Question : Can I bind a subnet to an Ethernet interface in Red Hat Linux 9?

I am in the process of setting up an iptables firewall in Red Hat Linux 9. A large number of machines, all on the same subnet, need to be protected by this firewall. However, it is inconvenient (and inflexible) to bind the IP address of each of these machines to the firewall's external interface. Is there a way to bind the entire subnet instead?

Answer : Can I bind a subnet to an Ethernet interface in Red Hat Linux 9?

I've figured out what I think the problem is. Either I missed in in the docs or the behaviour changed sometime since 7.1, but the alias range file must be named like ifcfg-eth0-range0. From /etc/sysconfig/network-scripts/ifup-alias:

# One can specify ranges of alised ipaddress using ifcfg-$DEV-range* files.
# Specify multiple ranges using multiple files, such as ifcfg-eth0-range0 and
# ifcfg-eth0-range1, etc. In these files, the following configuration variables
# specify the range:
#
# IPADDR_START -- ipaddr to start range at. eg "192.168.30.1"
# IPADDR_END -- ipaddr to end range at. eg "192.168.30.254"
# CLONENUM_START -- interface clone number to start using for this range. eg#
# The above example values create the interfaces eth0:0 through eth0:253 using
# ipaddrs 192.168.30.1 through 192.168.30.254, inclusive.
#
# Other configuration variables such as NETMASK and BROADCAST may be specified
# in the range file and will apply to all of the ipaddresses in the range. Range# files also inherit configuration from the ifcfg-$DEV file just like normal.
#
# Note that IPADDR_START and IPADR_END are required to be in the same class-c
# block. I.e. IPADDR_START=192.168.30.1 and IPADDR_END=192.168.31.255 is
# not valid.

and:

# With large sets of ipaddresses the NO_ALIASROUTING=yes configuration is
# highly recommended. (This can be specified in ifcfg-$DEV and inherited.) This
# prevents this script from setting up routing details for the virtual
# interfaces, which I don't think is needed, because outgoing traffic can use the
# main interface. However, make your own conclusions on what you need.

I tested it on an RH 9 system according to those rules and it worked as advertised.

Random Solutions

Error trying to run MS Exchange

T-1 working week Query - Ignore weekends!

Trigger Question

Cyclical Error prevents me from copying DVD film data

Can I block email going to a specific email address with exchange 2003

Block DNS Lookups for certain domains

Insert or replace logic for MS SQL

what is the importance in wheel group in linux ?

mail sent using asp and iis5.1 goes directly to badmail folder

Migration of Windows 2003 server to new hardware with the same license