Using 2 NIC cards....

Shahbaz_Aslam · Post by **Shahbaz_Aslam** » Thu Apr 03, 2008 12:42 am

Aslam-o-Alakum to all,

I have RedHat ES 4 box with 2 nic cards installed and configured.
eth0: 192.168.0.2
eth1: 192.168.0.3

now I want to use these NICs in the way that One NIC for traffic IN and other NIC traffic OUT for any application like apache. Is it possible..? is there any application/software required. Please mention with appropriate command, configuration settings, links etc.
thanks

Manners Taliban · Post by **lambda** » Thu Apr 03, 2008 1:16 pm

if a desktop, say, 192.168.0.20, sends a request to apache on http://192.168.0.2/, it'll expect a reply from 192.168.0.2, not from 192.168.0.3.

why do you want to do this?

Shahbaz_Aslam · Post by **Shahbaz_Aslam** » Thu Apr 03, 2008 2:57 pm

lambda wrote:if a desktop, say, 192.168.0.20, sends a request to apache on http://192.168.0.2/, it'll expect a reply from 192.168.0.2, not from 192.168.0.3.

yeh its correct. but i want to do traffic shaping or you can say in research of making an AI system, which take traffic/packet IN from one NIC card, check its request, takes its source IP and send requested information through other NIC card to that IP.. is its is possible with iptables prerouting or postrouting or redirecting settings..? please guide.

thanks

x2oxen · Post by **x2oxen** » Thu Apr 03, 2008 4:12 pm

well i have never seen this thing happening but you can do load balancing between those two lan cards.

Manners Taliban · Post by **lambda** » Thu Apr 03, 2008 5:18 pm

Shahbaz_Aslam wrote:yeh its correct. but i want to do traffic shaping or you can say in research of making an AI system, which take traffic/packet IN from one NIC card, check its request, takes its source IP and send requested information through other NIC card to that IP.. is its is possible with iptables prerouting or postrouting or redirecting settings..?

have you read the netfilter docs? read the nat pages -- what you want is possible.

Shahbaz_Aslam · Post by **Shahbaz_Aslam** » Thu Apr 03, 2008 10:46 pm

lambda wrote:have you read the netfilter docs? read the nat pages -- what you want is possible.

yeh i also believe its possible. lambda can you tell me what rule i should write.. means sequence to follow first and so on. that would be very much helpful to me. thanks in advance.

manwerjalil · Post by **manwerjalil** » Tue May 06, 2008 10:58 am

Hey man,

very easy solution with ipchain and iptables, don't u worry and let me help you.

creat an IP table firewall and put the following commnads for ur requirement.

iptables -A INPUT -i eth0 -s anysourceip -d anydestinationip -j ACCEPT
iptables -A OUTPUT -o eth1 -s anysourceip -d anydestinationip -j ACCEPT
iptables -A FORWARD -s anysourceip -d anydestinationip -j ACCEPT

Now if you wanna give access only within port u may as below.

iptables -A INPUT -i eth0 -p tcp -s anyoneip --dport anydest:80 -j ACCEPT

if you having trouble to create firewall let me know i'll send complete file and you just need to execute and run

Thank you

Shahbaz_Aslam · Post by **Shahbaz_Aslam** » Tue May 06, 2008 11:36 am

Hi

manwerjalil wrote:
iptables -A INPUT -i eth0 -s anysourceip -d anydestinationip -j ACCEPT
iptables -A OUTPUT -o eth1 -s anysourceip -d anydestinationip -j ACCEPT
iptables -A FORWARD -s anysourceip -d anydestinationip -j ACCEPT

iptables -A INPUT -i eth0 -p tcp -s anyoneip --dport anydest:80 -j ACCEPT

Thank you

Thanks for this.. but its not like that.. means, as i said in my first post that i want to use one nic card for incoming traffic and other nic card for outgoing traffic. In more detail, i want that all request for any service will come through eth0 and reply for that request will forward from eth1.. Is this is possible.. i believe it is.. if u have any idea then plz post.

irfanbhatti · Post by **irfanbhatti** » Wed May 07, 2008 2:03 pm

look

at eth1 allow only traffic from one IP (eth0)
on eth0 redirect ALL traffic coming from LAN to eth1

If you understand

manwerjalil · Post by **manwerjalil** » Thu May 08, 2008 10:05 am

Oh man,

I written same for ur requirement but i think u haven't knowledge about iptables and ipchain.

u have to learn 1st regarding enclosed and easily u can find documents for the above on google.

good day

Post by **LinuxFreaK** » Thu May 15, 2008 8:53 am

Dear Shahbaz_Aslam,
Salam,

Have you tried what manwerjalil and irfanbhatti told you ?

Best Regards.

Shahbaz_Aslam · Post by **Shahbaz_Aslam** » Fri May 16, 2008 12:43 pm

Hi Irfanbhatti, manwerjalil, LinuxFreaK

irfanbhatti wrote:

at eth1 allow only traffic from one IP (eth0)
on eth0 redirect ALL traffic coming from LAN to eth1

thanks for this post.. but i couldn't understand

got loops in my mind can u explain me or write some rules if possible. thanks

manwerjalil wrote: I written same for ur requirement but i think u haven't knowledge about iptables and ipchain.

u have to learn 1st regarding enclosed and easily u can find documents for the above on google.

What u written is correct in that sense if i want to forward traffic coming from eth0 to eth1.. but what i want or post is some thing different. Please read my first post or tell me if its not understandable..i shall try to make it simple as much as possible..

LinuxFreaK wrote: Have you tried what manwerjalil and irfanbhatti told you ?

Wslam LinuxFreaK.. waiting for some better guidance.. do u have any idea.. please share..

manwerjalil · Post by **manwerjalil** » Fri May 16, 2008 1:00 pm

hey

now listen to me carefully and do as i say. create iptables script like this
=============================================
#!/shi/bin
#
#
# Input Network Ethernet
DEV="eth0"
IPADDR="172.16.0.1"
NETMASK="255.255.0.0"
NETWORK="172.16.0.0"

# Output Network Ethernet
DEV="eth1"
IPADDR="192.168.0.1"
NETMASK="255.255.255.0"
NETWORK="192.168.0.0"

# Default IPTABLES Rules = DROP All Traffic
iptables -A INPUT DROP
iptables -A OUTPUT DROP
iptables -A FORWARD DROP
iptables -t
iptables -F

# Loopback interface traffic rule
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT

# Interface eth0 traffic rule
iptables -A INPUT -i eth0 -j DROP
iptables -A OUTPUT -o eth0 -j DROP

# Interface eth1 traffic rule
iptables -A INPUT -i eth1 -j DROP
iptables -A OUTPUT -o eth1 -j DROP

###############################################
Your rules for incoming and outgoing traffic
###############################################
#
# Rules for Apache
#
iptables -A INPUT -i eth0 -p tcp -s anysource --sport 80 -j ACCEPT
iptables -A OUTPUT -o eth1 -p tcp -d apacheip --dport 80 -j ACCEPT

above rule getting traffic from ethernet 0 for traffic port 80 and sending it to eth1 for responding to client.

hope you understand now

Anwar

Post by **LinuxFreaK** » Wed May 21, 2008 9:00 am

Dear Shahbaz_Aslam,
Salam,

I still agree with manwerjalil past post.

[qupte]iptables -A INPUT -i eth0 -s anysourceip -d anydestinationip -j ACCEPT
iptables -A OUTPUT -o eth1 -s anysourceip -d anydestinationip -j ACCEPT
iptables -A FORWARD -s anysourceip -d anydestinationip -j ACCEPT
iptables -A INPUT -i eth0 -p tcp -s anyoneip --dport anydest:80 -j ACCEPT[/qupte]

Best Regards.

kbukhari · Post by **kbukhari** » Wed May 21, 2008 9:51 pm

it can also be done by using bridge
just create bridge for both interface and use ebtables for tx/rx interface defination

linuxpakistan.net

Using 2 NIC cards....

Using 2 NIC cards....

Re:

Re: