Thanks Tom... here's what I ended up doing:
/etc/network/interfaces:
# eth0
# Comcast
auto eth0
iface eth0 inet static
address 70.90.228.197
netmask 255.255.255.248
gateway 70.90.228.198
up ip addr add 70.90.228.193/24 brd 70.90.228.255 dev eth0 label eth0:0
up ip addr add 70.90.228.194/24 brd 70.90.228.255 dev eth0 label eth0:1
up ip addr add 70.90.228.195/24 brd 70.90.228.255 dev eth0 label eth0:2
up ip addr add 70.90.228.196/24 brd 70.90.228.255 dev eth0 label eth0:3
This works as intended so far.
My next phase of this project will entail splitting all of my VoIP
services and devices into their own seperate VLAN. What is the best way
to force outbound traffic over a particular IP based on the port?
For example, I will have a server that lives at 10.5.10.2, and I want to
push traffic originating from that server on UDP ports 4569, 5060, and
10000:20000 to appear to have originated from 70.90.228.196 on the net
side. I'll also have some other servers, vm's etc. in this subnet using
various TCP/UDP ports that I would like to restrict to this address as
well.
Thanks,
Stephen
On 11/19/10 11:34 AM, Tom Eastep wrote:
On 11/19/10 3:32 AM, Stephen Brown wrote:
I've just ordered a Comcast business class connection with 5 static IP
addresses.
Reading over the aliased interfaces documentation, I'm not real clear on
what to do with /etc/shorewall/interfaces (if anything).
/etc/shorewall/interfaces is independent of the number of IP addresses
on the interface. I have Comcast business class with 5 static IPs, three
of which are configured on my external interface:
gateway:~# ip -4 addr ls dev eth1
4: eth1:<BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc tbf state
UNKNOWN qlen 1000
inet 70.90.191.121/29 brd 70.90.191.127 scope global eth1
inet 10.1.10.11/24 brd 10.1.10.255 scope global eth1:3
inet 70.90.191.122/29 brd 70.90.191.127 scope global secondary eth1:1
inet 70.90.191.123/29 brd 70.90.191.127 scope global secondary eth1:2
inet 70.90.191.124/29 brd 70.90.191.127 scope global secondary eth1
inet 70.90.191.125/29 brd 70.90.191.127 scope global secondary eth1
gateway:~#
My Comcast business class router is configured with it's LAN interface
as 10.1.10.0/24 (the default), so 10.1.10.11 is the primary address. The
top three public IP addresses are statically configured while the last
two are added when their corresponding Linux-vservers are started.
This the /etc/shorewall/interfaces entry for my external interface:
net COM_IF detect \
dhcp,optional,routefilter=0,logmartians,proxyarp=0,physical=$COM_IF,nosmurfs,upnp
Where /etc/shorewall/params contains:
COM_IF=eth1
-Tom
------------------------------------------------------------------------------
Beautiful is writing same markup. Internet Explorer 9 supports
standards for HTML5, CSS3, SVG 1.1, ECMAScript5, and DOM L2& L3.
Spend less time writing and rewriting code and more time creating great
experiences on the web. Be a part of the beta today
http://p.sf.net/sfu/msIE9-sfdev2dev
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
------------------------------------------------------------------------------
Beautiful is writing same markup. Internet Explorer 9 supports
standards for HTML5, CSS3, SVG 1.1, ECMAScript5, and DOM L2& L3.
Spend less time writing and rewriting code and more time creating great
experiences on the web. Be a part of the beta today
http://p.sf.net/sfu/msIE9-sfdev2dev
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
------------------------------------------------------------------------------
Beautiful is writing same markup. Internet Explorer 9 supports
standards for HTML5, CSS3, SVG 1.1, ECMAScript5, and DOM L2 & L3.
Spend less time writing and rewriting code and more time creating great
experiences on the web. Be a part of the beta today
http://p.sf.net/sfu/msIE9-sfdev2dev
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
