Here is a quick guide on how to do IP aliasing on Linux, now you ask why use IP aliasing why not just get another ethernet card, actually getting another ethernet card is the best, solution the problem is some small company is cheap and doesn't have any budget for IT or for an extra ethernet card, trust me this actually happened to me :) anyway here is the command
ifconfig eth0:0 ipaddresshere subnethere
ifconfig eth0:1 ipaddresshere subnethere
If you have set eth0:0 on a different IP block and you want it to still be able to communicate with eth0:1 IP block you will need to add route on the routing table.
After adding the route you just want the eth0:0 to be able to access certain services or port on eth0:1 block you can do this using Iptables, port forwarding and Post route.
Here is how to do it in Iptables
I assume we set default DROP on all tables iptables -P FORWARD DROP
In the example below we want eth0:0 to be able to access eth0:1 on port 25 to be able to send SMTP only
iptables -A FORWARD -p TCP -s eth0:0IPHere -d eth0:1IPHere --dport 25 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
Now we need to let eth0:1 to be able to reply to eth0:0 request, basically we will allow all traffic from eth0:1 to go to eth0:0 but not the other way around
iptables -A FORWARD -p ALL -s eth0:1IPHere -d eth0:0IPHere -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
Now we set a post route
iptables -t nat -A POSTROUTING -s eth0:0IPHere -d eth0:1IPHere -o eth1 -j SNAT --to-source IPofanUnsedIPforeth0:1Network>
that is it for now :)
Other Linux Howto
ifconfig eth0:0 ipaddresshere subnethere
ifconfig eth0:1 ipaddresshere subnethere
If you have set eth0:0 on a different IP block and you want it to still be able to communicate with eth0:1 IP block you will need to add route on the routing table.
After adding the route you just want the eth0:0 to be able to access certain services or port on eth0:1 block you can do this using Iptables, port forwarding and Post route.
Here is how to do it in Iptables
I assume we set default DROP on all tables iptables -P FORWARD DROP
In the example below we want eth0:0 to be able to access eth0:1 on port 25 to be able to send SMTP only
iptables -A FORWARD -p TCP -s eth0:0IPHere -d eth0:1IPHere --dport 25 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
Now we need to let eth0:1 to be able to reply to eth0:0 request, basically we will allow all traffic from eth0:1 to go to eth0:0 but not the other way around
iptables -A FORWARD -p ALL -s eth0:1IPHere -d eth0:0IPHere -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
Now we set a post route
iptables -t nat -A POSTROUTING -s eth0:0IPHere -d eth0:1IPHere -o eth1 -j SNAT --to-source IPofanUnsedIPforeth0:1Network>
that is it for now :)
Other Linux Howto
0 comments:
Post a Comment