2
I've got two network interfaces on an Ubuntu machine which go out to two different networks but both have internet gateways.
I need to limit it so that any outgoing http requests it makes (ie through wget) only go through eth0 and all other traffic goes through eth1.
I dare say the solution might have something to do with iptables but I've no experience with it so would appreciate all help.
Oli
Posted 2010-06-03T00:11:12.497
Reputation: 377
2
You can do this with IPTables. You need to specify a prerouting (or was it forwarding) rule which says anything which is on port 80 should be routed to eth0, and then in the regular routing rules default to eth1.
It's been a while since I have constructed IPTables rules so I can't come up with the exact rules.
Daisetsu
Posted 2010-06-03T00:11:12.497
Reputation: 5 195
it is possible but i think its bad style. routing tables are the way to go. – matthias krull – 2010-06-23T16:37:23.927
1
If it's enough that just wget traffic goes to the other interface, you can do this:
First, learn about routing tables and multiple default routes: http://lartc.org/howto/lartc.rpdb.multiple-links.html
Set up your networking so that the default routing table puts traffic via eth1. Then add a rule that traffic originating from eth0 ip address uses the routing table for eth0. Then use the wget option --bind-address to bind to the eth0 ip address.
If you're not using wget which can specify the binding address, an alternative is to set up a www proxy and bind that (only) to the eth0 address, then use that proxy.
Viljo Viitanen
Posted 2010-06-03T00:11:12.497
Reputation: 193
-1
I would say edit Apache, to "listen" to a specific IP address. By Default, Apache listens to all IP addresses that your machine may have.
Look in /etc/apache2/sites-enabled/xxx and check for the Listen Directive. I'm afraid I don't use Ubunutu, so take a look at
grep -r -i "listen" /etc/apache2/
Find the file, and change it to:
# Listen <IP ADDRESS>:<PORT>
Listen 10.2.3.4:80
Felipe Alvarez
Posted 2010-06-03T00:11:12.497
Reputation: 1 666
1I'm talking about outbound traffic (ie the computer in question making a request to another server). You could think of it as a desktop if you wanted. Nothing to do with Apache or any other httpd. – Oli – 2010-06-03T22:02:17.700
-2
Look at shorewall. Documentation for the masq file seems to cover what you want. You will need to ensure that you don't route between the two interfaces.
BillThor
Posted 2010-06-03T00:11:12.497
Reputation: 9 384
Sorry, that's DNS and nothing to do with outbound traffic routing. – Oli – 2010-06-03T22:06:51.167
Shorewall is not DNS and all about iptables. You need to ensure request are addressed from the appropriate interface which is what Shorewall can do for you fairly easily. – BillThor – 2010-06-03T23:42:46.833
Would this fit in better on Server Fault? – Aren B – 2010-06-03T00:22:40.880
2Not really, this isn't a server question. – Daisetsu – 2010-06-03T00:39:29.050
@Daisetsu: mhh .. not sure. I have seen questions for bandwith sharing and bandwidth load balancing on serverfault.com already. – akira – 2010-06-03T03:49:04.157
@Oli: can you clarify the difference between what my browser creates in "outgoing" traffic and what wget creates in "outgoing" traffic? – akira – 2010-06-03T03:51:07.457
akira: No difference at all. The only reason I specify wget is because the computer is a headless server. Certain scripts make requests to other servers through wget and I basically need to restrict which interface it uses for certain outbound jobs. – Oli – 2010-06-03T22:04:53.293
So yes, this question could easily apply to a desktop with two networks defined and me wanting to restrict all Firefox traffic to eth0. – Oli – 2010-06-03T22:05:51.437