Shorewall users - Nov 2003 - Support for multiple IP''s per interface

Hi All,

Does shorewall support multiple IP addresses on an interface? I''d like
my NET interface to have as many public addresses as the number of internal
servers on the DMZ that I need to make accessible from the NET.

If this is supported, how do I manage the notation in the hosts file for the NET
zone.

Normally, 
net             eth0:0.0.0.0/0

But,
net2            eth0:1:0.0.0.0/0

looks kind of buggy, will it work? Is there a better way to implement this?

Thanks in advance

Ama

On Mon, 2003-11-17 at 11:04, Ama Kalu wrote:
> Hi All,
> 
> Does shorewall support multiple IP addresses on an interface? I''d
like my NET interface to have as many public addresses as the number of internal
servers on the DMZ that I need to make accessible from the NET.
> 
> If this is supported, how do I manage the notation in the hosts file for
the NET zone.
> 
> Normally, 
> net             eth0:0.0.0.0/0
> 
> But,
> net2            eth0:1:0.0.0.0/0
> 
> looks kind of buggy, will it work?
No.
> Is there a better way to implement this?
Please see:

	http://shorewall.net/Shorewall_and_Aliased_Interfaces.html.

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net

Thanks.

Kindly advice, what is the best way to implement the forgoing requirement? I 
just want to provide secure access to individual machines in my DMZ to users 
from the NET via the same outbound interface.

Ama

On Mon, 17 Nov 2003 11:11:19 -0800, Tom Eastep wrote
> On Mon, 2003-11-17 at 11:04, Ama Kalu wrote:
> > Hi All,
> > 
> > Does shorewall support multiple IP addresses on an interface?
I''d like
my NET interface to have as many public addresses as the number of internal 
servers on the DMZ that I need to make accessible from the
NET.
> > 
> > If this is supported, how do I manage the notation in the hosts file
for
the NET zone. 
> > 
> > Normally, 
> > net             eth0:0.0.0.0/0
> > 
> > But,
> > net2            eth0:1:0.0.0.0/0
> > 
> > looks kind of buggy, will it work?
> 
> No.
> 
> > Is there a better way to implement this?
> 
> Please see:
> 
> 	http://shorewall.net/Shorewall_and_Aliased_Interfaces.html.
> 
> -Tom
> -- 
> Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
> Shoreline,     \ http://shorewall.net
> Washington USA  \ teastep@shorewall.net
> 
> _______________________________________________
> Shorewall-users mailing list
> Post: Shorewall-users@lists.shorewall.net
> Subscribe/Unsubscribe: 
> https://lists.shorewall.net/mailman/listinfo/shorewall-users 
> Support: http://www.shorewall.net/support.htm FAQ: 
http://www.shorewall.net/FAQ.htm


--
Open WebMail Project (http://openwebmail.org)

On Mon, 2003-11-17 at 11:34, ama.kalu wrote:
> Thanks.
> 
> Kindly advice, what is the best way to implement the forgoing requirement?
I
> just want to provide secure access to individual machines in my DMZ to
users
> from the NET via the same outbound interface.
I personally prefer Proxy ARP -- see:

	http://shorewall.net/shorewall_setup_guide.htm.

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net