Changes between Initial Version and Version 1 of VirtualInterfaces


Ignore:
Timestamp:
09/01/07 17:53:54 (14 years ago)
Author:
Victor Julien
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • VirtualInterfaces

    v1 v1  
     1= Virtual Interfaces =
     2
     3Linux has two mechanisms for handling more than one ipaddress on a interface. The first one creates a new virtual device, in the form of 'eth0:0'. The second just adds another ipaddress to an existing device. Both are supported by Vuurmuur.
     4
     5Creating a virtual interface
     6
     7To create a virtual interface one has to take the same steps as with creating a normal interface:
     8
     9 1. go to Interfaces
     10 1. press 'insert'
     11 1. enter the name
     12 1. enter the ipaddress
     13 1. enter the device
     14
     15Now press F5 to enable 'Advanced options'. A checkbox called 'Virtual' becomes visible. Enable it.
     16
     17The next step is to attach the interface to the network it sits in.
     18
     19Creating rules with virtual interfaces
     20
     21For most parts a virtual interface in Vuurmuur is just like a normal interface, so there are no special remarks about the rules. However, most people using virtual interfaces probably have a firewall that has multiple public ipaddresses, and want different rules per ipaddress. The following example assumes a firewall with two interfaces on the internet, in the network world.inet:
     22
     23 1. wan-34, with device ppp0 and ipaddress 12.12.34.34
     24 1. wan-35, with device ppp0:0 (so virtual) and ipaddress 12.12.34.35
     25
     26Now the ipaddresses 34 and 35 are both to be used for different mailservers which sit behind the firewall in a privately address network local.lan.
     27
     28First, lets make sure that the two servers only use the public ipaddress that is meant for them when sending out mails using smtp:
     29{{{
     30accept service smtp from redmailserver.local.lan to world.inet options out_int="wan-34"
     31snat service smtp from redmailserver.local.lan to world.inet options out_int="wan-34"
     32
     33accept service smtp from bluemailserver.local.lan to world.inet options out_int="wan-35"
     34snat service smtp from bluemailserver.local.lan to world.inet options out_int="wan-35"
     35}}}
     36Next, we want users on the internet to use 12.12.34.34 for the redmailserver and 12.12.34.35 for the blue one:
     37{{{
     38portw service imap from world.inet to redmailserver.local.lan options in_int="wan-34"
     39portw service pop3 from world.inet to redmailserver.local.lan options in_int="wan-34"
     40portw service smtp from world.inet to redmailserver.local.lan options in_int="wan-34"
     41
     42portw service imap from world.inet to bluemailserver.local.lan options in_int="wan-35"
     43portw service pop3 from world.inet to bluemailserver.local.lan options in_int="wan-35"
     44portw service smtp from world.inet to bluemailserver.local.lan options in_int="wan-35"
     45}}}
     46As you can see the in_int and the out_int options are crucial here.