>If a network card (most likely the external interface of a firewall) has >more than one IP address, is there any way (in Linux) to assign separate >MAC addresses to the NIC, in such a way that outbound packets will use a >different MAC address depending on which IP address is used? > >That is, the firewall's external interface would appear indistinguishable >from a set of two or more machines, each with its own separate NIC. > >I know about the "hw ether" option to the "ifconfig" command, and I tried >assigning a separate MAC address to an alias interface via a command like >"ifconfig eth0:0 hw ether 01:23:45:67:89:ab" -- but doing this changed the >MAC address for *everything* going through the network card (the primary >interface plus all alias interfaces), not just for one alias interface.
I currently deal with an ISP that has a "one MAC one IP" policy. I fiddled around for weeks with the "hw ether" option as you mention, but with absolutely no success. I finally concluded that the only way I could *probably* make it work would be to use virtualization and actually run two virtual machines each with their own separate NIC. The Shorewall list gets a lot of problem reports from users who are having problems with XEN. I decided that I did not want to try solution with virtualization and eventually found a different solution that did not require multiple IP addresses. So, I have never tried using virtualization for this problem, but I think it could work. --Russel Riley ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
