Russel Riley wrote: >> If a network card (most likely the external interface of a firewall) has >> more than one IP address, is there any way (in Linux) to assign separate >> MAC addresses to the NIC, in such a way that outbound packets will use a >> different MAC address depending on which IP address is used? >> >> That is, the firewall's external interface would appear indistinguishable >>from a set of two or more machines, each with its own separate NIC. >> I know about the "hw ether" option to the "ifconfig" command, and I tried >> assigning a separate MAC address to an alias interface via a command like >> "ifconfig eth0:0 hw ether 01:23:45:67:89:ab" -- but doing this changed the >> MAC address for *everything* going through the network card (the primary >> interface plus all alias interfaces), not just for one alias interface. > > I currently deal with an ISP that has a "one MAC one IP" policy. I fiddled > around for weeks with the "hw ether" option as you mention, but with > absolutely no success. I finally concluded that the only way I could > *probably* make it work would be to use virtualization and actually run two > virtual machines each with their own separate NIC. > > The Shorewall list gets a lot of problem reports from users who are having > problems with XEN. I decided that I did not want to try solution with > virtualization and eventually found a different solution that did not > require multiple IP addresses. So, I have never tried using virtualization > for this problem, but I think it could work.
Turns out that Rich posted on the netfilter list and got this reply from Patrick McHardy (Netfilter lead maintainer): > The macvlan driver allows you to add virtual ethernet devices > with different mac addresses: > > ip link add link eth0 [ name ] type macvlan -Tom -- Tom Eastep \ The ultimate result of shielding men from the Shoreline, \ effects of folly is to fill the world with fools. Washington, USA \ -Herbert Spencer http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
