Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I have a server with two network cards. On will sit on one VLAN the other on another! Card 1 will have a public ip/netmask address and Card 2 and internal address/netmask.
I dont want anyone to be able to access the internal network through the server. The internal ip is only to be used for ssh access to the server. How would i set this up? If i just give the second network interface an ip address in a diffrent range the server dies! I asume i need to run some cleaver routing rule. Can anyone suggest what i need to be doing?
You could as root:
echo 0 >/proc/sys/net/ipv4/ip_forward
Your distro may have a config entry in a gui program, such as YaST2 for example, or an entry in a file like /etc/sysconfig/networking where you can have it done when you boot. On a gui config program, it may be a checkbox to enable forwarding.
Also, make sure that the LAN IP address isn't used as the gateway on any of the machines on the lan.
If you have a firewall config program, only open the ssh port on the inside interface. This will use iptables rules, or you could edit them manually.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.