[PLUG] Linux router with aliased IPs

Matt Alexander lug at phxlinux.org
Wed Jun 2 16:26:02 UTC 2004 

On Wed, 2 Jun 2004, Matt Alexander wrote:

>
>
> On Wed, 2 Jun 2004, Josh Orchard wrote:
>
> > > I have a Linux router with two interfaces (running Arno's IPTables
> > > script).  The external interface has 3 IP addresses assigned to it,
> > > using the devices eth0, eth0:0, and eth0:1.
> > >
> > > When I make outgoing connections I end up using the IP assigned to
> > > eth0:0.
> > > Any ideas why it wouldn't use the IP for eth0?  Is there a way to
> > > change
> > > this behavior?
> > >
> > > I don't see anything referencing the eth0:0 IP address when I list the
> > > iptables rules and there's nothing I could find under /proc.
> > >
> > > I'd like to force all outgoing connections to always use a particular
> >
> > Not sure if this will solve it but you should be able to set an
> > iptables line as:
> >
> > /sbin/iptables -t nat -A POSTROUTING -s $LOCALNET -d \! $LOCALNET -j
> > SNAT --to-source $ME
> >
> > LOCALNET = 10.0.0.0/24
> > ME = External IP you want to mask from.
> >
> > Then all computers in the 24 block of 10.0.0.0 will NAT to the correct
> > IP.  Or should.  Then again I could be all wrong.  It works for me but
> > I have only one external IP on that box that I NAT but I do specify
> > the IP.
>
> Unfortunately that didn't work...  I wonder if there's a conflict with
> MASQ rule from Arno's iptables script...  (ip changed below to protect the
> guilty)
>
> iptables -t nat -L POSTROUTING
> Chain POSTROUTING (policy ACCEPT)
> target     prot opt source               destination
> TCPMSS     tcp  --  anywhere             anywhere           tcp flags:SYN,RST/SYN TCPMSS clamp to PMTU
> MASQUERADE  all  --  192.168.1.0/24      !192.168.1.0/24
> SNAT       all  --  192.168.1.0/24      !192.168.1.0/24  to:1.2.3.4
>
> I almost think that Linux randomly chooses an interface if you have
> aliased interfaces and then it uses that IP from that point on...  because
> when I first set things up I remember moving the IP addresses around so
> the right one was being used for the outgoing IP.  But after a reboot, it
> appears that it's changed.
> Thanks,
> ~M

Hmmm...  I included your rule as a custom rule for Arno's script to read
and now it works.  Apparently providing it on the command line after
starting Arno's script didn't work.  The order of the rules in the output
is now different:

SNAT       all  --  192.168.1.0/24      !192.168.1.0/24 to:1.2.3.4
MASQUERADE  all  --  192.168.1.0/24      !192.168.1.0/24

Thanks for your help, Josh.
~M

More information about the PLUG mailing list