Mailinglist Archive: opensuse-security (757 mails)

< Previous Next >
Re: [suse-security] Re: SuSEfirewall2 blocks all external network traffic to or from any computer on my nework, including the firewall-machine itse
  • From: "Sebastian J. Bronner" <waschtl@xxxxxxxxxxxx>
  • Date: Mon, 28 Jan 2002 01:50:10 -1000
  • Message-id: <200201281150.g0SBoAF24399@xxxxxxxxxxxxxxxxxx>
On Monday 28 January 2002 01:43, Eduard Avetisyan wrote:
> > > > FW_DEV_EXT="eth0:0"
> > > > FW_DEV_INT="eth0"
> > >
> > > That looks odd. Does the same Ethernet card point both to
> > > the LAN and to the Internet?
> >
> > Yes, it does. I know that this isn't an optimal
> > configuration, as it can
> > lead to traffic collisions, but it should still work (as it
> > has in the past).
>
> Are you sure that this aliasing can work on different subnets?

It's not aliasing, as such. This is the standard method for defining
multiple IP addresses on one network card. Here is the output of "ip addr"
to illustrate more fully:

1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
2: eth0: <BROADCAST,NOTRAILERS,UP> mtu 1500 qdisc pfifo_fast qlen 100
link/ether 00:20:78:10:a2:db brd ff:ff:ff:ff:ff:ff
inet 192.168.0.1/24 brd 192.168.0.255 scope global eth0
inet 206.126.5.12/19 brd 206.126.31.255 scope global eth0:0
inet6 fe80::220:78ff:fe10:a2db/10 scope link
3: sit0@NONE: <NOARP> mtu 1480 qdisc noop
link/sit 0.0.0.0 brd 0.0.0.0

And I am quite sure it works, as I have successfully used this configuration
with SuSEfirewall(1) and before that with a script from linuxdocs.org.
--
Sebastian J. Bronner
waschtl@xxxxxxxxxxxx

< Previous Next >
References