Hi everyone, need some help

We need to wrap a RHEL5 web server, thats currently in production, in a DMZ, but still allow it to access our IBM AS400 which is in the lan, to pull account information via odbc

Maybe a little architecture is in order first - We are a call center, and clients dictate the extent of our security / infrastructure - if a client wants it, they get it

So, we have a Firewall / Router (SonicWall), wan port connected to 3mb pipe, lan port goes out to bank of switches and the DMZ port (x2), up till yesterday was off

The web server, connected to the lan port via a switch, assigned 10.1.0.90 on eth0 has been in production for some time, working fine, connecting to the as400 locally on the same lan, via php / odbc for its database

So we called Sonicwall, they helped us setup the dmz which assigns ip's in the range of 192.168.0.*. Used my laptop to setup a test web server at 192.168.0.10 and we could hit it from the outside world just fine

make the same settings on RHEL5 server and after some finangling with apache, got apache to listen for 192.168.0.10 on eth1 (because i cant take eth0 down as its in production)

And this was fine, apache returns a test page, with some test data read from the db on the as400, except for the minor inconvenience of, when the connection was made to the as400, it went out over eth0 (10.1.0.90) and not eth1 (192.168.0.10) - we know this cause we can see the connections on the 400 side being made.

So, as a test, i assumed, if eth0 was taken offline, odbc and the system in general would move on to the next available port, eth1 and make the odbc connection there - this morning at 6am, i deactivated eth0, and the connection simply never went through (we tested it with it being active before just to make sure it was still working)

From what we can tell, the rules in the firewall for the dmz to hit the lan over port 8471 (odbc port for the as400) are correct

so my question is

a: is there somewhere i can tell odbc to use eth1 and not eth0 ?

b: i rebooted the server this morning and apache gave a message (loaded just fine) about dns - we dont run dns on this server, but on another machine on the lan, which isnt in the dmz - could that be it ? do i need to run dns on the web server to provide for eth1 cause its in the dmz?

c: in production, eth0 will just change to 192.168.0.10 and all the settings in apache with it, but i cant do this until i verify the web server can make the odbc connection outside of the dmz into the lan -

d: i'm just lost...... i just dont know where to go from here.

Help! please ?

-Mario

I would say add a static route to the AS400.
You can do this temporary (to test) with the command
where XX.XX.XX.XX is the AS400's ip.

I can't say off the top of my head how you make this setting permanently in RHEL. A quick google search suggests you need the config file /etc/sysconfig/network.