* jsalord@publicom1010.com (jsalord@publicom1010.com) [020313 02:30]: > Hi folk's: > > I've installed two ethernet cards to my debian server and they work fine. > I want to give some services to one IP and other services to the other, so: > How can I deactivate the routing option betwen cards? > > There have to be some kind of routing now because I can connect to my apache > typing the two IPs even I've just one cable connected to eth0. This isn't necessarily indicative of routing. What this really means is that the box is accepting packets for any of its local interfaces on any of its interfaces. The way to have the kernel enforce that a packet must arrive on the interface corresponding to its destination address, you want something called "spoof protection". If you look at /etc/init.d/networking, you'll see that there are a few different methods available. I think the cleanest is the kernel-level rp_filter. This can be enabled like this: echo 1 > /proc/sys/net/ipv4/conf/all/rp_filter or sysctl -w net.ipv4.conf.all.rp_filter=1 This change can be made permanent (i.e. it will be set up each time your machine boots) with a line in /etc/network/options: spoofprotect=yes . Similarly, you can disable routing (which should be disabled by default anyway) by adding a line that says ip_forward=no in the same file. good times, Vineet -- Currently seeking opportunities in the SF Bay Area Please see http://www.doorstop.net/resume/
Attachment:
pgp3iutINpCLX.pgp
Description: PGP signature