LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
Reload this Page iptables and virtual interfaces
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 07-05-2004, 02:04 AM   #1
redhat_help
LQ Newbie
 
Registered: Mar 2004
Posts: 7

Rep: Reputation: 0
iptables and virtual interfaces

What i wanted to do was to have 2 web servers having private IPs( Ex: 192.168.128.5 and 192.168.128.6 on the 255.255.255.0 subnet). The hub connecting these machines would be connected to my Linux firewall machine. In other words the private IPs are the ones that make my DMZ, I shall call this interface which is connected to the DMZ as eth1.
What i want to do is redirect all requests to 64.24.12.45 to 192.168.128.5 and 64.24.12.46 to 192.168.128.6 at the moment i have no problem in doing the natting and everything related to send/receive from the 64.24.12.45.
What i thought was to have a virtual interface and bind the other internet routable address to it, ex eth0:0. What are my options?
Also how could i do the POSTROUTING SNAT if I cannot use virtual in terfaces?
 
Old 07-06-2004, 08:04 PM   #2
Capt_Caveman
Senior Member
 
Registered: Mar 2003
Distribution: Fedora
Posts: 3,658

Rep: Reputation: 69
iptables doesn't support virtual ip aliasing. So you really have two ways to do this. First you can buy new NICs for the additional IPs.

Alternatively, you can setup virtual IPs like you've explained. Despite the fact that iptables doesn't support IP aliases, it will recognize traffic on the virtual interface as being on the same device as the normal interface device (so eth0:0 and eth0:1 would both appear as eth0 to iptables). The trick then, is to use other attributes of the packets to distinguish how the SNATing should work.

For example say you want all web traffic being NATed from one of the internal boxes to be SNATed as one IP and all traffic coming from the other internal webserver to get SNATed as the other external IP. In this case you could use the type of traffic (http) and the source address (192.168.128.5 or 192.168.128.6) and the interface the traffic would be leaving(eth0) to define the SNATing:

iptables -t nat -A POSTROUTING -p tcp --sport 80 -o eth0 -s 192.168.128.5 -j SNAT --to-source 64.24.12.45

iptables -t nat -A POSTROUTING -p tcp --sport 80 -o eth0 -s 192.168.128.6 -j SNAT --to-source 64.24.12.46

You might have to tinker around with the other rules as well, but hopefully that will give you a start.
 
Old 03-19-2006, 03:24 PM   #3
stomach
Member
 
Registered: Sep 2005
Distribution: Debian
Posts: 202

Rep: Reputation: 30
You find that I can decide the problem using iproute (IP addr)?
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Virtual Interfaces on Linux kidskc Linux - Networking 0 05-12-2005 03:36 PM
Virtual Interfaces geony Linux - Networking 6 02-13-2005 11:25 AM
Virtual Interfaces linuxboy69 Linux - Networking 1 12-31-2003 03:08 PM
Virtual Interfaces da_tibmeister Linux - Networking 2 10-15-2003 09:32 AM
Virtual Network Interfaces pickledbeans Linux - Networking 1 07-11-2002 09:08 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 10:07 PM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration