what is the best way for use the virtual IP
on a firewall whit ipfilter / iptables ?
Ed Haggerty suggest this procedure:
ED:> Do not use the virtual address. Use the REAL address.
ED:> Steps:
ED:> 1. create a file that contains the following:
ED:> arp -s <IP address u want to support> <MAC of external IF>
ED:> route add -host <IP address /32> gw <IP address of internal IF>
ED:> repeat the above two line for each IP address u want to support
ED:> 2. Ensure that the iptables system will do proxy arp
ED:> # Enable proxy arp... to answer for all unused IP address in EXT subnet
ED:> if [ -f /proc/sys/net/ipv4/conf/$EXT_IF/proxy_arp ]; then
ED:> echo 1 > /proc/sys/net/ipv4/conf/$EXT_IF/proxy_arp
ED:> fi
ED:> 3. Write the iptable rules to define were each $EXT_IP_ADDR
ED:> will be sent
ED:> for SYS in <ip add1> <ip add2> <ip add3>
ED:> do
ED:> $IPT -t nat -A PREROUTING -i $EXT_IF -p tcp -d SYS --dport http \
ED:> -j DNAT --to $SPARKY:8081
ED:> done
I have test this suggest but dont'work.
My IF int is eth0 (192.168.65.83)
My IF ext is eth1 (10.1.65.83)
My IF dmz is eth2 (10.10.65.83)
i have type this command:
# ifconfig eth1
eth1 Link encap:Ethernet HWaddr 00:01:02:F4:D0:70
inet addr:10.1.65.83 Bcast:10.1.65.255 Mask:255.255.255.0
......
# arp -s 10.1.65.84 00:01:02:F4:D0:70
# route add -host 10.1.65.84/32 dev eth1
# echo 1 > /proc/sys/net/ipv4/conf/eth1/proxy_arp
# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use
Iface
192.168.65.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
10.10.65.0 0.0.0.0 255.255.255.0 U 0 0 0 eth2
10.1.65.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
0.0.0.0 10.1.65.254 0.0.0.0 UG 0 0 0 eth1
At this point from another machine on network 10.1.65.0/24 test the new IP
whit a ping but non work, the IP 10.1.65.84 is unreachable.
what's wrong?
ThankYou
Dario Lesca
_______________________________________________
Seawolf-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/seawolf-list
