#19 Multiple IPs on an interface

closed-works-for-me
None
1
2010-03-10
2010-01-15
Les
No

I only have one physical interface that I am using but it is a web hosting server and has about 30 IP addresses assigned to it. Technically it is multiple interfaces I guess, eth0 eth0:1 eth0:2 and so on...

Since some policy rules such as the anti-spoofing rule require an interface, I guess I need to add all of those to that rule. What is the best way to do this? Do I just assign the eth0 interface an IP range or do I actually need to define all those as separate interfaces?

I discovered this the hard way when the fw script killed all my sub interfaces leaving many websites down :(

Discussion

  • Vadim Kurland

    Vadim Kurland - 2010-01-15

    you add all these ip addresses as child objects to the interface eth0 object, then use interface object in the rule.

    Firewall Builder Users Guilde talks about it in section 6.1.7.4 "Using Objects With Multiple Addresses in the Policy and NAT rules"

    http://www.fwbuilder.org/docs/users_guide/working-with-objects.htm#AEN1631

    eth0:1, eth0:2 are not real interfaces, they are just labels on virtual ip addresses that belong to interface eth0. You can see this if you use command "ip addr show".

     
  • Vadim Kurland

    Vadim Kurland - 2010-01-15
    • priority: 5 --> 1
    • assigned_to: nobody --> vkurland
    • status: open --> open-works-for-me
     
  • Vadim Kurland

    Vadim Kurland - 2010-03-10
    • status: open-works-for-me --> closed-works-for-me
     

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:





No, thanks