Firewall / Network isolation inquiry

avronius · March 23, 2009, 11:51am

Good morning folks,

A good friend of mine has a network where every host has two paths to the file servers (two NICs & two networks for all hosts).

Normally speaking, one network will be used for regular application traffic - license servers, itunes library, collaboration tools - while the other will be used for infrastructure traffic - AFS cluster, SNMP, etc.

Currently, the application traffic is saturating both networks, resulting in poor AFP and NFS performance. Ideally, he'd like to firewall the traffic on the host - directing applications to use ports on 192.168.2, while allowing the higher bandwidth (mission critical) traffic to use 192.168.3 without being impacted by the collaboration stuff.

Using the two example networks above, can you recommend what he might need to change / implement in order to isolate services in this fashion?

Avron

Yogesh_Sawant · April 5, 2009, 6:14am

this sounds like a networking problem rather than something to do with OX, so i'm moving it to the appropriate forum. reply if otherwise.

septima.pars · April 5, 2009, 12:59pm

Hello,

I am curious about this issue ...

Is there some kind of gateway device being used? (as in dedicated for traffic "shaping"?

avronius · April 6, 2009, 9:58am

Currently, there is no hardware being employed to resolve this issue.

I was hoping to do this with the firewall built-in to MacOS. My friend's current network gear does not support this type of filtering.

If it cannot be done with ipfw, I may need to compile ipfilter for him, or he'll need to reconsider upgrading his switch to something that supports this feature.

ipfw ships with MacOS 10.5 or better. This is why my post was in "OS X (Apple)" rather than networking.

septima.pars · April 6, 2009, 4:49pm

hello there,

if you find the issue please post here.

regards,
AdrieL