[kwlug-disc] Two ethernet ports - 1 in, 1 out
john at netdirect.ca
john at netdirect.ca
Mon Jan 25 11:49:19 EST 2010
kwlug-disc-bounces at kwlug.org wrote on 01/25/2010 11:28:49 AM:
>
> If I'm running an asterisk server is it worth having two ethernet ports
> and setting it up so that inbound traffic comes in port A and outbound
> traffic goes out port B? What about on a webserver?
>
> And where would I start to look into how to set that up? I'm not sure
> if it's worth doing this, and if so, where to start reading on 'how'.
What you are looking to do can be done with policy based routing. It's a
function of the iproute2 tools and the kernel.
I assume you mean that if a packet comes in port A then it's response goes
out port A. Connections initiated from a local process go out port B.
The entire trick is in identifying the traffic so that IP route can route
it correctly. It's not necessarily a big trick, but it can be.
Conventionally Linux has a single routing table and all packets use the
same table to determine how to get routed to external hosts. Iproute2
allows the creation of multiple tables (250) and "ip rule" is used to
determine which table to use. As long as ip rule can determine which
packet goes through which port you're okay. Iptables can be used to mark
packets that ip rule uses to differentiate.
More information about the kwlug-disc
mailing list