<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <HTML ><HEAD ><TITLE >( IP Aliasing ) - Can IP Masquerade work with only ONE Ethernet network card?</TITLE ><META NAME="GENERATOR" CONTENT="Modular DocBook HTML Stylesheet Version 1.7"><LINK REL="HOME" TITLE="Linux IP Masquerade HOWTO" HREF="index.html"><LINK REL="UP" TITLE="Frequently Asked Questions" HREF="faq.html"><LINK REL="PREVIOUS" TITLE="( IRC DCC ) - mIRC doesn't work with DCC Sends" HREF="irc-dcc.html"><LINK REL="NEXT" TITLE="( Multiple-LANs ) - I have two MASQed LANs but they cannot communicate with each other!" HREF="multiple-lans.html"></HEAD ><BODY CLASS="SECT1" BGCOLOR="#FFFFFF" TEXT="#000000" LINK="#0000FF" VLINK="#840084" ALINK="#0000FF" ><DIV CLASS="NAVHEADER" ><TABLE SUMMARY="Header navigation table" WIDTH="100%" BORDER="0" CELLPADDING="0" CELLSPACING="0" ><TR ><TH COLSPAN="3" ALIGN="center" >Linux IP Masquerade HOWTO</TH ></TR ><TR ><TD WIDTH="10%" ALIGN="left" VALIGN="bottom" ><A HREF="irc-dcc.html" ACCESSKEY="P" >Prev</A ></TD ><TD WIDTH="80%" ALIGN="center" VALIGN="bottom" >Chapter 7. Frequently Asked Questions</TD ><TD WIDTH="10%" ALIGN="right" VALIGN="bottom" ><A HREF="multiple-lans.html" ACCESSKEY="N" >Next</A ></TD ></TR ></TABLE ><HR ALIGN="LEFT" WIDTH="100%"></DIV ><DIV CLASS="SECT1" ><H1 CLASS="SECT1" ><A NAME="ALIASING" ></A >7.28. ( IP Aliasing ) - Can IP Masquerade work with only ONE Ethernet network card?</H1 ><P ><STRONG >Yes and no</STRONG >. With the "IP Alias" kernel feature, users can setup multiple aliased interfaces such as eth0:1, eth0:2, etc but its is NOT recommended to use aliased interfaces for IP Masquerading. Why? Providing a secure firewall becomes very difficult with a single NIC card. In addition to this, you will experience an abnormal amount of errors on this link since incoming packets will almost simultaneously be sent out at the same time. Because of all this and NIC cards now costs less than $10, I highly recommend to just get a NIC card for each MASQed network segment.</P ><P >Users should also understand that IP Masquerading will only work with a physical interface such as eth0, eth1, etc. MASQing out an aliased interface such as "eth0:1, eth1:1, etc" will NOT work. In other words, the following WILL NOT WORK reliably:</P ><P ><P ></P ><UL ><LI ><P >It is rumored that you can simply use the destination IP address (the IP address associated with the ALIASed interface like eth0:1, etc.) IN PLACE of specifing the interface (eth0:1). This solution is not untested -- please email dranch@trinnet.net if you have any positive or negative results</P ></LI ><LI ><P > /sbin/ipchains -A forward -i eth0:1 -s 192.168.0.0/24 -j MASQ"</P ></LI ><LI ><P > /sbin/ipfwadm -F -a m -W eth0:1 -S 192.168.0.0/24 -D 0.0.0.0/0</P ></LI ></UL > </P ><P >If you are still interested in using aliased interfaces, you need to enable the "IP Alias" feature in the kernel. You will then need to re-compile and reboot. Once running the new kernel, you need to configure Linux to use the new interface (i.e. eth0:1, etc.). After that, you can treat it as a normal Ethernet interface with some restrictions like the one above.</P ></DIV ><DIV CLASS="NAVFOOTER" ><HR ALIGN="LEFT" WIDTH="100%"><TABLE SUMMARY="Footer navigation table" WIDTH="100%" BORDER="0" CELLPADDING="0" CELLSPACING="0" ><TR ><TD WIDTH="33%" ALIGN="left" VALIGN="top" ><A HREF="irc-dcc.html" ACCESSKEY="P" >Prev</A ></TD ><TD WIDTH="34%" ALIGN="center" VALIGN="top" ><A HREF="index.html" ACCESSKEY="H" >Home</A ></TD ><TD WIDTH="33%" ALIGN="right" VALIGN="top" ><A HREF="multiple-lans.html" ACCESSKEY="N" >Next</A ></TD ></TR ><TR ><TD WIDTH="33%" ALIGN="left" VALIGN="top" >( IRC DCC ) - mIRC doesn't work with DCC Sends</TD ><TD WIDTH="34%" ALIGN="center" VALIGN="top" ><A HREF="faq.html" ACCESSKEY="U" >Up</A ></TD ><TD WIDTH="33%" ALIGN="right" VALIGN="top" >( Multiple-LANs ) - I have two MASQed LANs but they cannot communicate with each other!</TD ></TR ></TABLE ></DIV ></BODY ></HTML >
