Network configuration
Aldo Foot
lunixer at gmail.com
Thu Sep 4 00:17:19 UTC 2008
On Wed, Sep 3, 2008 at 9:51 AM, <Chris.Wraith at barclayscapital.com> wrote:
> I have a Fedora 9 machine running VMware with two network interfaces,
> eth0 and eth1. The first, eth0, is connected to a DMZ network and the
> second, eth1 is connected to a more secure private network.
>
> I'd like to configure Fedora's networking such that the virtual machines
> have TCP/IP access to the eth0 (DMZ) and not eth1 (the private network).
> Conversely, I'd also like the host machine to be able access eth1 (the
> private network) but not eth0 (DMZ).
>
> On a Windows Server host, this would be achieved by unbinding the TCP/IP
> stack from the DMZ network adapter on the host, which is done by opening
> the interface properties and unchecking TCP/IP. As long as the virtual
> machine service remains bound to the adapter, any VMWare virtual
> machines can still configure TCP/IP on this interface but the host
> machine cannot. I'd like to do exactly the same on Fedora 9.
>
> Is this possible using the network scripts in
> /etc/sysconfig/network-scripts? Anyone done it?
>
> Many thanks
> Chris
Here's some reading for a general understanding of what you need to do.
http://www.justlinux.com/nhf/Security/IPtables_Basics.html
I have not done what you describe in VMWare, but
basically you shutdown one interface in one environment leaving
the other one active.
This stops all traffic to eth0: iptables -A INPUT -i eth0 -j REJECT
The network scripts simply assign network information to eth0/eth1; they
don't filter traffic
please someone correct me if I'm wrong.
~af
More information about the fedora-list
mailing list