Tweaks to aliased interfaces doc

Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2010-01-24 13:52:25 -08:00
parent bfdc6719c1
commit bb1f2993cc

View File

@ -64,12 +64,13 @@ eth0:0 Link encap:Ethernet HWaddr 02:00:08:3:FA:55
</example> </example>
<para>The ifconfig utility is being gradually phased out in favor of the <para>The ifconfig utility is being gradually phased out in favor of the
ip utility which is part of the <emphasis>iproute</emphasis> package. The <firstterm>ip</firstterm> utility which is part of the
ip utility does not use the concept of aliases or virtual interfaces but <emphasis>iproute</emphasis> package. The ip utility does not use the
rather treats additional addresses on an interface as objects in their own concept of aliases or virtual interfaces but rather treats additional
right. The ip utility does provide for interaction with ifconfig in that addresses on an interface as objects in their own right. The ip utility
it allows addresses to be <emphasis>labeled</emphasis> where these labels does provide for interaction with ifconfig in that it allows addresses to
take the form of ipconfig virtual interfaces.</para> be <emphasis>labeled</emphasis> where these labels take the form of
ipconfig virtual interfaces.</para>
<example id="ip"> <example id="ip">
<title>ip</title> <title>ip</title>
@ -150,6 +151,11 @@ iface eth0 inet static
In the sub-sections that follow, we'll take a look at common In the sub-sections that follow, we'll take a look at common
scenarios.</para> scenarios.</para>
<note>
<para>The examples in the following sub-sections assume that the local
network is 192.168.1.0/24.</para>
</note>
<section id="Rules"> <section id="Rules">
<title>Separate Rules</title> <title>Separate Rules</title>
@ -186,7 +192,7 @@ DNAT net loc:192.168.1.3 tcp 80 - 20
<filename>/etc/shorewall/masq</filename>:</para> <filename>/etc/shorewall/masq</filename>:</para>
<programlisting>#INTERFACE SUBNET ADDRESS <programlisting>#INTERFACE SUBNET ADDRESS
eth0 eth1 206.124.146.178</programlisting> eth0 192.168.1.0/24 206.124.146.178</programlisting>
<para>Shorewall can create the alias (additional address) for you if you <para>Shorewall can create the alias (additional address) for you if you
set ADD_SNAT_ALIASES=Yes in set ADD_SNAT_ALIASES=Yes in
@ -204,16 +210,15 @@ eth0 eth1 206.124.146.178</programlisting>
the INTERFACE column as follows.</para> the INTERFACE column as follows.</para>
<para><filename>/etc/shorewall/masq</filename><programlisting>#INTERFACE SUBNET ADDRESS <para><filename>/etc/shorewall/masq</filename><programlisting>#INTERFACE SUBNET ADDRESS
eth0:0 eth1 206.124.146.178</programlisting></para> eth0:0 192.168.1.0/24 206.124.146.178</programlisting>Shorewall
can also set up SNAT to round-robin over a range of IP addresses. To do
<para>Shorewall can also set up SNAT to round-robin over a range of IP that, you specify a range of IP addresses in the ADDRESS column. If you
addresses. To do that, you specify a range of IP addresses in the specify a label in the INTERFACE column, Shorewall will use that label
ADDRESS column. If you specify a label in the INTERFACE column, for the first address of the range and will increment the label by one
Shorewall will use that label for the first address of the range and for each subsequent label.</para>
will increment the label by one for each subsequent label.</para>
<para><filename>/etc/shorewall/masq</filename><programlisting>#INTERFACE SUBNET ADDRESS <para><filename>/etc/shorewall/masq</filename><programlisting>#INTERFACE SUBNET ADDRESS
eth0:0 eth1 206.124.146.178-206.124.146.180</programlisting></para> eth0:0 192.168.1.0/24 206.124.146.178-206.124.146.180</programlisting></para>
<para>The above would create three IP addresses:</para> <para>The above would create three IP addresses:</para>