question on dual NIC in linux

I set NIC as:
eth0:135.252.111.11
eth1:135.252.222.22
they both work.

I want to bind ssh on eth0, bind SIP traffic on eth1, then I set ssh to
listen on 135.252.111.11, bind the socket of SIP on 135.252.222.22.
But use tcpdump can get the packet on eth1, though ssh address is
135.252.111.11.

Is that becase linux get the best route for it? how to disable the function
of this,
I want to make all ssh packet on eth0, even from 135.252.222.*

thanks a lot!
Zhou, Xiaofang




zhouxf

"zhouxf" <(E-Mail Removed)> wrote in message
news:dsfbrm$(E-Mail Removed)
> I set NIC as:
> eth0:135.252.111.11
> eth1:135.252.222.22
> they both work.

Hum, you must give also the network masks if you want us to know which
networks you're talking about.

> I want to bind ssh on eth0, bind SIP traffic on eth1, then I set ssh to
> listen on 135.252.111.11, bind the socket of SIP on 135.252.222.22.
> But use tcpdump can get the packet on eth1, though ssh address is
> 135.252.111.11.
> Is that becase linux get the best route for it? how to disable the function
> of this,
> I want to make all ssh packet on eth0, even from 135.252.222.*

Well, you seem tu use SSH as a server. Though, any connection to your
machine is set by another machine, the client.
If there is anyway for the client on network 135.252.222.??? to get
to network 135.252.111.??? without having to pass by 135.252.222.22,
then you could do what you want with forcing the routing tables on
every clients.
Something like "route add -host 135.252.111.11 gw 135.252.222.??"
could do the trick.
Also, you'll have to set a special route on the server to go back
through eth0 when you reply.

This could be done, but is surely ugly :-)




--
Posted via Mailgate.ORG Server - http://www.Mailgate.ORG

thanks, I get what you mean
netmask is 255.255.255.0
client on 135.252.222.* can route to 135.252.111.* by other gateway and
switch

But I can not know who will use ssh to access my linux, so I can not set the
route in advance.
So my question is how to disconnect the route between eth0 and eth1 on my
linux?

Zhou, Xiaofang

"zhouxf" <(E-Mail Removed)> wrote in message
news:dsjl4o$(E-Mail Removed)
> But I can not know who will use ssh to access my linux, so I can not set the
> route in advance.
> So my question is how to disconnect the route between eth0 and eth1 on my
> linux?

A firewall can do the trick, but will stop the traffic.
Put an iptable rule like:
iptables -A INPUT -i eth1 -s 135.252.222.0/24 -d 135.252.111.11 -j DROP

Another solution would be to use iproute2 on 135.252.111.11 in order to
route any traffic from 135.252.222.0/24 to the other gateway.
You first have to add a new routing table name, take care that this
routing
table have to be used before the local one which id is 0...:
# echo 201 table_name >> /etc/iproute2/rt_tables
Then add a rule to the table:
# ip rule add from 135.252.222.0/24 lookup table_name
And put a unique route for 135.252.111.11 in this table:
# ip route add 135.252.111.11 via @other_gateway table table_name

Now, any traffic coming from 135.252.222.0/24 and going to
135.252.111.11 should go back to the other gateway.

I don't know how this solution can be implemented as long as table
local is id 0 and your new table have to be processed before local.
If you can't use negative ids for tables, you might try to change the
id of the local table to anything up to 0, and give the id 0 to your
table. But I don't know what would be the result...



--
Posted via Mailgate.ORG Server - http://www.Mailgate.ORG