[Firehol-support] Multiple IP addresses
Carlos Rodrigues
carlos.efr at mail.telepac.pt
Mon Nov 27 20:42:58 GMT 2006
On 11/27/06, Marcus Williams <marcus at quintic.co.uk> wrote:
>
> On 27/11/2006 15:48, Carlos Rodrigues wrote:
> > This happens bacause the rules you have above are being applied to
> > eth0 and not eth0:1. eth0 never sees traffic for that address and
> > eth0:1 gets the default rules (which block everything).
>
> Hmmmm - I set up a alias on one of my NICs and it seemed to inherit all
> of eth0 settings. I've got eth0:0 set up as a different IP but it lets
> me ssh in and blocks web just like eth0. I havnt added a rule for eth0:0
> though.
You're right.
Then, in his case, the eth0 interface must have a dst rule that includes the
alias address, or no dst rule at all. Then, a rule can be added
conditionally opening the required ports. Something like this:
interface eth0 name dst "$eth0_address $eth0:1_address"
...
server someservice accept with dst "$eth0:1_address"
...
I guess this should work.
--
Carlos Rodrigues
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.firehol.org/pipermail/firehol-support/attachments/20061127/62cb09d7/attachment-0003.html>
More information about the Firehol-support
mailing list