0

We have a debian server server with 2 NICs. The Server should be configured with 2 IP addresses, one internal address for the communication in our LAN, and one public IP accessible from the internet.

I'm thinking about 2 different setups:

  1. Use bonding to bundle the physical NICs to a logical one and then assign both IP's (internal and external) to the logical interface.

  2. Setup one physical network card with the external IP and the other one with the internal IP.

For me, solution 1. looks more reliable, because if one physical NIC get's out of order, the server can still reach both networks. But what about security, is it in general a good idea to add an external and an internal ip address to the same NIC? What are the pitfalls and security issues here?

markus
  • 1,080
  • 5
  • 18
  • 38

1 Answers1

0

Your first setup has a serious flaw: if your switch does not support VLAN tagging, you are effectively mixing your public and private LAN segments. This is not a good thing.

If your switch supports VLANS, you can use bonding + VLAN to use a common physical path (the bonded interface) to transmit two different logical VLAN - with the switch ensuring that no packet can "jump" from a VLAN to another.

However, be aware that bonding and VLAN are somewhat difficult to configure and manage at the Linux box - not due to lack of tools, but due to peculiarities of the netfilter stack. For some examples, see here and here, but you can find many more information doing a google search.

Community
  • 1
shodanshok
  • 47,711
  • 7
  • 111
  • 180