Hi Ryan, I understand... hope you agree the proper way to do this is to define one VLAN (ex. eth1.10) instead of an aliased subnet. The Firewall sub-tab supports allowing traffic between LAN interfaces (ex. 1st and 2nd Internal Interface), that is all you need to do. (a reboot is required after specifying the eth1.10 VLAN in the web interface so it appears in the menus afterwords)
Of course this solution requires your switch to support VLAN's and configure some VLAN mappings. I don't think using aliased networks on the LAN is a good idea, in particular dnsmasq may have a problem with that on Linux, not sure. Interesting question though. Lonnie On Jun 4, 2015, at 10:09 PM, Ryan Bantz <ryanba...@mrbnetworks.com> wrote: > Hi Lonnie, > > This particular customer has 3 different LAN subnets 2 of which run in the > same layer 2 switch. The alix device only has 3 interfaces. The pfsense > router had a second virtual address on one of the LAN ports allowing both > networks to communicate with it. I was hoping to replicate the setup with > AstLinux without having to move one of the subnets into the other. > > -Ryan > > On Thu, Jun 4, 2015 at 6:15 PM, Lonnie Abelbeck <li...@lonnie.abelbeck.com> > wrote: > Ryan, > > Sorry, currently alias IP's are only for external interfaces. > > It looks like that would be fairly easy to add since we have a > alias_interface() function in the network init.d/ . > > But, can you explain why you need, or find this useful. It is clear for the > external interface, but not so much for a LAN interface. > > I'm thinking of the firewall, and I know iptables does not allow matching on > aliased interfaces like eth1:1, though all is well as long as all eth1 IP's > are treated the same. > > Alternatively VLAN's like eth1.1 are handled as a separate interface. > > Please help us understand why you want to use aliased interfaces for LAN's / > DMZ. > > Lonnie > > > On Jun 4, 2015, at 5:57 PM, Ryan Bantz <ryanba...@mrbnetworks.com> wrote: > > > Thanks for the info Lonnie > > > > The virtual address needs to be on an internal lan interface that is > > separate from the external interface. Are internal interfaces supported? > > > > -Ryan > > > > On Thu, Jun 4, 2015 at 5:50 PM, Lonnie Abelbeck <li...@lonnie.abelbeck.com> > > wrote: > > Hi Ryan, > > > > AstLinux supports this for the External Interface(s) using static IPv4's: > > -- > > ## External Interface Alias (Virtual) IPv4 Addresses > > ## If EXTIP (or EXT2IP) is set, using a 'static' configuration, alias > > interfaces > > ## on EXTIF (or EXT2IF) may be defined creating $EXTIF:1, $EXTIF:2, etc. . > > ## Multiple IPv4 addresses are space separated. > > #EXTIP_ALIAS="192.168.25.3 192.168.25.4" > > #EXT2IP_ALIAS="192.168.25.3 192.168.25.4" > > -- > > This feature is not directly supported in the web interface but can be > > added via the Network tab -> Advanced Configuration: -> User System > > Variables: > > > > So, to be clear, for example define your public IPv4 as normal 1.2.3.4 [ > > Static IP ] on eth0 > > > > Then define as many aliases as you wish... > > > > EXTIP_ALIAS="1.2.3.5 1.2.3.6" > > > > which results in... > > -- > > eth0 for 1.2.3.4 (with defined netmask) > > eth0:1 for 1.2.3.5/32 > > eth0:2 for 1.2.3.6/32 > > -- > > > > Lonnie > > > > > > On Jun 4, 2015, at 4:53 PM, Ryan Bantz <ryanba...@mrbnetworks.com> wrote: > > > > > I am replacing a pfsense box with astlinux and have a need for a virtual > > > interface on eth0. EX: eth0:0 needs to get assigned an ip address. Is > > > this possible? If so, how? > > > > > > -Ryan > > > > > > > > ------------------------------------------------------------------------------ > > _______________________________________________ > > Astlinux-users mailing list > > Astlinux-users@lists.sourceforge.net > > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > > > Donations to support AstLinux are graciously accepted via PayPal to > > pay...@krisk.org. > > > > ------------------------------------------------------------------------------ > > _______________________________________________ > > Astlinux-users mailing list > > Astlinux-users@lists.sourceforge.net > > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > > > Donations to support AstLinux are graciously accepted via PayPal to > > pay...@krisk.org. > > > ------------------------------------------------------------------------------ > _______________________________________________ > Astlinux-users mailing list > Astlinux-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > Donations to support AstLinux are graciously accepted via PayPal to > pay...@krisk.org. > > ------------------------------------------------------------------------------ > _______________________________________________ > Astlinux-users mailing list > Astlinux-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > Donations to support AstLinux are graciously accepted via PayPal to > pay...@krisk.org. ------------------------------------------------------------------------------ _______________________________________________ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org.
