On Tuesday, 15 January 2002, at 05:48:41 -0700,
Steve Wampler wrote:
> Does anyone know if iptables understands virtual net interfaces?
> That is, can I use eth0:2 (say) in iptables rules?
>
I don't think that this matters at all. There are physical interfaces
and "virtual" ones, whose only mission in life is to be assigned IP
addresses. But those IP addresses assigned to "virtual" interfaces are
in fact bound to the physical one.
For example, using iproute2 suite of command line tools (ip, tc), there
is no notion of virtual interfaces any more: a physical interface with 3
IP assigned is just that, no "tricks" involved. For example:
ip address add 10.0.0.1/8 broad + dev eth1
ip address add 172.16.0.1/12 broad + dev eth1
ip address add 192.168.0.1/16 broad + dev eth1
If you list IP addresses assigned to eth1, you get:
3: eth1: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 100
link/ether 00:00:21:db:a6:b1 brd ff:ff:ff:ff:ff:ff
inet 10.0.0.1/8 brd 10.255.255.255 scope global eth1
inet 172.16.0.1/12 brd 172.31.255.255 scope global eth1
inet 192.168.0.1/16 brd 192.168.255.255 scope global eth1
iproute2 has been available for a while, and works OK even on 2.2.x
kernels. ip is much more powerful and featurefull that ifconfig+route,
and at least in my opinion, more reasonable.
With respect to iptables, it just understands about physical interfaces
(eth1) and IP addresses. There is no need for artifacts.
Hope it helps.
--
José Luis Domingo López
Linux Registered User #189436 Debian Linux Woody (P166 64 MB RAM)
jdomingo AT internautas DOT org => Spam at your own risk
