[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, Sep 3, 2008 at 9:51 AM,  <[email protected]> wrote:
> I have a Fedora 9 machine running VMware with two network interfaces,
> eth0 and eth1.  The first, eth0, is connected to a DMZ network and the
> second, eth1 is connected to a more secure private network.
>
> I'd like to configure Fedora's networking such that the virtual machines
> have TCP/IP access to the eth0 (DMZ) and not eth1 (the private network).
> Conversely, I'd also like the host machine to be able access eth1 (the
> private network) but not eth0 (DMZ).
>
> On a Windows Server host, this would be achieved by unbinding the TCP/IP
> stack from the DMZ network adapter on the host, which is done by opening
> the interface properties and unchecking TCP/IP.  As long as the virtual
> machine service remains bound to the adapter, any VMWare virtual
> machines can still configure TCP/IP on this interface but the host
> machine cannot.  I'd like to do exactly the same on Fedora 9.
>
> Is this possible using the network scripts in
> /etc/sysconfig/network-scripts?  Anyone done it?
>
> Many thanks
> Chris

Here's some reading for a general understanding of what you need to do.
http://www.justlinux.com/nhf/Security/IPtables_Basics.html
I have not done what you describe in VMWare, but
basically you shutdown one interface in one environment leaving
the other one active.
This stops all traffic to eth0: iptables -A INPUT -i eth0 -j REJECT

The network scripts simply assign network information to eth0/eth1; they
don't filter traffic

please someone correct me if I'm wrong.
~af

-- 
fedora-list mailing list
[email protected]
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines

[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]
  Powered by Linux