On Wed, Jul 10, 2002 at 07:30:39PM -0700, Tom Eastep wrote: > > >--On Wednesday, July 10, 2002 21:13:53 -0500 guitarlynn ><[EMAIL PROTECTED]> wrote: > >> On Wednesday 10 July 2002 20:52, George Georgalis wrote: >>> Interesting, but not what I had in mind. I'm using nat for a dmz and >>> rather than bring up an each available ip as an alias, I thought >>> there was a way to bring up the subnet and let iptables take over >>> from there. >> >> You can set an interface as an entire subnet w/o alias'ing. Your >> interface must have atleast one set address for routing to work. >> You seem to be looking at something more along the lines of >> WAN routing. > >He may be refering to the MIRROR target -- that code must still be in >Patch-O-Matic since my 1.2.6a iptables doesn't mention it under "man >iptables". AFAICT though, the MIRROR target only takes care of the NAT >table stuff -- it doesn't make your external NIC magically start responding >for an entire subnet.
I think Lynn described exactly what I'm looking for, set up an interface as an entire subnet and an address in that net for routing. I don't mind specifying each ip in iptables rules (I'm generating the tables from a db), but I would like to avoid an alias for each internet ip. Not sure of the syntax though. // George -- GEORGE GEORGALIS, System Admin/Architect cell: 347-451-8229 Security Services, Web, Mail, mailto:[EMAIL PROTECTED] File, Print, DB and DNS Servers. http://www.galis.org/george ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Two, two, TWO treats in one. http://thinkgeek.com/sf ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
