Using 2 NIC cards....
-
- Lance Naik
- Posts: 23
- Joined: Fri Sep 01, 2006 12:16 am
Using 2 NIC cards....
Aslam-o-Alakum to all,
I have RedHat ES 4 box with 2 nic cards installed and configured.
eth0: 192.168.0.2
eth1: 192.168.0.3
now I want to use these NICs in the way that One NIC for traffic IN and other NIC traffic OUT for any application like apache. Is it possible..? is there any application/software required. Please mention with appropriate command, configuration settings, links etc.
thanks
I have RedHat ES 4 box with 2 nic cards installed and configured.
eth0: 192.168.0.2
eth1: 192.168.0.3
now I want to use these NICs in the way that One NIC for traffic IN and other NIC traffic OUT for any application like apache. Is it possible..? is there any application/software required. Please mention with appropriate command, configuration settings, links etc.
thanks
Shaz
if a desktop, say, 192.168.0.20, sends a request to apache on http://192.168.0.2/, it'll expect a reply from 192.168.0.2, not from 192.168.0.3.
why do you want to do this?
why do you want to do this?
Watch out for the Manners Taliban!
Isn't it amazing how so many people can type "linuxpakistan.net" into their browsers but not "google.com"?
Isn't it amazing how so many people can type "linuxpakistan.net" into their browsers but not "google.com"?
-
- Lance Naik
- Posts: 23
- Joined: Fri Sep 01, 2006 12:16 am
yeh its correct. but i want to do traffic shaping or you can say in research of making an AI system, which take traffic/packet IN from one NIC card, check its request, takes its source IP and send requested information through other NIC card to that IP.. is its is possible with iptables prerouting or postrouting or redirecting settings..? please guide.lambda wrote:if a desktop, say, 192.168.0.20, sends a request to apache on http://192.168.0.2/, it'll expect a reply from 192.168.0.2, not from 192.168.0.3.
thanks
Shaz
have you read the netfilter docs? read the nat pages -- what you want is possible.Shahbaz_Aslam wrote:yeh its correct. but i want to do traffic shaping or you can say in research of making an AI system, which take traffic/packet IN from one NIC card, check its request, takes its source IP and send requested information through other NIC card to that IP.. is its is possible with iptables prerouting or postrouting or redirecting settings..?
Watch out for the Manners Taliban!
Isn't it amazing how so many people can type "linuxpakistan.net" into their browsers but not "google.com"?
Isn't it amazing how so many people can type "linuxpakistan.net" into their browsers but not "google.com"?
-
- Lance Naik
- Posts: 23
- Joined: Fri Sep 01, 2006 12:16 am
-
- Lance Naik
- Posts: 28
- Joined: Wed Apr 30, 2008 10:44 am
- Location: Karachi
- Contact:
Hey man,
very easy solution with ipchain and iptables, don't u worry and let me help you.
creat an IP table firewall and put the following commnads for ur requirement.
iptables -A INPUT -i eth0 -s anysourceip -d anydestinationip -j ACCEPT
iptables -A OUTPUT -o eth1 -s anysourceip -d anydestinationip -j ACCEPT
iptables -A FORWARD -s anysourceip -d anydestinationip -j ACCEPT
Now if you wanna give access only within port u may as below.
iptables -A INPUT -i eth0 -p tcp -s anyoneip --dport anydest:80 -j ACCEPT
if you having trouble to create firewall let me know i'll send complete file and you just need to execute and run
Thank you
very easy solution with ipchain and iptables, don't u worry and let me help you.
creat an IP table firewall and put the following commnads for ur requirement.
iptables -A INPUT -i eth0 -s anysourceip -d anydestinationip -j ACCEPT
iptables -A OUTPUT -o eth1 -s anysourceip -d anydestinationip -j ACCEPT
iptables -A FORWARD -s anysourceip -d anydestinationip -j ACCEPT
Now if you wanna give access only within port u may as below.
iptables -A INPUT -i eth0 -p tcp -s anyoneip --dport anydest:80 -j ACCEPT
if you having trouble to create firewall let me know i'll send complete file and you just need to execute and run
Thank you
-
- Lance Naik
- Posts: 23
- Joined: Fri Sep 01, 2006 12:16 am
Hi
Thanks for this.. but its not like that.. means, as i said in my first post that i want to use one nic card for incoming traffic and other nic card for outgoing traffic. In more detail, i want that all request for any service will come through eth0 and reply for that request will forward from eth1.. Is this is possible.. i believe it is.. if u have any idea then plz post.manwerjalil wrote:
iptables -A INPUT -i eth0 -s anysourceip -d anydestinationip -j ACCEPT
iptables -A OUTPUT -o eth1 -s anysourceip -d anydestinationip -j ACCEPT
iptables -A FORWARD -s anysourceip -d anydestinationip -j ACCEPT
iptables -A INPUT -i eth0 -p tcp -s anyoneip --dport anydest:80 -j ACCEPT
Thank you
Shaz
-
- Havaldaar
- Posts: 145
- Joined: Fri Jun 03, 2005 12:19 pm
- Location: Rawalpindi Islamabad
- Contact:
-
- Lance Naik
- Posts: 28
- Joined: Wed Apr 30, 2008 10:44 am
- Location: Karachi
- Contact:
-
- Site Admin
- Posts: 5132
- Joined: Fri May 02, 2003 10:24 am
- Location: Karachi
- Contact:
Re:
Dear Shahbaz_Aslam,
Salam,
Have you tried what manwerjalil and irfanbhatti told you ?
Best Regards.
Salam,
Have you tried what manwerjalil and irfanbhatti told you ?
Best Regards.
Farrukh Ahmed
-
- Lance Naik
- Posts: 23
- Joined: Fri Sep 01, 2006 12:16 am
Hi Irfanbhatti, manwerjalil, LinuxFreaK
thanks for this post.. but i couldn't understand got loops in my mind can u explain me or write some rules if possible. thanksirfanbhatti wrote:
at eth1 allow only traffic from one IP (eth0)
on eth0 redirect ALL traffic coming from LAN to eth1
What u written is correct in that sense if i want to forward traffic coming from eth0 to eth1.. but what i want or post is some thing different. Please read my first post or tell me if its not understandable..i shall try to make it simple as much as possible..manwerjalil wrote: I written same for ur requirement but i think u haven't knowledge about iptables and ipchain.
u have to learn 1st regarding enclosed and easily u can find documents for the above on google.
Wslam LinuxFreaK.. waiting for some better guidance.. do u have any idea.. please share..LinuxFreaK wrote: Have you tried what manwerjalil and irfanbhatti told you ?
Shaz
-
- Lance Naik
- Posts: 28
- Joined: Wed Apr 30, 2008 10:44 am
- Location: Karachi
- Contact:
hey
now listen to me carefully and do as i say. create iptables script like this
=============================================
#!/shi/bin
#
#
# Input Network Ethernet
DEV="eth0"
IPADDR="172.16.0.1"
NETMASK="255.255.0.0"
NETWORK="172.16.0.0"
# Output Network Ethernet
DEV="eth1"
IPADDR="192.168.0.1"
NETMASK="255.255.255.0"
NETWORK="192.168.0.0"
# Default IPTABLES Rules = DROP All Traffic
iptables -A INPUT DROP
iptables -A OUTPUT DROP
iptables -A FORWARD DROP
iptables -t
iptables -F
# Loopback interface traffic rule
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT
# Interface eth0 traffic rule
iptables -A INPUT -i eth0 -j DROP
iptables -A OUTPUT -o eth0 -j DROP
# Interface eth1 traffic rule
iptables -A INPUT -i eth1 -j DROP
iptables -A OUTPUT -o eth1 -j DROP
###############################################
Your rules for incoming and outgoing traffic
###############################################
#
# Rules for Apache
#
iptables -A INPUT -i eth0 -p tcp -s anysource --sport 80 -j ACCEPT
iptables -A OUTPUT -o eth1 -p tcp -d apacheip --dport 80 -j ACCEPT
above rule getting traffic from ethernet 0 for traffic port 80 and sending it to eth1 for responding to client.
hope you understand now
Anwar
now listen to me carefully and do as i say. create iptables script like this
=============================================
#!/shi/bin
#
#
# Input Network Ethernet
DEV="eth0"
IPADDR="172.16.0.1"
NETMASK="255.255.0.0"
NETWORK="172.16.0.0"
# Output Network Ethernet
DEV="eth1"
IPADDR="192.168.0.1"
NETMASK="255.255.255.0"
NETWORK="192.168.0.0"
# Default IPTABLES Rules = DROP All Traffic
iptables -A INPUT DROP
iptables -A OUTPUT DROP
iptables -A FORWARD DROP
iptables -t
iptables -F
# Loopback interface traffic rule
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT
# Interface eth0 traffic rule
iptables -A INPUT -i eth0 -j DROP
iptables -A OUTPUT -o eth0 -j DROP
# Interface eth1 traffic rule
iptables -A INPUT -i eth1 -j DROP
iptables -A OUTPUT -o eth1 -j DROP
###############################################
Your rules for incoming and outgoing traffic
###############################################
#
# Rules for Apache
#
iptables -A INPUT -i eth0 -p tcp -s anysource --sport 80 -j ACCEPT
iptables -A OUTPUT -o eth1 -p tcp -d apacheip --dport 80 -j ACCEPT
above rule getting traffic from ethernet 0 for traffic port 80 and sending it to eth1 for responding to client.
hope you understand now
Anwar
-
- Site Admin
- Posts: 5132
- Joined: Fri May 02, 2003 10:24 am
- Location: Karachi
- Contact:
Re:
Dear Shahbaz_Aslam,
Salam,
I still agree with manwerjalil past post.
[qupte]iptables -A INPUT -i eth0 -s anysourceip -d anydestinationip -j ACCEPT
iptables -A OUTPUT -o eth1 -s anysourceip -d anydestinationip -j ACCEPT
iptables -A FORWARD -s anysourceip -d anydestinationip -j ACCEPT
iptables -A INPUT -i eth0 -p tcp -s anyoneip --dport anydest:80 -j ACCEPT[/qupte]
Best Regards.
Salam,
I still agree with manwerjalil past post.
[qupte]iptables -A INPUT -i eth0 -s anysourceip -d anydestinationip -j ACCEPT
iptables -A OUTPUT -o eth1 -s anysourceip -d anydestinationip -j ACCEPT
iptables -A FORWARD -s anysourceip -d anydestinationip -j ACCEPT
iptables -A INPUT -i eth0 -p tcp -s anyoneip --dport anydest:80 -j ACCEPT[/qupte]
Best Regards.
Farrukh Ahmed