[CentOS] Centos Firewall - router with virtual IP

Fri Nov 4 02:15:54 UTC 2011
KevinO <kevin at kevino.org>

On 11/03/2011 06:54 PM, John R Pierce wrote:
> On 11/03/11 5:43 PM, Fajar Priyanto wrote:
>> Now, I'm adding some virtual interface eth1:0, eth1:1... so on to
>> accommodate new subnets created in the LAN.
> whats the point of having multiple subnets on the same physical LAN 
> segment ?   if you want to isolate separate local networks, you really 
> should use separate physical adapters with separate switches... or VLAN 
> switching if you have a switch that supports VLAN trunking.
> anyways, whatever, yes, you can do it with iptables, but not all off the 
> shelf firewall script generators will support multiple LAN subnets.   I 
> usually write my own iptables rulesets.
I can say first hand that fwbuilder easily handles managing scripts for multiple
subnets and aliased addressing on NIC's. I use separate interface cards for each
subnet, however. (5 NIC's, 4 internal subnets, 3 public IP's on the one external
facing NIC)