iptables: punching holes for eth0:0
Deron Meranda
deron.meranda at gmail.com
Wed May 11 19:47:20 UTC 2005
On 5/11/05, Ashley M. Kirchner <ashley at pcraft.com> wrote:
> The firewall machine has a public IP on eth0. I'm going to add
> another on eth0:0 (in the future I'll continue adding to eth0:1, eth0:2,
> etc., etc.)
> ...
> But that assumes the request comes in on the primary (eth0)
> address. How can I tell it to listen on the eth0:0 address/interface?
In general the -i and -o options to iptables only allows you to match
real network interfaces; it can not distinguish among any virtual
or secondary addresses.
To do what you want you need to use ip address matching,-d or -s,
in combination with the interface, -i or -o, options.
--
Deron Meranda
More information about the users
mailing list