LinuxQuestions.org
Did you know LQ has a Linux Hardware Compatibility List?
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices



Reply
 
Search this Thread
Old 04-14-2006, 05:14 PM   #1
vbsaltydog
Member
 
Registered: Nov 2005
Distribution: CentOS
Posts: 141

Rep: Reputation: 15
shorewall on centos


Task: setup shorewall with multiple public ips on a single external nic card to forward http and https requests to internal web server(s).

Proposed Solution: shorewall with 2 interfaces, external nic using aliases for multi-ip addressing and dnat rules for each public ip to each private ip for each secure domain.

Current problem: When I bind an alias to my external nic by copying the file /network-scripts/ifcfg-eth1 to /network-scripts/ifcfg-eth1:0 and then modifying the new file to suit new ip and card name and restarting the network service all seems well. The results of ifconfig show both nics and I can ping both addresses but I cant seem to get shorewall to recognize the eth1:0 nic.

Any advise is appreciated.

Also, is port forwarding for each alias the best solution or would 1 to 1 nat be better suited for this setup?
 
Old 04-14-2006, 09:50 PM   #2
javaroast
Member
 
Registered: Apr 2005
Posts: 130

Rep: Reputation: 18
From the Shorewall documentation http://www.shorewall.net/Shorewall_a...nterfaces.html

The ifconfig utility is being gradually phased out in favor of the ip utility which is part of the iproute package. The ip utility does not use the concept of aliases or virtual interfaces but rather treats additional addresses on an interface as objects in their own right.

ip addr add 206.124.146.178/24 dev eth0

I use this method on a corporate firewall that has over 30 IP's with no problems.
 
Old 04-14-2006, 09:53 PM   #3
vbsaltydog
Member
 
Registered: Nov 2005
Distribution: CentOS
Posts: 141

Original Poster
Rep: Reputation: 15
Quote:
Originally Posted by javaroast
ip addr add 206.124.146.178/24 dev eth0
where do you place this code and do you still need the ifcfg-ethX:X file under the network-scripts directory?
 
Old 04-15-2006, 03:57 AM   #4
javaroast
Member
 
Registered: Apr 2005
Posts: 130

Rep: Reputation: 18
I run mine in rc.local, because I have some other things running there and it's convenient for me. You won't need an ifcfg-ethX:X file as the ip address is assigned to the dev ethX that you use.
 
Old 04-17-2006, 01:19 AM   #5
vbsaltydog
Member
 
Registered: Nov 2005
Distribution: CentOS
Posts: 141

Original Poster
Rep: Reputation: 15
Thank you. I added the code to rc.local and it works great.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
shorewall config question with /etc/shorewall/rules peter72 Linux - Networking 3 01-01-2007 10:33 PM
Whats the differnce between Centos and CentOS? duffmckagan cAos 1 06-12-2005 01:23 PM
update centos 4 rc1 to centos 4 trou yum? maxut cAos 2 03-04-2005 03:36 AM
Centos 3.3 againstms Linux - General 3 12-24-2004 01:39 AM
CentOS Obie Linux - Security 3 05-10-2004 02:03 PM


All times are GMT -5. The time now is 12:26 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration