Limit a Network Adapter's Traffic to a Subnet in Ubuntu

0

I've set up a virtual (software emulated) network between a handful of VPSs that I run. Also on the virtual network is a linux server in my home, and on that server I've created a bridge between the physical and virtual networks.

The result of this is that my VPS servers obtain an IP address on my home network (via DHCP on my home router, no less) and it all works beautifully.

The potential problem is that each of VPSs has two interfaces/connections:

  • eth0 is the fast internet connection from my VPS provider
  • zt0 is the virtual network, bridged with my home network

Each of these connections has internet access. One fast, and one much slower because it's my consumer-grade home internet.

I have two questions:

  1. Is it possible that outbound traffic from the server to the internet is using my home connection across the bridge (via zt0)?
  2. If so, how can I stop that from happening and force the majority of traffic to use eth0? For example, is there a way to limit the traffic that goes through zt0 to my home network subnet (192.168.1.x)?

All the servers are running Ubuntu 14.04 LTS, and all the network configuration is done in /etc/network/interfaces

Jason Williams

Posted 2015-07-16T02:45:08.307

Reputation: 53

Answers

2

Just setup a static route that fordwards all traffic in your home subnet out one interface and another static route that tells all other traffic to go out the other port. You can do this by assigning the route 0.0.0.0 0.0.0.0 to the ip of the device that your VPSs physically connect with to gain access to the Internet. Then assign the route 192.168.1.0 255.255.255.0 (or whatever ip scheme your using at home) to the physical interface itself (zt0).

Geruta

Posted 2015-07-16T02:45:08.307

Reputation: 1 185

0

Geruta's answer is the best one because is scales well and would allow a central location (the DHCP server) for managing the IPs that get handed out to all clients, including those on those on the other side of the bridge. It also allows for an identical configuration on all the VPSs, which might be important if a configuration management tool is in use.

I have a small number (four) VPSs, so in the end I did something even simpler: I defined a static internal IP for each of the VPSs in /etc/network/interfaces, but I didn't include a default gateway in the configuration stanza for zt0.

Jason Williams

Posted 2015-07-16T02:45:08.307

Reputation: 53

Asked: 2015-07-16T02:45:08.307

Viewed: 382 times

Active: 2015-07-16T13:43:11.367