On Wed, Sep 3, 2008 at 9:51 AM, <Chris.Wraith@xxxxxxxxxxxxxxxxxxx> wrote: > I have a Fedora 9 machine running VMware with two network interfaces, > eth0 and eth1. The first, eth0, is connected to a DMZ network and the > second, eth1 is connected to a more secure private network. > > I'd like to configure Fedora's networking such that the virtual machines > have TCP/IP access to the eth0 (DMZ) and not eth1 (the private network). > Conversely, I'd also like the host machine to be able access eth1 (the > private network) but not eth0 (DMZ). > > On a Windows Server host, this would be achieved by unbinding the TCP/IP > stack from the DMZ network adapter on the host, which is done by opening > the interface properties and unchecking TCP/IP. As long as the virtual > machine service remains bound to the adapter, any VMWare virtual > machines can still configure TCP/IP on this interface but the host > machine cannot. I'd like to do exactly the same on Fedora 9. > > Is this possible using the network scripts in > /etc/sysconfig/network-scripts? Anyone done it? > > Many thanks > Chris Here's some reading for a general understanding of what you need to do. http://www.justlinux.com/nhf/Security/IPtables_Basics.html I have not done what you describe in VMWare, but basically you shutdown one interface in one environment leaving the other one active. This stops all traffic to eth0: iptables -A INPUT -i eth0 -j REJECT The network scripts simply assign network information to eth0/eth1; they don't filter traffic please someone correct me if I'm wrong. ~af -- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
