firewall and 2 NIC's?

[Bikerepairmann]

---

I have a few servers and I want to have some services running over a backbone, while others are accessible over the other network (All servers also run boinc) and NOT be accessible from both networks. Is there a firewall who can do that and/or do I have to bind each program to a certain network interface? I prefer a firewall so I can switch the services/service configs between computers without too much fuss.

for example
Computer 1 (storage) running nfs, mysql
Computer 2 (web) running apache, proftpd, sendmail/dovecot
Computer 3 (serivcer) running dns (bind) and openldap
Computer 4 (booter) running tftp and dhcp for my thin clients
Computer 5 (workstation) used for daily use

All computers have 2 Networkcards. I want mysql, nfs and ldap to run over the backbone. but not be accessible over the other network.
That means
Computer 1: 192.168.xxx.87 boinc; 10.0.xxx.5 : nfs, mysql, (ldap access)
Computer 2: 192.168.xxx.88apache, proftpd, dendmail/dovecot, boinc, 10.0.xxx.20 (nfs shares, mysql access, ldap access)
Computer 3: 192.168.xxx.89 dns, boinc; 10.0.xxx.10 openldap, (nfs shares)
Computer 4: 192.168.xxx.86 boinc; 10.0.xxx.11 (ldap access, nfs shares); 10.1.0.xxx tftp, nfs [to thin clients], dhcp
Computer 5: 192.168.xxx.81 daily use; 10.0.xxx.81 (ldap access, nfs shares,)

[Lazydog]

I have a few servers and I want to have some services running over a backbone, while others are accessible over the other network (All servers also run boinc) and NOT be accessible from both networks. Is there a firewall who can do that and/or do I have to bind each program to a certain network interface? I prefer a firewall so I can switch the services/service configs between computers without too much fuss.

Explain what you are talking about when it comes to Backbone and network.
What is on these networks? Company network, Internet?
Why are you running 2 nic cards in your servers? Real reason.
Firewall can block port and ip addresses and they can be combined.

[Bikerepairmann]

On the backbone, only the servers are plugged in and it's for server to server communications only. (seperate switch)
the other network, belongs to a wireless community where I'm participating in. For me I'm wireless only outside (2 km, point to point, to the central hub), in the house it's all wired.

[Lazydog]

OK, you are running 2 separate networks with the servers connected to both.

where do you expect this firewall to sit?

[Bikerepairmann]

each server has his own firewall. regulating the traffic
the servers are for internal use only
only for boinc and updates they have contact with the internet
the second net is for traffic intensive tasks like nfs, mysql queries (and authentication).

[Lazydog]

You could try using the hosts file. The machine will look there first to resolve the ip address of the host it wants to talk to. List the server with the backbone ip then it should use the nic in that network.

As to the firewall you can ensure that unwanted traffic doesn't go out the wrong nic by blocking the ports on that nic. Also turn off forwarding so you cannot come in on one server and back door to another.

[Bikerepairmann]

ldap and nfs server are already in the hosts file.

for the rest it's just allow/deny per nic? I was thinking too difficult (again)....

Why easy, if you can do it the hard way?