Find the answer to your Linux question:
Results 1 to 2 of 2
This linux box is not a router, and with its two nics it serves as a OpenVPN server (on eth0) and an SSL server (on eth1). eth0: 192.168.1.88 connected via ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Nov 2008
    Posts
    1

    Two nics, two ISP's, one for internet, one for SSL server


    This linux box is not a router, and with its two nics it serves as a OpenVPN server (on eth0) and an SSL server (on eth1).

    eth0: 192.168.1.88 connected via internet modem 192.168.1.2

    eth1: 92.1.2.3, public address

    92.1.2.23 should serve an ssl server (no other traffic).

    When enabling both nics, I get two default gateways, and the default gateway of 92.1.2.3 (92.1.2.1) gets precedence. This is bad, because then the OpenVPN server on eth0 is no longer accessible from the internet. That is why I have disabled eth1 for the moment.

    So I want to have only traffic on port 443 to go through eth1. I have read the howto's on Linux Advanced Routing & Traffic Control HOWTO and LiNUX Horizon - Linux Advanced Routing mini HOWTO but none of the examples fits. I get all kinds of problems trying the solutions.


    I have installed iptables2, and tried some ip route commands but it does not work. Still, it should be pretty simple! The only thing I want is SSL (port 443) traffic to go through eth1 and the rest through eth0. Any ideas?

  2. #2
    Just Joined!
    Join Date
    Oct 2008
    Posts
    14
    This is a difficult one because you can only get Linux to make routing choices based on the IP portion not the TCP/UDP port.

    I'm reaching wildly with this suggestion but you could try to multinet your SSL interface (eth1) and then use NAT and port forwarding between the 2 IP's to restrict the traffic to just the single port. Creating a blackhole for SSL which only has one way out.
    This may also involve getting the NAT to 'source route' the IP. Not a big problem because this will only be done internally. Though some applicatons may not allow this...

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •