Any Risk In Adding Second IP Address To br0 Interface?

[HarryMuscle]

I've figured out how to run a Socks5 proxy server that sends the traffic over a VPN connecting but the setup requires adding a secondary or alias IP address to the br0 interface (which is then routed to the VPN connection by specifying that IP address in the VPN Director).

However, since iptables and routes are not my strong point I wanted to check if anyone can think of any risks to adding a second IP address to the br0 interface. Also am I correct in assuming br0 is the best interface to add that second IP address? Lastly, any feedback on whether this secondary IP address should be in the same subnet as the router's primary LAN IP address (so that it likely falls under existing iptables rules and routes) or would it be better to use a different subnet maybe (so as to not interfere in any way with existing iptables rules and routes)?

Thanks,
Harry

 

[drinkingbird]

I've figured out how to run a Socks5 proxy server that sends the traffic over a VPN connecting but the setup requires adding a secondary or alias IP address to the br0 interface (which is then routed to the VPN connection by specifying that IP address in the VPN Director).

However, since iptables and routes are not my strong point I wanted to check if anyone can think of any risks to adding a second IP address to the br0 interface. Also am I correct in assuming br0 is the best interface to add that second IP address? Lastly, any feedback on whether this secondary IP address should be in the same subnet as the router's primary LAN IP address (so that it likely falls under existing iptables rules and routes) or would it be better to use a different subnet maybe (so as to not interfere in any way with existing iptables rules and routes)?

Thanks,
Harry

Not sure in Asus land but on pro networking equipment, you wouldn't be able to specify a secondary IP in the same subnet. You would also use a loopback interface for this sort of thing.

 

[HarryMuscle]

Not sure in Asus land but on pro networking equipment, you wouldn't be able to specify a secondary IP in the same subnet. You would also use a loopback interface for this sort of thing.

I didn't think that you could route an IP address on a loopback interface to the outside (via VPN in my case). Or are you referring to using a non loopback address (ie: not 127.x.x.x) but adding it to the loopback interface?

 

[drinkingbird]

I didn't think that you could route an IP address on a loopback interface to the outside (via VPN in my case). Or are you referring to using a non loopback address (ie: not 127.x.x.x) but adding it to the loopback interface?

I'm referring to a loopback interface, not a loopback IP. You can put whatever IP you want on a loopback interface (well assuming it doesn't overlap with any other interface's subnet).