On Wed, 2004-12-22 at 15:31 -0800, Tom Eastep wrote:> On Wed, 2004-12-22 at 21:53 +0100, Bastian Boday wrote:
> > Hello
> >
> > I''m new to the list.
> > I installed a vserver (http://www.linux-vserver.org/) on my gentoo
server
> > As network interface is used an alias (eth1:0)
> > eth1 is the card of my "loc" zone. eth1:0 has an address
from the same
> > subnet
> > from the vserver I can connect to eth0 but not to the internet. From
my
> > local net everything works fine.
> > I have an entry in "mask" for eth1 which works, but for
eth1:0 I think
> > snat works not.
> >
> > Any help would be appreciated
>
> These articles should help:
>
> a) http://shorewall.net/Shorewall_and_Aliased_Interfaces.html
> b) http://shorewall.net/Multiple_Zones.html
One other thought -- if eth1:0 is configured with a different subnetwork
from that of eth1 AND that if the subnetwork is not yet configured when
Shorewall is started (there is no route to that subnetwork out of eth1)
then Shorewall will not create SNAT rules for the subnetwork if you just
put "eth1" in the SUBNET column of the /etc/shorewall/masq file. You
need an entry in that file that explicitly specifies the second subnet
in the SUBNET column.
-Tom
--
Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ teastep@shorewall.net
PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key