Software
 » 
Linux
 » 
Fedora
 » 
Fedora List

Network configuration

View: New views
3 Messages — Rating Filter:   Alert me  

Network configuration

by Chris.Wraith :: Rate this Message:

Reply to Author | View Threaded | Show Only this Message

I have a Fedora 9 machine running VMware with two network interfaces,
eth0 and eth1.  The first, eth0, is connected to a DMZ network and the
second, eth1 is connected to a more secure private network.  

I'd like to configure Fedora's networking such that the virtual machines
have TCP/IP access to the eth0 (DMZ) and not eth1 (the private network).
Conversely, I'd also like the host machine to be able access eth1 (the
private network) but not eth0 (DMZ).

On a Windows Server host, this would be achieved by unbinding the TCP/IP
stack from the DMZ network adapter on the host, which is done by opening
the interface properties and unchecking TCP/IP.  As long as the virtual
machine service remains bound to the adapter, any VMWare virtual
machines can still configure TCP/IP on this interface but the host
machine cannot.  I'd like to do exactly the same on Fedora 9.  

Is this possible using the network scripts in
/etc/sysconfig/network-scripts?  Anyone done it?

Many thanks
Chris
_______________________________________________

This e-mail may contain information that is confidential, privileged or otherwise protected from disclosure. If you are not an intended recipient of this e-mail, do not duplicate or redistribute it by any means. Please delete it and any attachments and notify the sender that you have received it in error. Unless specifically indicated, this e-mail is not an offer to buy or sell or a solicitation to buy or sell any securities, investment products or other financial product or service, an official confirmation of any transaction, or an official statement of Barclays. Any views or opinions presented are solely those of the author and do not necessarily represent those of Barclays. This e-mail is subject to terms available at the following link: www.barcap.com/emaildisclaimer. By messaging with Barclays you consent to the foregoing.  Barclays Capital is the investment banking division of Barclays Bank PLC, a company registered in England (number 1026167) with its registered office at 1 Churchill Place, London, E14 5HP.  This email may relate to or be sent from other members of the Barclays Group.
_______________________________________________

--
fedora-list mailing list
fedora-list@...
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines

Re: Network configuration

by El Gato feo :: Rate this Message:

Reply to Author | View Threaded | Show Only this Message

Chris,
 
Can you separate each NIC/MAC and create a VLAN?
That might work for you.
 
El Gato Feo


--- On Wed, 9/3/08, Chris.Wraith@... <Chris.Wraith@...> wrote:
From: Chris.Wraith@... <Chris.Wraith@...>
Subject: Network configuration
To: fedora-list@...
Date: Wednesday, September 3, 2008, 9:51 AM

I have a Fedora 9 machine running VMware with two network interfaces,
eth0 and eth1.  The first, eth0, is connected to a DMZ network and the
second, eth1 is connected to a more secure private network.  

I'd like to configure Fedora's networking such that the virtual
machines
have TCP/IP access to the eth0 (DMZ) and not eth1 (the private network).
Conversely, I'd also like the host machine to be able access eth1 (the
private network) but not eth0 (DMZ).

On a Windows Server host, this would be achieved by unbinding the TCP/IP
stack from the DMZ network adapter on the host, which is done by opening
the interface properties and unchecking TCP/IP.  As long as the virtual
machine service remains bound to the adapter, any VMWare virtual
machines can still configure TCP/IP on this interface but the host
machine cannot.  I'd like to do exactly the same on Fedora 9.  

Is this possible using the network scripts in
/etc/sysconfig/network-scripts?  Anyone done it?

Many thanks
Chris
_______________________________________________

This e-mail may contain information that is confidential, privileged or
otherwise protected from disclosure. If you are not an intended recipient of
this e-mail, do not duplicate or redistribute it by any means. Please delete it
and any attachments and notify the sender that you have received it in error.
Unless specifically indicated, this e-mail is not an offer to buy or sell or a
solicitation to buy or sell any securities, investment products or other
financial product or service, an official confirmation of any transaction, or an
official statement of Barclays. Any views or opinions presented are solely those
of the author and do not necessarily represent those of Barclays. This e-mail is
subject to terms available at the following link:
www.barcap.com/emaildisclaimer. By messaging with Barclays you consent to the
foregoing.  Barclays Capital is the investment banking division of Barclays Bank
PLC, a company registered in England (number 1026167) with its registered offic
 e at 1 Churchill Place, London, E14 5HP.  This email may relate to or be sent
from other members of the Barclays Group.
_______________________________________________

-- 
fedora-list mailing list
fedora-list@...
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines

--
fedora-list mailing list
fedora-list@...
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines

Re: Network configuration

by Aldo Foot :: Rate this Message:

Reply to Author | View Threaded | Show Only this Message

On Wed, Sep 3, 2008 at 9:51 AM,  <Chris.Wraith@...> wrote:

> I have a Fedora 9 machine running VMware with two network interfaces,
> eth0 and eth1.  The first, eth0, is connected to a DMZ network and the
> second, eth1 is connected to a more secure private network.
>
> I'd like to configure Fedora's networking such that the virtual machines
> have TCP/IP access to the eth0 (DMZ) and not eth1 (the private network).
> Conversely, I'd also like the host machine to be able access eth1 (the
> private network) but not eth0 (DMZ).
>
> On a Windows Server host, this would be achieved by unbinding the TCP/IP
> stack from the DMZ network adapter on the host, which is done by opening
> the interface properties and unchecking TCP/IP.  As long as the virtual
> machine service remains bound to the adapter, any VMWare virtual
> machines can still configure TCP/IP on this interface but the host
> machine cannot.  I'd like to do exactly the same on Fedora 9.
>
> Is this possible using the network scripts in
> /etc/sysconfig/network-scripts?  Anyone done it?
>
> Many thanks
> Chris

Here's some reading for a general understanding of what you need to do.
http://www.justlinux.com/nhf/Security/IPtables_Basics.html
I have not done what you describe in VMWare, but
basically you shutdown one interface in one environment leaving
the other one active.
This stops all traffic to eth0: iptables -A INPUT -i eth0 -j REJECT

The network scripts simply assign network information to eth0/eth1; they
don't filter traffic

please someone correct me if I'm wrong.
~af

--
fedora-list mailing list
fedora-list@...
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
LightInTheBox - Buy quality products at wholesale price!
Free Forum Powered by Nabble Forum Help