Suse 11 router with Quad port card

[rasputinnovgorod]

Hello:

I'm using Suse 11 as a router. The machine is a thin blade with room
for only one card: a network card. I'm using the network port on the
motherboard as my external network port, and the network card
as my local port. Everything works fine.

I'm thinking of replacing my network card with a four port card:
Intel PRO/1000 PT Quad Port Server Adapter
see: ebay Item number: 170418034154

Then I'd like to configure the four ports differently for different
computer servers, perhaps:
1) normal (w/o html, etc)
2) html server only
3) mail only
etc

Can I do this? How (in very broad strokes, I don't need
step by step right now.)

I have a 16 port switch that sends the same thing to all;
basically I'm trying to decide if to buy the Quad port card
and get selective port firewalling.

Sincerely
/b

[HROAdmin26]

Then I'd like to configure the four ports differently for different
computer servers, perhaps:
1) normal (w/o html, etc)
2) html server only
3) mail only
etc

Can I do this?

What? Network communications is split into layers - each layer has a different purpose and scope. If you want to "filter" traffic on a higher layer such as the type of application/data you will need something like Squid. If you want to filter at the network layer (IP addresses, ports, etc.) you will likely be using IPTables.

HTML is a "script language" - you can no more filter "HTML" than you can filter "text files." If want to limit only *web server* communication, you can restrict to ports 80/443. The same goes for "mail." A mail server receives mail on port 25, but could provide IMAP, POP, Web Access, etc. services.

The only reason to add more ports is if existing traffic using one NIC is saturating all available bandwidth. Filtering at the application or network level does not care if there is one or several NIC's.

[rasputinnovgorod]

I'm sorry, I'm not explaining it well, because I'm not sure what
I'm talking about...

If I have multiple server nic's can I use something like network
masquerading or firewall port rules to direct some traffic to a
particular nic (in the server) and away from the other server nic's?

Sincerely.
/b

[HROAdmin26]

I'm sorry, I'm not explaining it well, because I'm not sure what
I'm talking about...

If I have multiple server nic's can I use something like network
masquerading or firewall port rules to direct some traffic to a
particular nic (in the server) and away from the other server nic's?

Sincerely.
/b

Your switch already does that. Data sent to a switch is *not* sent to all ports. You can Google for how switches work. At least, I think that is what you are asking...

[rasputinnovgorod]

> The only reason to add more ports is if existing traffic using one
> NIC is saturating all available bandwidth. Filtering at the application
> or network level does not care if there is one or several NIC's.

Thank you for your reply.
Rereading your reply, I think you are saying that I can use IPTables to
route to various server NIC's; but it is pointless unless the existing
NIC is saturating due to traffic. Is that right?

Sincerely
/b

[rasputinnovgorod]

> Your switch already does that. Data sent to a switch is *not* sent
> to all ports.

ARG!!!!
My local linux guru, the one who set me up, the one who will not
RTFM, insisted that the switch repeats ~all~ the traffic,
to ~all~ the computers. Even though the blinking lights on the
switch indicated the traffic. Thank you for the clarification.

One last question:
If I wanted a DMZ for one gaming computer "living dangeriously",
should I put a dedicated DMZ nic in the router just for
that computer?

Again, thank you for all your help; I will RTFM...

Sincerely
/b

[gogalthorp]

Switches do not repeat traffic to all ports they direct it to specific IP addresses. Hubs however do send all packets to all connected machines.

If you plan to play in the DMZ you should be sure to assign IP addresses and not do it dynamically. You still do not need another NIC. The router simply lets all traffic through to the DMZed address.

[rasputinnovgorod]

Thank you, guys, for helping me realize I was wasting my money
on the Quad nic.

Sincerely
/b

[speculatrix]

>
My local linux guru, the one who set me up, the one who will not
RTFM, insisted that the switch repeats ~all~ the traffic,
to ~all~ the computers.

not much of a guru, is he/she. only broadcast traffic is sent to all ports unless the switch's MAC table has been overloaded and then it turns into a hub (which is why you should never rely on a switch to keep your LAN secure, but that's another story!)

if you need more NICs, then consider vlans, unless you really are at network saturation. but that's probably also too advanced for this discussion.

better yet, forget linux as a firewall/router and installed pfSense, it's so much easier!!