Um, random aside:
You can attach firewall rules to a dummy0 interface that you can't attach to
and alias of lo. I don't remember exactly what failed (it was a while ago),
but when I tried to "ifconfig lo:1 10.0.0.1 netmask 255.255.255.0" and then
attach a boatload of firewall rules to it, it got confused. (It had
something against -j DNAT in the OUTPUT table, if I recall. I was also
having trouble getting packets originating from the loopback interface to
route outside of the box. But again, this was a while ago, so I don't
remember exactly what was wrong. It was a roll-your-own VPN solution that
was designed for a machine with 2 network cards acting as a gateway, but
needed to run on a box that had just one network card yet wanted to
participate in the VPN...)
Moving over to the dummy interface instead of loopback made it all work.
Loopback really isn't designed to do anything but bounce packets off of
127.0.0.1 for local delivery. It's optimized for that. The dummy interface
is more generic.
Rob
(On the other hand, "ifconfig dummy0 down" doesn't actually remove its ip from
the routing table under 2.4, last I checked. Annoying, that. You've got to
ifconfig it to something else to make it stop receiving packets, even though
it's down! I hit that a LOT in testing, sshing to my own box when I didn't
mean to, and then wondering what the heck was going wrong...)
-- penguicon.sf.net - A combination Linux Expo and Science Fiction Convention with GOHs Terry Pratchett, Eric Raymond, Pete Abrams, Illiad & CmdrTaco. - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/