Es gibt mehrere Methoden – wobei ich die lange Variante bevorzuge, da diese auch crt Dateien generiert.

Schnellvariante:

openssl pkcs12 -in "PKCSOriginal" -nodes | openssl pkcs12 -export -out "PKCSNeu-ohne-Passwort"


Lange Variante:

Das Zertifikat extrahieren

$ openssl pkcs12 -clcerts -nokeys -in "Originaldatei" \
      -out certificate.crt -password pass:PASSWORT -passin pass:PASSWORT

CA extrahieren

$ openssl pkcs12 -cacerts -nokeys -in "Originaldatei" \
      -out ca-cert.ca -password pass:PASSWORT -passin pass:PASSWORT

Privaten Schlüssel extrahieren

$ openssl pkcs12 -nocerts -in "Originaldatei" \
      -out private.key -password pass:PASSWORT -passin pass:PASSWORT \
      -passout pass:NeuesPasswort

Passwort entfernen

$ openssl rsa -in private.key -out "Neu.key" \
      -passin pass:NeuesPasswort

PEM-Dateien zusammenkopieren

$ cat "Neu.key"  \
      "certificate.crt" \
      "ca-cert.ca" > PEM.pem

Neue Datei erstellen

$ openssl pkcs12 -export -nodes -CAfile ca-cert.ca \
      -in PEM.pem -out "NeuesPKCSohnePrivatekeyPasswort"

Jetzt hat der PrivateKey kein Passwort mehr.

„NeuesPasswort“ ist nun das Container-Password. Das muss man dann beim importieren in die Mailprogramme eingeben.

Nun sollte man seine Zertifikate an einem sicheren Ort speichern.

FortiOS 6.4.x benutzt per default fortiguard-anycast.

fortiguard-anycast ist meiner Meinung nach noch nicht wirklich stabil und es führt zu Client-Disconnects, wenn die anycast Server aus irgendeinem Grund nicht erreichbar sind.

Kein Surfen und  kein SSH.


Falls die Fortiguard Rating Server immer wieder ausfallen einfach auf die „alte“ Methode zurückswitchen

config system fortiguard

set fortiguard-anycast disable

set port 8888

set protocol udp

set sdns-server-ip 208.91.112.220

end

 

Danach auf der Console noch prüfen:

#diag debug rating

 

Nun sollten wieder einige Server gelistet sein.

Grundvoraussetzung:  Minimal Installation centos 8.2

** dnf install setuptool -y N/A
dnf install ntsysv -y
dnf install curl -y
dnf install -y libtool
dnf install gcc -y
dnf install make -y
dnf install openssl -y
dnf install pcre -y
dnf install libcap -y
dnf install flex -y
dnf config-manager --set-enabled powertools
dnf install hwloc* -y
dnf install kernel-devel -y
dnf install lua -y
dnf install zlib -y
dnf install curl -y
dnf install curl-devel -y
dnf install ncurses-devel ncurses* -y
dnf install perl -y
dnf install perl-devel -y
dnf install geoip geoip-devel -y
dnf install libunwind libunwind-devel -y
dnf install tcl tcl-devel -y
dnf install epel-release -y
dnf install dnf-utils http://rpms.remirepo.net/enterprise/remi-release-8.rpm
sudo dnf module reset php
sudo dnf module enable php:remi-7.4
sudo dnf install php -y
dnf install php-gd php-mysqlnd php-soap -y
dnf install php-devel php-zip php-bcmath php-cli php-fpm php-mysqlnd php-zip php-devel php-gd php-mcrypt php-mbstring php-curl php-xml php-pear php-json
dnf install GraphicsMagick GraphicsMagick-devel GraphicsMagick-perl -y
dnf groupinstall 'Development Tools'
dnf install net-tools -y
dnf install git -y
dnf install ghostscript ghostscript-devel -y
dnf install php-pecl-imagick -y
dnf install libwebp* -y
dnf install libpciaccess -y
dnf install ImageMagick-c++-* -y
dnf install ImageMagick-c++-devel -y
dnf install bzip2 bzip2-devel -y
dnf install pcre-devel -y
dnf install brotli -y
dnf install brotli-devel -y
dnf install jansson-devel -y
dnf install lua-* -y
dnf install ccache -y
dnf install luajit* -y
dnf install python3 -y
dnf install python3-devel -y
dnf install python3-magic -y
dnf install libtool-lt* -y
dnf install libjpeg-turbo* -y
dnf install openjpeg2 openjpeg2-devel jasper-devel libwmf* libtiff libtiff-devel
dnf install rpm-devel -y
dnf install parted-devel -y
dnf install hiredis hredis-devel -y

in case of GraphicsMagick is not the latest:
wget ftp://ftp.graphicsmagick.org/pub/GraphicsMagick/GraphicsMagick-LATEST.tar.gz
./configure --enable-shared=yes --enable-static=yes --with-modules=yes --with-jpeg=yes --with-lzma=yes --with-magick-plus-plus=yes --with-png=yes --with-perl=yes --with-webp=yes --with-zlib=yes --with-perl=yes --with-bzlib=yes --with-tcmalloc=yes --with-tiff=yes
make
make test
make install
cd /usr/local/src
wget https://pecl.php.net/get/gmagick
tar xfvz gmagick
cd gmagick-*
phpize
./configure
make
make install
*****
git clone https://github.com/apache/trafficserver.git
autoreconf -if
./configure --enable-experimental-plugins --prefix=/opt/ts #change the prefix to your needs
make
make test
make install

Ausgangsbasis ist eine centos7 Minimal-Installation

yum update -y
yum install setuptool -y
yum install ntsysv -y
yum install curl -y
yum install -y libtool
yum install gcc -y
yum install make -y
yum install openssl -y
yum install pcre -y
yum install libcap -y
yum install flex -y
yum install hwloc hwloc-devel -y
yum install lua -y
yum install zlib -y
yum install curl -y
yum install curl-devel -y
yum install ncurses-devel ncurses -y
yum install perl-devel -y
yum install libunwind libunwind-devel -y

yum -y install http://rpms.remirepo.net/enterprise/remi-release-7.rpm
yum -y install epel-release yum-utils
yum-config-manager --disable remi-php54
yum-config-manager --enable remi-php73
yum -y install php php-cli php-fpm php-mysqlnd php-zip php-devel php-gd php-mcrypt php-mbstring php-curl php-xml php-pear php-bcmath php-json
yum -y install ImageMagick ImageMagick-devel
yum install libwebp* -y
yum install git

gcc 17:
yum install centos-release-scl
yum install devtoolset-7-gcc*
scl enable devtoolset-7 bash

git clone https://github.com/apache/trafficserver.git

git pull
autoreconf -if
./configure --enable-experimental-plugins --prefix=/opt/ts
make
make check
make install

Die Beschreibung zur Verwendung befindet sich im Quellcode.

#/usr/bin/perl -w

##############################################################################
# CGPro Honeypot 2 Fortigate Threat Feed
# Version 1.0
# Maintained by Juergen P. [core.at]
#
# This sample script writes Temporary Blacklisted IP's from a CommuniGate Pro SMTP/SIP Honeypot
# to a File for offloading BAD host blocking to a Fortigate Firewall with Forti OS 6x
# via the Fortigate Threat Feed Connector. You should adopt it to your needs.
# The Script should be run via cron (i suggest every 5 minutes) and write the o utput
# to a textfile into a specific CGPro users webspace(public) for downloading to the firewall
# via the following FortiOS CLI configuration commands:
######
# config system external-resource
# edit <name>
# set type {category | address | domain}
# set category <value>
# set comments [comments]
# set resource <resource-url>
# set refresh-rate <minutes>
# set last-update <datetime>
# next
# end
#####
#
# The Threat feed connector flushes the Table at each run, so IPs which are not blocked anymore, are removed.
# The size of the file can be a maximum of 10 MB, or 128,000 lines of text, whic hever is most restrictive.
#####
# Replace $CGServerAddress, $Login and $Password below with the correct Values in Section 2
# To run in interactive mode for testing, uncomment Section 1 and comment out S ection 2
# Replace $filename with the filename you defined in the Fortinet Fortigate con fig.
#
##############################################################################
use strict;

# Make sure the "CLI.pm" is in current directory
use CLI;
use LWP::UserAgent;
my $Data ="";
my $x =""; #counter
my $filename ="/var/CommuniGate/SharedDomains/my.domain/postmaster.macnt/account.w eb/honeypotlist.txt";
my $ua=new LWP::UserAgent;
my $request="";
my $response="";
my $content="";
my $url="";
####
#### Section 1
####
# print "Server address: "; # Print the server name prompt
# my $CGServerAddress = <STDIN>; # Read the domain name from standard inp ut
# chomp $CGServerAddress; # Remove \n if present
#
# print "Login (Enter for \"postmaster\"): ";
# my $Login = <STDIN>;
# chomp $Login;
# if ($Login eq '') { $Login = "postmaster"; }
#
# print "Password: ";
# my $Password = <STDIN>;
# chomp $Password;
#
#### End of Section 1

### Section 2

my $CGServerAddress = "1.2.3.4"; # CGPro Server IP
my $Login="postmaster"; # CGPro postmaster Account
my $Password="MyPassword"; # CGPro postmaster Password

#### End of Section 2

# Open TCP connection to given address port 106 (PWD, or CGPro CLI).
# Submit username and password. If login fail, the program will stop.

my $cli = new CGP::CLI( { PeerAddr => $CGServerAddress,
PeerPort => 106,
login => $Login,
password => $Password } )
|| die "Can't login to CGPro: ".$CGP::ERR_STRING."\n";

if($Data = $cli->GetTempBlacklistedIPs()) {
# my $a = split(/,/,$Data); # Number of Elements (uncomment, if needed)
my @b = split(/,/,$Data); # Array of IPs including time in seconds
open(my $OUTFILE, '>', "$filename") || die "could not open output file: $!" ;
select $OUTFILE;
foreach $x (@b) {
$x=~ s/\].*//; # remove everything after "]"
$x= substr $x,1; # remove first "["
print "$x\n"; # write IP to file

$ua->timeout(120);
$url='http://my.rbl.domain/drop.php?ipaddress='.$x.'&black orwhite=b&notes=blacklisted';
$request = new HTTP::Request('GET', $url);
$response = $ua->request($request);
$content = $response->content();
print $url;
print $content;

}
#print "$a\n"; # Print Number of elements

}
else
{
($cli->isSuccess) ? print "No Output created.\n"
: die "Error: ".$cli->getErrMessage.", quitting"; }

$cli->Logout; # Close the CLI session and disconnect

__END__

 

Threat Feed Connectors

This feature introduces
the ability to dynamically import external block list text files from an
HTTP server. The text files can contain IP addresses and domain names.
These dynamic block lists are called ‚Threat Feeds‘. You can block
access to the addresses in the text files by adding one or more threat
feeds to:

FortiOS keeps threat feeds up to date by dynamically re-downloading them from the HTTP server according to the refresh rate.

Threat Feeds can be configured under Security Fabric > Fabric Connectorsby creating new Threat Feeds.

The New Fabric Connector edit page provides the following fields:

The domain resource is a text file which contains a domain name for each line and supports simple wildcard. For example:

mail.*.or.th
*-special.de.vu
http://www.*de.vu
610-pawn.com
aaliyah-hq-gallery.de.vu
abcgolocal.com

The address resource is a
text file which contains an IP/IP range for each line (note that only
IPv4 is supported in DNS profiles, so IPv6 addresses will be ignored).
For example:

1.1.1.1
10.0.0.70
2.1.1.1
100.0.0.1-100.0.0.100
10.0.0.99-10.0.0.201
1.2.2.2/24

FortiOS configuration

config system external-resource
edit
set type {category | address | domain}
set category
set comments [comments]
set resource
set refresh-rate
set last-update
next
end

In der Dokumentation sind nicht viele Informationen über die Felder auf dieser Settings-Page zu finden.

Hier nun eine etwas detailiiertere Beschreibung:


Local Area Code

Hier trägt man den aktuellen local Area Code für den Server/Domain-PSTN Standort ein.

für Österreich beispielsweise „43“ (das „+“ bitte weglassen).

43

Emergency Code

Das ist die Einstellung für die Notfallnummer. (Polizei, Feuerwehr, etc.)

call=sip:911@telnum (für Österereich z.B.: call=sip:133@telnum – Polizei)

call=sip:133@telnum

Gateway Domain

Default: pstn.communigate.com – Das ist der Hostname oder die IP Adresse des PSTN-Gateways.

pstngateway.core.at

Gateway Address

Default: <leer>

Eine IP-Adressse muss hier nur dann eingetragen werden wenn per DNS das PSTN-Gateway nicht aufgelöst werden kann.

Caller ID

ID-String des Callers, der das Gateway benutzt.

Default: $

„$“ bedeutet lt. gatewaycaller.sppr: „use the name from auth credentials with the gateway domain“

Name for the Gateway

Username (Authentication Account) für das Gateway.

gatewayuser

Password for the Gateway

Das Password


Hier der Link zum Original: https://www.unixmen.com/linux-basics-create-network-bonding-on-centos-76-5/


What is Network bonding?

Network bonding is a method of combining (joining) two or more network interfaces together into a single interface. It will increase the network throughput, bandwidth and will give redundancy. If one interface is down or unplugged, the other one will keep the network traffic up and alive. Network bonding can be used in situations wherever you need redundancy, fault tolerance or load balancing networks.

Linux allows us to bond multiple network interfaces into single interface using a special kernel module named bonding. The Linux bonding driver provides a method for combining multiple network interfaces into a single logical “bonded” interface. The behaviour of the bonded interfaces depends upon the mode; generally speaking, modes provide either hot standby or load balancing services. Additionally, link integrity monitoring, may be performed.

Types of Network Bonding

According the to the official documentation, here is the types of network bonding modes.

mode=0 (balance-rr)

Round-robin policy: It the default mode. It transmits packets in sequential order from the first available slave through the last. This mode provides load balancing and fault tolerance.

mode=1 (active-backup)

Active-backup policy: In this mode, only one slave in the bond is active. The other one will become active, only when the active slave fails. The bond’s MAC address is externally visible on only one port (network adapter) to avoid confusing the switch. This mode provides fault tolerance.

mode=2 (balance-xor)

XOR policy: Transmit based on [(source MAC address XOR’d with destination MAC address) modulo slave count]. This selects the same slave for each destination MAC address. This mode provides load balancing and fault tolerance.

mode=3 (broadcast)

Broadcast policy: transmits everything on all slave interfaces. This mode provides fault tolerance.

mode=4 (802.3ad)

IEEE 802.3ad Dynamic link aggregation. Creates aggregation groups that share the same speed and duplex settings. Utilizes all slaves in the active aggregator according to the 802.3ad specification.

Prerequisites:

– Ethtool support in the base drivers for retrieving the speed and duplex of each slave.
– A switch that supports IEEE 802.3ad Dynamic link aggregation. Most switches will require some type of configuration to enable 802.3ad mode.

mode=5 (balance-tlb)

Adaptive transmit load balancing: channel bonding that does not require any special switch support. The outgoing traffic is distributed according to the current load (computed relative to the speed) on each slave. Incoming traffic is received by the current slave. If the receiving slave fails, another slave takes over the MAC address of the failed receiving slave.

Prerequisite:

– Ethtool support in the base drivers for retrieving the speed of each slave.

mode=6 (balance-alb)

Adaptive load balancing: includes balance-tlb plus receive load balancing (rlb) for IPV4 traffic, and does not require any special switch support. The receive load balancing is achieved by ARP negotiation. The bonding driver intercepts the ARP Replies sent by the local system on their way out and overwrites the source hardware address with the unique hardware address of one of the slaves in the bond such that different peers use different hardware addresses for the server.

In this handy tutorial let us see how to setup network bonding on CentOS 7 and CentOS 6.5. Though it was tested on CentOS, it should work on RHEL and Scientific Linux 6.x versions.

First, we will setup network bonding on CentOS 7.

1. Setting up Network Bonding on CentOS 7

Let us combine two NICs (enp0s8, and enp0s9) and make them into one NIC named bond0.

Configure Bond0 Interface

In CentOS 7, the bonding module is not loaded by default. Enter the following command as root user to enable it.

modprobe --first-time bonding

You can view the bonding module information using command:

modinfo bonding

Sample output:

filename:       /lib/modules/3.10.0-123.el7.x86_64/kernel/drivers/net/bonding/bonding.ko alias:          rtnl-link-bond author:         Thomas Davis, tadavis@lbl.gov and many others description:    Ethernet Channel Bonding Driver, v3.7.1 version:        3.7.1 license:        GPL srcversion:     E52AE00A79EA6FEFB5BF718 depends:         intree:         Y vermagic:       3.10.0-123.el7.x86_64 SMP mod_unload modversions  signer:         CentOS Linux kernel signing key sig_key:        BC:83:D0:FE:70:C6:2F:AB:1C:58:B4:EB:AA:95:E3:93:61:28:FC:F4 sig_hashalgo:   sha256 parm:           max_bonds:Max number of bonded devices (int) parm:           tx_queues:Max number of transmit queues (default = 16) (int) parm:           num_grat_arp:Number of peer notifications to send on failover event (alias of num_unsol_na) (int) parm:           num_unsol_na:Number of peer notifications to send on failover event (alias of num_grat_arp) (int) parm:           miimon:Link check interval in milliseconds (int) parm:           updelay:Delay before considering link up, in milliseconds (int) parm:           downdelay:Delay before considering link down, in milliseconds (int) parm:           use_carrier:Use netif_carrier_ok (vs MII ioctls) in miimon; 0 for off, 1 for on (default) (int) parm:           mode:Mode of operation; 0 for balance-rr, 1 for active-backup, 2 for balance-xor, 3 for broadcast, 4 for 802.3ad, 5 for balance-tlb, 6 for balance-alb (charp) parm:           primary:Primary network device to use (charp) parm:           primary_reselect:Reselect primary slave once it comes up; 0 for always (default), 1 for only if speed of primary is better, 2 for only on active slave failure (charp) parm:           lacp_rate:LACPDU tx rate to request from 802.3ad partner; 0 for slow, 1 for fast (charp) parm:           ad_select:803.ad aggregation selection logic; 0 for stable (default), 1 for bandwidth, 2 for count (charp) parm:           min_links:Minimum number of available links before turning on carrier (int) parm:           xmit_hash_policy:balance-xor and 802.3ad hashing method; 0 for layer 2 (default), 1 for layer 3+4, 2 for layer 2+3 (charp) parm:           arp_interval:arp interval in milliseconds (int) parm:           arp_ip_target:arp targets in n.n.n.n form (array of charp) parm:           arp_validate:validate src/dst of ARP probes; 0 for none (default), 1 for active, 2 for backup, 3 for all (charp) parm:           fail_over_mac:For active-backup, do not set all slaves to the same MAC; 0 for none (default), 1 for active, 2 for follow (charp) parm:           all_slaves_active:Keep all frames received on an interfaceby setting active flag for all slaves; 0 for never (default), 1 for always. (int) parm:           resend_igmp:Number of IGMP membership reports to send on link failure (int) create a bond0 configuration file as shown below.

Log in as root user.

Create bond0 configuration file:

vi /etc/sysconfig/network-scripts/ifcfg-bond0

Add the following lines.

DEVICE=bond0 NAME=bond0 TYPE=Bond BONDING_MASTER=yes IPADDR=192.168.1.50 PREFIX=24 ONBOOT=yes BOOTPROTO=none BONDING_OPTS="mode=0 miimon=100"

Note: Here, BONDING_OPTS describes the bonding mode. In our case, we will be configuring mode0(active-active). Save and close file. 192.168.1.50 is bond0 IP address.

Configure Network interfaces

Now, we should modify both(enp0s8 & enp0s9) configuration files as shown below. First, let us start from enp0s8.

Edit file /etc/sysconfig/network-scripts/ifcfg-enp0s8,

vi /etc/sysconfig/network-scripts/ifcfg-enp0s8

Modify the file as shown below.

HWADDR="08:00:27:04:03:86"
TYPE="Ethernet"
BOOTPROTO="none"
DEFROUTE="yes"
PEERDNS="yes"
PEERROUTES="yes"
IPV4_FAILURE_FATAL="no"
IPV6INIT="yes"
IPV6_AUTOCONF="yes"
IPV6_DEFROUTE="yes"
IPV6_PEERDNS="yes"
IPV6_PEERROUTES="yes"
IPV6_FAILURE_FATAL="no"
NAME="enp0s8"
UUID="a97b23f2-fa87-49de-ac9b-39661ba9c20f"
ONBOOT="yes"
MASTER=bond0
SLAVE=yes

Then, Edit file /etc/sysconfig/network-scripts/ifcfg-enp0s9,

vi /etc/sysconfig/network-scripts/ifcfg-enp0s9

Modify the file as shown below.

HWADDR=08:00:27:E7:ED:8E
TYPE=Ethernet
BOOTPROTO=none
DEFROUTE=yes
PEERDNS=yes
PEERROUTES=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_PEERDNS=yes
IPV6_PEERROUTES=yes
IPV6_FAILURE_FATAL=no
NAME=enp0s9
UUID=e2352c46-e1f9-41d2-98f5-af24b127b3e7
ONBOOT=yes
MASTER=bond0
SLAVE=yes

Save and close the files.

Now, activate the Network interfaces.

ifup ifcfg-enp0s8
ifup ifcfg-enp0s9

Now, enter the following command to make Network Manager aware the changes.

nmcli con reload

Restart network service to take effect the changes.

systemctl restart network

Test Network Bonding

Now enter the following command to check whether the bonding interface bond0 is up and running:

cat /proc/net/bonding/bond0

As you see in the above output, the bond0 interface is up and running and it is configured as active-backup(mode1) mode. In this mode, only one slave in the bond is active. The other one will become active, only when the active slave fails.

To view the list of network interfaces and their IP address, enter the following command:

ip addr

That’s it.

Configure multiple IP addresses for bond0

I want to assign multiple IP addresses to bond0 interface. What should i do? Very simple, just create an alias for the bond0 interface and assign multiple IP addresses.

Let me make it more clear. Say for example we want to assign IP address 192.168.1.151 to bond0. To create an alias for bond0, copy the existing configuration file(ifcfg-bond0) to a new configuration file(ifcfg-bond0:1).

cp /etc/sysconfig/network-scripts/ifcfg-bond0 /etc/sysconfig/network-scripts/ifcfg-bond0:1

Then edit the alias file /etc/sysconfig/network-scripts/ifcfg-bond0:1,

vi /etc/sysconfig/network-scripts/ifcfg-bond0:1

Modify the device name and IP address as shown below.

DEVICE=bond0:1
NAME=bond0
TYPE=Bond
BONDING_MASTER=yes
IPADDR=192.168.1.151
PREFIX=24
ONBOOT=yes
BOOTPROTO=none
BONDING_OPTS="mode=1 miimon=100"

Here,

  • bond0:1 – Device name
  • 192.168.1.151 – IP address of bond0:1

Save and close the file. Restart network service to take effect the saved changes.

systemctl restart network

Now list out the network interfaces and their IP address using the command:

ip addr

As you above the alias bond0:1 has been created and it’s up now.

2. Setting up Network Bonding on CentOS 6.5

Configure Bond0 Interface

First, let us create a bond0 configuration file as shown below.

Create bond0 configuration file under the above mentioned directory.

vi /etc/sysconfig/network-scripts/ifcfg-bond0

Add the following lines.

DEVICE=bond0
BOOTPROTO=none
ONBOOT=yes
IPADDR=192.168.1.200
NETWORK=192.168.1.0
NETMASK=255.255.255.0
USERCTL=no
BONDING_OPTS="mode=1 miimon=100"

Next we have to load up the bond0 interface into the kernel. To do that, create a new file /etc/modprobe.d/bonding.conf,

vi /etc/modprobe.d/bonding.conf

Add the following line in it.

alias bond0 bonding

Save and close the file.

Configure Network interfaces

Now we should modify both(eth1 & eth2) configuration files as shown below. First, let us start from eth1.

Edit file /etc/sysconfig/network-scripts/ifcfg-eth1,

vi /etc/sysconfig/network-scripts/ifcfg-eth1

Modify the file as shown below.

DEVICE=eth1
MASTER=bond0
SLAVE=yes
USERCTL=no
ONBOOT=yes
BOOTPROTO=none

Then Edit file /etc/sysconfig/network-scripts/ifcfg-eth2,

# vi /etc/sysconfig/network-scripts/ifcfg-eth2

Modify the file as shown below.

DEVICE=eth2
MASTER=bond0
SLAVE=yes
USERCTL=no
ONBOOT=yes
BOOTPROTO=none

Save and close the files.

Enter the following command to load the bonding module.

modprobe bonding

Restart network service to take effect the changes.

service network restart

Test Network Bonding

Now enter the following command to check whether the bonding interface bond0 is up and running:

cat /proc/net/bonding/bond0

Sample output:

Ethernet Channel Bonding Driver: v3.6.0 (September 26, 2009)

Bonding Mode: fault-tolerance (active-backup)
Primary Slave: None
Currently Active Slave: eth1
MII Status: up
MII Polling Interval (ms): 100
Up Delay (ms): 0
Down Delay (ms): 0

Slave Interface: eth1
MII Status: up
Speed: 1000 Mbps
Duplex: full
Link Failure Count: 0
Permanent HW addr: 08:00:27:fe:6f:bf
Slave queue ID: 0

Slave Interface: eth2
MII Status: up
Speed: 1000 Mbps
Duplex: full
Link Failure Count: 0
Permanent HW addr: 08:00:27:34:17:c0
Slave queue ID: 0

To view the list of network interfaces and their IP address, enter the following command:

# ifconfig

As per the above output, bond0 is configured as master; eth1 and eth2 are configured as a slave.

Configure multiple IP addresses for bond0

cp /etc/sysconfig/network-scripts/ifcfg-bond0 /etc/sysconfig/network-scripts/ifcfg-bond0:1

Then edit the alias file /etc/sysconfig/network-scripts/ifcfg-bond0:1,

vi /etc/sysconfig/network-scripts/ifcfg-bond0:1

Modify the device name and IP address as shown below.

DEVICE=bond0:1
BOOTPROTO=none
ONBOOT=yes
IPADDR=192.168.1.201
NETWORK=192.168.1.0
NETMASK=255.255.255.0
USERCTL=no
BONDING_OPTS="mode=1 miimon=100"

Save and close the file. Restart network service to take effect the saved changes.

service network restart

Now list out the network interfaces and their IP address using the command:

ifconfig

You should see the alias bond0:1 has been created and up.