Results 1 to 7 of 7
Thread: firewall and 2 NIC's?
|
Enjoy an ad free experience by logging in. Not a member yet? Register.
|
|
-
07-10-2008 #1
- Join Date
- Feb 2005
- Location
- Velden - Netherlands
- Posts
- 80
firewall and 2 NIC's?
for example
Computer 1 (storage) running nfs, mysql
Computer 2 (web) running apache, proftpd, sendmail/dovecot
Computer 3 (serivcer) running dns (bind) and openldap
Computer 4 (booter) running tftp and dhcp for my thin clients
Computer 5 (workstation) used for daily use
All computers have 2 Networkcards. I want mysql, nfs and ldap to run over the backbone. but not be accessible over the other network.
That means
Computer 1: 192.168.xxx.87 boinc; 10.0.xxx.5 : nfs, mysql, (ldap access)
Computer 2: 192.168.xxx.88apache, proftpd, dendmail/dovecot, boinc, 10.0.xxx.20 (nfs shares, mysql access, ldap access)
Computer 3: 192.168.xxx.89 dns, boinc; 10.0.xxx.10 openldap, (nfs shares)
Computer 4: 192.168.xxx.86 boinc; 10.0.xxx.11 (ldap access, nfs shares); 10.1.0.xxx tftp, nfs [to thin clients], dhcp
Computer 5: 192.168.xxx.81 daily use; 10.0.xxx.81 (ldap access, nfs shares,)
-
07-10-2008 #2
-
07-11-2008 #3
- Join Date
- Feb 2005
- Location
- Velden - Netherlands
- Posts
- 80
On the backbone, only the servers are plugged in and it's for server to server communications only. (seperate switch)
the other network, belongs to a wireless community where I'm participating in. For me I'm wireless only outside (2 km, point to point, to the central hub), in the house it's all wired.
-
07-11-2008 #4
OK, you are running 2 separate networks with the servers connected to both.
where do you expect this firewall to sit?
-
07-12-2008 #5
- Join Date
- Feb 2005
- Location
- Velden - Netherlands
- Posts
- 80
each server has his own firewall. regulating the traffic
the servers are for internal use only
only for boinc and updates they have contact with the internet
the second net is for traffic intensive tasks like nfs, mysql queries (and authentication).
-
07-12-2008 #6
You could try using the hosts file. The machine will look there first to resolve the ip address of the host it wants to talk to. List the server with the backbone ip then it should use the nic in that network.
As to the firewall you can ensure that unwanted traffic doesn't go out the wrong nic by blocking the ports on that nic. Also turn off forwarding so you cannot come in on one server and back door to another.
-
07-12-2008 #7
- Join Date
- Feb 2005
- Location
- Velden - Netherlands
- Posts
- 80
ldap and nfs server are already in the hosts file.
for the rest it's just allow/deny per nic? I was thinking too difficult (again)....
Why easy, if you can do it the hard way?