CentOS 5 Networking :: Public Subnet Is Not Accessible From The Internal Network
Aug 6, 2010
I will try to explain a bit first about my network typology: I have one cent os 5.5 machine with 2 nics - external one 86.x.x.122 and internal one with 2 IPs: 192.168.1.1 and 89.x.x.121. The ideea is that I have a public subnet (86.x.x.120/29) of IPs which are routable only through 86.x.x.122 so I have a webserver hosted on a different machine with the IP of 89.x.x.122 and GW 89.x.x.121 - everything works perfectly fine, except that I cannot access from the internal network 192.168.1.0 / 24 the so called DMZ (roughly) - the 89.x.x.122.
What really makes me crazy is that I setup the IPtables rules correctly because I can access the webserver from the outside world but I cannot accessit from the internal network...
what I'm missing - why the 192.168.1.0/24 cannot see the 89.x.x.122 machine... What IPtables rules should I add?
There seems to be a lot written about virtual networking but I am not sure what approach to take in my situation. My local subnet has a public block of 128 addresses. I have a virtual host running on my machine. My machine has a static address and I'd need to assign one to the guest. I have edited the guest's interface file and assigned a public address to it's eth0. However the guest cannot ping out and I can't ping in.
By default the virtual machine manager creates a virtual network (virbr0) and assigned a private address range to it. I have tried to create a new virtual network using a subnet of my public range (/31) but the manager says the range must to a minimum of 16 addresses (/4). It doesn't look possible to achieve my aims using the virtual machine manager.
In the past I have used the procedure laid out here:[URL].. which is to manually create a bridge. I am not sure that is relevant for my 9.10. I think I would have to disable the network manager if I were to do that and I am not sure how to do that.
does somebody know how dnsmasq / iptables need to be configured such that requests to my public IP from lan are correctly NAT'ed to the host that handles them? Currently my routing device treats them like "oh, these are anyway for me, gnam gnam" which actually doesn't work.Unfortunatly setting up NAT rules that redirect requests from my lan correctly as they are redirected from wan is an option I would like to use only if there is no other possibility.I would like some kind of solution that treats packets that are sent to my public IP as normal packets that are not looped back before they even get out. So they would need to be at least sent to the wan gateway where they are directed back where my firewall can successfully treat them like all other public requests.
eth1= WAN IP= 188.8.131.52/32 Gateway= 184.108.40.206 eth0= LAN IP= 192.168.1.1/24 Chain POSTROUTING (policy ACCEPT) target prot opt source destination MASQUERADE all -- 0.0.0.0/0 0.0.0.0/0 [Code]....
My ISP gave me IP Pool 220.127.116.11/29 to use this on my LAN. my question is how can I use this IP pool on LAN side interface. i think now its simple. 192.168.1.0 /24 is my LAN network and I can not change this, because i have near 180 PCs on my LAN.
I have just installed CentOS and it is working fine!I made a masquerade with the document there: I didn't used the script, because right now, I do not completely understand it, and obviously I am not modifying anything by leaving it like that.I was using Mandriva before and I am used to graphical tools My questions are:I add the following lines in my iptables:
[root@localhost ~]# service iptables stop [root@localhost ~]# iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE [root@localhost ~]# service iptables save
I could no handle/circumvent on the past week, despite of the several "googling" and documents reading. I will try to mention all needed bits... I'm managing a network with the following structure:
eth0: internal net eth1: DMZ eth2: 10 mbit/sec sync line with eight public /29 IP's + a /30 interconnection network. All public IP's must use the interconnection's network gateway. eth3: ADSL with ppoe with fixed IP (ppp0).
Now, a few extra info:
- All internal traffic is routed through ppp0 except when it's destined for DMZ and public IP's range. - DMZ traffic is routed either through ppp0 or eth2. This is done by source IP. - eth2 has on IP from the interconnection network, and six public IP's are also defined on eth2. Command: "ip addr add ...."
I have TWO L3 + router switch (say switch1 and switch2). I created VLAN100 with VLAN ID 100 in both the switches. I created router 192.168.1.1/24 in Switch1. I created router 192.168.2.1/24 in Switch2. Switch1 is connected with 1.x/24 PCs. PCs are configured with 1.1 gateway. Switch2 is connected with 2.x/24 PCs. PCs are configured with 2.1 gateway. Both Switch1 and switch2 are connected by a trunk to carry VLAN100 data.
1)I have few PCs of 1.x connected to say Switch1 Is it possible for PC with IP 192.168.1.100(x) to ping PC with IP 192.168.2.100(y)?What are the configuration required in both switches to make them communicate ? All the device in both the subnets should ping/communicate with each other.
2)Move PC (192.168.1.100) to switch2. Move PC (192.168.2.100)to switch1.What will happen when PC(1.100) ping (2.100) and vice versa?What will happen when PC(say 1.80 in switch1) pings PC (say 1.100 in switch2) and vice versa? What will happen when PC(say 1.80 in switch1) pings PC (say 2.100 in switch1) and vice versa?
I'm living at a friend's right now, and he's got a wireless access point in the house that I set my laptops wlan0 interface to route through the eth0 to my desktop. It's been working fine for internet sharing and internal networking ( ssh and ftp ) between the laptop and the desktop, but there's a problem with both subnets being able to communicate with each other, and I haven't been able to solve it with DNAT either.
The wireless access point is 192.168.0.1 and has its own lan on 192.168.0.0/24 of which my laptop is 192.168.0.5. I setup the little subnet I created by routing with the laptop to 192.168.1.0/24 and my desktop is 192.168.1.50. With shorewall I can configure iptables to DNAT all of my ssh traffic destined to 192.168.0.5 to 192.168.1.50, but the problem seems to occur when ssh on my desktop fails to connect rather than the DNAT failing.
Using iptraf I've seen that all of the routing does work properly, because I can see on the connection in iptraf that only the SYN packet is being sent from a 192.168.0.x address, there is no ACK packet sent back. I believe this is because in the connection dialog it always shows a 192.168.0.x ip as the source of the connection, but I don't have a route to 192.168.0.0/24 from 192.168.1.0/24 setup and I'm unsure of how to do so.
I'm pretty much in over my head because I don't know what is wrong, I thought it should work like this. Everything else from port configurations, to the configurations of the software itself seems fine so I don't think it's anything like that preventing a connection, but I can't think of what it would be aside from the lack of routing between each subnet.
Is there anyway to just add a route so that 192.168.1.0/24 and 192.168.0.0/24 can communicate with each other directly? I know there should be, I'm just not at all sure how it would be done.
Our local community wants to provide broadband access for people who don't own a computer. I have been given the task of setting this up and I am going to use Ubuntu. Internet access will be via a usb dongle to a T-Mobile 3.5g network. Initially we are intending to limit access to just Internet browsing. Most users will probably be older people, rather than teenage hackers. configuring/securing a default Ubuntu install for this sort of use.
I have a motherboard which has 4 x 1Gbps Ethernet controllers. I would like to use it as a Gateway for my home network. I have a static IP from my ISP which I can use to configure eth0 (I haven't done it yet as the LE-565 is currently sitting behind my Netgear router until I've got DHCP working). I would like to use eth1, eth2 and eth3 for my LAN. How do I set things up so that DHCP is handing out IP addresses on the same subnet (192.168.0.0/24) on all three interfaces?
P.S. I think what I'm asking is: how do I combine all 3 interfaces to behave like a switch (ie. just like my Netgear router)?
My company hosts five Servers with CentOS 5 installed in a Data Center. The Data Center assigns a VLAN to each customer so that they can organize customers and also count traffic. The VLAN assigned to my company is in the form 62.103.X.X with a subnet mask 255.255.255.240 so the IPs that we can use in our Servers are 13. The first IP in the VLAN (for example 18.104.22.168) is the Gateway and the rest, that are calculated from the subnet mask, are assigned to servers(22.214.171.124 up to 126.96.36.199).
The problem I have is that we have run out of IPs in our VLAN. We have used all IPs and we want some more. The Data Center can assign new IPs but not grow our VLAN IPs by expanding the subnet mask. So they gave us a new VLAN with some IPs (for example 62.104.X.X with a subnet mask 255.255.255.192) They told me that I had to use as gateway the gateway of the first VLAN 188.8.131.52 and assign the new IPs as usual. So I assigned to one of the CentOS 5 servers the IP 184.108.40.206 and set the gateway to 220.127.116.11. Unfortunately this did not work and we could not establish connectivity to the Internet.Is it possible to assign a gateway outside of the IPs that are in the subnet? Could it be a problem with the VLAN setup by the Data Center?
I installed Redhat Enterprise linux server5. it has two LAN card and two subnet connected to these two LAN card. i can browse network from these two network easily. But i created VLAN on one network card.Now i cant browse network from these VLAN subnet.
I am using centOS 5.0. After I change from DHCP to static IP address, I cannot ping hosts on the same subnet. The error message says destination host unreachable. Before I made the changes I was able to ping and now even I change it back to DHCP I still cannot ping with the same destination host unreachable message. The centOS is running on VMware on a Windows host.
After pinging 192.168.0.106 (106 is on and other host can ping it), arp -a shows ? (192.168.0.106) at <incomplete> on eth0 I tried different ways by disabling the firewall and and disabling SE protection. No Luck.
I've got a bit of a question. My network is laid out like this:
The role assignments are thus:
Firewall - sorts out the passing through to the 3 different networks, and acts as the traffic proxy. Windows 2003 server - Does Active Directory and DNS CentOS server - FTP and DHCP
Now, my problem is I need the CentOS server to be able to assign IP address to both networks, however, the CentOS server can *ONLY* be connected via the one interface to the firewall. It needs to assign the Windows 2003 server and the eth0 of the firewall an IP address via static DHCP, but it also needs to able to assign the clients dynamically via any address in the 10.23.1.0/24 range. I was thinking that I would be able to create static only assignments for the servers via their MAC addresses, and only have 1 dynamically assignable entry for the clients, and then get the firewall to allow ports 67 and 68 to flow freely between eth0 and eth1, but I wasn't entirely sure of the best way to do all this.
I have a subdomain called www3 and I cant see it outside of our network. It's added in vhosts.conf in /etc/httpd/conf.d, and I can access it through [URL], but only when on vpn.
We have another www2 that is both local AND outside the vpn. I am testing the site live and need access to it. Is there another file besides vhosts.conf that I need to add the ssubdomain in? Here's what I added in my vhosts.conf
20 packets transmitted, 0 received, 100% packet loss, time 19152ms However, ping works fine if I use IP addresses instead. I would put the address for "file-server" in my /etc/hosts file, except for the fact that DHCP changes it's address occasionally.I attempted changing the line
send host-name "<host-name>"; in /etc/dhcp3/dhclient.conf to send host-name "file-server";
I just setup a ubuntu 10.10 box learn linux and to play around with, and want it to host my website. I can see the web site on my local network no problem but the outside world gets a time out message. I check to make sure everything is forwarded correctly on my router and the dns so i has to be something in ubuntu blocking out-of-network traffic how do i turn port 80 on to the outside world
I am trying to have a serial device connect to my ubuntu machine via the com port, and forward that comport over the network to a windows box so that I can configure/access the device. I have looked into socat/ sredird but still haven't found an option that I can get to work.
Currently I am trying to get some fedora shares to simply connect to each other to access a read-only shared folder on a host machine (no security/encryption even required for these files!). I've tried to get a smb network share going but that didn't work (can't connect with nautilus), I've tried a quick fix with daap and rhythmbox so that they can at least access the music, but rhythmbox fails very miserably trying to connect/create that (and mt-daapd didn't help much) - Basically I get errors saying the host is unreachable.
I haven't even set up a firewall yet for this network and already I'm running into these fundamental problems. Currently I'm using Fedora 15. On a whim I tried the "public" folder and had sharing of the public folder over the network enabled - yep, didn't work (and I certainly didn't expect it to). I would be trying some more advanced CLI stuff, setting up an ssh server or something, but the computer-challenged people who have to access these files just want to be able to click something and have it work.For the operational requirements of this setup, a file synchronisation system would work (although highly inefficient since it would mean gigabytes sent over the network).
I have Linux installed on one machine with samba running and a second machine running XP. They are going through my router and I am using the same username/passwords for both machines and I have even gone to the point of allowing access to everyone for the share I created and the worgroup in samba is MSHOME just like my XP machine. When I view (or search) my workgroup computers my Linux machine shows up and so do the shares I created but when I try to open them I just get a message that permission is denied and I may not have permission to use this resource. I even tried setting access to the shared folder to 777 but still I can't open this share. Has anyone got any idea of why this is?
I would like to know if there is a fairly easy "How To" for setting up my home network. I have 2 XP SP3 computers and 2 Linux with ver. 9.10. The XP boxes can see each other and share files and folders. I can see from an XP box one of the Ubuntu machines, but can't access any of the files or folders.
I get the following when I try: \Lstoragemusic is not accessible. You might not have permission to use this network resource. Contact the administrator of this server to find out if you have access permissions. The network path was not found.
I have installed the CentOS 5.3 on VMWare. Then I Have Installed Apache ,PHP , Mysql with the flowing Command : yum install httpd yum install php yum install mysql yum install mysql-server yum install mysql-devel yum install php-mysql
Then I tested my Web Server , Data Base server and PHP Whit Create A PHP Page that work to Mysql this Test is successfully. Next I ping my machine IP (192.168.6.131) and then Ping windows xp machine. Even I Ping My Linux machine in Windows XP. But when check the PHP Page Or Local host in Linux machine whit Browser (IE or FF in XP), Response (IE:) Cannot display the webpage or (FF:) The connection was reset.
We have to connect one PC in private network (campus) with other PC (mostly a modem in our case)in public network. Connection should be peer to peer like and we have to use C coding for establishing connection between this two systems. Is it possible if we use port forwarding or is there any other way?
So I want to put some of my folders on my network. I open up nautilus and go to my home folder and right click -> properties-> share and then selected share this folder, made it so that others could modify stuff on it and have guest access (which is what I want), and changed the share name to "home". Then I clicked create share. I then went to Places->Network->******'s public files on [the name of my computer]. But then some stupid error message popped up saying:
"DBus error org.freedesktop.DBus.Error.NoReply: Message did not receive a reply (timeout by message bus)"
Using my laptop, I'm trying to get onto the local library's wireless network, with zero results so far.Basically, I can see the network, but when NetworkManager tries to connect it just spins for a few minutes and then rejects the connection. (Or the connection is rejected by the router) My wireless connection works fine when connecting to my WPA home network.
I am not too knowledgeable on networks, however I think this should be possible.I have a computer at work, which is connected to the work network. I have files stored on the central server here and also my local computer.
At this place, computer support say "We do not offer this service". However they also say "The simplest way to do what you are asking is to install an ssh server on your actual workstation".I have done this, and it the openssh server is working because I can test from my workstation by doing ssh user@hostname and it works.What I want to do however, is to connect from outside the network. Firstly, is this possible, and secondly, what is the syntax for ssh in order to do it.