On Fri, Nov 4, 2011 at 6:59 AM, John R Pierce <pierce at hogranch.com> wrote: > On 11/02/11 7:34 PM, Fajar Priyanto wrote: >> I'm creating a firewall router with Centos with few virtual IP using iptables. >> >> May I ask for your experience? >> Is there any pitfall or bad side of using virtual IP for this purpose? >> I'm using few virtual IP to accommodate few subnets that go through >> this firewall/router. > > now, when you say 'virtual IP', do you mean alias IPs on your WAN > (outside) interface(s), or multiple private subnets on the LAN (inside) > interface(s) ? none of those are 'virtual' in any sense I'd use that > adjective. Hi John, thanks for asking. My firewall setup is like this: Physical NIC: eth0 - to outside world eth1 - to LAN There is masquerading in eth0 so LAN can go to internet Now, I'm adding some virtual interface eth1:0, eth1:1... so on to accommodate new subnets created in the LAN. My concern comes from question... how does the MAC addressing is handled (by the switches and the OS)? Because wouldn't eth1:0, etc be sharing the same MAC address as eth1? Will there be any problem or confusion in the network?