> On Tue, 13 Oct 1998, Achal Prabhakar wrote:
>
> achal> Hi!
> achal>
> achal>
> achal> I can tell you for sure regarding the outgoing traffic:
> achal>
> achal> use ipfwadm to set up a forwarding rule that sends all the packets
> achal> originating from your network and having the service name "http" to be
> achal> forwarded through the ,say , sDSL interface.
> achal> Similarly for FTP create a route with service name ftp and interface T1
> achal>
> achal> Now with FTP you will have to specify a port range ( port 20 to 21),
> achal> this will take care of both ftp-control port and ftp-data port.
> achal>
> achal> This setup will ( it should ;-) correctly route web traffic and ftp
> achal> traffic to seperate interfaces. But as far as incoming is concerned i
> achal> doubt this can function
> achal>
>
> Thanks a lot for the tips.
> Added to this, if we implement the suggestion of somebody else who
> responded - viz. to assign www.xyz.com and ftp.xyz.com to the 2
> interfaces, which will be separately accessed from outside, wont this
> handle the incoming traffic too ?
>
> Comments?
Well actually it does but only partly, if someone was to use the IP
address of the web server and does connect to the ftp port, he can use ftp
through the interface meant for the web traffic.
Ditto for the web server. altough if you configure the web server
correctly it will only respond with meaningful data to clients using the
correct hostname.
This scheme can be implemented by doing the above, naming servers i;e, and
in addition putting in a incoming traffic firewall rule that only allows
ftp traffic from the ftp-interface and similarly from the web interface
Achal Prabhakar
=====================
KDE Developer
achal@kde.org
achal@netshooter.com
-
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to majordomo@vger.rutgers.edu