Find the answer to your Linux question:
Results 1 to 7 of 7
I have a few servers and I want to have some services running over a backbone, while others are accessible over the other network (All servers also run boinc) and ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Feb 2005
    Location
    Velden - Netherlands
    Posts
    80

    firewall and 2 NIC's?


    I have a few servers and I want to have some services running over a backbone, while others are accessible over the other network (All servers also run boinc) and NOT be accessible from both networks. Is there a firewall who can do that and/or do I have to bind each program to a certain network interface? I prefer a firewall so I can switch the services/service configs between computers without too much fuss.

    for example
    Computer 1 (storage) running nfs, mysql
    Computer 2 (web) running apache, proftpd, sendmail/dovecot
    Computer 3 (serivcer) running dns (bind) and openldap
    Computer 4 (booter) running tftp and dhcp for my thin clients
    Computer 5 (workstation) used for daily use

    All computers have 2 Networkcards. I want mysql, nfs and ldap to run over the backbone. but not be accessible over the other network.
    That means
    Computer 1: 192.168.xxx.87 boinc; 10.0.xxx.5 : nfs, mysql, (ldap access)
    Computer 2: 192.168.xxx.88apache, proftpd, dendmail/dovecot, boinc, 10.0.xxx.20 (nfs shares, mysql access, ldap access)
    Computer 3: 192.168.xxx.89 dns, boinc; 10.0.xxx.10 openldap, (nfs shares)
    Computer 4: 192.168.xxx.86 boinc; 10.0.xxx.11 (ldap access, nfs shares); 10.1.0.xxx tftp, nfs [to thin clients], dhcp
    Computer 5: 192.168.xxx.81 daily use; 10.0.xxx.81 (ldap access, nfs shares,)

  2. #2
    Linux Guru Lazydog's Avatar
    Join Date
    Jun 2004
    Location
    The Keystone State
    Posts
    2,677
    Quote Originally Posted by Bikerepairmann View Post
    I have a few servers and I want to have some services running over a backbone, while others are accessible over the other network (All servers also run boinc) and NOT be accessible from both networks. Is there a firewall who can do that and/or do I have to bind each program to a certain network interface? I prefer a firewall so I can switch the services/service configs between computers without too much fuss.
    Explain what you are talking about when it comes to Backbone and network.
    What is on these networks? Company network, Internet?
    Why are you running 2 nic cards in your servers? Real reason.
    Firewall can block port and ip addresses and they can be combined.

    Regards
    Robert

    Linux
    The adventure of a life time.

    Linux User #296285
    Get Counted

  3. #3
    Just Joined!
    Join Date
    Feb 2005
    Location
    Velden - Netherlands
    Posts
    80
    On the backbone, only the servers are plugged in and it's for server to server communications only. (seperate switch)
    the other network, belongs to a wireless community where I'm participating in. For me I'm wireless only outside (2 km, point to point, to the central hub), in the house it's all wired.

  4. $spacer_open
    $spacer_close
  5. #4
    Linux Guru Lazydog's Avatar
    Join Date
    Jun 2004
    Location
    The Keystone State
    Posts
    2,677
    OK, you are running 2 separate networks with the servers connected to both.

    where do you expect this firewall to sit?

    Regards
    Robert

    Linux
    The adventure of a life time.

    Linux User #296285
    Get Counted

  6. #5
    Just Joined!
    Join Date
    Feb 2005
    Location
    Velden - Netherlands
    Posts
    80
    each server has his own firewall. regulating the traffic
    the servers are for internal use only
    only for boinc and updates they have contact with the internet
    the second net is for traffic intensive tasks like nfs, mysql queries (and authentication).

  7. #6
    Linux Guru Lazydog's Avatar
    Join Date
    Jun 2004
    Location
    The Keystone State
    Posts
    2,677
    You could try using the hosts file. The machine will look there first to resolve the ip address of the host it wants to talk to. List the server with the backbone ip then it should use the nic in that network.

    As to the firewall you can ensure that unwanted traffic doesn't go out the wrong nic by blocking the ports on that nic. Also turn off forwarding so you cannot come in on one server and back door to another.

    Regards
    Robert

    Linux
    The adventure of a life time.

    Linux User #296285
    Get Counted

  8. #7
    Just Joined!
    Join Date
    Feb 2005
    Location
    Velden - Netherlands
    Posts
    80
    ldap and nfs server are already in the hosts file.

    for the rest it's just allow/deny per nic? I was thinking too difficult (again)....

    Why easy, if you can do it the hard way?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •