[Shorewall-users] Ip aliasing

Ama Kalu ama.kalu at cwlgroup.net
Thu Dec 4 20:22:17 PST 2003


Hi Tom,

I saw a hint on the website about round robin of services and aliased interfaces but it is not clear whether that hint covers my question.

I need to distribute client requests for a particular service on one interface say eth0 to a number of servers on the other side of the firewall in a round robin fashion. I'd appreciate more light.

Thank you

Ama

> On Thu, 2003-12-04 at 10:26, Marcelo Mujica wrote:
> > Alex, thanks for your response.
> > I`m talking about use proxy arp with publics address in the DMZ but I got some resistence..., because I said, before, that with prot forwarding are the better option and now I have to change the config.
> > In other order, maybe I like to know how do port forwarding in the correct way(not with the errors that you detect). To learn I apreciate if you want correct me. 
> > In other way I go to try proxy arp in another test server.
> > 
> 
> To forward just one port, you will have to create the alias manually
> then just use a DNAT rule.
> 
> DNAT	net	dmz:<internal ip> <proto> <port> - <alias addr>
> 
> But of course that is described on the page that you already referred
> to:
> 
> http://www.shorewall.net/Shorewall_and_Aliased_Interfaces.html
> 
> -Tom
> -- 
> Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
> Shoreline,     \ http://shorewall.net
> Washington USA  \ teastep at shorewall.net
> 
> 
> _______________________________________________
> Shorewall-users mailing list
> Post: Shorewall-users at lists.shorewall.net
> Subscribe/Unsubscribe: https://lists.shorewall.net/mailman/listinfo/shorewall-users
> Support: http://www.shorewall.net/support.htm
> FAQ: http://www.shorewall.net/FAQ.htm



More information about the Shorewall-users mailing list