190 lines
3.9 KiB
HTML
190 lines
3.9 KiB
HTML
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
|
|
<HTML
|
|
><HEAD
|
|
><TITLE
|
|
>( IP Aliasing ) - Can IP Masquerade work with only ONE Ethernet network card?</TITLE
|
|
><META
|
|
NAME="GENERATOR"
|
|
CONTENT="Modular DocBook HTML Stylesheet Version 1.7"><LINK
|
|
REL="HOME"
|
|
TITLE="Linux IP Masquerade HOWTO"
|
|
HREF="index.html"><LINK
|
|
REL="UP"
|
|
TITLE="Frequently Asked Questions"
|
|
HREF="faq.html"><LINK
|
|
REL="PREVIOUS"
|
|
TITLE="( IRC DCC ) - mIRC doesn't work with DCC Sends"
|
|
HREF="irc-dcc.html"><LINK
|
|
REL="NEXT"
|
|
TITLE="( Multiple-LANs ) - I have two MASQed LANs but they cannot communicate with
|
|
each other!"
|
|
HREF="multiple-lans.html"></HEAD
|
|
><BODY
|
|
CLASS="SECT1"
|
|
BGCOLOR="#FFFFFF"
|
|
TEXT="#000000"
|
|
LINK="#0000FF"
|
|
VLINK="#840084"
|
|
ALINK="#0000FF"
|
|
><DIV
|
|
CLASS="NAVHEADER"
|
|
><TABLE
|
|
SUMMARY="Header navigation table"
|
|
WIDTH="100%"
|
|
BORDER="0"
|
|
CELLPADDING="0"
|
|
CELLSPACING="0"
|
|
><TR
|
|
><TH
|
|
COLSPAN="3"
|
|
ALIGN="center"
|
|
>Linux IP Masquerade HOWTO</TH
|
|
></TR
|
|
><TR
|
|
><TD
|
|
WIDTH="10%"
|
|
ALIGN="left"
|
|
VALIGN="bottom"
|
|
><A
|
|
HREF="irc-dcc.html"
|
|
ACCESSKEY="P"
|
|
>Prev</A
|
|
></TD
|
|
><TD
|
|
WIDTH="80%"
|
|
ALIGN="center"
|
|
VALIGN="bottom"
|
|
>Chapter 7. Frequently Asked Questions</TD
|
|
><TD
|
|
WIDTH="10%"
|
|
ALIGN="right"
|
|
VALIGN="bottom"
|
|
><A
|
|
HREF="multiple-lans.html"
|
|
ACCESSKEY="N"
|
|
>Next</A
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
><HR
|
|
ALIGN="LEFT"
|
|
WIDTH="100%"></DIV
|
|
><DIV
|
|
CLASS="SECT1"
|
|
><H1
|
|
CLASS="SECT1"
|
|
><A
|
|
NAME="ALIASING"
|
|
></A
|
|
>7.28. ( IP Aliasing ) - Can IP Masquerade work with only ONE Ethernet network card?</H1
|
|
><P
|
|
><STRONG
|
|
>Yes and no</STRONG
|
|
>. With the "IP Alias" kernel
|
|
feature, users can setup multiple aliased interfaces such as eth0:1, eth0:2,
|
|
etc but its is NOT recommended to use aliased interfaces for IP Masquerading.
|
|
Why? Providing a secure firewall becomes very difficult with a single NIC
|
|
card. In addition to this, you will experience an abnormal amount of errors
|
|
on this link since incoming packets will almost simultaneously be sent out
|
|
at the same time. Because of all this and NIC cards now costs less than
|
|
$10, I highly recommend to just get a NIC card for each MASQed network segment.</P
|
|
><P
|
|
>Users should also understand that IP Masquerading will only work with a physical
|
|
interface such as eth0, eth1, etc. MASQing out an aliased interface such as
|
|
"eth0:1, eth1:1, etc" will NOT work. In other words, the following WILL NOT
|
|
WORK reliably:</P
|
|
><P
|
|
><P
|
|
></P
|
|
><UL
|
|
><LI
|
|
><P
|
|
>It is rumored that you can simply use the destination IP address (the IP
|
|
address associated with the ALIASed interface like eth0:1, etc.) IN PLACE
|
|
of specifing the interface (eth0:1). This solution is not untested --
|
|
please email dranch@trinnet.net if you have any positive or negative
|
|
results</P
|
|
></LI
|
|
><LI
|
|
><P
|
|
> /sbin/ipchains -A forward -i eth0:1 -s 192.168.0.0/24 -j MASQ"</P
|
|
></LI
|
|
><LI
|
|
><P
|
|
> /sbin/ipfwadm -F -a m -W eth0:1 -S 192.168.0.0/24 -D 0.0.0.0/0</P
|
|
></LI
|
|
></UL
|
|
> </P
|
|
><P
|
|
>If you are still interested in using aliased interfaces, you need to enable
|
|
the "IP Alias" feature in the kernel. You will then need to re-compile and
|
|
reboot. Once running the new kernel, you need to configure Linux to use the
|
|
new interface (i.e. eth0:1, etc.). After that, you can treat it as a
|
|
normal Ethernet interface with some restrictions like the one above.</P
|
|
></DIV
|
|
><DIV
|
|
CLASS="NAVFOOTER"
|
|
><HR
|
|
ALIGN="LEFT"
|
|
WIDTH="100%"><TABLE
|
|
SUMMARY="Footer navigation table"
|
|
WIDTH="100%"
|
|
BORDER="0"
|
|
CELLPADDING="0"
|
|
CELLSPACING="0"
|
|
><TR
|
|
><TD
|
|
WIDTH="33%"
|
|
ALIGN="left"
|
|
VALIGN="top"
|
|
><A
|
|
HREF="irc-dcc.html"
|
|
ACCESSKEY="P"
|
|
>Prev</A
|
|
></TD
|
|
><TD
|
|
WIDTH="34%"
|
|
ALIGN="center"
|
|
VALIGN="top"
|
|
><A
|
|
HREF="index.html"
|
|
ACCESSKEY="H"
|
|
>Home</A
|
|
></TD
|
|
><TD
|
|
WIDTH="33%"
|
|
ALIGN="right"
|
|
VALIGN="top"
|
|
><A
|
|
HREF="multiple-lans.html"
|
|
ACCESSKEY="N"
|
|
>Next</A
|
|
></TD
|
|
></TR
|
|
><TR
|
|
><TD
|
|
WIDTH="33%"
|
|
ALIGN="left"
|
|
VALIGN="top"
|
|
>( IRC DCC ) - mIRC doesn't work with DCC Sends</TD
|
|
><TD
|
|
WIDTH="34%"
|
|
ALIGN="center"
|
|
VALIGN="top"
|
|
><A
|
|
HREF="faq.html"
|
|
ACCESSKEY="U"
|
|
>Up</A
|
|
></TD
|
|
><TD
|
|
WIDTH="33%"
|
|
ALIGN="right"
|
|
VALIGN="top"
|
|
>( Multiple-LANs ) - I have two MASQed LANs but they cannot communicate with
|
|
each other!</TD
|
|
></TR
|
|
></TABLE
|
|
></DIV
|
|
></BODY
|
|
></HTML
|
|
> |