Netfilter + IP Aliasing + Linux Pre Kernels.

Stef telford stef@chronozon.dyndns.org
Sun, 16 Apr 2000 13:17:10 CDT 


Sampsa wrote:
> You can just type:
>  /sbin/ip addr add 10.1.1.2/24 dev eth0
>  /sbin/ip addr add 10.1.1.3/24 dev eth0 label eth0:0
>  /sbin/ip addr add 10.2.0.4/16 dev eth0 label eth0:1
> 
> Works fine even if you leave the label part away.. No need for IP alias
> to be different kernel option, does not make sense to me..

hrrmm. Does this work under 2.4 (pre) ? I dont think it does, 
least not the way I tried it. I have the iproute2 package installed
and i do _not_ have ipfwadm.o or ipchains.o in the module directory
(i moved the location as the modprobing of iptable_nat wouldnt
work with them located in the directory)

I assume that the packages of iproute2 work with the backwards
compatible code from 2.2, which i dont have :<

> But the problem you're facing is maybe not problem on setting up this
> environment but other computers seeing your computer. If you can locally
> access (read ping) to both of these addresses, they should be set up
> fine.

yeah, they are okay. using aliasing code, it _was_ working around 2.3.50
but as soon as we hit the 'pre' series something happened. I dont know
quite what, but i _know_ that this setup has worked before.
 
> It may be up to your route setup or other things, too, just a guess..
> Do a double check the broadcast addresses and netmasks!
>

would love to find it was something that simple.

/sbin/ifconfig eth0 up
/sbin/ifconfig eth0 24.112.191.209
/sbin/ifconfig eth0:1 192.168.2.2 
/sbin/route add -net 192.168.2.0 netmask 255.255.255.0 dev eth0:1
/sbin/route add -host 192.168.2.2 dev eth0:1
/sbin/route add -net 24.112.190.0 netmask 255.255.254.0 dev eth0
/sbin/route add -host 24.112.191.209 dev eth0
/sbin/route add default gw 24.112.190.1

to setup the devices and then the routes

iptables -A POSTROUTING -t nat -o eth0 -j MASQUERADE

then doing a 

iptables -t nat -L 

shows the rule is in place. No errors are printed out to the screen 
during any of these steps/stages.
Doing a 

iptables -C POSTROUTING -t nat -s 192.168.2.10 -d mail.yahoo.com -p tcp -i
eth0 -o eth0

brings up a segfault. If i try to specify the -i as eth0:1 it says 
it doesnt allow aliases :'( as I have said before, the exact
same setup _was_ working, but it seems to have broken 
someplace along the line. of course, if this is a user
error, then please point it out, hit me, and call me
names ;)
 

regards,
Stefs