I need to aliases ip addess to set this computer ([2]) to be a router, (in general, it needs 2 interfaces? true).

My purpose is to set my ethernet that all traffic from [1] to [3] via [2], even though all of them share a common hub.

Thanks

Yes your computer usually needs two interfaces to route, one goes to your internal network of computers and the other to the internet. These do not have to be ethernet and are preferrably not two IP addresses on one network card.

So, does [2] have the internet connection and you want [1] and [3] to share it? Do you want [1] and [3] to not connect to each other unless they use [2]? Where is the internet connection and what type is it and how does it connect to all this like with ethernet plug or USB to one of the computers?

Connecting to internet seems to not meet with my problems.

All of three computer are connected to internet. They have their network card themself. I want to mantain the lan architecture ( All computers connects to hub and therefore, from hub to internet).

Architecture:

internet
^
|
[1] ------ [hub]-----[3]
|
|
[2]

But my work is to set computer [2] in order to:
If [1] want to communicate with [3], it is forced to via [2].

so I set [1] and [2] to a subnet
[2] and [3] to a subnet


Have you has any suggestion.

sorry, mistyped causes wrong architecture.

the correct one is


internet
|
[hub]----[3]
| |
| |_ [2]
[1]

internet
|
|
[hub]----[3]
| |
| |_
| [2]
|
[1]

So you didn't mention it but I take it that your internet connection is something like DSL with an ethernet plug going into your hub. Also if all the computers work now then either the DSL is a NAT router (sometimes called a firewall) or your hub isn't a hub but a NAT router or your ISP lets you take 3 IPs off it's connection.

If you are sharing a common hub then it's a bad idea to route through two IP addresses on one network card, first due to redundant data (each piece of info goes through the hub twice, once coming into [2] and again going out of it) and second because it breaks ethernet and tcp/ip rules and is considered a hack.

So is your goal this:

internet
|
[2]
|
[hub]--[3]
|
[1]

or something different?

if you have all the computers on a hub and they can communicate then there is no need to set up a router and again it breaks ethernet rules which means it can be done but isn't suggested and causes more activity on the network without adding anything benificial. Even if you just want to set it up to learn how, here is the first lesson: don't route across multiple aliases on one interface, Only really weird networks like NASA's are set up that way ;-)

Thanks for your advice .
The "bad" idea of communicating with 2 alias address comes from one of my practice exercise. :-)
But , thanks, anyway.

If you just want two IP addresses that isn't bad, it's used commercially for say a web server that is one machine that answers to different IP addresses. It just isn't used to route from one to the other, maybe one of us wasn't understanding the other correctly.

Say you want:
eth0:1 as 192.168.0.4 mask 255.255.255.0
eth0:2 as 192.168.0.5 mask 255.255.255.0

so when you go to http://192.168.0.4 or http://192.168.0.5 you use one machine, this is OK as long as both aliases are on the same subnet.

but what you don't do is:
eth0:1 as 192.168.0.1 mask 255.255.255.0
eth0:2 as 192.168.1.1 mask 255.255.255.0

Which puts one physical interface on two different subnets which is the "bad" idea, not that it doesn't work.

FYI if it's school homework you are supposed to do it yourself and not get answers from us, see http://www.linuxquestions.org/questi...threadid=42356

It is not homework. When reading Linux Admin's guide to alias ip addr, I try doing an idea. Because I have no teacher, I need some advice from you.

But what should I do if I have only 3 computers, with 3 NIC and
I want to test the netfilter. Certainly, the work is to set iptables and tc in a computer that I call an imitative router . But the net architecture must suit to test.

NICs are really cheap, if you are really strapped for cash look for a used one on eBay. If you are just seeing how it works then you can go ahead and break some rules, maybe just to see if you can get it set up. I'm sure the way you should set it up if you planned on keeping it that way is posted in this networking forum in many of the threads, it's usually done with 2 NICs, one connected to the internal hub and one going out to the internet. If you want to try it out and can't pop a second NIC in the router than try it with the aliases. You just have to be careful to note which machines are set up for which IP subnet since there is no physical seperation of the two you can have problems like DHCP giving a network card the wrong address or other protocols like IPX will simply ignore the two TCP/IP segments and connect the two computers together.

*WARNING: I highly recomend against a setup like this for a production network including permanantly setting up a home network like this; Besides the fact that it adds another level of complexity it could also add needless traffic to your hub and possibly even your internet pipe which would eat bandwidth. In essence your internal network would not be secure since the wire carries data from both sides of the firewall. Some public cable modem and DSL connections are also set up in a "bridge mode" which means any yahoo in your neighborhood with the same service and a packet sniffer can break into your home network by just ignoring your firewall (since they can "see" the inside network.) Even if your internet connection isn't set up in a bridge mode your internal LAN can still be easily compromised by anyone at your ISP.

Could I contact with you individualy.
I think that I will be not to post my several (stupid :-) ) questions about this problem in this forum.
On the other hand, I want to solve this problem.

Do you think about the idea to set [2] to [1] and [3] default gateway. But the sequence problem is that how to prevent the direct communicate between [1] and [3].

They put my lan(3 computer) in a room and have only one link to a firewall (not in my room). So I think that whatever I do in this forum does not effect to the security because my room is inside the firewall.

You're questions aren't "stupid", the TCP/IP and Ethernet protocols were set up by a bunch of really smart people with an assumption that the "average home user" would never have to know the gory details of how it all works and would never set up any esotric configurations at home. They also assumed we would never run out of IP addresses for The Internet...

If you want, you can get my email address off the info on this message board but the whole idea of the forum is that everyone can contribute to your solution and learn from it; I'm just the loudest voice at the moment which doesn't mean I'm the only one here who has an answer for you

Now I have a normal solution by borrowing an network card from my friend.
But we'd better turn back to solve this problem mentioned above.

Hi KenvinJ, I think my setting of address is ok

[1] 192.168.0.58 netmask 255.255.255.224/27 (subnet 2 of 8)
[2] has 2 alias addresses:
192.168.0.36 netmask 255.255.255.224/27 (subnet 2 )
192.168.0.70 netmask 255.255.255.224/27 (subnet 3 of 8)
[3] 192.168.0.91 netmask 255.255.255.224/27 (subnet 3 of 8)

has it some thing wrong?

Anyone reading this thread who doesn't know why the netmasks below end in 224 not 0 don't worry, it's more advanced TCP/IP "schtuff" and doesn't apply to 95% of the networks you will ever be exposed to unless you work for NASA*.

No, it's just confusing! I had to get out scratch paper to double check the subnets. That's why 24 bit subnets are popular, much simpler. (Don't worry, I did stuff like that when I was learning how TCP/IP worked.)

Anyhow, [2] has to have routing turned on and [1] and [3] have to have gateway point to the local address on [2] and then it should work.

See if [1] and [3] can ping their sides of [2]
have 192.168.0.91 ping 192.168.0.70 and
192.168.0.58 ping 192.168.0.36

Then see if they can ping the other side of [2]
have 192.168.0.91 ping 192.168.0.36 and
192.168.0.58 ping 192.168.0.70

Then see if [1] can ping [3], or post how far you get.

*this doesn't refer to anything about being a "rocket scientist" but rather to the pseudo-cryptic way the network admins at our beloved space agency, and the government in general, subnet their networks.