shorewall-users November 2010 archive
Main Archive Page > Month Archives  > shorewall-users archives
shorewall-users: Re: [Shorewall-users] Dealing with multiple pub

Re: [Shorewall-users] Dealing with multiple public IP's

From: Stephen Brown <stephen.brown75_at_nospam>
Date: Sun Nov 21 2010 - 16:13:08 GMT
To: Shorewall Users <shorewall-users@lists.sourceforge.net>

Thanks Tom... here's what I ended up doing:

/etc/network/interfaces:
# eth0
# Comcast
auto eth0
iface eth0 inet static
address 70.90.228.197
netmask 255.255.255.248
gateway 70.90.228.198
up ip addr add 70.90.228.193/24 brd 70.90.228.255 dev eth0 label eth0:0
up ip addr add 70.90.228.194/24 brd 70.90.228.255 dev eth0 label eth0:1
up ip addr add 70.90.228.195/24 brd 70.90.228.255 dev eth0 label eth0:2
up ip addr add 70.90.228.196/24 brd 70.90.228.255 dev eth0 label eth0:3

This works as intended so far.

My next phase of this project will entail splitting all of my VoIP
services and devices into their own seperate VLAN. What is the best way
to force outbound traffic over a particular IP based on the port?

For example, I will have a server that lives at 10.5.10.2, and I want to
push traffic originating from that server on UDP ports 4569, 5060, and
10000:20000 to appear to have originated from 70.90.228.196 on the net
side. I'll also have some other servers, vm's etc. in this subnet using
various TCP/UDP ports that I would like to restrict to this address as
well.

Thanks,
Stephen

On 11/19/10 11:34 AM, Tom Eastep wrote:
> On 11/19/10 3:32 AM, Stephen Brown wrote:
>> I've just ordered a Comcast business class connection with 5 static IP
>> addresses.
>>
>> Reading over the aliased interfaces documentation, I'm not real clear on
>> what to do with /etc/shorewall/interfaces (if anything).
> /etc/shorewall/interfaces is independent of the number of IP addresses
> on the interface. I have Comcast business class with 5 static IPs, three
> of which are configured on my external interface:
>
> gateway:~# ip -4 addr ls dev eth1
> 4: eth1:<BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc tbf state
> UNKNOWN qlen 1000
> inet 70.90.191.121/29 brd 70.90.191.127 scope global eth1
> inet 10.1.10.11/24 brd 10.1.10.255 scope global eth1:3
> inet 70.90.191.122/29 brd 70.90.191.127 scope global secondary eth1:1
> inet 70.90.191.123/29 brd 70.90.191.127 scope global secondary eth1:2
> inet 70.90.191.124/29 brd 70.90.191.127 scope global secondary eth1
> inet 70.90.191.125/29 brd 70.90.191.127 scope global secondary eth1
> gateway:~#
>
> My Comcast business class router is configured with it's LAN interface
> as 10.1.10.0/24 (the default), so 10.1.10.11 is the primary address. The
> top three public IP addresses are statically configured while the last
> two are added when their corresponding Linux-vservers are started.
>
> This the /etc/shorewall/interfaces entry for my external interface:
>
> net COM_IF detect \
> dhcp,optional,routefilter=0,logmartians,proxyarp=0,physical=$COM_IF,nosmurfs,upnp
>
> Where /etc/shorewall/params contains:
>
> COM_IF=eth1
>
> -Tom
> ------------------------------------------------------------------------------
> Beautiful is writing same markup. Internet Explorer 9 supports
> standards for HTML5, CSS3, SVG 1.1, ECMAScript5, and DOM L2& L3.
> Spend less time writing and rewriting code and more time creating great
> experiences on the web. Be a part of the beta today
> http://p.sf.net/sfu/msIE9-sfdev2dev
> _______________________________________________
> Shorewall-users mailing list
> Shorewall-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/shorewall-users
>
>
>
>
> ------------------------------------------------------------------------------
> Beautiful is writing same markup. Internet Explorer 9 supports
> standards for HTML5, CSS3, SVG 1.1, ECMAScript5, and DOM L2& L3.
> Spend less time writing and rewriting code and more time creating great
> experiences on the web. Be a part of the beta today
> http://p.sf.net/sfu/msIE9-sfdev2dev
>
>
> _______________________________________________
> Shorewall-users mailing list
> Shorewall-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/shorewall-users

------------------------------------------------------------------------------
Beautiful is writing same markup. Internet Explorer 9 supports
standards for HTML5, CSS3, SVG 1.1, ECMAScript5, and DOM L2 & L3.
Spend less time writing and rewriting code and more time creating great
experiences on the web. Be a part of the beta today
http://p.sf.net/sfu/msIE9-sfdev2dev

_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users