Two NICs, Two networks, secure websites

Programming and Web Development Forums - linux - Networking and communications under Linux

Skip to content

Two NICs, Two networks, secure websites

linux
Post a reply

    Next

  • 1. Forwarding port to external server via iptables
    Hi All, i would like to use my private linux box as a SMTP proxy server. What i would like to do si the following: | Any mail client | --> | my server:10025 | --> | external server:25 | I would like to send emails to an external SMTP server but configure the email client to use the IP and a specific port on my own server. This should be possible not only from internal client but from everywhere. Is that also possible with iptables or do i need any other piece of software ? Any help is highly appreciated! Thanks, Martin
  • 2. IPSec tunnel over multiple interfaces
    What I would like to do is set up an IPSec tunnel which connects over the Internet using multiple interfaces. Allow me to explain. I currently manage two networks: 10.1.x.x and 10.2.x.x. Gateway-A (10.1.1.1) has an IPSec tunnel configured to talk to Gateway-B (10.2.1.1), making one big happy VPN. (For example, 10.1.8.8 can communicate with 10.2.9.9, despite the fact that they're on opposite sides of the Internet). The problem is that Gateway-A has two connections to the Internet which are connected to T-1 links provided by different carriers. Gateway-B, on the other hand, connects via an OC-48. Since the VPN can only use one of Gateway-A's interfaces, my bandwidth across the tunnel is limited to the speed of a single T-1, even though I have two. I would like to configure these two endpoints to use both of Gateway-A's Internet uplinks for their IPSec VPN. I'm using the KAME tools for my VPN setup with 2.6.11. I imagine the solution would involve something interesting like multiple routing tables, packet mangling, or hacking the IPSec kernel module. But if there's a simple solution, I'd love to hear it.
  • 3. Autofs removes /home on restart
    I have a MAC G5 running YDL3.0 that I am setting automounter on. It works fine, execpt when I added /home to the auto.master file. I created /home, and restarted autofs. I went o go back and see if it worked, and the directory was gone. Any ideas? Thanks, James

Two NICs, Two networks, secure websites

Postby dwed » Tue, 31 Oct 2006 01:28:18 GMT 

Hi!

I have a Cisco router (provided by the ISP) that offers 29 usable IP's.
 One of the public IP's is set to be the WAN IP of a simple SOHO
Linksys router that then creates a private network 192.168.1.0.  There
is a Linux server with Apache on the private network.  Port forwarding
on the Linksys router allows SSL access to secure web pages,
unencrypted HTTP, SSH, etc. to the Linux server.  This all is working
OK.

I need to have a 2nd SSL site running on the same Linux server.  So, I
installed a 2nd NIC and connected it to the Cisco router and used one
of the available public IP's.  I cannot connect to the new public IP
(via the new NIC), but can still connect to everything described in the
1st paragraph above.

I can ping out each of the interfaces (e.g. ping -I eth0 yahoo.com  and
  ping -I eth1 yahoo.com both work).  The results of route are:

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use
Iface
AAA.BBB.CCC.160 *               255.255.255.224 U     0      0        0
eth1
192.168.1.0     *               255.255.255.0   U     0      0        0
eth0
127.0.0.0       *               255.0.0.0       U     0      0        0
lo
default         192.168.1.1     0.0.0.0         UG    0      0        0
eth0

On the server, I can do   lynx https://192.168.1.2 and lynx
https://AAA.BBB.CCC.164.

https://AAA.BBB.CCC.164 does not.  What needs to be done to allow
https://AAA.BBB.CCC.164 to work?  And/or, what can I do to troubleshoot
the problem?

eth0      Link encap:Ethernet  HWaddr 00:40:F4:E9:3F:3D
          inet addr:192.168.1.2  Bcast:192.168.1.255
Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:6335 errors:0 dropped:0 overruns:0 frame:0
          TX packets:5026 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100
          RX bytes:1373872 (1.3 Mb)  TX bytes:2199390 (2.0 Mb)
          Interrupt:16 Base address:0xf000

eth1      Link encap:Ethernet  HWaddr 00:0C:76:B4:CA:82
          inet addr:AAA.BBB.CCC.164  Bcast:AAA.BBB.CCC.191
Mask:255.255.255.224
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:1582 errors:0 dropped:0 overruns:0 frame:0
          TX packets:2133 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100
          RX bytes:100305 (97.9 Kb)  TX bytes:166007 (162.1 Kb)
          Interrupt:21 Base address:0x1000

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:209 errors:0 dropped:0 overruns:0 frame:0
          TX packets:209 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:22394 (21.8 Kb)  TX bytes:22394 (21.8 Kb)


Thanks!
Top

Re: Two NICs, Two networks, secure websites

Postby dwed » Wed, 01 Nov 2006 22:44:51 GMT 

I've solved my problem regarding this.  I put the two public IP's on
the same NIC and kept the local network on the other NIC.  Now the
publicly accessible services are available and the local network is
also accessible.
Top

Similar Threads:

1.two dsl connections, two routers, dual nics on linux box , want to run two websites 

Hello,

I have two dsl connections, with one public ip on each. I have a linux
box with two nic cards.

xx.xx.xx.xx(WAN)---ROUTER(LAN23.123.45.110) ---- MYLINUX
(23.123.45.107) eth1
yy.yy.yy.yy(WAN)---ROUTER(LAN192.182.1.1)   ---- MYLINUX
(192.168.1.100) eth0

I have apache listening on both interfaces. 

Problem:

1. How do I make the packets route back to the gateway from which they
originate.

Currently the gateway marked as "default" is able to serve content
from the apache. The other one cannot.

I tried adding static routes, but that didn't work.

Any help is appreciated.

Thanks
Jay

---------------------------------------------------------------------
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref   
Use Iface
adsl-23-123-45- adsl-23-123-45- 255.255.255.255 UGH   0      0       
0 eth1
23.123.45.0     *               255.255.255.0   U     0      0       
0 eth1
192.168.1.0     *               255.255.255.0   U     0      0       
0 eth0
loopback        *               255.0.0.0       U     0      0       
0 lo
default         192.168.1.1     0.0.0.0         UG    1      0       
0 eth0


eth0      Link encap:Ethernet  HWaddr 00:0D:87:57:A0:DE
          inet addr:192.168.1.100  Bcast:192.168.1.255 
Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:3060612 errors:0 dropped:0 overruns:0 frame:0
          TX packets:3577217 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100
          RX bytes:1566982235 (1494.3 Mb)  TX bytes:1126616733 (1074.4
Mb)
          Interrupt:11 Base address:0xe000

eth1      Link encap:Ethernet  HWaddr 00:40:05:39:0E:EA
          inet addr:23.123.45.107  Bcast:68.123.24.255 
Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:90635 errors:0 dropped:0 overruns:0 frame:0
          TX packets:31082 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100
          RX bytes:23017102 (21.9 Mb)  TX bytes:13283751 (12.6 Mb)
          Interrupt:11 Base address:0xe000

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:11888 errors:0 dropped:0 overruns:0 frame:0
          TX packets:11888 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:6920794 (6.6 Mb)  TX bytes:6920794 (6.6 Mb)

2.two nics - two networks 

I have a windows 2003 server with one nic (192.168.100.x).  We just 
purchased a second company that's in our building.  Can I add a second nic 
and configure it to there network ip scheme (192.168.25.x) so that I can 
share one server?  I want to share the server, just not the information on 
the server.  Will either of the networks be able to one another if I don't 
bridge the networks cards?  Thanks for any help you can provide.

A

3.Servers with two NICS and two networks 

I have 8 servers with 100 desktops attached.  The servers connect to a 1gb 
switch that feeds all the desktops.  There is a firewall attached to the 
switch that provides Internet connection.  All pretty standard stuff = IP is 
10.10.1.0 to 10.10.5.0 with mask of 255.255.252.0.   

I have a tape drive in one server that backs up data from the other servers. 
 Since all the servers have two NICs, I was hoping I could setup a separate 
address range for those NICs and let the backup use that NIC and not flood 
the other with traffic.  

I can set the second NICs to be 172.16.1.1 172.16.1.250 range with mask of 
255.255.255.0.  I would put in a new 1gb switch that just connects the second 
NICs (switch is cheap enough and no need to burden other switch with VLANs).  

What would I need to also configure on the servers so it knows that traffic 
destined for the other servers use the 172.16.x.x range and not the 10.10.x.x 
range?  What other settings do I need to know about?  

Is this config going to make a difference in inter-server communication 
(speed)?

4.Two NICs And Two Separate Networks? 

Question about a proposed office network.... All Windows XP systems


Network 1:
 Cable Modem ---> Router / Firewall ---> 3Com Hub ---> NIC #1 In
Machine (TCP/IP & DHCP)

Network 2:
 3Com Switch  ---> NIC #2 In Machine (IPX/SPX & Set IP Address)

I was told running a different protocol such as IPX/SPX on the second
network would make it more secure, is this true?

I understand that the PC's still are connected to the internet on
network 1 but wouldn't it be more secure since network 2 isn't
directly connected to the internet and in order to access network 2 a
hacker would have to go through the firewall and then though the
machine?


The server will be on network 2 and will not need internet access. 
One would think that since it is on a separate network it would be
more secure than being connected directly to network #1

Any ideas?

5.Two NICs & Two Separate Networks? 

Question about a proposed office network.... All Windows XP systems


Network 1:
 Cable Modem ---> Router / Firewall ---> 3Com Hub ---> NIC #1 In
Machine (TCP/IP & DHCP)

Network 2:
 3Com Switch  ---> NIC #2 In Machine (IPX/SPX & Set IP Address)

I was told running a different protocol such as IPX/SPX on the second
network would make it more secure, is this true?

I understand that the PC's still are connected to the internet on
network 1 but wouldn't it be more secure since network 2 isn't
directly connected to the internet and in order to access network 2 a
hacker would have to go through the firewall and then though the
machine?


The server will be on network 2 and will not need internet access. 
One would think that since it is on a separate network it would be
more secure than being connected directly to network #1

Any ideas?

6. Forwarding of multicast packets between two subnets with two NICS - Does not work

7. Two NICs / Two Networks / One Machine

8. Is it possible to have one computer(win xp) connected to two networks using two nics

Post a reply

Return to linux

 

Who is online

Users browsing this forum: No registered users and 17 guest

Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group