This may not literally be a Shorewall issue, but I imagine some users of Shorewall may have had to deal with this question . . . so . . . .
If a network card (most likely the external interface of a firewall) has more than one IP address, is there any way (in Linux) to assign separate MAC addresses to the NIC, in such a way that outbound packets will use a different MAC address depending on which IP address is used? That is, the firewall's external interface would appear indistinguishable from a set of two or more machines, each with its own separate NIC. I know about the "hw ether" option to the "ifconfig" command, and I tried assigning a separate MAC address to an alias interface via a command like "ifconfig eth0:0 hw ether 01:23:45:67:89:ab" -- but doing this changed the MAC address for *everything* going through the network card (the primary interface plus all alias interfaces), not just for one alias interface. Right now, I'm doing OK with multiple external IP addresses all using a single MAC address. However, I've read on the net about people who have wanted multiple external IP addresses and were told by their ISP that each IP address absolutely had to have its very own separate and dedicated MAC address (ISP's obviously not thinking in terms of firewalls, but whatever) - and I want to be prepared for possible future events in case I move or change ISP's someday and end up being stuck dealing with an overly rigid policy like this. In case it makes a difference, my current firewall is running Ubuntu 8.04 Server (kernel 2.6.24-19). -- Rich Wales === Palo Alto, CA, USA === [EMAIL PROTECTED] http://www.richw.org === http://en.wikipedia.org/wiki/User:Richwales ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
