On Mon, 2004-03-01 at 14:53, Jeremy C. Reed wrote:
> On Mon, 1 Mar 2004, Craig White wrote:
>
> > you cannot forward a packet received on a virtual ip address
>
> Where is that documented for netfilter?
---
I don't know that it is, I don't know that it isn't - try executing many
of the commands that enumerate the eth0:0 interface and it will message
that the ":" isn't allowed.
---
>
> I didn't know that. It appears that iptables works fine with IP aliases.
---
As endpoints the virtual ip addresses work fine.
---
>
> But anyways I was not talking about forwarding from the box with the IP
> alias.
---
I understand - it was when you were talking about the virtual ip address
that I thought it was important enough to mention. I think Rowan was
onto something - of course we don't know because we have only been
working in theoretical situation, not knowing Jim's iptables script but
typically, rules are at most minimal on the internal lan or 'trusted'
interface.
Craig
---------------------------------------------------
PLUG-discuss mailing list -
PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change you mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
(text/plain)