Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
i am using ipfilter in a linux machine with two interfaces. lets say that eth1 is going to the Internet and eth0 to my local lan. I am thinking to put some rules on my eth1 with thepass in command so that i can block/allow requests from clients to my server inside the lan. where should i put the rules for server's reply to the clients? Would it be better to use a pass in rule to my eth0 interface or a pass out rule to my eth1 interface and why?
i'm not familiar with ipfilter, but as a technology in itself, you'd use stateful connection tracking to allow replies to previously accepted traffic to pass back out without interference.
i'm not familiar with ipfilter, but as a technology in itself, you'd use stateful connection tracking to allow replies to previously accepted traffic to pass back out without interference.
hm, i would like to keep things as simple as possible and i do not want to use statuful connections. i have only udp packets passing for one service...i am just wondering whether should i place the reply of my server (in my internal lan) to a rule passing in the eth0, or passing out eth1 going to the Internet (please see the sketch above)
i have checked the documentation but it does not provide any relevant info...and i consider it a very simple question that may not be tied with the ipfilter itself...
Not familiar with YOUR setup or YOUR filter. As a mathematical model, YOUR equation is a tool. The sooner YOU implement filtering, the sooner the big problem becomes a smaller problem. In english, this means that by placing the filter as close as possible to the beginning, the less time and work the model/equation has to perform. If YOUR sending an e-mail to a Family member, the milisecond doesn't matter much. If YOUR sending a newsletter to 1.9 x 106 of our Linux friends, than those factors of work and time are important to YOU. It will work, as long as YOUR filter is before YOUR server output packets. If after YOUR server, the big bad internet is coming after YOUR packets. YES it will.
Not familiar with YOUR setup or YOUR filter. As a mathematical model, YOUR equation is a tool. The sooner YOU implement filtering, the sooner the big problem becomes a smaller problem. In english, this means that by placing the filter as close as possible to the beginning, the less time and work the model/equation has to perform. If YOUR sending an e-mail to a Family member, the milisecond doesn't matter much. If YOUR sending a newsletter to 1.9 x 106 of our Linux friends, than those factors of work and time are important to YOU. It will work, as long as YOUR filter is before YOUR server output packets. If after YOUR server, the big bad internet is coming after YOUR packets. YES it will.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.