iptables

Wenzhong Chen chenw@cs.queensu.ca
Wed, 20 Jun 2001 11:23:36 -0400 (EDT) 

Hi Ramin,
Thank you very much for your quick reply.
Actually I am doing a project about web caching. The two switches are
actually two linux box machine. In each "switch" there are two NICs
installed.Through a hub they connect to other subnet's cache server and
web server.The two "switch" connect to each other. I must write code in
the kernel level to switch the client's request to the cache server or
web server. First I need to use iptable to do filter,blocking client's
request from switch1 to switch2 and redirect them to cache server.How can
I do it?

James

On Wed, 20 Jun 2001, Ramin Alidousti wrote:

> On Wed, Jun 20, 2001 at 10:28:57AM -0400, Wenzhong Chen wrote:
> 
> > Hi all,
> > I am a newbie here and read a lot about your articles and admire your
> > talents. I have a big question. I must set up an environment as follows:
> > 
> >             -------------                      -------------
> > 
> >               switch1           internet           switch2
> >               |     |              |               |     |
> >             -------------          |            -------------
> >               |     |              |               |     |
> >               |     |____________ hub _____________|     |
> >               |                                          |
> >          ----------                                 ------------
> >          |   |  |  |                                |  |  |  |  |
> >         Client cluster1                             client cluster2
> >             
> > How to block communication between client cluster1 and 2, let them be
> > seperate network? Are there any info. I can find from web to write a
> > iptable script about L4 L5 transparent switch function?
> 
> The way its been setup makes it difficult to do filtering:
> 
> 1) If they're on the same subnet then they bypass the firewall (which
> is not shown in your diagram, BTW, but I assume that the "internet" will
> be your firewall towards the Internet).
> 
> 2) If you use different subnets then everything goes through the firewall
> and there you can do filtering based on the subnets.
> 
> 3) If you use two separate interfaces on your firewall then you can
> do filtering based on the interfaces.
> 
> **) The hub is sitting in a very suboptimal location. You use two
> switches, fine, but then the hub... collision, collision, collision, 
> 
> Ramin
> 
> > 
> > Thanks,
> > 
> > James 
> 
>