LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 10-21-2015, 10:49 PM   #1
Adol
Member
 
Registered: Feb 2011
Location: Osaka, Japan
Distribution: Gentoo, Opensuse
Posts: 271

Rep: Reputation: 6
Want to dedicate one nic to internal and another to external


Hello everyone.

I would like to make one of my ports internal for my internal network, and the other external to connect to the internet.

I am trying to cut off internet access completely for one port, but don't know where to start looking for my solution.

Any ideas, or direction?
 
Old 10-21-2015, 11:49 PM   #2
cliffordw
Member
 
Registered: Jan 2012
Location: South Africa
Posts: 509

Rep: Reputation: 203Reputation: 203Reputation: 203
Hi there,

Can you provide a bit more information please?

Is this a server, connecting other machines to the internet, or just your workstation?

How are you connecting to the internet -- does this machine have a public IP address, or is it connecting through a router which does NAT?

The first step in your solution is to configure the IP addresses and routing correctly, by assigning a private IP to the internal network, and making sure the default gateway goes via the external interface/gateway/router. Once that's working, you can look at firewall rules too.
 
1 members found this post helpful.
Old 10-24-2015, 11:54 PM   #3
Adol
Member
 
Registered: Feb 2011
Location: Osaka, Japan
Distribution: Gentoo, Opensuse
Posts: 271

Original Poster
Rep: Reputation: 6
Hi,

Thanks for the reply.

It's a small video server for my home that I also use for VM's and such. It's not really a big production machine or anything.

The server does not connect other machines to the internet. Basically I want to keep all my video traffic internal on one port, and give my VM's access to the internet on another port. The internal port would be used by creating a static IP that all of my other devices are connected to, while the external port would be free to do whatever it wants (for now at least).

The machine is connected through a router.

I'm looking into how to rout in a way that does not give one interface access to the gateway.

Thank you for the suggestions.
 
Old 10-25-2015, 02:50 AM   #4
berndbausch
LQ Addict
 
Registered: Nov 2013
Location: Tokyo
Distribution: Mostly Ubuntu and Centos
Posts: 6,316

Rep: Reputation: 2002Reputation: 2002Reputation: 2002Reputation: 2002Reputation: 2002Reputation: 2002Reputation: 2002Reputation: 2002Reputation: 2002Reputation: 2002Reputation: 2002
Is this what you need?
NIC 1 connected to a router, which connects to the internet
NIC 2 connected to your internal video network, isolated from the internet

If so, don't create a route between NICs 2 and 1, and add a netfilter rule that blocks attempts to access the internet via NIC 2:
Code:
iptables -I FORWARD -i nic2 -o nic1 -j DROP
(this is from memory and not tested)
 
Old 10-25-2015, 09:28 AM   #5
rknichols
Senior Member
 
Registered: Aug 2009
Distribution: Rocky Linux
Posts: 4,774

Rep: Reputation: 2211Reputation: 2211Reputation: 2211Reputation: 2211Reputation: 2211Reputation: 2211Reputation: 2211Reputation: 2211Reputation: 2211Reputation: 2211Reputation: 2211
Need more detail about your network. The picture I am getting is that you have just one internal LAN that includes (a) the server, (b) several other machines, and (c) a router that also connects to the internet, and what you want is to add a second NIC to the server such that the first NIC is used exclusively for traffic destined for other machines on your LAN and the second NIC is used for all internet traffic. Other machines on your LAN use the router to connect to the internet. Is that all correct?

That should be just a matter of connecting that second NIC to the router, marking that interface as the default route, and setting up a routing table entry that directs all of your internal traffic to the first NIC. It really doesn't involve iptables at all.
 
Old 10-27-2015, 11:04 AM   #6
suicidaleggroll
LQ Guru
 
Registered: Nov 2010
Location: Colorado
Distribution: OpenSUSE, CentOS
Posts: 5,573

Rep: Reputation: 2142Reputation: 2142Reputation: 2142Reputation: 2142Reputation: 2142Reputation: 2142Reputation: 2142Reputation: 2142Reputation: 2142Reputation: 2142Reputation: 2142
I'm envisioning the same thing as rknichols. Two NICs, one connected to the internet-connected router, the other connected a local network only (could have a second router on it, or it could just be a switch and every machine is configured with a static IP). Give the two NICs IPs on different subnets, and set the default route to the NIC that's connected to the router. That's about all you have to do.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] Differentiate between internal and external nic's skimeer Linux - Newbie 8 02-09-2012 04:51 AM
Forward traffic from internal NIC to external NIC laurens Linux - Newbie 4 07-30-2009 10:53 AM
1 internal 1 external nic neocontrol Linux - Networking 4 02-14-2007 12:53 PM
2 External Nic, 1 Internal Nic Router Problem trevanda Linux - Networking 0 10-13-2004 01:20 AM
2 NIC problem, no internal ping, only external browny_amiga Linux - Networking 3 12-02-2002 01:21 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 05:21 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration