Using 2 NIC cards....

Taking care of your Linux box.
Post Reply
Shahbaz_Aslam
Lance Naik
Posts: 23
Joined: Fri Sep 01, 2006 12:16 am
Contact:

Using 2 NIC cards....

Post by Shahbaz_Aslam »

Aslam-o-Alakum to all,

I have RedHat ES 4 box with 2 nic cards installed and configured.
eth0: 192.168.0.2
eth1: 192.168.0.3

now I want to use these NICs in the way that One NIC for traffic IN and other NIC traffic OUT for any application like apache. Is it possible..? is there any application/software required. Please mention with appropriate command, configuration settings, links etc.
thanks :)
Shaz
lambda
Major General
Posts: 3452
Joined: Tue May 27, 2003 7:04 pm
Location: Lahore
Contact:

Post by lambda »

if a desktop, say, 192.168.0.20, sends a request to apache on http://192.168.0.2/, it'll expect a reply from 192.168.0.2, not from 192.168.0.3.

why do you want to do this?
Watch out for the Manners Taliban!
Isn't it amazing how so many people can type "linuxpakistan.net" into their browsers but not "google.com"?
Shahbaz_Aslam
Lance Naik
Posts: 23
Joined: Fri Sep 01, 2006 12:16 am
Contact:

Post by Shahbaz_Aslam »

lambda wrote:if a desktop, say, 192.168.0.20, sends a request to apache on http://192.168.0.2/, it'll expect a reply from 192.168.0.2, not from 192.168.0.3.
yeh its correct. but i want to do traffic shaping or you can say in research of making an AI system, which take traffic/packet IN from one NIC card, check its request, takes its source IP and send requested information through other NIC card to that IP.. is its is possible with iptables prerouting or postrouting or redirecting settings..? please guide.

thanks
Shaz
x2oxen
Major General
Posts: 1114
Joined: Wed Aug 22, 2007 3:17 pm
Location: Faisalabad
Contact:

Post by x2oxen »

well i have never seen this thing happening but you can do load balancing between those two lan cards.
Muhammad Usman
+92-321-6640501
Chemonics International
http://usmanpk.com
lambda
Major General
Posts: 3452
Joined: Tue May 27, 2003 7:04 pm
Location: Lahore
Contact:

Post by lambda »

Shahbaz_Aslam wrote:yeh its correct. but i want to do traffic shaping or you can say in research of making an AI system, which take traffic/packet IN from one NIC card, check its request, takes its source IP and send requested information through other NIC card to that IP.. is its is possible with iptables prerouting or postrouting or redirecting settings..?
have you read the netfilter docs? read the nat pages -- what you want is possible.
Watch out for the Manners Taliban!
Isn't it amazing how so many people can type "linuxpakistan.net" into their browsers but not "google.com"?
Shahbaz_Aslam
Lance Naik
Posts: 23
Joined: Fri Sep 01, 2006 12:16 am
Contact:

Post by Shahbaz_Aslam »

lambda wrote:have you read the netfilter docs? read the nat pages -- what you want is possible.
yeh i also believe its possible. lambda can you tell me what rule i should write.. means sequence to follow first and so on. that would be very much helpful to me. thanks in advance. :)
Shaz
manwerjalil
Lance Naik
Posts: 28
Joined: Wed Apr 30, 2008 10:44 am
Location: Karachi
Contact:

Post by manwerjalil »

Hey man,

very easy solution with ipchain and iptables, don't u worry and let me help you.

creat an IP table firewall and put the following commnads for ur requirement.

iptables -A INPUT -i eth0 -s anysourceip -d anydestinationip -j ACCEPT
iptables -A OUTPUT -o eth1 -s anysourceip -d anydestinationip -j ACCEPT
iptables -A FORWARD -s anysourceip -d anydestinationip -j ACCEPT

Now if you wanna give access only within port u may as below.

iptables -A INPUT -i eth0 -p tcp -s anyoneip --dport anydest:80 -j ACCEPT


if you having trouble to create firewall let me know i'll send complete file and you just need to execute and run


Thank you
Shahbaz_Aslam
Lance Naik
Posts: 23
Joined: Fri Sep 01, 2006 12:16 am
Contact:

Post by Shahbaz_Aslam »

Hi
manwerjalil wrote:
iptables -A INPUT -i eth0 -s anysourceip -d anydestinationip -j ACCEPT
iptables -A OUTPUT -o eth1 -s anysourceip -d anydestinationip -j ACCEPT
iptables -A FORWARD -s anysourceip -d anydestinationip -j ACCEPT


iptables -A INPUT -i eth0 -p tcp -s anyoneip --dport anydest:80 -j ACCEPT

Thank you
Thanks for this.. but its not like that.. means, as i said in my first post that i want to use one nic card for incoming traffic and other nic card for outgoing traffic. In more detail, i want that all request for any service will come through eth0 and reply for that request will forward from eth1.. Is this is possible.. i believe it is.. if u have any idea then plz post.
Shaz
irfanbhatti
Havaldaar
Posts: 145
Joined: Fri Jun 03, 2005 12:19 pm
Location: Rawalpindi Islamabad
Contact:

Post by irfanbhatti »

look

at eth1 allow only traffic from one IP (eth0)
on eth0 redirect ALL traffic coming from LAN to eth1

If you understand
Muhammad Irfan
03335246272
manwerjalil
Lance Naik
Posts: 28
Joined: Wed Apr 30, 2008 10:44 am
Location: Karachi
Contact:

Post by manwerjalil »

Oh man,

I written same for ur requirement but i think u haven't knowledge about iptables and ipchain.

u have to learn 1st regarding enclosed and easily u can find documents for the above on google.

good day
LinuxFreaK
Site Admin
Posts: 5132
Joined: Fri May 02, 2003 10:24 am
Location: Karachi
Contact:

Re:

Post by LinuxFreaK »

Dear Shahbaz_Aslam,
Salam,

Have you tried what manwerjalil and irfanbhatti told you ?

Best Regards.
Farrukh Ahmed
Shahbaz_Aslam
Lance Naik
Posts: 23
Joined: Fri Sep 01, 2006 12:16 am
Contact:

Post by Shahbaz_Aslam »

Hi Irfanbhatti, manwerjalil, LinuxFreaK
irfanbhatti wrote:

at eth1 allow only traffic from one IP (eth0)
on eth0 redirect ALL traffic coming from LAN to eth1
thanks for this post.. but i couldn't understand :( got loops in my mind can u explain me or write some rules if possible. thanks
manwerjalil wrote: I written same for ur requirement but i think u haven't knowledge about iptables and ipchain.

u have to learn 1st regarding enclosed and easily u can find documents for the above on google.
What u written is correct in that sense if i want to forward traffic coming from eth0 to eth1.. but what i want or post is some thing different. Please read my first post or tell me if its not understandable..i shall try to make it simple as much as possible.. :)

LinuxFreaK wrote: Have you tried what manwerjalil and irfanbhatti told you ?
Wslam LinuxFreaK.. waiting for some better guidance.. do u have any idea.. please share..
Shaz
manwerjalil
Lance Naik
Posts: 28
Joined: Wed Apr 30, 2008 10:44 am
Location: Karachi
Contact:

Post by manwerjalil »

hey

now listen to me carefully and do as i say. create iptables script like this
=============================================
#!/shi/bin
#
#
# Input Network Ethernet
DEV="eth0"
IPADDR="172.16.0.1"
NETMASK="255.255.0.0"
NETWORK="172.16.0.0"

# Output Network Ethernet
DEV="eth1"
IPADDR="192.168.0.1"
NETMASK="255.255.255.0"
NETWORK="192.168.0.0"

# Default IPTABLES Rules = DROP All Traffic
iptables -A INPUT DROP
iptables -A OUTPUT DROP
iptables -A FORWARD DROP
iptables -t
iptables -F

# Loopback interface traffic rule
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT

# Interface eth0 traffic rule
iptables -A INPUT -i eth0 -j DROP
iptables -A OUTPUT -o eth0 -j DROP

# Interface eth1 traffic rule
iptables -A INPUT -i eth1 -j DROP
iptables -A OUTPUT -o eth1 -j DROP

###############################################
Your rules for incoming and outgoing traffic
###############################################
#
# Rules for Apache
#
iptables -A INPUT -i eth0 -p tcp -s anysource --sport 80 -j ACCEPT
iptables -A OUTPUT -o eth1 -p tcp -d apacheip --dport 80 -j ACCEPT


above rule getting traffic from ethernet 0 for traffic port 80 and sending it to eth1 for responding to client.


hope you understand now


Anwar
LinuxFreaK
Site Admin
Posts: 5132
Joined: Fri May 02, 2003 10:24 am
Location: Karachi
Contact:

Re:

Post by LinuxFreaK »

Dear Shahbaz_Aslam,
Salam,

I still agree with manwerjalil past post.

[qupte]iptables -A INPUT -i eth0 -s anysourceip -d anydestinationip -j ACCEPT
iptables -A OUTPUT -o eth1 -s anysourceip -d anydestinationip -j ACCEPT
iptables -A FORWARD -s anysourceip -d anydestinationip -j ACCEPT
iptables -A INPUT -i eth0 -p tcp -s anyoneip --dport anydest:80 -j ACCEPT[/qupte]

Best Regards.
Farrukh Ahmed
kbukhari
Major General
Posts: 1222
Joined: Sat Dec 31, 2005 12:29 am
Location: Lahore
Contact:

Post by kbukhari »

it can also be done by using bridge
just create bridge for both interface and use ebtables for tx/rx interface defination
--
Syed Kashif Ali Bukhari
+92-345-8444420
http://sysadminsline.com
http://kashifbukhari.com
Post Reply