|
On Mon, 13 Nov 2000, ratz wrote:
> tc lewis wrote:
> >
> > so utilizing ipchains' -i flag with a forward chain, i can specify which
> > device to send out from. like eth1 or eth2. is there any way i can make
> > that even more narrow, and specify an ip alias somehow? ie: eth0:0 or
> > eth0:1? that syntax doesn't seem to fly.
>
> Yep exactly, since all virtual interfaces inherit the entries of the
> physical interface record. Therefore it is IMHO impossible to specify
> the virtual interface with ipchains. But IIRC with ipfwadm you had the
> additional -V <IP>. Rusty dropped that for ipchains and reintroduced it
> in iptables ;)
> It's a little but ugly, I know and I have not found a proper way around
> it. If you don't dare, with the ipfwadm firewall tool you can do it. You
> first set up two routes:
> route add -host server1 dev eth0:0
> route add -host server2 dev eth0:1
> Then you do a normal masqerading setup with ipfwadm.
i'll have to see if i can find a valid ipfwadm. it appears redhat 6.2's
is just a wrapper to ipchains (and part of the ipchains rpm).
-tcl.
|
