|
Roberto Nibali wrote:
> Joe, there are some issues with the text:
so drugphish is back on the internet? Good to see
will go fix up the text.
> o the basic problem with route/netstat -rn is, that they only see the
> main table, which is rather limited.
>
> o iproute2 very well knows the notion of ip aliases by using labels just
> like ifconfig.
I didn't realise this. I thought the idea was to abandon aliases/labels
and assign new interfaces for each IP. I assumed labels was backward
compatibility feature only.
It's not up to the tool to decide if labels work or
> not. The misconception people have with ip aliasing is that people
> think an aliased interface is a logically separated interface while
> it is _not_. And this is the case since 2.1.128 or so.
>
> o ipchains doesn't recognize alias neither because since the _2.2.x_
> kernel we moved to the iproute2 architecture, not in the 2.4.x as
> the howto lists.
will fix, I don't remember when the changeover occured.
Packet filtering on aliased stopped working after
> the decay of ipfwadm in the old 2.0.x kernel days. Today you can
> still filter on so-called ip aliased but as the name implies you
> specify the IP ADDRESSS as a classifier and if you want to restrict
> it you add the underlying _physical_ interface definition to the
> classifying rule.
>
> o iproute2 is compatible with ifconfig/route/netstat but not vice versa.
> The two biggest issues people new to iproute2 have to struggle with
> are:
>
> + if you add secondary ip addresses without a label (alias interface)
> ifconfig is confused and doesn't print the information
OK
> + if you add rules for branching into different routing tables than
> the main routing table, route or netstat -rn will not show you those
> routes. This also the case for blackhole, throw, unreachable and
> prohibit routes.
my problem with iproute2 is the horrible syntax.
It's impossible to script. All this other stuff is fine by me.
> If you guys are interested I'll offer my first semi-official release of
> some of the replacement tools I've written for ifconfig/route. You can
> download them from (just uploaded):
>
> http://www.drugphish.ch/~ratz/iproute2/
great. I'll put it in the HOWTO
Joe
--
Joseph Mack PhD, High Performance Computing & Scientific Visualization
SAIC, Supporting the EPA Research Triangle Park, NC 919-541-0007
Federal Contact - John B. Smith 919-541-1087 - smith.johnb@xxxxxxx
|
