Re: Ip-aliasing et noyau 2.2.17

To: debian-french@lists.debian.org
Subject: Re: Ip-aliasing et noyau 2.2.17
From: Geoffroy FOUQUIER <geoffroy.fouquier@lrde.epita.fr>
Date: Fri, 25 Aug 2000 14:08:54 +0200
Message-id: <[🔎] 39A661D6.6EF9A0CA@lrde.epita.fr>
References: <[🔎] 39A652E7.A3B73F2D@juliana-multimedia.com>

frederic massot wrote:
> 
> Boujour,
> 
> Avant que je passe a un noyau de la serie 2.2, je faisais de l'ip
> aliasing avec les noyaux de la serie 2.0.
> 
> En passant a un noyau 2.2, et en activant l'option "IP: aliasing
> support" du noyau, j'ai l'impression que ca ne fonctionne plus comme
> avant.
> 
> [...]

	J'utilise l'IPaliasing sur une potato avec un 2.2.4
et effectivement les fichiers dans /proc/net n'existent plus,
ifconfig et route se comportent de la même manière.

	Par contre, si ça ne marche pas, c'est peut-être à
cause d'ipmasq, difficilement compatible avec l'ipaliasing:

http://www.linuxdoc.org/HOWTO/IP-Masquerade-HOWTO-7.html

[...]
7.25 Can IP Masquerade work with only ONE Ethernet network card (IP
Aliasing)? 

Yes and no. With the "IP Alias" kernel feature, users can setup multiple
aliased interfaces such as eth0:1, eth0:2, etc but its is NOT
recommended to use aliased
interfaces for IP Masquerading. Why? Providing a secure firewall becomes
very difficult with a single NIC card. In addition to this, you will
experience an abnormal
amount of errors on this link since incoming packets will almost
simultaneously be sent out at the same time. Because of all this and NIC
cards now cost less than $10, I
highly recommend to just get a NIC card for each MASQed network segment. 

Users should also understand that IP Masquerading will only work out a
physical interface such as eth0, eth1, etc. MASQing out an aliased
interface such as "eth0:1,
eth1:1, etc" will NOT work. In other words, the following WILL NOT WORK: 

       /sbin/ipfwadm -F -a m -W eth0:1 -S 192.168.0.0/24 -D 0.0.0.0/0 
       /sbin/ipchains -A forward -i eth0:1 -s 192.168.0.0/24 -j MASQ" 

If you are still interested in using aliased interfaces, you need to
enable the "IP Alias" feature in the kernel. You will then need to
re-compile and reboot. Once running the
new kernel, you need to configure Linux to use the new interface (i.e.
/dev/eth0:1, etc.). After that, you can treat it as a normal Ethernet
interface with some restrictions
like the one above. 
[...]

-- 
.sigh
	Geoffroy FOUQUIER
	Geoffroy.Fouquier@lrde.epita.fr

Reply to:

References:
- Ip-aliasing et noyau 2.2.17
  - From: frederic massot <frederic@juliana-multimedia.com>

Prev by Date: Ip-aliasing et noyau 2.2.17
Next by Date: Formation
Previous by thread: Ip-aliasing et noyau 2.2.17
Next by thread: Formation
Index(es):
- Date
- Thread