To be clear, you do not want to drop traffic if it goes to the "wrong" interface but to forward it to the "correct" interface?
Without knowing what is going on I have a hard time giving you specific "code examples". How and why your network is laid out will determine your solution. I am only guessing but dnat is probably what you are looking for: http://linux-ip.net/html/nat-dnat.html Also defence in depth is a good idea. If you only want mysql on one interface, only configure it to listen on that interface in addition to firewall rules. On Mon, May 21, 2012 at 4:20 PM, Juan Alberto Cirez <[email protected]>wrote: > > Hello there my compadres, > I got a quick question regarding Iptables: I have not used it in ages and > as the rule is use or lose it. I am a bit lost trying to accomplish the > following: > Suppose a box has two network interfaces, eth0 & eth1. eth1 is a gigabit > connection and eth0 is not. Even after I hard-coded samba to use eth1, and > define two distinctive host names to map to eth0 and eth1. I want to ensure > that ANY request send to SAMBA (based on the port number) is forward to > eth1; that ANY ssh (or any other) request is forward to eth0; and that any > request to MySQL is also forward to eth0. In short, I want to make sure > that eth1 is ONLY use for samba requests... > > Please answer with the actual code snippet. I also now there other ways to > accomplish that; but again, for the sake of this argument, I am JUST > interested in accomplishing this using Iptables. > > Cheers and thanks in advance. > > -- > > =*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*= > Juan Alberto Cirez, Sr. Field Service Technician/Project Manager > Certified Fire Protection Technologist (CFAA/AFSA) > -Fire Alarm > -Pre-Engineered Fire Suppression Systems > -Fire Extinguishers > -Sprinklers & Standpipes(BCIT) > -Fire Pumps & Pump Systems (MTAA) > -Electrical Troubleshooting & Preventive Maintenance (MTAA) > Information System Professional (CIPS) > -Computer Information Systems > J. A. Cirez Integrated Technologies, Inc > Fire Protection | IT Services | Security > Tel. : (780)972-4739 > Fax : (780)747-6078 > Email: [email protected] > Web : http://www.jacintech.com > > =*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*= > > _______________________________________________ > clug-talk mailing list > [email protected] > http://clug.ca/mailman/listinfo/clug-talk_clug.ca > Mailing List Guidelines (http://clug.ca/ml_guidelines.php) > **Please remove these lines when replying >
_______________________________________________ clug-talk mailing list [email protected] http://clug.ca/mailman/listinfo/clug-talk_clug.ca Mailing List Guidelines (http://clug.ca/ml_guidelines.php) **Please remove these lines when replying
