAVE NEVER BEEN SUPPORTED by iptables!!! > Shorewall just catches the error earlier under 1.4. b) If you read the > Shorewall setup guide > (http://www.shorewall.net/shorewall_setup_guide.htm), I think you''ll find > that it will give you everything you need to know. c) There is also a FAQ > (FAQ #18) that discusses this issue. >And if you decide to experiment with the 1.4 Beta, the documentation as always is in the ''documentation'' directory in the tarball and is installed in your site documentation directory when you install the RPM. "rpm -l shorewall" will show you where the HTML files are located. -Tom -- Tom Eastep \ Shorewall - iptables made easy Shoreline, \ http://www.shorewall.net Washington USA \ teastep@shorewall.net
--On Saturday, March 01, 2003 08:47:00 AM -0800 Tom Eastep <teastep@shorewall.net> wrote:> installed in your site documentation directory when you install the RPM. > "rpm -l shorewall" will show you where the HTML files are located.Ooops -- make that "rpm -ql shorewall" -Tom -- Tom Eastep \ Shorewall - iptables made easy Shoreline, \ http://www.shorewall.net Washington USA \ teastep@shorewall.net
On Sat, 1 Mar 2003, Tom Eastep wrote:> b) If you read the Shorewall setup guide > (http://www.shorewall.net/shorewall_setup_guide.htm), I think you''ll find > that it will give you everything you need to know.Great. Thanks. I''ll check it out. -- Dan ________________________________________________________________________ Dionysos@Dionysia.org Daniel G. Delaney www.Dionysia.org/~dionysos/ ------------------------------------------------------------------------ Failure is not an option--it comes built into Windows.