Third party cookies may be stored when visiting this site. Please see the cookie information.

Learn Linux Index

Getting started

The Linux shell and command line programs

System administration

Networking

Servers

Virtual machines

Web development

Programming

Other links


Linux networking IP port aliasing tutorial

This tutorial works through an example of how IP aliasing can be used to provide multiple network addresses on a single physical interface. This demonstrates using IP version 4 addresses only.

Most distributions include IP aliasing compiled into the kernel. If that is not the case for your particular distro then you can load the module using the insmod command.

One reason for using this could be to make a computer look as though it is multiple computers, so for example you could have one server that is acting as both a gateway (router) and a DHCP server and DNS using 3 different IP addresses, perhaps with a future plan to use a hardware router and to move the functionality to seperate DNS and DHCP servers. Or indeed the opposite you could decide to replace the 3 different hardware devices with a single server to reduce the administration overhead.

In this case you can have 3 different addresses which are all on the same computer without having to install lots of physical network interfaces.

Another reason, which is the one I will use in this tutorial, is that you want to have the computer on two different logical network subnets whilst using a single physical interface. The reason I originally needed to do this is that I purchased a network device that comes pre-configured with an IP address on the 192.168.0.0/24 address range, but my linux machine is on the 192.168.1.0/24 address range. I therefore configured an alias so that I can connect to the new device to configure it onto my 192.168.1.0/24 network address.

Changing the address dynamically

The first step is to identify the port number of the current interface. This is done using the ifconfig file.

The relevant output in this case is:

eth1      Link encap:Ethernet  HWaddr 00:0d:61:0b:d9:a0  

          inet addr:192.168.1.1  Bcast:192.168.1.255  Mask:255.255.255.0

          inet6 addr: fe80::20d:61ff:fe0b:d9a0/64 Scope:Link

          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

          RX packets:213915 errors:0 dropped:0 overruns:0 frame:0

          TX packets:211302 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:1000

          RX bytes:140569143 (134.0 MB)  TX bytes:188664521 (179.9 MB)

          Interrupt:21 Base address:0xa000

We are using eth1 at the moment, so we will add an alias as eth1:1.

To add an alias IP address run
sudo ifconfig eth1:0 192.168.0.1

This creates an alias on eth1 with ip address 192.168.0.1. This will take the default network mask unless it is specified using the netmask option.

Thew new alias can be viewed using the ifconfig command.

eth1:0    Link encap:Ethernet  HWaddr 00:0d:61:0b:d9:a0  

          inet addr:192.168.0.1  Bcast:192.168.0.255  Mask:255.255.255.0

          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

          Interrupt:21 Base address:0xa000

Note that the hardware address (MAC address) HWaddr is the same as this is still the same physical interface showing that this is the same interface.

There are no interface statistics for the alias interface as these are included in the physical interface. To get per address statistics then accounting rules would need to be used through the iptables command.

A network route is automatically added to the routing table for the subnet with the interface included, but any additional routes will need to be added manually.

Kernel IP routing table 

Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface

192.168.1.0     0.0.0.0         255.255.255.0   U         0 0          0 eth1

192.168.0.0     0.0.0.0         255.255.255.0   U         0 0          0 eth1

... 

It should then be possible to access devices on the 192.168.0.0 network.

You may need to make changes to any firewall rules to allow access to the new network range. In my case I am running shorewall, which by default just uses the physical interface for it's rules. So a restart of shorewall and it worked. If a separate security policy is required for the new network then that needs to be configured explicitly in the firewall rules.

Making the changes permanent

The commands run above will make the changes to a live system, but these will all be lost when the system reboots. The commands could be added to a script that is called during startup, but the correct solution is to add these to the appropriate network configuration files.

The following is for Ubuntu Linux. This may differ on different distros. If the /etc/network/interfaces file does not exist on your distro then you can just add the earlier commands into /etc/rc.d/rc.local or a similar startup file.

The port definition needs to go into the interfaces file as shown below:

iface eth1 inet static 

address 192.168.1.1 

netmask 255.255.255.0 

auto eth1 



iface eth1:0 inet static 

address 192.168.0.1 

netmask 255.255.255.0 

auto eth1:0 

The last 4 lines have been added for this interface. The other interfaces have been excluded from the screen-capture above.

Further reading

Basic TCP/IP Networking Reference Guide

Previous TCP/IP networking reference guide
TCP/IP networking reference guide
Next TCP/UDP port numbers (/etc/services)
TCP/UDP port numbers (/etc/services)