I''m looking for some instructions to get MRTG working with aliases interfaces (eth0:1, etc). One answer that I got was that I need a tool to count the packets, because kernel cannot do that. Can I do this with Shorewall? Thanks Danilo. __________________________________________________________________________ Acabe com aquelas janelinhas que pulam na sua tela. AntiPop-up UOL - ? gr?tis! http://antipopup.uol.com.br/
On Fri, 2003-10-03 at 14:28, danilohaliz wrote:> I''m looking for some instructions to get MRTG working > with aliases interfaces (eth0:1, etc). One answer that I > got was that I need a tool to count the packets, because > kernel cannot do that. > > Can I do this with Shorewall? >No modern product has much support for aliased interfaces given that the 2.4 Kernels have almost no support for them. Shorewall''s limited support for aliased interfaces is described in the documentation (HINT: It is listed under "Aliased Interfaces" in the documentation index). You may be able to accomplish what you want indirectly using the new IP Accounting facility in the 1.4.7 prereleases (current prerelease is RC2). The documentation may be found under "Accounting" in the index. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net
At 15:47 10/3/2003, you wrote:>No modern product has much support for aliased interfaces given that the >2.4 Kernels have almost no support for them.Tom, I''ve used aliased interfaces in the past for various reasons, including most importantly a public server with multiple IP addresses on the same external interface, so that one SSL site is on one IP, another SSL on a second IP, etc. By your comment above I presume that such support is "going away"... how is one supposed to assign 20 different IP addresses to a single interface in the future, then? And does Shorewall support that method? Thanks! -- Rodolfo J. Paiz rpaiz@simpaticus.com
On Fri, 2003-10-03 at 16:01, Rodolfo J. Paiz wrote:> > I''ve used aliased interfaces in the past for various reasons, including > most importantly a public server with multiple IP addresses on the same > external interface, so that one SSL site is on one IP, another SSL on a > second IP, etc. By your comment above I presume that such support is "going > away"... how is one supposed to assign 20 different IP addresses to a > single interface in the future, then? And does Shorewall support that method? >Rodolfo -- you should read the same page that I referred the previous poster to. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net
----- Original Message ----- From: "Tom Eastep" <teastep@shorewall.net>> > Rodolfo -- you should read the same page that I referred the previous > poster to. >Tom, the way we do it on our webserver is via the dummy module. we are using debian, but it is probably something similar in redhat. contents of /etc/network/interfaces: # CLIENT IP ADDRESSES 170 - 181 # SSL / Keston Holdings auto dummy0 iface dummy0 inet static address xx.xx.xx.170 netmask 255.255.255.0 # SSL / Solutions First auto dummy1 iface dummy1 inet static address xx.xx.xx.171 netmask 255.255.255.0 # SSL / National Investor Database auto dummy2 iface dummy2 inet static address xx.xx.xx.176 netmask 255.255.255.0 pre-up /sbin/insmod -o dummy3 dummy # SSL / Rohan Trading auto dummy3 iface dummy3 inet static address xx.xx.xx.178 netmask 255.255.255.0 pre-up /sbin/insmod -o dummy4 dummy output of lsmod: sumo:/home/dave# lsmod Module Size Used by Not tainted dummy3 1108 1 dummy4 1108 1 dummy2 1108 1 dummy 1108 1 aic7xxx 117684 0 8139too 13992 1 mii 2208 0 [8139too] so we just keep aliasing the dummy module and adding interfaces. would shorewall support that method? we don''t have shorewall on that machine currently - it only hosts websites and mail, but that method is not mentioned - would it work for our poster? dave