Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I have two interfaces on my machine, and what I need to do is to close off eth1 using iptables due to that interface connecting directly to the DMZ on the router. (Snort is listening on the interface, and thats the interfaces only purpose)
The other interface is eth0 and is connected via the router. This is the interface that is to have no restrictions on it at all.
When I use iptables iptables -i eth1 -A INPUT -j DROP. I cannot get a network connection when this rule is in use. The webserver on the box allows no connection and email is not collected, Even though eth1 is specified. Could this be because the system is trying to use eht1 over eth0, if so how can I tell thesystem to use eth0?
Just to be clear:
Eth0 Protected network connection. No constraints or controls are needed.
Eth1 Snort interface, connected to DMZ, needs stealth
When I try and add a route with eth0 it states that "Network Unreachable". When I unplug the cable thats attached to eth1, there is no connection at all.
they are both using 255.255.255.0 eth0 ip is 192.168.1.5 and eth1 is 192.168.1.4
If I was to put them on different subnets it would not work would it? The rest of the network is using a subnet of 255.255.255.0.
I have just tried to put eth1 on subnet 255.255.0.0 and it keeps the routing table as:
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.1.0 * 255.255.255.0 U 0 0 0 eth0
169.254.0.0 * 255.255.0.0 U 0 0 0 eth1
192.168.0.0 * 255.255.0.0 U 0 0 0 eth1
127.0.0.0 * 255.0.0.0 U 0 0 0 lo
default inetpoint 0.0.0.0 UG 0 0 0 eth0
BUT: When I apply the IPTables it will not block off ports and does not stealth the box. I am using this rule: iptables -i eth1 -A INPUT -j DROP.
The IP 192.168.1.4 (Eth1)replys to pings from the other subnet without having to set a static route on the router, but refuses to block off using iptables. Do I have to add something else to the rule?
Last edited by MaverickApollo; 12-27-2003 at 07:32 AM.
Originally posted by MaverickApollo they are both using 255.255.255.0 eth0 ip is 192.168.1.5 and eth1 is 192.168.1.4
If I was to put them on different subnets it would not work would it? The rest of the network is using a subnet of 255.255.255.0.
It won't work this way..What you can do is
1) use different subnets for the cards and leave 255.255.255.0 netmask
2) divide 192.168.1.0/255.255.255.0 into two subnets, one for every interase (requires change of one of the IPs)
Could you tell us what you're trying to do with this config?
Mara is absolutley correct. The Linux Stack will not allow multi-homing of interfaces (unless you are load-balancing, in which case both NICs have the same IP). If two NICs are in the same subnet, Linux will only use one of the interfaces to respond, reguardless of which interface the request came in on. Which can obviously casue problems. Time for some networking 101. Seperate your networks and enable routing if you need to communicate between them.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.