Debian Configuration :: Multiple Gateways / Firewalls Pointed To One Interface?
Apr 4, 2016
I am having some troubles using iptable rules on two Servers that act as Gateways pointed to one backend server with only one interface.
To be more exact, i have 3 Servers, 2 of those have a public and a private interface, with different public ips but common private interface ( they connect to the same switch ), the last one only has 1 private interface and is connected to that same switch.
Those 2 servers also act as a gateway and a firewall for the private network.
My problem is that i cannot seem able to route traffic from both of those to the third one and back to the same public ip that the request came from ( effectivly using two gateways on the machine with only one interface ).
As a testing scenario i am using ferm for applying iptable rules that forward ssh traffic ( for example ) to the backend server, and it works well when i do it with one gateway.
When i apply something like this in /etc/network/interfaces on the backend server though:
Code: Select allauto eth0:0 eth0:1
# The primary network interface
allow-hotplug eth0
iface eth0:1 inet static
address 192.168.9X.XXX
netmask 255.255.255.0
broadcast 192.168.9X.255
network 192.168.9X.0
[Code] ....
Even though forcing selection of an interface from the backend server ( like curl --interface ) seems to work well, meaning that the request to the curl appear to happen from the correct public ip, i can still only use one of the public ips to access the server with the ferm rules. Ideally i should be able to ssh to the backend server from both public ips using their ferm rules for forwarding traffic to the backend server.
I feel like i am missing some details on routing that should happen on the firewalls as the backend server seems to be able to use both gateways to access the internet and receive replies from it.
View 2 Replies
ADVERTISEMENT
Dec 27, 2015
I'm renting a server which comes with 5 IP addresses, but only one network device. From what I can understand I'm able to create aliases by adding entries to /etc/networks/interfaces, I haven't tried I'm in the planning stages. Hypothetically, 192.168.22.30 is my primary IP and I want to set eth0:1 to have 192.168.22.31, and then after that I want to create a virtual machine (using kvm/qemu) that is able to communicate bidirectionally to the internet over eth0:1, and leave eth0 strictly for administrating (not for VM traffic).
The qemu guides I'm finding seem to assume that I want to use TAP or VDE, what I want to use is a sub-ip/alias. One guide I saw had me eliminate everything from eth0 and put it under br0. That would leave me unable to ssh into my server (and unable to administrate). Is there a way I can do something along the lines of: qemu [options] -net [option] -netdev=eth0:1 ?
View 1 Replies
View Related
Jul 23, 2015
I want to configure multiple virtual ethernet interfaces over a single physical ethernet interface (eth0) and for each virtual interface the MAC address must be unique and the IP address must be Static.Finally all the virtual interfaces must be able to communicate both internally and externally and the traffic should be captured using wireshark.
I need to have such kind of setup to communicate devices individually using one physical ethernet device.
Because I was fiddling with few kernel modules like MACVLAN and MACVTAP and successfully enabled those modules and rebuild kernel. Using macvlan and macvtap I can configure virtual interfaces with unique mac address and static IPs but while capturing packets using wireshark interfaces behave weirdly.
For example say on HOST machine I have 1 physical interface and created 3 virtual interfaces as shown below.
Interfaces :
eth0 (physical ethernet interface)
IP: 192.168.A.A
MAC: aa:aa:aa:aa:aa:aa
[Code] ....
First from above interfaces I started pinging eth0 internally from host machine in which it worked as usually.
Second I did same externally from other machine which is connected to the same network of Host machine, and this did work as usually.
Third I pinged first virtual interface veth0 both internally and externally and this also works and after that I did check source and destination MAC address using wireshark tool-where both showed up there respective MAC address.
Now triggers the issue, where I pinged second virtual interface same like I did for first one, but this time ping was success and where as in wireshark tool the MAC address for veth0 is picked by veth1. This is where I got stuck and this issue happened for all the remaining virtual interfaces.
I couldn't see any virtual interface showing their respective MAC address, as of the remaining except the first virtual interface has been picking the first veth0 mac address.
View 5 Replies
View Related
Dec 1, 2010
I have 3 servers interconnected with IPs 192.168.150.1-3. First two has internet connection and third first server uses them as gateways. After googling and reading howtos I managed to get it working: The firewall for ssh on first server is defined
Code:
...
iptables -A EXTIN -p tcp --dport 23 -j ACCEPT
iptables -A FORWARD -p tcp -d 192.168.150.3 --dport 22 -j ACCEPT
iptables -t nat -A POSTROUTING -d 192.168.150.3 -p tcp --dport 22 -j SNAT --to 192.168.150.1
iptables -t nat -A PREROUTING -i ppp0 -p tcp --dport 23 -j DNAT --to 192.168.150.3:22
...
On Seconds server:
Code:
...
iptables -A EXTIN -p tcp --dport 23 -j ACCEPT
iptables -A FORWARD -p tcp -d 192.168.150.3 --dport 22 -j ACCEPT
iptables -t nat -A POSTROUTING -d 192.168.150.3 -p tcp --dport 22 -j SNAT --to 192.168.150.2
iptables -t nat -A PREROUTING -i ppp0 -p tcp --dport 23 -j DNAT --to 192.168.150.3:22
...
And on third route is defined like this:
Code:
ip route add default scope global nexthop via 192.168.150.1 dev eth0 nexthop via 192.168.150.2 dev eth0
It works, but the problem is that connections on third server are shown that their connected from 192.168.150.1 or 192.168.150.2. Are there is any way to keep original connection source address, when connecting to 192.168.150.3?
View 2 Replies
View Related
Apr 6, 2010
I'm hosting a Sendmail Cyrus-Imap server on fedora 12. I recently installed a second NIC on a second internet gateway and successfully configured source based routing. Clients are able to connect over the mail.domain.com received from the gateway 192.168.0.1 to the interface 192.168.0.254. ETH0. Clients are also able to connect from pop3.domain.com and smtp.domain.com from the second gateway 192.168.1.1 to the interface 192.168.1.254. ETH1
I have cyrus-imap certs configured for the mail.domain.com and a Sendmial cert configured for mail.domain.com. My question is how would I tell sendmail and cyrus that the mail.domain.com goes out the ETH0 but deliver the second and third cert (eg cyrus sends pop3.domain.com and sendmail sends smtp.domain.com) to clients connected on ETH1?
View 1 Replies
View Related
Jan 31, 2016
Is is possible, via iptables or something similar, to bind a service running on a specific port to a specific interface? My case: I use a VPN service for privacy. I would like to have all traffic except ftp and ssh to run over tun0. Ports 21 and 22 will need to be accessible to the outside world (eth0) while the VPN is running.
View 3 Replies
View Related
Apr 3, 2010
I'm facing a strange networking problem here. I'm running Debian Lenny in an OpenVZ container and my network setup is as follows:
link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
[code]...
View 4 Replies
View Related
Apr 18, 2010
After updating and subsequently restarting today, I can no longer bring up my wireless interface:
ifup wlan0
SIOCSIFFLAGS: Unknown error 132
Could not set interface 'wlan0' UP
SIOCSIFFLAGS: Unknown error 132
SIOCSIFFLAGS: Unknown error 132
Failed to bring up wlan0
iwconfig
lo no wireless extensions.
eth0 no wireless extensions.
wlan0IEEE 802.11abg ESSID: off/any
Mode: Managed Access Point: Not-AssociatedTx-Power=off
Retry long limit:7RTS thr: offFragment thr:off
Encryption key:off
Power Management:off
lsmod | grep iwl
iwl3945 77904 0
iwlcore127432 1 iwl3945
mac80211 180929 2 iwl3945, iwlcore
cfg80211 142905 3 iwl3945, iwlcore, mac80211
View 1 Replies
View Related
Jan 29, 2011
Suppose I have both a hardwired and a wireless network connection active on the same system at the same time. Can I tell my browser which one to use? Can I tell other programs which one to use? Or do they choose for themselves> Or does some automatic system protocol select which one to use for them?
View 5 Replies
View Related
Mar 15, 2016
Is this a problem of systemd or network-manager however when I started to see this alert I noticed the nm-applet doesn't start automatically anymore.
Code: Select allsystemctl status network
networking.service network-online.target network.target
network-manager.service network-pre.target
zagor@Debian-635:~$ systemctl status networking.service
● networking.service - Raise network interfaces
Loaded: loaded (/lib/systemd/system/networking.service; enabled; vendor prese
[Code] ....
View 5 Replies
View Related
Apr 30, 2010
I tried installing the driver following the instructions in the link given below.
viewtopic.php?t=7949
But now also its now working either. After installing the outputs are given below.
[Code].....
View 7 Replies
View Related
May 25, 2011
i am wanting to turn my Debian box into a wireless AP, but for some unknown reason the wireless card won't switch into master mode when i run the command #iwconfig wlan1 mode master i get this Error for wireless request "Set Mode" (8B06): SET failed on device wlan1 ; Invalid argument. what does this mean and what do i need to configure/install to get it to work my wirless card is supported i checked it's a zydas chipset using the zd1211rw driver SMC EZ Connect SMCWUSB-G [URL]
View 14 Replies
View Related
Jul 27, 2011
I have a ppp0 entry with post-up options like this
mapping ppp0
map none photon-plus motorola
map timeout: 12
## map init-time: 12 # for slow drivers
[code]...
If I comment those off then no such problem, hence some how ppp0 executed automatically and there is no [auto ppp0] any where. How can I stop this forcefully ?
View 2 Replies
View Related
Jul 30, 2011
I am running Debian Squeeze on an old pc (AMD K62-500) which serves as my multiwan router and torrent box. Internet uplink is provided via a dsl line and 2 wireless canopy modules.
Setup has been generally fine except when connecting/downloading as free user from sites like rapidshare, hotfile, filesonic, etc. The problem arises when I am connected to these sites using the wireless uplinks because of the shared public ip. I don't really download that much using direct download methods so I don't really see myself being a premium user from these sites.
If these sites are on a specific ip or ip range, an entry on the static routing table would have been fine but when I tried using ping, a different ip would appear to reply each time.
I wonder if there can be a solution like using iptables where in traffic to and from these sites will only use the NIC connected to the dsl line.
View 1 Replies
View Related
Dec 9, 2010
I have been trying to get my wireless interface work but i am unable to find a driver for the wireless interface.
View 1 Replies
View Related
Jan 26, 2011
I have a Debian server that had only one onboard NIC (1000 Gbps) but now I've added two PCI Intel Pro 1000 NIC's into the system to bump up the total # of NIC's to three. My question now is can I specifically assign or force Debian which interface to configure as ethx? I would always like my onboard NIC to be 'eth0' and the two additional NIC's to be 'eth1' and 'eth2'. For some reason Debian loads the modules at random and sometimes what was my
View 2 Replies
View Related
Dec 29, 2010
Is there a way to configure apt to use different proxies for different repository servers?
View 1 Replies
View Related
Feb 7, 2016
I'm trying to setup a DHCP server that serves several different VLANs, we have 5 in total. Our network is working correctly, with static IPs, we're able to ping across without any issues.
When I connect my debian box to an interface on VLAN5, statically assign an address in the correct range, it works. Similarly with all other VLANs.
To configure this box as a DHCP, I set one of the ports on the switch as trunk, connect that to the debian box to allow all VLAN traffic to reach my debian box.
I setup DHCP following the steps on [URL] ....
Then I configured different VLANs by following the steps on [URL] .....
However, with the vlans setup, I am unable to ping anything. This is essentially what I did.
Code: Select allSet the port on the switch to trunk with 802.1 encapsulation
disable eth0
vconfig add eth0 5 # to add vlan 5
ifconfig eth0.5 192.168.5.254 netmask 255.255.255.0 up
vconfig add eth0 5 # to add vlan 10
ifconfig eth0.5 192.168.10.254 netmask 255.255.255.0 up
[Code] ....
I do not know why I am unable to get any connectivity through my VLAN interfaces.
View 2 Replies
View Related
Aug 15, 2010
I was wondering if/how it would be possible to compile a kernel package where two featuresets are applied. I notice that xen-vserver seems to have been done and wanted to make a xen-openvz kernel if possible to use VZ containers in a Xen DomU. I've tried reading the metadata files in the debian/ dir of the kernel source but there seems to be a lot "going on" and I couldn't make much sense of it...
View 1 Replies
View Related
Jun 12, 2011
I have a laptop running Debian Squeeze that has one wifi nic - wlan0. The ethernet nic eth0 is faulty.I have configured /etc/network/interfaces to enable wlan0 to access my home wireless LAN. The SSID for this connection is wlan1 and the security used is WPA2.A second SSID configured for the wireless LAN is wlan2 and the security used on this second SSID is WPA.Is it possible to configure wifi networking on this laptop to be able to connect to this wifi network using either SSID - wlan1 or wlan2 - via the laptop's sole network interface, wlan0?
View 12 Replies
View Related
Jul 27, 2011
I have several mails which I want to scan by using spamc and thats the problem.
It works when I use just one mail message as a parameter of spamc. E.g. spamc -c < 17383. BUT when I want to pass several messages on spamc e.g. spamc -c < 17383. 18974.(spamc scan just the first message) OR when I use a whole directory e.g. spamc < ./test/* it doesnt work. (output: -bash: ./test/*: ambiguous redirect)
how to pass multiple files in command line on spamc? I know - I can create a script, but I would be glad if it worked for testing in CLI (command above).
View 1 Replies
View Related
Mar 18, 2010
The first thing that comes to my mind is to add (copy) the script in /etc/init.d and the /etc/rc* directories by hand. Debian's automatic handling of init scripts on package install/removal is quite nice, so I tend to shy away from making any manual changes if there's an automated way to do it. Which leads me to the question: is there an official way to run a second instance of a daemon? (Tried google, didn't find much more than a bug report).
View 4 Replies
View Related
Mar 29, 2010
I have a rather urgent problem with my network, I got two virtual network interfaces one internal and one external. The problem is; I can't get connection to internet. The external NIC is set as a NAT and the internal is... internal.
/etc/network/interfaces
auto eth1
iface eth1 inet static
address 192.168.1.200
netmask 255.255.255.0
Running with this configuration makes my internet connect go away, however if I remove the configuration for eth1 everything is working fine.
View 3 Replies
View Related
Sep 6, 2010
Currently, a user is able to log into multiple terminals simultaneously, creating a copy of their roaming profile on each, and potentially causing problems if the instances are logged out in the wrong order. Is there any way to prevent this, so that if a user has logged in on a machine and not logged out (and perhaps some timeout has not yet expired) then their login attempts on another machine will be rejected.
View 2 Replies
View Related
Dec 4, 2010
I have 2 users on my HPmini 210 netbook running Squeeze. I just found out that it does not connect to existing wireless networks when I login as the second user. Is it supposed to happen by default or am I supposed to do something to make that happen? Another problem is that when I tried to create "new connections" again for the second user, the keys won't work. The same keys are working for the first user. The network keys are WEP 64 bit HEX.
View 2 Replies
View Related
May 29, 2011
Our Canon MX340 printer is WiFi connected using an IP address. This works well except that whenever the printer is turned off (for any reason) it chooses another IP next time it is turned on. As near as I can tell, it has two IP numbers: 192.168.1.64 and 192.168.1.65 Is it possible to enter both in the CUPS configuration so that CUPS will find the printer whichever number it is using?
View 1 Replies
View Related
Aug 30, 2015
I've always used Debian with a single monitor and no need of proprietary drivers, because I usually don't do graphics or multimedia. Now I'm asked to set-up a machine with 3 nvidia video cards (770) and 4 monitors and everything went south. I started with just 2 monitors connected to 2 different video cards, not wanting to push my luck.
I installed a fresh Jessie and followed the instruction to install the nvidia drivers and tools from the Wiki. Everything went smooth. After reboot I executed (as root) nvidia-settings and I configured the two monitors to be one to the right to the other, with BaseMosaic option (at this point just one monitor was active) I saved the configuration to /etc/X11/xorg.conf , I even executed nvidia-xconfig as suggested, I rebooted and nothing happened, only one monitor was working, while the other -- looking again in the nvidia settings -- was still disabled.
I then tried with xinerama option and things are even worse, since now both monitors are black. I can login in one textual shell, but then I don't know what to do, since in my 10+ years of linux ... I never had to mess with X server. Is there a way to at least recover a working X without reinstalling everything?
View 0 Replies
View Related
Jun 12, 2010
I now have 2 desktops running debian. I have virtual servers running in desktop 1, and I am hosting my photos using Gallery2. I have copied Gallery2 and the mysql over to desktop 2. I have entered port forward to desktop 1 using port 80 (using my router), and desktop 2 using port 1000. I can only access Gallery2 in desktop1. If I tried to access Gallery2 in desktop 2, I got re-directed to desktop1.
Questions:
1. Are home routers capable of port forward to more than one computers in a home network behind the firewall of the router? It is Belkin N+ router.
2. Can multiple virtual servers be setup in 2 desktops?
View 4 Replies
View Related
Aug 16, 2010
I want to build a custom system and I need your opinions. I have an old laptop which I want to configure as a system for troubleshooting purpose, my idea is to have multi-boot system with multiple root file systems, e.g. one root file system has only BIND to work as DNS server, another root file system has only Samba, etc., and I can choose which system to boot into from grub, or a custom menu after booting grub.
I thought of setting multiple partitions and install a full system on each one, but I thought that there might be a better way to do this, I'd like to hear your opinions.
View 2 Replies
View Related
Aug 30, 2010
I have a folder, called Vault, that we want to share only with certain people. Because it will contain confidential information.
I want the unix group trustees to have read-only access I want the unix group administrators (and root) to have read/write access
All other users should have no access.
the implementation I have so far is:
folder owner: root:administrators
folder permissions: 770
section from smb.conf
[Code]....
However, this is not working as expected. It currently works as follows:
Normal user: No access (expected) Trustees member: No access (fail. Trustees should be able to read) Administrators member: Read/write access (expected)
View 3 Replies
View Related
