Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 7 years ago.
Improve this question
I have a remote server where I have added a new FAILOVER IP in a new interface, ETH0:0. Everything works perfectly; IP is setup. I want the traffic that is coming from ETH0:0 to use the ETH0:0 as the IP source. For example, when I send emails from my SERVER it uses The ETH0 IP which is not what I want.
So, the traffic coming from ETH0 use its IP in Source IP of The Packet,
and the traffic coming from ETH0:0 uses its IP and so on. Here is what I have tried:
iptables -t nat -A POSTROUTING -p tcp -o eth0:0 -j SNAT --to-source 51.XXX.XXX.XXX ;
Where the interface ETH0:0 Has the IP 51.XXX.XXX.XXX.
Thank you!
IP tables does not differentiate eth0:0 from eth0. In fact, eth0:0 will not work because eth0:x is an alias to the interface eth0 not a different one. Try something like this.
echo 200 ip2 >> /etc/iproute2/rt_tables
ip rule add from eth0:0 dev eth0:0 table ip2
ip route add default via <gateway_IP> dev eth1 table ip2
This will route your traffic from the same incoming interface but might not work for aliases
Related
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 4 years ago.
Improve this question
In /etc/network/interfaces, I have a physical eth0 and a vlan eth0.10, however there is an additional eth0:0
iface eth0 inet manual
iface eth0.10 inet manual
vlan-raw-device eth0
iface eth0:0 inet manual
What does a colon mean in interfaces file? Is it the same as a dot?
Column in network interfaces mean virtual interface. Here is in Debian/Ubuntu:
[root#ubuntu ~]# cat /etc/network/interfaces
iface eth0:0 inet static
address 123.123.22.22
netmask 255.0.0.0
broadcast 123.255.255.255
For more info you can check here.
As far as I remember you can have up to 255 (or 256, not sure) virtual interfaces per physical one.
It is another network interface name. Linux accepts any string as the name of the network interface. eth0 is one network interface. eth1 is another. eth0:0 is another network interface. eth0!##$&*() may be another interface name. There is no special meaning in any : nor . nor any special characters in the interface name. Allowed chars in Linux network interface names?
Well, maybe except for meaning/interpretation. I would expect the interface named eth0:0 to be someone "binded"/"connected" with eth0. But that is (human) interpretation. I don't think linux binds any significance in how the network interface is named. For example, user on this question uses : for ip aliases and . to denote VLAN.
In your configuration the three network interfaces eth0, eth0.10 and eth0:0 are all configured using manual configuration. Check the output of cat /proc/net/dev or any of ip a or ifconfig ip config utilities to see what network interfaces are available on your machine.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 4 years ago.
Improve this question
I have some code that uses system commands to set the IP address and default gateway in Linux.
It works, but when the Linux OS is restarted, it reverts back to the old IP address.
Here are the commands used, addresses changed here.
ip link set eth1 down
ifconfig eth1 0.0.1.2 netmask 255.255.255.0
route add default gw 0.0.1.2 eth1
ip link set eth1 up
Is there another place in Linux where the IP address needs to be set, that 'ifconfig' does not change?
Thanks in advance for any replies.
For Static IP address assignment
Debian/Ubuntu Base Distro :- you can edit /etc/network/interfaces file, which contains information about the Network Configuration.
RedHat/CentOS Base Distro, you can edit /etc/sysconfig/network file.
If you can't find either of the files, then append the following commands to either ~/.bashrc or /etc/bash.bashrc file in your linux machine
ip link set eth1 down
ifconfig eth1 0.0.1.2 netmask 255.255.255.0
route add default gw 0.0.1.2 eth1
ip link set eth1 up
~./bashrc is user specific file and /etc/bash.bashrc is common for all users. Whenever the any user login to system, and you have added the mentioned commands in /etc/bash.bashrc file, then these commands will be executed by the system. The user won't have to execute these commands manually.
For Further Details visit:- http://www.yolinux.com/TUTORIALS/LinuxTutorialNetworking.html
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 4 years ago.
Improve this question
I'd like to configure a debian box with multiple ip addresses (in the same subnet) on the same physical NIC in debian, while every address should use it's own network route.
I think it won't be able using ip addr add, but is it possible using pseudo interfaces like eth0:0 ? Or does the linux TCP stack prevent this? And if it's possible, how do I bind multiple default routes to their (pseudo-)interface or ip address? will it be able using iptables roules and with which?
Aliases are not required to do this You can do this with iproute2
ip addr add <ip> dev eth0
you then add routing to a ip specific route table
ip route add subnet dev eth0 table <tableid>
ip route add default via <GATEWAY> table <tableid>
Then add a rule to match the ip so that it uses the specific table
ip rule add from any to <ip> lookup <tableid>
ip route add from <ip> to any lookup <tableid>
This can get pretty confusing because the routing is now multiple routing tables
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 6 years ago.
Improve this question
I have the following IF configuration:
eth0 --- br0 --- eth1
I receive udp broadcast transmission (on port 20000) on eth1 and do not want the bridge to forward it to eth0 (my wired interface). Hence, I apply
ebtables -t filter -A FORWARD -o eth0 -p 0x0800 --ip-protocol udp --ip-destination-port 20000 -j DROP
That works great for me. When I am running my device in VLAN mode, i.e. with the following configuration,
eth0 --- br0 --- eth1
|
br0.100
here I have added a VLAN-enabled bridge to manage radio on VLAN 100. The traffic arrives tagged on eth1 and I am unable to detect it using the same rule when it goes through the bridge.
Tried to detect the packets with iptables and ebtables with its vlan options. Were not able to filter them by udp port via ebtables. Moreover, could not find the method to mark them by port via iptables. Also, tried marking using physdev without success.
Is there a right method to do this for a tagged stream?
You may not be able to see 802.1Q encapsulated bridged packets
with iptables by default.
To enable this, do:
echo 1 > /proc/sys/net/bridge/bridge-nf-filter-vlan-tagged
See http://ebtables.netfilter.org/documentation/bridge-nf.html
Now, you can filter those packets with iptables. You should
find out how to match the destination port in the packet with
something like:
iptables -A FORWARD -m u32 --u32 "W&0xFFFF=0x4E20" -j DROP
where 0x4E20 is your port (20000) and W is the offset of
your 4 byte match (note that you are matching only last two
bytes with 0x0000FFFF). You have to find out what the W is.
See iptables man page for details on u32 match.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 7 years ago.
Improve this question
I have a network.
There's an edge server with a public IP address.
There are multiple internal services 192.168.0.{1..255} with SSH running on port 22 that can be accessed via a private network from the edge server.
I have clients connecting from outside the network to the edge server on port range 30001-30255. I need to map these connections to internal SSH services like so:
ssh -p 30001 myedgeserver.com -> 192.6.0.1:22
ssh -p 30002 myedgeserver.com -> 192.6.0.2:22
...
ssh -p 30255 myedgeserver.com -> 192.6.0.255:22
Can this be achieved with iptables?
Yes. You make a nat for each of the 255 ports. I am unaware that you can do it in one line. So 255 lines like this:
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 30001 -j DNAT \
--to 192.6.0.1:22