# Help: Masquerade a NIC alias : eth0:1  [SOLVED]

## firehawk

I am not sure if this is even possible. Have Googled around, but no luck. 

Can someone shed some light with regard to this error message:

ADSL router:

192.168.2.1

Gentoo Server:

eth0     ->192.168.1.10

eth0:1  ->192.168.2.10

gw       ->192.168.2.1

The problem area:

export WAN=eth0:1

I have followed pretty much the same guide in the Gentoo Router guide: http://www.gentoo.org/doc/en/home-router-howto.xml

```

 iptables -F

 iptables -t nat -F

 iptables -P INPUT ACCEPT

 iptables -P OUTPUT ACCEPT

 iptables -P FORWARD DROP

export LAN=eth0

export WAN=eth0:1

 iptables -I INPUT 1 -i ${LAN} -j ACCEPT

 iptables -I INPUT 1 -i lo -j ACCEPT

 iptables -A INPUT -p UDP --dport bootps -i ! ${LAN} -j REJECT

 iptables -A INPUT -p UDP --dport domain -i ! ${LAN} -j REJECT

 iptables -I FORWARD -i ${LAN} -d 192.168.1.0/255.255.255.0 -j DROP

 iptables -A FORWARD -i ${LAN} -s 192.168.1.0/255.255.255.0 -j ACCEPT

 iptables -A FORWARD -i ${WAN} -d 192.168.1.0/255.255.255.0 -j ACCEPT

 iptables -t nat -A POSTROUTING -o ${WAN} -j MASQUERADE

```

Running the script: Result with this error:

```

Warning: weird character in interface `eth0:1' (No aliases, :, ! or *).

Warning: weird character in interface `eth0:1' (No aliases, :, ! or *).

```

Now, how do I get around this? 

P.S Reason for this is to force clients on the 192.168.1.0 network to go through the Proxy server and for bandwidth monitoring.Last edited by firehawk on Wed Aug 13, 2008 11:43 am; edited 1 time in total

----------

## BradN

Can you try specifying it by a network address (ip/netmask) in addition to eth0?  I'm not too familiar with iptables, but usually there's 2 or 3 different ways to do stuff like that.

----------

## UberLord

 *firehawk wrote:*   

> The problem area:
> 
> export WAN=eth0:1

 

eth0:1 is just an alias so that ifconfig can show >1 ipv4 address. It serves no other purpose.

As such, 99% of programs throw a wobbly when try explicity try and use it, like iptables.

You can use eth0 and the ip address for eth0:1 will still get used if it's the natural route.

It's a silly linuxism that needs to die!

----------

## firehawk

@BradN: 

I have tried setting the following:

```

export LAN=192.168.1.10

export WAN=192.168.2.10

```

IPtables does not complain. Yet.. No Masquerading  :Sad: 

 Thank you for you input, but think you and UberLord will find the following interesting:

@UberLord

When setting to the following within the original script:

```

export LAN=eth0

export WAN=eth0

```

It works!  :Very Happy:   Thanks  UberLord! 

But I am not sure if this is the right way(tm)  to do it since it does seem ambiguous I would have prefered the IP asigning method to work   :Question: 

Transparent Proxy is now also working  :Smile: 

```

iptables -t nat -A PREROUTING -i ${LAN} -p tcp --dport 80 -j REDIRECT --to-port 3128

```

Now I just need to get some counters setup in Iptables  :Smile: 

Thanks for the help! I am a happy bunny!

----------

