On Thu, 8 Jun 2000, Cormac Hogan wrote:
> Possibly Gary,
>> What I meant is that I don't think it is possible to access the print server
> at 192.168.205.254 and the hosts in the range 192.168.205.60 -
> 192.168.205.70 only, which is what I think Tony is trying to achieve.
>
in that case, why not go with the eth:0 on 192.168.205/16, and use
ipchains to restrict access to/from 192.168.205/16, eg:
ipchains -I 1 out -s 0/0 -d printer/32 -j ACCEPT
ipchains -I 1 out -s 0/0 -d whatever/32 -j ACCEPT
..etc.. for whatever hosts on the 205 net.
ipchains -A out -s 0/0 -d 192.168.205/16 -j DENY
and do the same for input:
ipchains -I 1 input -s printer/32 -d 0/0 -j ACCEPT
ipchains -I 1 input -s whatever/32 -d 0/0 -j ACCEPT
..etc..
ipchains -A input -s 192.168.205/16 -d 0/0 -j DENY
> Cormac
> >Let see:
> >In your kernel config, enable IP Aliasing. Compile and reboot (This is
> >assuming it's not already on)
> >then use "ifconfig eth0:0 192.168.205.2 netmask 255.255.255.0 up"
> >
> >This will give you an interface on the 192.168.205 network. You will
> >probably have to do something like
> >
> >route add -net 192.168.205.0 netmask 255.255.255.0 eth0:0
>>>> ________________________________________________________________________
> Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com>>>
Maintained by the ILUG website team. The aim of Linux.ie is to
support and help commercial and private users of Linux in Ireland. You can
display ILUG news in your own webpages, read backend
information to find out how. Networking services kindly provided by HEAnet, server kindly donated by
Dell. Linux is a trademark of Linus Torvalds,
used with permission. No penguins were harmed in the production or maintenance
of this highly praised website. Looking for the
Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!
