I am building a firewall system based on Linux. My machine has two
ne2k-pci-network cards, one of them being destined to be connected to
the untrusted network. The drivers will be loaded as kernel modules.
I am thinking about doing the following:
- The trusted card will have its slot shield painted green; its MAC
address will be known.
- When the system boots, the ethernet drivers will be loaded and the
interface that has the known MAC address of the will be marked in
the system configuration as being connected to the trusted network.
However, it seems that I can't control which ethx alias will be
associated with the trusted network because both cards are PCI and
their resource assignments are controlled by the system BIOS. Thus, I
will have to jump through hoops to take care of this in every init and
maintenance script which will prove a major pain and source of
problems.
Does Linux (I will mostly be using 2.0.36 for my research but will
check if my system works with 2.2.x too) have a possibility to define
"network card aliases"?
That way, I could do the following:
(1)
load the modules.
(2)
configure eth0 and eth1.
(3)
parse ifconfig's output and determine which interface has the
"trusted" MAC address.
(4)
define appropriate aliases for ueth0 and teth0 (for untrusted and
trusted ethernet, respectively).
All scripts could use ueth0 and teth0 exclusively.
For SCSI devices, such an aliasing mechanism is available using
scsidev. I have read the BootPrompt and the Ethernet HOWTO, both
giving some hints about using the ether command while booting but I
can't figure out how this works with modularized drivers. I have taken
a look into the driver's source code but suspect that the "eth" names
are hard-coded into the source (it's not even a #define).
Ethernet devices don't seem to have /dev nodes (at least, if they are
there, they are not used - the docs say so) so simply doing symlinks
seems to be impossible.
Is there a chance to do that elegantly or do I really have to generate
a config file that reflects the trust relationships of the eth
interfaces for the init scripts?
Any hints will be appreciated.
Greetings
Marc
-- -------------------------------------- !! No courtesy copies, please !! ----- Marc Haber | " Questions are the | Mailadresse im Header Karlsruhe, Germany | Beginning of Wisdom " | Fon: *49 721 966 32 15 Nordisch by Nature | Lt. Worf, TNG "Rightful Heir" | Fax: *49 721 966 31 29- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/