[CentOS] Centos Firewall - router with virtual IP

Thu Nov 3 14:21:45 UTC 2011
Ljubomir Ljubojevic <office at plnet.rs>

Vreme: 11/03/2011 11:16 AM, News piše:
> Il 03/11/2011 3.34, Fajar Priyanto ha scritto:
>> Hi all,
>> I haven't found anything in Google about this.
>> I'm creating a firewall router with Centos with few virtual IP using iptables.
>> May I ask for your experience?
>> Is there any pitfall or bad side of using virtual IP for this purpose?
>> I'm using few virtual IP to accommodate few subnets that go through
>> this firewall/router.
> I use shorewall for this
> http://www.shorewall.net/Shorewall_and_Aliased_Interfaces.html

You also need to be sure what you want to do exactly. If subnets need to 
be behind hat firewall, but routed and not NATed, then you are not to 
use Virtual IP's, but to implement pass-through/routing. Virtual IP's 
are only used for NAT-ing, not for routing subnets.


Ljubomir Ljubojevic
(Love is in the Air)
PL Computers
Serbia, Europe

Google is the Mother, Google is the Father, and traceroute is your
trusty Spiderman...
StarOS, Mikrotik and CentOS/RHEL/Linux consultant