[linux] viacero IP adries na jednom rozhrani a filtrovanie cez IPtables

Lubomir Host rajo na platon.sk
Pondělí Leden 9 12:45:17 CET 2006 

Zdravim.

Mam jednu sietovu kartu v serveri a na rozhrani eth0 nadefinovanu jednu
staticku IP adresu. Vypis 'ifconfig' teda vyzera takto (loopback nas
teraz nezaujima):

------------------------------------%<------------------------------------
# ifconfig
eth0      Link encap:Ethernet  HWaddr 00:10:DC:C8:E4:3C  
          inet addr:192.168.0.107  Bcast:192.168.0.255  Mask:255.255.255.0
          inet6 addr: fe80::210:dcff:fec8:e43c/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:2441539 errors:0 dropped:0 overruns:0 frame:2
          TX packets:1793545 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:1601462822 (1.4 GiB)  TX bytes:752359731 (717.5 MiB)
          Interrupt:177 
------------------------------------%<------------------------------------

Na rozhranie eth0 teraz priradim este jednu IP adresu:

--------------------------%<--------------------------
# ifconfig eth0:0 192.168.0.108 netmask 255.255.255.0
--------------------------%<--------------------------

A vystup teda vyzera nasledovne:

------------------------------------%<------------------------------------
eth0      Link encap:Ethernet  HWaddr 00:10:DC:C8:E4:3C  
          inet addr:192.168.0.107  Bcast:192.168.0.255  Mask:255.255.255.0
          inet6 addr: fe80::210:dcff:fec8:e43c/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:2441961 errors:0 dropped:0 overruns:0 frame:2
          TX packets:1794144 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:1601511337 (1.4 GiB)  TX bytes:752409576 (717.5 MiB)
          Interrupt:177 

eth0:0    Link encap:Ethernet  HWaddr 00:10:DC:C8:E4:3C  
          inet addr:192.168.0.108  Bcast:192.168.0.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          Interrupt:177 
------------------------------------%<------------------------------------

Moja otazka teraz znie: ako zapisovat nazov rozhrania v iptables? Ako
'eth0' alebo 'eth0:0'?

Teraz pouzivam prikazy pre iptables zhruba nasledovne:

-----------------------------------%<-----------------------------------
# iptables -A INPUT -d 192.168.0.107 -i eth0 -p tcp -m tcp --dport 22 -j ACCEPT
-----------------------------------%<-----------------------------------

Ako sa budu spravat iptables, ak nadefinujem pravidla pre rozhrania
'eth0' a 'eth0:0' sucasne?

rajo


-- 
Lubomir Host 'rajo' <rajo AT platon.sk>   ICQ #:  257322664   ,''`.
Platon Group                              http://platon.sk/  : :' :
Homepage: http://rajo.platon.sk/                             `. `'
http://www.gnu.org/philosophy/no-word-attachments.html         `-

Další informace o konferenci linux