Results 1 to 2 of 2
This linux box is not a router, and with its two nics it serves as a OpenVPN server (on eth0) and an SSL server (on eth1). eth0: 192.168.1.88 connected via ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
- 11-07-2008 #1
- Join Date
- Nov 2008
Two nics, two ISP's, one for internet, one for SSL server
This linux box is not a router, and with its two nics it serves as a OpenVPN server (on eth0) and an SSL server (on eth1).
eth0: 192.168.1.88 connected via internet modem 192.168.1.2
eth1: 22.214.171.124, public address
126.96.36.199 should serve an ssl server (no other traffic).
When enabling both nics, I get two default gateways, and the default gateway of 188.8.131.52 (184.108.40.206) gets precedence. This is bad, because then the OpenVPN server on eth0 is no longer accessible from the internet. That is why I have disabled eth1 for the moment.
So I want to have only traffic on port 443 to go through eth1. I have read the howto's on Linux Advanced Routing & Traffic Control HOWTO and LiNUX Horizon - Linux Advanced Routing mini HOWTO but none of the examples fits. I get all kinds of problems trying the solutions.
I have installed iptables2, and tried some ip route commands but it does not work. Still, it should be pretty simple! The only thing I want is SSL (port 443) traffic to go through eth1 and the rest through eth0. Any ideas?
- 11-10-2008 #2
- Join Date
- Oct 2008
This is a difficult one because you can only get Linux to make routing choices based on the IP portion not the TCP/UDP port.
I'm reaching wildly with this suggestion but you could try to multinet your SSL interface (eth1) and then use NAT and port forwarding between the 2 IP's to restrict the traffic to just the single port. Creating a blackhole for SSL which only has one way out.
This may also involve getting the NAT to 'source route' the IP. Not a big problem because this will only be done internally. Though some applicatons may not allow this...