Hi David, To be clear the variable name is 'EXTIP_ALIAS' -- ## External Interface Alias (Virtual) IPv4 Addresses ## If EXTIP (or EXT2IP) is set, using a 'static' configuration, alias interfaces ## on EXTIF (or EXT2IF) may be defined creating $EXTIF:1, $EXTIF:2, etc. . ## Multiple IPv4 addresses are space separated. #EXTIP_ALIAS="192.168.25.3 192.168.25.4" #EXT2IP_ALIAS="192.168.25.3 192.168.25.4" --
This was added to support certain business level ISPs that allowed more than one static IP address on the external interface. This would be used via the firewall 'NAT EXT->LAN' and the 'NAT EXT' setting to selectively NAT inbound traffic to LAN devices for multiple static external IPv4 addresses. Keep in mind this only applies to static external IP addresses provided by your ISP. Also the static external link setting (and any /mnt/kd/rc.elocal added routes) should be maintained with with the link cycling ... unlike with DHCP where the IP/routes are cleared/changed on a link cycling. > I want to add an alias of 192.168.100.xx/24 to my external interface, with > that I can access 192.168.100.1 which is the IP address of my (everyone's?) > cable modem. Hmm, I'm not sure why you would need that. I personally can reach my cable modem at https://192.168.100.1/ from my LAN. If you changed the firewall defaults, such as set the firewall RESERVED_NET_DROP setting to "1" in user.conf, that would block 192.168.100.1 access. Lonnie > On Jun 8, 2023, at 9:28 AM, David Kerr <da...@kerr.net> wrote: > > Astlinux network initialization script has the ability to add an additional > IP address to external interfaces. You can define a list of IP addresses in > the EXTIF_ALIAS and EXT2IF_ALIAS variables in user.conf. However the script > is hard coded to apply a /32 network mask. Was this deliberate? > > I want to add an alias of 192.168.100.xx/24 to my external interface, with > that I can access 192.168.100.1 which is the IP address of my (everyone's?) > cable modem. I have been doing this manually in rc.local but discovered that > this is not resilient to the link going down/up, which is when I discovered > that the network script has this alias support. But the /32 netmask prevents > routing to any other devices because the subnet is, well, zero in length. > > It feels like the network script should either require that the netmask is > included in the EXTIF_ALIAS, or test to see if one is specified and only add > /32 if none is provided (I suggest /32 for backward compatibility only... I > think it should have defaulted to /24). > > Thoughts? > David > _______________________________________________ > Astlinux-users mailing list > Astlinux-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > Donations to support AstLinux are graciously accepted via PayPal to > pay...@krisk.org.
_______________________________________________ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org.
