[PLUG] Linux router with aliased IPs

Matt Alexander lug at phxlinux.org
Wed Jun 2 16:16:01 UTC 2004


On Wed, 2 Jun 2004, Josh Orchard wrote:

> > I have a Linux router with two interfaces (running Arno's IPTables
> > script).  The external interface has 3 IP addresses assigned to it,
> > using the devices eth0, eth0:0, and eth0:1.
> >
> > When I make outgoing connections I end up using the IP assigned to
> > eth0:0.
> > Any ideas why it wouldn't use the IP for eth0?  Is there a way to
> > change
> > this behavior?
> >
> > I don't see anything referencing the eth0:0 IP address when I list the
> > iptables rules and there's nothing I could find under /proc.
> >
> > I'd like to force all outgoing connections to always use a particular
>
> Not sure if this will solve it but you should be able to set an
> iptables line as:
>
> /sbin/iptables -t nat -A POSTROUTING -s $LOCALNET -d \! $LOCALNET -j
> SNAT --to-source $ME
>
> LOCALNET = 10.0.0.0/24
> ME = External IP you want to mask from.
>
> Then all computers in the 24 block of 10.0.0.0 will NAT to the correct
> IP.  Or should.  Then again I could be all wrong.  It works for me but
> I have only one external IP on that box that I NAT but I do specify
> the IP.

Unfortunately that didn't work...  I wonder if there's a conflict with
MASQ rule from Arno's iptables script...  (ip changed below to protect the
guilty)

iptables -t nat -L POSTROUTING
Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination
TCPMSS     tcp  --  anywhere             anywhere           tcp flags:SYN,RST/SYN TCPMSS clamp to PMTU
MASQUERADE  all  --  192.168.1.0/24      !192.168.1.0/24
SNAT       all  --  192.168.1.0/24      !192.168.1.0/24  to:1.2.3.4

I almost think that Linux randomly chooses an interface if you have
aliased interfaces and then it uses that IP from that point on...  because
when I first set things up I remember moving the IP addresses around so
the right one was being used for the outgoing IP.  But after a reboot, it
appears that it's changed.
Thanks,
~M





More information about the PLUG mailing list