Ubuntu IP Forwarding to virtual ethernet adapter

Question

I've setup Ubuntu server along with ufw as a firewall.

To start, I have two networks:

Public: 66.xxx.xxx.70 - 66.xxx.xxx.78

Private: 192.168.3.1 - 192.168.3.255

My network config:

auto eth0
iface eth0 inet static
        address 66.xxx.xxx.70
        netmask 255.255.255.0
        network 66.xxx.xxx.0
        broadcast 66.xxx.xxx.255
        gateway 66.xxx.xxx.1


auto eth0:0
iface eth0:0 inet static
        address 66.xxx.xxx.71
        netmask 255.255.255.0
        broadcast 66.xxx.xxx.255
        network 66.xxx.xxx.0

auto eth0:1
iface eth0:1 inet static
        address 66.xxx.xxx.72
        netmask 255.255.255.0
        broadcast 66.xxx.xxx.255
        network 66.xxx.xxx.0

auto eth0:2
iface eth0:2 inet static
        address 66.xxx.xxx.73
        netmask 255.255.255.0
        broadcast 66.xxx.xxx.255
        network 66.xxx.xxx.0

auto eth0:3
iface eth0:3 inet static
        address 66.xxx.xxx.74
        netmask 255.255.255.0
        broadcast 66.xxx.xxx.255
        network 66.xxx.xxx.0

auto eth0:4
iface eth0:4 inet static
        address 66.xxx.xxx.75
        netmask 255.255.255.0
        broadcast 66.xxx.xxx.255
        network 66.xxx.xxx.0

auto eth0:5
iface eth0:5 inet static
        address 66.xxx.xxx.76
        netmask 255.255.255.0
        broadcast 66.xxx.xxx.255
        network 66.xxx.xxx.0

auto eth0:6
iface eth0:6 inet static
        address 66.xxx.xxx.77
        netmask 255.255.255.0
        broadcast 66.xxx.xxx.255
        network 66.xxx.xxx.0

auto eth0:7
iface eth0:7 inet static
        address 66.xxx.xxx.78
        netmask 255.255.255.0
        broadcast 66.xxx.xxx.255
        network 66.xxx.xxx.78

auto eth1
iface eth1 inet static
        address 192.168.3.3
        netmask 255.255.255.0
        broadcast 192.168.3.255
        network 192.168.3.0

I started off creating a firewall to restrict all incoming traffic and allow all outgoing traffic:

sudo ufw default deny
sudo ufw allow from 192.168.3.0/24

From there I struggled on getting IP Forwarding setup, but managed to find four lines that worked (I created a startup script but abstracted the following):

echo "1" > /proc/sys/net/ipv4/ip_forward

iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
iptables -A FORWARD -i eth0 -o eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT

Ok, at this point everything works. I can setup any machine on the 192.168.3.* network to use this Ubuntu server as the network gateway (192.168.3.3) and I can route out to the internet and I browse the web and verified that my IP is 66.xxx.xxx.70.

Now, I tried to change the interface to eth0:7 (in my startup and rebooted and even removed the startup and ran it manually) so that my IP would be 66.xxx.xxx.78 but after I run the script the IP forwarding isn't working and I can't ping, tracert stops at 192.168.3.3 and of course I can't browse the web.

While I could switch the primary IP address to solve the problem I would like to know what is wrong, why I can't specify eth0:7 and what to do to fix it. I'm new to linux so I'm stuggling. Any help would be much appreciated.

Answer 1

It turns out that iptables does not support virtual ip aliasing (eth0:7).

To solve my problem, I made the primary IP address of the machine 66.xxx.xxx.78 and bound .70 to eth0:7 and my problem was solved.

Since this is a Ubuntu VM I think I may just add a third network card and bind 66.xxx.xxx.78 to it and just change the adapters that I'm forwarding through.