| View previous topic :: View next topic |
| Author |
Message |
firehawk
n00b
Joined: 11 Jan 2004
Posts: 34
Location: Cape Town , South Africa
|
 Posted: Thu Aug 07, 2008 7:45 am Post subject: Help: Masquerade a NIC alias : eth0:1 [SOLVED] |
 |
|
I am not sure if this is even possible. Have Googled around, but no luck.
Can someone shed some light with regard to this error message:
ADSL router:
192.168.2.1
Gentoo Server:
eth0 ->192.168.1.10
eth0:1 ->192.168.2.10
gw ->192.168.2.1
The problem area:
export WAN=eth0:1
I have followed pretty much the same guide in the Gentoo Router guide: http://www.gentoo.org/doc/en/home-router-howto.xml
| Code: |
iptables -F
iptables -t nat -F
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD DROP
export LAN=eth0
export WAN=eth0:1
iptables -I INPUT 1 -i ${LAN} -j ACCEPT
iptables -I INPUT 1 -i lo -j ACCEPT
iptables -A INPUT -p UDP --dport bootps -i ! ${LAN} -j REJECT
iptables -A INPUT -p UDP --dport domain -i ! ${LAN} -j REJECT
iptables -I FORWARD -i ${LAN} -d 192.168.1.0/255.255.255.0 -j DROP
iptables -A FORWARD -i ${LAN} -s 192.168.1.0/255.255.255.0 -j ACCEPT
iptables -A FORWARD -i ${WAN} -d 192.168.1.0/255.255.255.0 -j ACCEPT
iptables -t nat -A POSTROUTING -o ${WAN} -j MASQUERADE
|
Running the script: Result with this error:
| Code: |
Warning: weird character in interface `eth0:1' (No aliases, :, ! or *).
Warning: weird character in interface `eth0:1' (No aliases, :, ! or *).
|
Now, how do I get around this?
P.S Reason for this is to force clients on the 192.168.1.0 network to go through the Proxy server and for bandwidth monitoring.
Last edited by firehawk on Wed Aug 13, 2008 11:43 am; edited 1 time in total |
|
| Back to top |
|
 |
BradN
Advocate
Joined: 19 Apr 2002
Posts: 2391
Location: Wisconsin (USA)
|
| Posted: Fri Aug 08, 2008 10:33 pm Post subject: |
|
|
| Can you try specifying it by a network address (ip/netmask) in addition to eth0? I'm not too familiar with iptables, but usually there's 2 or 3 different ways to do stuff like that. |
|
| Back to top |
|
|
UberLord
Retired Dev
Joined: 18 Sep 2003
Posts: 6835
Location: Blighty
|
| Posted: Fri Aug 08, 2008 10:56 pm Post subject: Re: Help: Masquerade a NIC alias : eth0:1 |
|
|
| firehawk wrote: | The problem area:
export WAN=eth0:1 |
eth0:1 is just an alias so that ifconfig can show >1 ipv4 address. It serves no other purpose.
As such, 99% of programs throw a wobbly when try explicity try and use it, like iptables.
You can use eth0 and the ip address for eth0:1 will still get used if it's the natural route.
It's a silly linuxism that needs to die!
_________________
Use dhcpcd for all your automated network configuration needs
Use dhcpcd-ui (GTK+/Qt) as your System Tray Network tool |
|
| Back to top |
|
|
firehawk
n00b
Joined: 11 Jan 2004
Posts: 34
Location: Cape Town , South Africa
|
| Posted: Wed Aug 13, 2008 11:42 am Post subject: Solved , but with Questions? |
|
|
@BradN:
I have tried setting the following:
| Code: |
export LAN=192.168.1.10
export WAN=192.168.2.10
|
IPtables does not complain. Yet.. No Masquerading 
Thank you for you input, but think you and UberLord will find the following interesting:
@UberLord
When setting to the following within the original script:
| Code: |
export LAN=eth0
export WAN=eth0
|
It works!  Thanks UberLord!
But I am not sure if this is the right way(tm) to do it since it does seem ambiguous I would have prefered the IP asigning method to work 
Transparent Proxy is now also working 
| Code: |
iptables -t nat -A PREROUTING -i ${LAN} -p tcp --dport 80 -j REDIRECT --to-port 3128
|
Now I just need to get some counters setup in Iptables
Thanks for the help! I am a happy bunny! |
|
| Back to top |
|
|
|
Networking & Security
