lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <87pnocvpbd.fsf@toke.dk> Date: Mon, 20 May 2019 22:33:26 +0200 From: Toke Høiland-Jørgensen <toke@...hat.com> To: "M. Buecher" <maddes+kernel@...des.net>, netdev@...r.kernel.org Cc: Michal Kubecek <mkubecek@...e.cz>, Matthias May <matthias.may@...atec.com>, Heiner Kallweit <hkallweit1@...il.com> Subject: Re: IP-Aliasing for IPv6? "M. Buecher" <maddes+kernel@...des.net> writes: > On 2019-05-15 11:26, Michal Kubecek wrote: >> On Tue, May 14, 2019 at 08:49:12PM +0200, M. Buecher wrote: >>> According to the documentation [1] "IP-Aliasing" is an obsolete way to >>> manage multiple IP[v4]-addresses/masks on an interface. >>> For having multiple IP[v4]-addresses on an interface this is >>> absolutely >>> true. >>> >>> For me "IP-Aliasing" is still a valid, good and easy way to "group" ip >>> addresses to run multiple instances of the same service with different >>> IPs >>> via virtual interfaces on a single physical NIC. >>> >>> Short story: >>> I recently added IPv6 to my LAN setup and recognized that IP-Aliasing >>> is not >>> support by the kernel. >>> Could IP-Aliasing support for IPv6 be added to the kernel? >> >> You should probably better explain what is the feature you are using >> with IPv4 but you are missing for IPv6. The actual IP aliasing has been >> removed in kernel 2.2, i.e. 20 years ago. Since then, there is no IP >> aliasing even for IPv4. What exactly works for IPv4 but does not for >> IPv6? > > Used feature is the label option of `ip`, which works for IPv4, but not > with IPv6. > > Goal: Use virtual interfaces to run separate instances of a service on > different IP addresses on the same machine. > For example with dnsmasq I use `-interface ens192` for the normal main > instance, while using `-interface ens192:0` and `-interfaces ens192:1` > for special instances only assigned to specific machines via their MAC > addresses. You would generally instruct your daemon to listen to an address rather than an interface. For dnsmasq you can do this with the --listen-address option instead of the --interface option, AFAIK. -Toke
Powered by blists - more mailing lists