CentOS 5 :: Send Specific SIP Traffic Only Through Tun0-00?
Sep 20, 2010
I got to establish an OpenVPN connection between two server and I have dhcpd on the client server which feeds a few SIP phones. All these phones are supposed to the register server through the tunnel.Here is the network structure:
Client CentOS:
eth0: 192.168.0.0/24
eth1:192.168.100.0/24
tun0:172.15.0.0/24
DHCPD: feeding above eth1 and all the phones with 192.168.100.0/24
If I ping 172.15.0.1 from the the Client CentOS it works all fine. Everything pings and I can even do SSH. However, the phones which obtain their ip through eth1 on the same server can not reach the 172.15.0.1. I think it's a route issue here. Can you please guide me to the right direction as to how to forward certain traffic through tun0 and leave the rest of the traffic to go through eth0?
I don't want to turn on IPTABLES as this is time consuming for me now and there is VPN setup. It has to do with setting up the routing but I am not sure.
View 4 Replies
ADVERTISEMENT
Sep 21, 2010
Here is what I need to accomplish but somehow not getting where I need:
Server A:
-OpenVPN Server
-NIC1 = Internet (vnet - public IP address)
-Tun0 - 172.16.0.1
Server B:
-OpenVPN Client - Connects to Server A as a Client.
[Code]...
View 4 Replies
View Related
Jun 9, 2011
I use a server with 3 nics,
eth0 192.168.2.100 (internal Web, Mail)
eth1 192.168.3.100 (Default Gateway nic for clients)
eth2 192.168.3.110 (should be default Gateway for all outgoing traffic not belonging to 192.168.2.100 and 192.168.3.100)
They are all on the same machine
i cannot set eth1 or eth2 as default gateway, as outside requests to eth0 would be handled in a false manner (somehow)
is there an easy iptables-rule to say, that outgoing traffic, not belonging to my networks can be redirected to a specific NIC (eth2)?
View 3 Replies
View Related
Dec 18, 2010
How will I monitor the traffic of tun0 ?
View 5 Replies
View Related
Mar 28, 2010
I have eth0 and tun0. tun0 is a VPN tunnel going over eth0. Everything on the other end is setup and working fine, when I type Code: traceroute 4.2.2.1 I see my the ping is going over 192.168.2.99 (eth0). When I then type Code: route add -net 4.2.2.1 netmask 255.255.255.255 dev tun0 traceroute 4.2.2.1 I see ping is going over 10.8.0.1 (tun0) instead of eth0, so that is working
What does not work however is when I do Code: route add -net 0.0.0.0 netmask 0.0.0.0 dev tun0 traceroute 4.2.2.1 I get no ping! I believe the problem is because all traffic is routing over tun0, which means even the VPN tun0 needs to go through eth0, it can no longer do this. Is there a way around this where I can route everything except for 114.77.31.26 (which is my VPN gateway for tun0)?
View 18 Replies
View Related
Sep 29, 2010
I need to set up my centOS computer as a firewall in my home network. Ive got 2 interfaces, eth0 and eth1. I want to allow and forward all traffic on eth0 and block all traffic on eth1 except ssh, ping(icmp) and DNS. How do I do this? Ive tried some editing in /etc/sysconfig/iptables but no luck.
View 1 Replies
View Related
Sep 21, 2010
I have openvpn tunnel setup between two CentOS servers. One of the CentOS servers also acts as a DHCP server for some client computers.
Server A= OpenVPN server
Server B= OpenVPN client (connects to Server A with OpenVPN)
The two CentOS servers can ping each other (172.16.0.0/24) via the tun0.
However, client computer connected to Server B (DHCP server) can't reach 172.16.0.1 (which is the OpenVPN server).
I think I am missing some routing in my "ip route show". Following is the full picture:
What command can I issue to get this fixed? something along ip route add?
There is no firewall service on both end. service iptables stop! I can't bridge eth1 and tun0 as DHCP server might mess up the other side. I can't do a push of "redirect-gateway def1" because then clients loose their IP as they send DHCP requests to Server A.
View 2 Replies
View Related
Jul 19, 2010
Does anyone know how to measure the traffic (packets per seconds in and out) on a specific TCP socket ?
View 3 Replies
View Related
Sep 14, 2010
I want to check if traffic to a specific URL is being throttled by a hospital acting as an ISP. A client is having great trouble accessing a hosted web-app from inside the hospital, but access is fine from outside. The hospital IT dept are not interested as the rest of the Internet is fine. I need to trace where the latency is creeping in or where the throttling is happening, if I can do that, the hospital will remove it. Traffic is standard http to a specific URL.
View 9 Replies
View Related
Jul 30, 2011
I am running Debian Squeeze on an old pc (AMD K62-500) which serves as my multiwan router and torrent box. Internet uplink is provided via a dsl line and 2 wireless canopy modules.
Setup has been generally fine except when connecting/downloading as free user from sites like rapidshare, hotfile, filesonic, etc. The problem arises when I am connected to these sites using the wireless uplinks because of the shared public ip. I don't really download that much using direct download methods so I don't really see myself being a premium user from these sites.
If these sites are on a specific ip or ip range, an entry on the static routing table would have been fine but when I tried using ping, a different ip would appear to reply each time.
I wonder if there can be a solution like using iptables where in traffic to and from these sites will only use the NIC connected to the dsl line.
View 1 Replies
View Related
Aug 12, 2010
I'm hoping some of the Linux network experts can help me with this problem.
Situation: I have a technology which is a WebLogic JEE application that communicates to an Oracle database. Everything is installed in a single Linux virtual machine running in VirtualBox. Traffic from the JEE application goes via JDBC over TCP to the local running database. What I want to do is test a new database firewall server that wants all traffic destined for the database to flow via another virtual machine running the DB Firewall software.So therefore want I need to do is have DB traffic forced out over one interface only to return on another interface on the same VM listening on a different address.
JEE application running in WebLogic bound to 192.168.111.12 (eth1 a VirtualBox hostonly interface). Makes a request for 10.0.111.12 (eth2 a VirtualBox internal interface) which the database is listening on. Because both IPs are on local interfaces, Linux is going to handle the traffic and not route the 10.x traffic via the 192.x interface.I also have running the database firewall server which has a bridge (br0) between the HostOnly network and the Internal network.Both systems are running Oracle Enterprise Linux R5U4, which is basically the same as RedHat.What I want to do is have the request for 10.0.111.12 forced out via 192.168.111.12, bridged over the br0 connection and back into 10.0.111.12 and to the database. My networking knowledge is pretty good, but i'm stuck right now on the right way to do this. I'm pretty sure it is possible, I just need clear advice.
Reason for setup: Ideally I would build the system with the database on a separate machine so that I can easily route the traffic. Unfortunately we have many VirtualBox based demonstration systems with both the application and database installed on the same VM and therefore the amount of work to migrate these two dual VMs is going to be significant, also many of these VMs are demonstrated from laptops which have limited resources and creating a new database VM reduces overall performance. If I can create a way to force the traffic in this manner off and back onto the same VM via the other VM bridge, it would be fantastic.
View 7 Replies
View Related
Aug 21, 2010
I have a linux router with 2 physical ISPs and a VPN tunnel that all my traffic passes through. I would like to setup a rule to redirect all traffic from one internal IP address (10.0.0.x) through the physical link only. My current script is as follows.
iptables -F
iptables -X
echo 1 > /proc/sys/net/ipv4/ip_forward
[code]....
My goal is to do something similar to the mangle on the tor traffic, but for an entire host.
View 2 Replies
View Related
Jun 1, 2010
Im running a web server on port80, but i want traffic coming from ip 212.333.111.222 on port 80 to be fowarded to port 9020 on the same server that my web server is rinning at that is my sshd port
View 1 Replies
View Related
Jul 28, 2011
I need a simple traffic monitor for Linux, that counts the traffic in a specific wireless network because I have volume restrictions on that one.I tried it using the following iptables rule:
[code]...
iptables -m mac -A INPUT -p all --mac-source <mac-address> ! -s 10.0.0.0/8
where <mac-address> is the router's one. 10.0.0.0/8 is the local subnet. What I actually want is something like --routed-through <mac-address>. Also, is there some way to gather iptables's statistics? Or is there maybe another tool that does what I want (reliable)?
View 3 Replies
View Related
Apr 15, 2011
I am running Debian Squeeze with the following basic services running:DNS
DHCP
Samba
Squid
The server is setup with three NICs: eth0 (WAN1), eth1 (WAN2), and eth2 (LAN).The server addresses clients with an IP range of 10.0.30.1 - 10.0.30.254. Some clients will be set with reservations so they fall into the 10.0.40.1 - 254 range.
What I want to do is have any outgoing external traffic coming from the first range (10.0.30.0) to use WAN link 1, and any outgoing external traffic coming from the second range (10.0.40.0) to use WAN link 2.
I have sort of got something working. I have created a bare minimum transparent squid3 setup on port 3128, and set the iptables as follows:
Code:
iptables -t nat -A PREROUTING -i eth2 -p tcp -m tcp --dport 80 -j DNAT --to-destination 10.0.0.1:3128
iptables -t nat -A PREROUTING -i eth0 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128
iptables -t nat -A PREROUTING -i eth1 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128
I can get internet access, however obviously it only goes through one WAN link. It also seems slower than it should be. I experimented with tcp_outgoing_address, but seemed to not be my friend.
View 4 Replies
View Related
Sep 27, 2009
Recently I notice that when I'm connected to an vpn server (pptpd) and I'm using it as a default gateway my download and upload speed decreases almost to the half of the usual speed. I made a test using iptables in order to count how much GRE packets are generated (except the real traffic itself) in that way:
Code:
iptables -I INPUT -p gre -j ACCEPT
iptables -I OUTPUT -p gre -j ACCEPT
iptables -I FORWARD -s 172.16.10.101 -j ACCEPT
iptables -I FORWARD -d 172.16.10.101 -j ACCEPT
The first 2 rules match all GRE packets between the pptpd server and client, and the next rules - the traffic between the server and the client.
When I turn the counters to zero and begin to generate traffic (to browse, to download etc.) I see that the GRE packets are even more than these in the FORWARD chain.
So, my question is first of all is my test correct and is it true that so much gre traffic is being generated during the browsing (it becames clear that the traffic is double than if the pptpd wasn't used as a gateway) and if yes - can that traffic be reduced?
View 3 Replies
View Related
Mar 30, 2010
If I wanted to control a small circuit, how would I send a +5 voltage signal to a specific pin, either it be a parallel port, com port, or maybe a specific pin on a ide (or floppy pin's) wire? My distro of choice would be debian.
View 1 Replies
View Related
Jul 15, 2010
I have installed the package mailutils by following command:
sudo apt-get install mailutils
Now I want to send mail using the following format:
$mail <username>@gmail.com
I am doing the normal procedures but the mail is not sent.
View 1 Replies
View Related
Sep 4, 2010
I am looking into 1026TT-TF and 6016TT-TF for a CentOS 5.4 or 5.5 64bit installation:
SuperMicro 6016TT-TF
SuperMicro 1026TT-TF
It will be used as a Web-server mostly. Since they are twin nodes, one node will be one strong firewall. I have been checking all over and I can't find any driver, bios, or issues with this specific motherboard from Supermicro and Intel 5500/5600 series CPUs. Is there anything that would concern you with these servers?
I am also looking to put in a 4-port Gigabit LAN card into one node which I doubt makes any difference in the whole equation. Further more, and most importantly, the first one takes only 2.5" HDDs and the second option accepts 3.5" HDDs. Other than size availability and price, are there any concerns regarding performance when chosing one over the other? System which accepts 3.5" HDDs only takes two per node so I have to opt for 1TB drives. For the 2.5" system I can go with 4 of 2.5" HDDs of 500GB in size. Either of options selected will be setup in RAID-1.
View 5 Replies
View Related
Oct 15, 2009
While I was tweaking 5.3 to get it up to speed on a couple of servers, I used to make some use of IRC 9#centos). Haven't looked at it for a while. Decided to fire it up again tonite, only to find things...have changed. Now there is seems to be 2 channels: #centos and #centos-unregistered. I *was* already registered with nickserv, but that didn't seem to work anymore. Re-registered, but am still seeing no traffic at all. My irc client (chatzilla) suggests there are lots of users 'online', but still - not seeing any traffic at all.
View 5 Replies
View Related
Mar 23, 2010
I am looking to create a user to be able to do WinSCP or SSH into the system and only be able to see /var/www/html/joomla/ and that is it. I don't want them to be able to start or stop service but be able to upload and download files to the specific directory or change privileges of the mentioned directory. Is that possible? what commands should I run.
View 1 Replies
View Related
Apr 17, 2010
why tun0 on my client is not getting an ip address?
client config:
Code:
client
dev tun
proto udp
remote 66.219.29.99 1194
resolv-retry infinite
[code]....
View 2 Replies
View Related
Sep 20, 2010
i am using openvpn on my laptop. I had to give the laptop for repair so i swapped the hdd in another laptop.
Now i have a tun0 relict in my system, so openvpn creates a tun1 interface and messes up all the routes.
So i am wondering how can i delete the tun0 interface from my ubuntu?
View 3 Replies
View Related
Oct 18, 2009
how to configure my network for web traffic.Here is my setup:I have the following virtual machines, (all guest are running on CentOS 5.3);
firewall: Smoothwall 3.0, (hardware, not virtual)
guest # 1: Apache http server
guest # 2: Qmail server
guest # 3: Proftp server
I want all of these services on different machines for security reasons, (mainly the ftp server) how do I route the traffic from the firewall to the different machines? I have been looking at setting up a reverse proxy, however, everything that I have read says that a reverse proxy will not handle the smtp/pop3 traffic. Can I just use a DNS server to route the traffic?
View 5 Replies
View Related
Apr 27, 2010
We have something on our network that is reaking havoc with our content filter. I am trying to track it down, but so far I have been unsuccessful. We have approximately 500 devices in 100+ different locations spread across 9 states. Looking at each computer is not really feasible.
I need a machine that can sit in between our network and our internet connection and graphically monitor in real time and logs how much traffic each device is sending and receiving. It would need to sit inline so it has to have two nics and be able to pass traffic. The machine also needs to be transparent. Reconfiguration of our routers or workstations is not an option.
I have used ethereal and wireshark before. Ethereal may be a viable option, but wireshark seems to provide lots of information, but no practical way to make use of it. how to set up the box to be a transparent device on the network that will allow internet bound traffic to flow (freely)?
View 3 Replies
View Related
Oct 18, 2010
I'm having a problem and despite I have googled a lot cant find the root cause. I have a server with two embedded NICs and centos 5.5 loaded. I need to have one NIC with a fix internal IP address to communicate with the intranet and a second NIC with a fix address from my telephone provider. I know I cant have two different gateways on the net so I configured only the gateway for the second NIC leaving the field empty for the first.
I found that the first NIC is handling all the traffic for both interfaces (eth0 and eth1) and the second NIC is in standby (or doing nothing). This is causing the traffic intended for the second NIC never reach their destination. After a couple days working with the BIOS and other configuration files I tried another way of solve the issue. I put a fix address for the first NIC and another fix address for the second NIC (both in the same subnet) and from a computer pinged successfully both addresses. However if I disconnect the cable for the first NIC both interfaces goes down (eth0 and eth1) and both pings fails. If I disconnect the cable for the second NIC (with the first one connected) both pings still running without any disturbance.
I worked also in a second server with different hardware (different kind of motherboard, different NIC manufacturer, etc.) but the problem is also present in this second server. I was reading about NIC bonding or teaming, but this configuration is not present in the modprobe.conf or in the ifcfg-eth0 files, so I believe the problem is not related with this feature. Do you know what is happening with the NICs and how can I get two really, fully independent NICs?
View 7 Replies
View Related
Jan 25, 2011
Under high UDP traffic condition, we find we cannot receive UDP packet (can be captured by tcpdump) from socket neither use bare "recvfrom" nor "select recvfrom " pair. Is there any similar problem reported from user?
Any tunning or socket establish option can help?
Or is there any improvement available from the latest version?
our using linux version is CentOS 5.5
ethernet driver version is Intel (R) Gigbait Ethernet Network Driver version - 1.3.16-k2
View 1 Replies
View Related
Sep 12, 2011
Currently I have a server which runs under centOS 5.6. It is dedicated to the VoIP application of my customer.I have a problem for which I have the solution but I didn't managed to achieve it.So, let me explain you the context.Here is the networking aspects of my environment
VoIP Provider_____Gateway_____________My server
ADSL Provider____(non pingable)
x.x.x.2 <====> A.A.A.1 <======> A.A.A.3
[code]....
View 2 Replies
View Related
Feb 16, 2010
I have a DELL running CentOS 5.4 with 2 active NICs, one with an external IP address (eth0) on 123.456.78.9 and another that is connected to our internal network (eth1), 192.168.2.x. When I reboot the server, everything works glowingly. External traffic is correctly routed over the external interface (eth0) and internal traffic over the internal interface (eth1). After some random amount of time, a couple of hours and sometimes a couple of days, all traffic starts getting routed over our internal network, so DNS requests fail, internet pages don't load, smtp connections fail, etc.
I'm assuming that everything that's not headed for our .1, .2 or VPN internal networks would go out the external interface. And why this works for a period of time and then stops working is beyond me. And when external traffic starts going over the internal interface, I just reboot and it starts working like it's supposed to again.
View 13 Replies
View Related
Sep 16, 2010
We have a production web site running apache 2.2.3 across several web servers. we also have a major problem with SPAM comments right now. our method of identifying valid IPs (whether by external clients/customers, or internal personnel) vs SPAM'ers is not ideal - its prone to erroneously labeling legit IP's as targets to be blacklisted.
What we need is.. a way to see how much distinct request traffic is coming from any given IP address to the site in real time (or very near realtime). Essentially we want to see in some graphic/chart way requests per sec to apache / per ip sorted by requests per sec.Would nTop do this? I've only used this in a limited form at a branch office, not on a production web server.
View 3 Replies
View Related