LinuxQuestions.org
Visit the LQ Articles and Editorials section
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 01-12-2011, 01:50 PM   #1
mgood
LQ Newbie
 
Registered: Jan 2011
Location: Rochester, New York
Distribution: Custom built; Ubuntu; Fedora
Posts: 4

Rep: Reputation: 0
Isolation on a non-router server with multiple ethernet?


Hello,

I have been working with Linux for about 10 years and I have a good understanding of IPv4 networking and routing but not so much detailed knowledge of implementation or specific networking packages.

I have a Linux system running a custom-built (Linux from Scratch) distribution and using 2.6.15 kernel. My system has 4 Ethernet controllers (eth0, eth1, eth2, and eth3). I have intentionally left out support for forwarding/routing of packets as this machine is not intended to be a router and I specifically do not want it to be able to so. My intent for the machine is to function as a server to 4 different and separate networks without allowing traffic or hosts on one LAN to access or adversely affect those on the other LANs.

My main question: is there a way to completely isolate the connections to these LANs and if so, how might I achieve it, and through what packages?

I have been having some issues:

1) Default gateway. With only a single default gateway, network requests from a LAN that is not directly connected to one of the 4 NICs and for which there may not be a static route defined, may send a response to the default gateway which is on one of the LANs connected to a different NIC than the one that I received the initial request on. Is there anyway to isolate outgoing messages to only go out on the NIC that the corresponding request was received through?

2) Default gateways. I have a requirement to allow DHCP on these interfaces. It is possible that the DCHP servers on each of the 4 LANs may provide a default gateway, but I don't see how I can make use of that. I know that there is a way to configure multiple default gateways via the iproute2 package (which is what I am using) but I don't know how to make sure that the correct default gateway is used for requests that were received on a specific interface.

Any help or ideas will be very much appreciated.

Thanks,
Mark
 
Old 01-13-2011, 08:25 AM   #2
Person_1873
Member
 
Registered: Sep 2007
Location: Australia
Distribution: Arch Linux
Posts: 489

Rep: Reputation: 39
hello mgood, just to be clear, you want all 4 LAN's to be able to connect to the same default gateway but be completely invisible to eachother and all 4 be able to connect to your server?

it sounds to me as though you're trying to do too much with too little hardware, as your linux machine stands all 4 LAN's should already be completely separated however if i were you then i'd configure it in this way
Code:
                     Router - LAN1 - Svr port 1
                   <               
                 /   Router - LAN2 - Svr port 2
Default Gateway<                   
                 \   Router - LAN3 - Svr port 3
                   <
                     Router - LAN4 - Svr port 4
if done in this way then you could either have your server push out DHCP information, or you could use the routers

the other option is to have a single LAN and divide your machines with subnets using mac address reservations in your DHCP server or by setting static IP's to all machines

Last edited by Person_1873; 01-13-2011 at 08:34 AM.
 
Old 01-13-2011, 09:20 AM   #3
mgood
LQ Newbie
 
Registered: Jan 2011
Location: Rochester, New York
Distribution: Custom built; Ubuntu; Fedora
Posts: 4

Original Poster
Rep: Reputation: 0
Hi Person,

Thanks for the reply.

That's not quite what I am trying to do. I would like each LAN to have its own default gateway. So if I receive a packet on eth0 but I do not have a route to respond to the sender, I want it to go out the default gateway for eth0. This same thing would apply to the other 3 interfaces as well.

Mark

---------- Post added 01-13-11 at 10:20 AM ----------

Hi Person,

Thanks for the reply.

That's not quite what I am trying to do. I would like each LAN to have its own default gateway. So if I receive a packet on eth0 but I do not have a route to respond to the sender, I want it to go out the default gateway for eth0. This same thing would apply to the other 3 interfaces as well.

Mark
 
Old 01-13-2011, 09:34 AM   #4
mgood
LQ Newbie
 
Registered: Jan 2011
Location: Rochester, New York
Distribution: Custom built; Ubuntu; Fedora
Posts: 4

Original Poster
Rep: Reputation: 0
I thought a sort of picture may help:
Code:
                                                    Host
                                                     |
                                           ------+---+------ LAN 4 ---------
                                                 |
                                                 |
                                             Gateway 0   Host Host
                                                 |        |    |
                       +--- eth0 --- LAN 0 ------+--------+----+---...
                       |
                       |                     Gateway 1   Host Host
                       |                         |        |    |
                       +--- eth1 --- LAN 1 ------+--------+----+---...
                       |
    Server Machine ----+                     Gateway 2   Host Host
                       |                         |        |    |
                       +--- eth2 --- LAN 2 ------+--------+----+---...
                       |
                       |                     Gateway 3   Host Host
                       |                         |        |    |
                       +--- eth3 --- LAN 3 ------+--------+----+---...
For each interface, I would like a default gateway that is used for requests made by hosts that are on LANs that are on the other side of the gateway, for example a host on LAN 4 sends a request to the server, but the server does not know about LAN 4 so it would use a default gateway for LAN 0 since the request arrived on eth0. The same would apply to LANs located on the other side of the Gateways 1, 2, and 3. In this way, traffic received on one interface wont affect or initiate traffic on another interface.

Mark

Last edited by mgood; 01-13-2011 at 09:36 AM.
 
Old 01-13-2011, 02:57 PM   #5
Person_1873
Member
 
Registered: Sep 2007
Location: Australia
Distribution: Arch Linux
Posts: 489

Rep: Reputation: 39
well that should be the iptables standard configuration, if a host is not in the same subnet range as your current LAN then the packets should go to the default gateway, if the gateway then knows its route to that IP then you will be able to connect.

i will show this to the network admin at work today and get his thoughts, he understands these things better than i do
 
Old 01-13-2011, 04:15 PM   #6
mgood
LQ Newbie
 
Registered: Jan 2011
Location: Rochester, New York
Distribution: Custom built; Ubuntu; Fedora
Posts: 4

Original Poster
Rep: Reputation: 0
I think I have found the answer at this link.

I will be trying this out on my server and will post again here the results.

Mark
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Multiple Internet Connection Firewall/Router - 1 Server 4 NICs luke1_28 Linux - Networking 6 03-25-2010 07:06 AM
LXer: Open source's Fast Ethernet router outperformed Cisco's Router LXer Syndicated Linux News 0 04-13-2007 01:31 PM
multiple ethernet for multiple bandwidth khairilthegreat Linux - Networking 6 01-31-2007 12:36 PM
LXer: Java EE isolation levels with the Spring framework LXer Syndicated Linux News 0 10-30-2006 12:54 AM
Linux server with multiple ethernet cards darkseed2g3 Linux - Networking 1 11-19-2003 05:01 PM


All times are GMT -5. The time now is 03:34 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration