[NTLUG:Discuss] Connections using aliased IP addresses instead of the primary one
Leroy Tennison
leroy_tennison at prodigy.net
Sun Aug 3 22:55:17 CDT 2008
Neil Aggarwal wrote:
> Hello:
>
> I have a machine where I set up two IP aliases
> on eth0 by copying
> /etc/sysconfig/network-scripts/ifcfg-eth0
> to
> /etc/sysconfig/network-scripts/ifcfg-eth0:0
> /etc/sysconfig/network-scripts/ifcfg-eth0:1
>
> and changing the relevant IP info for new IP address.
>
> Unfortunately, now I am seeing outbound connections
> failing at my firewall from services like NTP, etc.
> since they are now using a source address
> from one of the aliased IP addresses instead of the
> original eth0 IP which is allow through the firewall.
>
> I don't want to have to keep maintaining 3 copies
> of each firewall rule to accommodate the new IP
> addresses.
>
> Is there a way to tell the machine to use
> the eth0 IP address as the source address for
> connections?
>
> Thanks,
> Neil
>
> --
> Neil Aggarwal, (832)245-7314, www.JAMMConsulting.com
> Eliminate junk email and reclaim your inbox.
> Visit http://www.spammilter.com for details.
>
>
> _______________________________________________
> http://www.ntlug.org/mailman/listinfo/discuss
>
Some daemons allow specification of which IP address to use. Possibly
other programs do too. Unfortunately that means reading the man page
for each one. Although this isn't what you are looking for an
alternative solution might be to change the firewall to look for a MAC
address rather than an IP address. I realize that introduces it's own
set of complications (what if you change NICs) but it might be an
alternative.
More information about the Discuss
mailing list