Isolating 4 NICS at OS Level
by BAcidEvil from LinuxQuestions.org on (#6KPA9)
Hi
I have an HPE Proliant with 4 Network Cards.
At Router level, NIC 1 is on iINSIDEi (vlan2) and NIC 2 is on DMZ (vlan 10) with no ACL Permitting communication.
NIC 1 is the Debian host itselfi NIC 2 (vlan 10) is for [a] VM for a Email Server. I have done pass through, direct, private etc but no matter what I do, NIC 2 keeps pinging and connecting to the ssh on NIC 1 (vlan 2).
At Router level I am confident this is not possible as there are NO ACLis, Firewall permissions allowing it, so this routing must be happening on Debian, being all NICSis reside there.
Is there a way to simply NOT let NIC 2 see or talk to NIC 1?
But hereis the thingi.. once I know they are completely isolated, I THEN want to allow specific access from NIC 1 to NIC 2 VIA those Router ACLis and Rules. I know itis weird but the point is NIC 2 is supposed to be in a DMZ and should NOT have connectivity unless given, so itis more the vulnerability aspect I am concerned withi if ssh and ping work when it shouldnit, what else is? At least by 100% isolating them, I can then build the secure connections with confidence.
I have an HPE Proliant with 4 Network Cards.
At Router level, NIC 1 is on iINSIDEi (vlan2) and NIC 2 is on DMZ (vlan 10) with no ACL Permitting communication.
NIC 1 is the Debian host itselfi NIC 2 (vlan 10) is for [a] VM for a Email Server. I have done pass through, direct, private etc but no matter what I do, NIC 2 keeps pinging and connecting to the ssh on NIC 1 (vlan 2).
At Router level I am confident this is not possible as there are NO ACLis, Firewall permissions allowing it, so this routing must be happening on Debian, being all NICSis reside there.
Is there a way to simply NOT let NIC 2 see or talk to NIC 1?
But hereis the thingi.. once I know they are completely isolated, I THEN want to allow specific access from NIC 1 to NIC 2 VIA those Router ACLis and Rules. I know itis weird but the point is NIC 2 is supposed to be in a DMZ and should NOT have connectivity unless given, so itis more the vulnerability aspect I am concerned withi if ssh and ping work when it shouldnit, what else is? At least by 100% isolating them, I can then build the secure connections with confidence.