[ale] Shorewall and multiple ips

[Brian Pitts]

Greg Canter wrote:
> I currently am setting up a firewall on a vps slice from Slicehost.  I have
> 3 dedicated IP addresses and one interface.  The ip addresses are on eth0,
> eth0:1, and eth0:2.  As you can see, the last2 addresses are on aliases.
> 
> I am trying to get Shorewall to set up the firewall but am having some
> difficulties.  My questions are
> 
> 1) Does anyone have any experience with Shorewall and if so can it be used
> for this purpose ?  And
> 
> 2) Can iptables handle each IP separately or does it just handle interfaces
> ?
> 
> Alas, Mr. Google has failed me in a definitive answer and thus I am looking
> for any clues, hints , etc from the list.  My experience in firewalls is
> primarily in OpenBSD and pf.
> 

Hi Greg,

Did you take a look at 
http://www.shorewall.net/Shorewall_and_Aliased_Interfaces.html ?

It says "The iptables program doesn't support virtual interfaces in 
either its “-i” or “-o” command options; as a consequence, Shorewall 
does not allow them to be used in the /etc/shorewall/interfaces file or 
anywhere else except as described in the discussion below."

-Brian

PS - Ubuntu is working on an iptables configuration tool that uses 
OpenBSD's pf syntax, but they haven't added router/gateway 
configuration, NAT, QoS configuration, /proc adjustments, and the like 
yet. https://wiki.ubuntu.com/UbuntuFirewall