I think you you want to ensure the network trafic gets from eth2 using the eth2 IP address, and not some of the virtual devices (e.g. eth2:2) ... You could try to use a /etc/network/interfaces file like this (it works for me as default from the boot):<div> <br></div><div>auto eth2</div><div> iface eth2 inet static</div><div> address aaa.bb.157.50</div><div> network aaa.bb.157.0</div><div> netmask 255.255.255.248</div><div> up ip addr add <font class="Apple-style-span" color="#999999"><a href="http://aaa.bb">aaa.bb</a></font>.157.51/29 dev eth2:1</div> <div> up ip addr add <font class="Apple-style-span" color="#999999"><a href="http://aaa.bb">aaa.bb</a></font>.157.52/29 dev eth2:2</div><div><div> up ip addr add <font class="Apple-style-span" color="#999999"><a href="http://aaa.bb">aaa.bb</a></font>.157.53/29 dev eth2:3</div> <div> up ip addr add <font class="Apple-style-span" color="#999999"><a href="http://aaa.bb">aaa.bb</a></font>.157.54/29 dev eth2:4</div><div> post-up route add -net <font class="Apple-style-span" color="#999999"><a href="http://aaa.bb">aaa.bb</a></font>.176.0 netmask 255.255.255.0 dev eth2</div> <div> post-up route add default gw <font class="Apple-style-span" color="#999999"><a href="http://aaa.bb">aaa.bb</a></font>.176.241 dev eth2</div><div><br></div><div>If you also need to NAT from another "internal" IPs according to a specific set of "external" IPs you could try a few IPTABLES rules a bit like this:</div> <div><br></div><div><div><div># Generated by iptables-save v1.3.8 on Fri Feb 6 17:56:17 2009</div><div>*nat</div></div><div>:PREROUTING ACCEPT [3131839:256972515]</div><div>:POSTROUTING ACCEPT [1508368:92173015]</div><div> :OUTPUT ACCEPT [900108:61778682]</div><div><div>-A POSTROUTING -s 192.168.254.50 -o eth2 -j SNAT --to-source <font class="Apple-style-span" color="#999999"><a href="http://aaa.bb">aaa.bb</a></font>.157.50 </div><div>-A POSTROUTING -s 192.168.254.51 -o eth2 -j SNAT --to-source <span class="Apple-style-span" style="color: rgb(153, 153, 153); "><a href="http://aaa.bb">aaa.bb</a></span>.157.51 </div> <div>-A POSTROUTING -s 192.168.254.52 -o eth2 -j SNAT --to-source <span class="Apple-style-span" style="color: rgb(153, 153, 153); "><a href="http://aaa.bb">aaa.bb</a></span>.157.52 </div><div>-A POSTROUTING -s 192.168.254.53 -o eth2 -j SNAT --to-source <span class="Apple-style-span" style="color: rgb(153, 153, 153); "><a href="http://aaa.bb">aaa.bb</a></span>.157.53 </div> <div>-A POSTROUTING -s 192.168.254.54 -o eth2 -j SNAT --to-source <span class="Apple-style-span" style="color: rgb(153, 153, 153); "><a href="http://aaa.bb">aaa.bb</a></span>.157.54 </div><div>-A POSTROUTING -s <a href="http://192.168.254.0/255.255.255.0">192.168.254.0/255.255.255.0</a> -o eth2 -j MASQUERADE </div> <div>COMMIT</div><div><div>COMMIT</div><div># Completed on Fri Feb 6 17:56:17 2009</div><div><br></div></div></div></div><div>With some criativety you can also create rules by port, by mac address, or whatever you would like.</div> <br><div class="gmail_quote">2009/10/14 Gilberto Nunes Ferreira <span dir="ltr"><<a href="mailto:gilberto.nunes@selbetti.com.br">gilberto.nunes@selbetti.com.br</a>></span><br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;"> Hi all<br> <br> I have 5 public IP's.<br> This is the interfaces file (/etc/network/interfaces):<br> <br> auto eth2<br> iface eth2 inet static<br> address aaa.bb.157.50<br> network aaa.bb.157.0<br> netmask 255.255.255.248<br> post-up route add -net aaa.bb.176.0 netmask 255.255.255.0 dev eth2<br> post-up route add default gw aaa.bb.176.241 dev eth2<br> <br> auto eth2:2<br> iface eth2:2 inet static<br> address aaa.bb.157.51<br> netmask 255.255.255.248<br> <br> auto eth2:3<br> iface eth2:3 inet static<br> address aaa.bb.157.52<br> netmask 255.255.255.248<br> <br> auto eth2:4<br> iface eth2:4 inet static<br> address aaa.bb.157.53<br> netmask 255.255.255.248<br> <br> auto eth2:5<br> iface eth2:5 inet static<br> address aaa.bb.157.54<br> netmask 255.255.255.248<br> <br> All when firewall has restarted, the main IP is aaa.bb.157.51, but ours<br> main IP on DNS zone is aaa.bb.157.50.<br> So, to fix this issue, I log in on firewall and run this command:<br> <br> service network restart<br> <br> So, the main IP back to aaa.bb.157.50<br> <br> This is a hard way to fix the problem, as you can see!<br> Is there a better way to priorize IP aaa.bb.157.50 to be always main<br> IP ???<br> <br> Thanks for any help<br> <br> Regards<br> <br> <br> Gilberto Nunes Ferreira<br> <font color="#888888"><br> <br> <br> --<br> ubuntu-server mailing list<br> <a href="mailto:ubuntu-server@lists.ubuntu.com">ubuntu-server@lists.ubuntu.com</a><br> <a href="https://lists.ubuntu.com/mailman/listinfo/ubuntu-server" target="_blank">https://lists.ubuntu.com/mailman/listinfo/ubuntu-server</a><br> More info: <a href="https://wiki.ubuntu.com/ServerTeam" target="_blank">https://wiki.ubuntu.com/ServerTeam</a><br> </font></blockquote></div><br><br clear="all"><br>-- <br>Fábio Leitão<br> </div>