On 2020-10-26 18:02, Steve Hill wrote:
1. Add aliases for all of the addresses onto the internet NIC of the firewall.
You used to be able to create an
/etc/sysconfig/network-scripts/ifcfg-eth0-range0 file with the address range in
it and have the network scripts automatically add the aliases. Unfortunately
NetworkManager no longer seems to support this. Also this feels quite messy
because you end up with a lot of addresses attached to the NIC, and strictly
speaking those addresses don't really belong to the firewall since they are
intended to be forwarded through to internal machines.
This appears the correct solution to me. Your additional IPs definitely belong
to the 198.51 interface of your firewall, if you look at them
from the point of view of the ISP router.
The fact that your firewall is doing DNAT to many LAN machines is a detail that
only the firewall must be aware of (iptables rules).
Maybe your problem is just in how to achieve this with NetworkManager, which is probably
not the right tool for these "non desktop" setups.
With good old ifcfg scripts you do not even need aliases anymore, I achieve a
similar configuration through:
IPADDR=x.x.x.2
NETMASK=255.255.255.254 (this is to catch the router at x.x.x.1, your correct
mask is another possible option here)
IPADDR0=x.x.x.3
NETMASK0=255.255.255.255
IPADDR1=x.x.x.4
NETMASK1=255.255.255.255
...and so on
(for IPV6 you would need IPV6ADDR and a single line with IPV6ADDR_SECONDARIES).
This works for me on Centos7, but I do not think Fedora has broken the network
scripts yet.
To be honest my case is a few IPs (5) and not on the same subnetwork (so called
"portable IPs" in cloud setups), but it should work for you too.
(the logic starts in this line in /etc/sysconfig/network-scripts/network-functions:
" for idx in '' {0..255} ; do" )
Best regards.
--
Roberto Ragusa mail at robertoragusa.it
_______________________________________________
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
