|
tc lewis wrote:
>
> so utilizing ipchains' -i flag with a forward chain, i can specify which
> device to send out from. like eth1 or eth2. is there any way i can make
> that even more narrow, and specify an ip alias somehow? ie: eth0:0 or
> eth0:1? that syntax doesn't seem to fly.
Yep exactly, since all virtual interfaces inherit the entries of the
physical interface record. Therefore it is IMHO impossible to specify
the virtual interface with ipchains. But IIRC with ipfwadm you had the
additional -V <IP>. Rusty dropped that for ipchains and reintroduced it
in iptables ;)
It's a little but ugly, I know and I have not found a proper way around
it. If you don't dare, with the ipfwadm firewall tool you can do it. You
first set up two routes:
route add -host server1 dev eth0:0
route add -host server2 dev eth0:1
Then you do a normal masqerading setup with ipfwadm.
> what i'm looking to do is have 1 machine do masq for 2 machines behind it,
> but have the source address on outgoing packets be different for each of
> those 2 backend machines. apparently this is easy with 2 separate
> physical interfaces, but the ips for outgoing connections are both ip
> aliases, so i was wondering if that was possible. perhaps with more
> policy routing, maybe via fwmark stamps? or is there an easier way?
iproute2 or fwmarking is what you need if not the first solution.
Best regards,
ratz
--
mailto: `echo NrOatSz@xxxxxxxxx | sed 's/[NOSPAM]//g'`
|
