linux, 4 nic'S, problems

linux, 4 nic'S, problems

Post by Ralf Kaestne » Thu, 13 Jan 2000 04:00:00



I have a linux-gateway/firewall with 4 NIC's :

eth0: XXX.XXX.XXX.7   (externe ip for internet 10 MBit)
eth1: 192.168.2.1              (intern 10Mbit net)
eth2: XXX.XXX.XXX.9   (extern ip for internet 10 MBit)
eth3 192.168.1.1               (intern 100MBit net = 100MBit NIC)

folgende routen:


Kernel IP Routingtable
destination           Router Genmask         Flags Metric Ref Use
Iface
192.168.1.1             *    255.255.255.255 UH  0         0   0  eth3
192.168.2.1             *    255.255.255.255 UH  0         0   0  eth1
XXX.XXX.XXX.7  *    255.255.255.255 UH  0         0   0  eth0
XXX.XXX.XXX.9  *    255.255.255.255 UH  0         0   0  eth2
XXX.XXX.XXX.0  *    255.255.255.0       U   0         0   0  eth0
XXX.XXX.XXX.0  *    255.255.255.0       U   0         0   0  eth2
192.168.2.0            *     255.255.255.0       U   0         0   0  eth1
192.168.1.0            *     255.255.255.0       U   0         0   0  eth3
127.0.0.0                *     255.0.0.0               U   0         0    0
lo
default      Cisco1.mydomain  0.0.0.0          UG  0         0    0 eth0

XXX.XXX.XXX.7
and
XXX.XXX.XXX.9 are extern ip's - both use the router cisco1.mydomain
for the internet

192.168.1.1 and 192.168.2.1 are gatewaydev's for the both intern nets

How can I use the both extern NIC's with 10 MBIT as ONE with 20MBit as
gateway for the intern 100MBitnet?

How can I tell services to run only on ONE interface so that for example
ftpd just could be reached throug XXX.XXX.XXX.7 and not throuh XXX.XXX.XXX.9

How can I split the traffic from a ftpd over the two extern interfaces ?

How can I tell ipchains that the 100MBit-internal-net will be only
masqueraded over XXX.XXX.XXX.7 and teh 10MBit internal net over
XXX.XXX.XXX.9 so that all PC's out of the internal 10 MBit net have in the
internet XXX.XXX.XXX.7 and all of the 100MBit_net have XXX.XXX.XXX.9 in the
internet ?

sorry for my poor english - hopin' you understand me quite correctly ;)

greets - Ralf