On Wed, 27 Sep 2000 [EMAIL PROTECTED] wrote:
> There's this Linux box with eth0 and eth1, a firewall. They have both FTP
> and apache running on it also. How do we (can we) get one set of services
> on the eth0 (Internet) side, and another on the eth1 (LAN) side?
Some daemons support differentiated services based on the IP interface they
bind to. Apache, for example. Some even support doing this with one process,
which makes like easier for the admin. However, a security hole in the daemon
may affect the entire service, so it isn't as good as running two separate
daemons.
Some daemons allow you to restrict binding to a particular interface, and
allow you to run multiple instances. Samba, for example.
Some daemons do not allow you to restrict based on interface address, but do
allow you to change the port they listen on. Using non-standard ports in
combination with IP Chains and Port Forwarding, you should be able to create
transparent service differentiation.
> Is it only in the firewall rules, not to allow certain things out on the
> net?
IP Chains does not allow you to direct interfaces to particular processes.
I think IP Chains plus Traffic Shaping might be able to do so. However, the
documentation is a little weak, and the feature is considered "Experimental"
in the 2.2 kernel series.
HTH,
--
Ben Scott <[EMAIL PROTECTED]>
| "The memory management on the Power PC chip is something that should be |
| shown to small children when they've been especially bad." -- Linus |
**********************************************************
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**********************************************************
