Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
SDN 101: An Introduction to Software Defined Networking
Discover the advantages of SDN.
SDN has quickly become one of the hottest trends in IT. But not all SDN solutions offer real software-defined functionality. As more enterprises consider SDN, they want to know, “What is SDN? And what are the real benefits?” If you're ready to explore the advantages of SDN, and want to know how it should be implemented within your enterprise, start by reading our introductory white paper.
Click Here to receive this Complete Guide absolutely free.
Okay so this may be a little long, but I will explain the topology best I can and maybe someone has encountered something similar.
I have a linux box running fesity that is being used as a spam filter / internet tracking box. The box is running postfix/spamassassin, and squid with sarg for internet tracking. Also the server is running shorewall to redirect traffic through 3180 for squid. Now as it stands right now the network I am installing this linux server on, the default route on all the computers is a cisco 3550 catalyst switch, 192.168.0.254. There is a static route on that switch to 192.168.0.1 which is the PIX 506e. Now in order to get traffic routed through my box I wanted to reset the static route on the switch to forward everything to my box, then set a static route on my box to the pix. However this would require directly connecting one of my NICs to the pix, and forwarding traffic from eth0 to eth1, then eth1 to the PIX. Does anyone know if this is possible? If not do you see any other viable solutions? I have a couple other in mind, but both seem to require quite a bit of reconfiguration. For instance I could reset the IP's of the switches, and just set my eth0 IP to 192.168.0.254, then set a static route to the switch from there. Or I could set my eth0 to 192.168.0.1, and change the PIX IP and forward traffic to it. Anyway hope you didn't get too bored reading through this explanation and maybe someone can help.
Definitely possible. You have your reason to pass the traffic through the box, so I guess you want to modify it somehow. Then a simple redirect or bridge is not enough. It seems that you'd need to set up NAT on that box, but it shouldn't be a problem.
So a route add command will not suffice? Basically the traffic being routed through the server will be checked and modified by squid and spamassassin, all I really have to do is get the traffic to go through the server, and then through the PIX, and out to the internet. Will I NAT the traffic from eth0 as eth1? Right now I have static IP for eth0.
This interface is connected to the switch, which is 192.168.0.254, which is also the default gateway for the network.
eth1 is not currently being utilized, but I want to connect it directly to the PIX, or if I don't have to, then I would just assume use eth0 and not eth1.
yeah this seems simple really. only thing i'd comment on is that if you have a decent switch there, use that better and have an 2 nic etherchannel connection using 802.1q vlans. that's bread and butter to any catalyst switch, and gives you the exact topology you want with improved resilience and flexibility. I assume there's no reason not to add a secondary LAN between the server and the pix? assuming that's there then yuo;ve an extremely simple topology, but if you so felt you could presumably still bridge two vlan interfaces on the server, but that's all getting a bit convoluted, and if you did want to bridge i'd probably look to take a step back and just use an inside and outside nic. not sure what you can really do transparently with ebtables and such though. i expect it's pretty comparable to standard iptables for redirections and such.