From: Alper Oguz (alperliste@showtv.com.tr)
Date: Mon 08 Sep 2003 - 04:21:50 EDT
Merhaba,
06.09.2003, 13:59, Bülent Yavuz wrote:
BY> **Birde bu işlemi tek ethernet kartı ile yapabilir miyim ? Bu
BY> konuda tecrubesi ve bilgisi olan arkadaşların acilen
BY> yardımlarını bekliyorum :))
Kisaca yapabilirsin ama birkac nedenden oturu onerilmiyor. Oncelikle
agda cok fazla carpisma (collision) olusur. Ayrica maskelemeyi
tanitirken -o eth1 seklinde aygit adi verme olanaginiz kalmiyor.
Realtek 8139 cipsetli $6-7'a bir ethernet daha edinebilecekken bence
tek ag karti ile ugrasmaniz yanlis olur.
Boyle bir ise girisiyorsaniz ilgili howto belgelerini okumussunuzdur
herhalde ama gozden kacmis, bu konuyu anlatan bolumu kopyalayayim.
sevgiler
--------------------------------------------
http://tldp.org/HOWTO/IP-Masquerade-HOWTO/aliasing.html
7.27. ( IP Aliasing ) - Can IP Masquerade work with only ONE
Ethernet network card?
Yes and no. With the "IP Alias" kernel feature, users can setup
multiple aliased interfaces such as eth0:1, eth0:2, etc but its is
NOT recommended to use aliased interfaces for IP Masquerading. Why?
Providing a secure firewall becomes very difficult with a single NIC
card. In addition to this, you will experience an abnormal amount of
errors on this link since incoming packets will almost
simultaneously be sent out at the same time. Because of all this and
NIC cards now costs less than $10, I highly recommend to just get a
NIC card for each MASQed network segment.
Users should also understand that IP Masquerading will only work
with a physical interface such as eth0, eth1, etc. MASQing out an
aliased interface such as "eth0:1, eth1:1, etc" will NOT work. In
other words, the following WILL NOT WORK reliably:
* It is rumored that you can simply use the destination IP address
(the IP address associated with the ALIASed interface like eth0:1,
etc.) IN PLACE of specifing the interface (eth0:1). This solution
is not untested -- please email dranch@trinnet.net if you have any
positive or negative results
* /sbin/ipchains -A forward -i eth0:1 -s 192.168.0.0/24 -j MASQ"
* /sbin/ipfwadm -F -a m -W eth0:1 -S 192.168.0.0/24 -D 0.0.0.0/0
If you are still interested in using aliased interfaces, you need to
enable the "IP Alias" feature in the kernel. You will then need to
re-compile and reboot. Once running the new kernel, you need to
configure Linux to use the new interface (i.e. eth0:1, etc.). After
that, you can treat it as a normal Ethernet interface with some
restrictions like the one above.
-- Alper Oğuz alperliste@showtv.com.tr