|
> > > so utilizing ipchains' -i flag with a forward chain, i can specify which
> > > device to send out from. like eth1 or eth2. is there any way i can make
> > > that even more narrow, and specify an ip alias somehow? ie: eth0:0 or
> > > eth0:1? that syntax doesn't seem to fly.
> >
> > Yep exactly, since all virtual interfaces inherit the entries of the
> > physical interface record. Therefore it is IMHO impossible to specify
> > the virtual interface with ipchains. But IIRC with ipfwadm you had the
> > additional -V <IP>. Rusty dropped that for ipchains and reintroduced it
> > in iptables ;)
> > It's a little but ugly, I know and I have not found a proper way around
> > it. If you don't dare, with the ipfwadm firewall tool you can do it. You
> > first set up two routes:
> > route add -host server1 dev eth0:0
> > route add -host server2 dev eth0:1
> > Then you do a normal masqerading setup with ipfwadm.
>
> i'll have to see if i can find a valid ipfwadm. it appears redhat 6.2's
> is just a wrapper to ipchains (and part of the ipchains rpm).
and unfortunately, as far as i can tell, there's no ipfwadm that works
with kernel 2.2.x.
http://www.xos.nl/linux/ipfwadm/versions.html
or is there a different place for ipfwadm now?
redhat's ipfwadm converts ipfwadm -V to some sort of -W to ipchains, which
is a flag ipchains doesn't even understand, from what i can tell. weird.
-tcl.
|
