Debian Configuration :: Routing - Forward All Traffic To An Ip To Another Ip?
Jul 25, 2010
I need to be able to do the following: Physical Router located at 192.168.40.1 On Ubuntu 10.04 Lucid machine:
eth0 with static ip 192.168.40.2
eth1 with static ip 192.168.40.3
eth2 with static ip 192.168.40.4
Associate a virtual address to eth1 with an entirely different network address such as 192.168.50.1 Do the same (virtual address) for eth2 -- e.g. 192.168.60.1 In the application:
register phone number A at 192.168.40.1 (The application will automatically use eth0 for this)
register phone number B at 192.168.50.1
register phone number C at 192.168.60.1
Somehow forward all traffic (including the register request) sent to 192.168.50.1 to 192.168.40.1 as if the register had been made directly to 192.168.40.1. In other words, the app "sends" registration and traffic to 192.168.50.1 but then Ubuntu forwards it to 192.168.40.1 (but the app does not know that). Similarly, forward all traffic sent to 192.168.60.1 to the router at 192.168.40.1.
Do the same for the reverse, forward all traffic that the router sends back to 192.168.40.3 (eth1) to 192.168.50.1 (within the Ubuntu machine) so that the app knows it is for phone B. Similarly forward all traffic that the router sends back to 192.168.40.4 (eth2) to 192.168.60.1 so that the app knows it is for phone C. Thus, the application believes that it is registering at 3 completely separate routers on 3 completely separate networks via 3 separate network interfaces but in fact is really registering all three to the same router (but does not know that). Similarly, the router believes that it is receiving 3 separate registrations because it receives each registration request and traffic from 3 separate interfaces and thus 3 separate mac addresses (i.e., of eth0, eth1, and eth2). Traffic sent to and from the router for each of the 3 phone numbers (via eth0, eth1, and eth2) are not mixed because the translation happens in both directions.
View 10 Replies
ADVERTISEMENT
Jul 25, 2010
I need to be able to do the following: Physical Router located at 192.168.40.1
On Ubuntu 10.04 Lucid machine:
eth0 with static ip 192.168.40.2
eth1 with static ip 192.168.40.3
eth2 with static ip 192.168.40.4
Associate a virtual address to eth1 with an entirely different network address such as 192.168.50.1 Do the same (virtual address) for eth2 -- e.g. 192.168.60.1 In the application:
register phone number A at 192.168.40.1 (The application will automatically use eth0 for this)
register phone number B at 192.168.50.1
register phone number C at 192.168.60.1
Somehow forward all traffic (including the register request) sent to 192.168.50.1 to 192.168.40.1 as if the register had been made directly to 192.168.40.1. In other words, the app "sends" registration and traffic to 192.168.50.1 but then Ubuntu forwards it to 192.168.40.1 (but the app does not know that). Similarly, forward all traffic sent to 192.168.60.1 to the router at 192.168.40.1.
Do the same for the reverse, forward all traffic that the router sends back to 192.168.40.3 (eth1) to 192.168.50.1 (within the Ubuntu machine) so that the app knows it is for phone B. Similarly forward all traffic that the router sends back to 192.168.40.4 (eth2) to 192.168.60.1 so that the app knows it is for phone C. Thus, the application believes that it is registering at 3 completely separate routers on 3 completely separate networks via 3 separate network interfaces but in fact is really registering all three to the same router (but does not know that). Similarly, the router believes that it is receiving 3 separate registrations because it receives each registration request and traffic from 3 separate interfaces and thus 3 separate mac addresses (i.e., of eth0, eth1, and eth2). Traffic sent to and from the router for each of the 3 phone numbers (via eth0, eth1, and eth2) are not mixed because the translation happens in both directions.
View 9 Replies
View Related
Mar 3, 2010
How can I forward all traffic from a public IP to another public IP. Let's say I have a first debian box named box1 with eth0 = 1.1.1.1 and eth0:1 = 1.1.1.2 and I want to forward all traffic from 1.1.1.2 to "box2" located somewhere else over the internet and having for eth0 2.2.2.2 Both 1.1.1.0/24 and 3.3.3.0/24 are public IP ranges.
View 1 Replies
View Related
Sep 29, 2010
I need to set up my centOS computer as a firewall in my home network. Ive got 2 interfaces, eth0 and eth1. I want to allow and forward all traffic on eth0 and block all traffic on eth1 except ssh, ping(icmp) and DNS. How do I do this? Ive tried some editing in /etc/sysconfig/iptables but no luck.
View 1 Replies
View Related
Jan 22, 2010
I'm having trouble to configure my debian (2.6.26-2-686) with some routing tuning. In fact, I have a VPN provider. I want my Squid Proxy use this VPN provider and I have to use policy routing because my ISP forbid IP spoofing.
View 2 Replies
View Related
Apr 3, 2010
I'm facing a strange networking problem here. I'm running Debian Lenny in an OpenVZ container and my network setup is as follows:
link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
[code]...
View 4 Replies
View Related
Oct 6, 2010
I am sharing my DSL internet connection using a modem+wireless router (single device) to 5 systems. I want all my internet traffic to go through one of the linux boxes in my network.
The problem here is that wireless devices connect directly to the modem+wireless router.
Is such routing of traffic possible??
PS: I am not sure if i could convey my situation clearly...
View 2 Replies
View Related
Apr 9, 2010
I have two IP address on my iMac I want to "bridge". I'm not sure what the proper terminology is... here's the situation.
My iMac has a firewire connection to my laptop and an ethernet connection to the rest of my office. My laptop has an ip of 192.168.100.2 (on the firewire interface). My iMac has an IP of 192.168.100.1 on the firewire interface, and two IPs, 10.1.0.6 and 10.1.0.7, on it's ethernet interface.
If I wanted to forward all traffic coming in from 192.168.100.2 on my OS X machine to go out on IP 10.1.0.7, and vice-versa, can this be done? I assume I would use the ipfw command.
Essentially I want to "bridge" the firewire network to the ethernet network so my laptop can see all the machines on the 10.1 network, and all those machines can see my laptop at 10.1.0.7. Is this possible?
View 3 Replies
View Related
Jun 2, 2011
My kind isp had set up a authoratitive dns server that can't be cancelled that points to the wrong ip address. Hence I need to take all the traffic going into server A at the ip address aa.aa.aa.aa and send it all onto server B at ip address bb.bb.bb.bb. After much head scratching, I managed to achieve it as follows:- On the server at ip address A, set up following :-
iptables -t nat -A PREROUTING -d aa.aa.aa.aa -j DNAT --to bb.bb.bb.bb
iptables -t nat -A POSTROUTING -d bb.bb.bb.bb -j MASQUERADE
View 1 Replies
View Related
Feb 23, 2010
I'm currently reading through the Linux Advanced Routing and Traffic Control HOWTO from lartc.org, and I'm wondering whether anyone knows of a file where I could keep qos rules persistent across a reboot, similar to /etc/sysconfig/iptables for netfilter. Should I just write my own script, or does something already exist?
By the way, iproute-2.6.29-4.fc12.i686.
View 2 Replies
View Related
Aug 20, 2010
I have an Untangle Box - which for those that don't know is a modified Debian Lenny used as a router, proxy, filter and much more - It has three physical interfaces on it eht0 (incoming traffic), eth1 (Outgoing to LAN after traffic filtered), and eth2 (Called a DMZ NIC, as Untangle can be used as a router). There is also a tun0 interface setup by Untangle for VPN (Not using the Openvpn in Untangle because I need bridged a bridged VPN and this is not an option in Untangles offering), a br0.eth setup by untangle to bridge eth0 and eth1 for traffic flow through as it is inline from router to switch and not acting as the router itself, and a br0 interface that I have setup by bridge script bridging eth2 and tap0 to run OpenVPN as a bridged VPN.
The routes on the machine are as follow:
Code:
untangle:~# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.100.0 * 255.255.255.0 U 0 0 0 br.eth0
192.168.1.0 * 255.255.255.0 U 0 0 0 br0
192.0.2.0 * 255.255.255.0 U 0 0 0 dummy0
192.0.2.0 * 255.255.255.0 U 0 0 0 utun
untangle:~#
I don't see a default route listed here, however, I do have Internet connectivity on the Untangle box itself. I also know that by script to bridge the tap0 and eth2 interfaces adds a default route through the gateway on the network that eth2 is connected to. So the lack of a default route is somewhat puzzling to me, I do have the gateway set through the web based admin interface Untangle offers.
The iptables rules are as follow:
Code:
untangle:~# iptables --list-rules
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-N alpaca-firewall .....
There was an addition output rule in the alpaca-nat-firewall rule that said DROP outgoing interface eth2, I removed that rule with no change. I can ping out from the Untangle server to the eth2 LAN, I can access resources in the eth2 subnet. But I cannot get any reply from the server from anything either in that subnet or not. If I run iftop I can see the incoming traffic form my ping but the Server sends out no reply. I think this is a firewall issue. I can access the server by connecting to the IP assigned to the eth0/br0.eth interface which is in my main LAN. I am also attaching a crude diagram of the previous setup and the new setup (Previous setup used a different server for my bridged VPN).
Is there a rule I can add to ensure that traffic coming in on an interface goes out the same interface? Do I have a rule blocking incoming traffic to eth2/br0? Do I have one blocking sending out on eth2/br0? Do I have a default rule that is killing the traffic on eth2/br0 and I need to add an accept rule for traffic coming in on eth2/br0? I tried adding an accept rule for traffic coming in on br0, but it didn't work. I tried an output rule, but that didn't work, but I may have been bungling these rules as I do not fully understand the syntax and function and body of an iptables rule. The exact original iptables information before I modified anything can be viewed at [URL].
View 4 Replies
View Related
May 24, 2009
I have problem with port based routing for local traffic. I can't use trick with iptables -t mangle, ip route table 1, ip rule fwmark table 1 because it works only with forwarded packets. I can't even use patch-o-matic because it's obsolete. And xtables-addons doesn't contain support for "-j ROUTE" yet.
View 2 Replies
View Related
Sep 19, 2010
I have a question regarding Traffic Shaping in Linux, Suppose I have a server on the internet (web, email or ftp) and I want to shape outgoing traffic per IP, say 256k for each destination IP. I've seen examples on the internet on how to shape traffic per IP by adding a queue for each IP, and some examples by using u32 hash if I have e.g. a /24 network, but if I have a server and I want to shape the traffic by destination IP, and of course... since it is a server on the internet I can't manually define any IPs of subnets. An example using the tc command?
View 2 Replies
View Related
May 3, 2010
I'm intending to replace my current router (486DX2 w/16MB running FREESCO which has been faithfully working 24/7 for well over a decade) with a debian box with a bit more grunt and newer features. I'm currently setting up my iptables ruleset and am after a bit of advice re the FORWARD policy. A few example rulesets I have found set the default policy to DROP and the have two lines for each port forward, one to allow the traffic and one to direct the incoming packets to the correct machine.
iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 25 -j DNAT --to-destination 10.0.100.10:25
iptables -A FORWARD -i eth1 -p tcp --dport 25 -o eth0 -d 10.0.100.10 -m conntrack --ctstate NEW -j ACCEPT
I'm thinking of setting the default policy to ACCEPT to cut down on typing as my default INPUT policy is DROP and unless there is a valid FORWARD rule for a particular port, the packets aren't going anywhere anyway. Or have I misunderstood something. My googling returned heaps of example scripts & not much intelligent commentary. Alternatively, what do you all use to configure & maintain your debian gateways; hand rolled iptables rules, or any toolset recommendations?
View 4 Replies
View Related
Jul 29, 2009
I have a (virtual) server with 3 NIC's: 1 external (inet), 1 local and 1 DMZ. This server is my gateway.
I would like my internal network, where every server has a static 192.168.0.x IP, to access the internet via the gateway.
That means the traffic has to pass from the 'local' NIC to the 'external' NIC, connected to the internet.
Which setting do I change to accomplish this ?
Please check the sceenshot (attachment) for my current setup
View 4 Replies
View Related
May 21, 2010
I have set up a Virtual machine on a dedicated server from 1and1. I hoped to use a bridge to give the vm direct access to the internet but 1and1 do mac filtering and so the only option is to use NAT.
I used Virtual Machine Manager on my Ubuntu 10.04 machine at home to install Debain Lenny on the vm on the server using KVM and all went well. I put it on a virtual network 192.168.100.0 and i can access it from the host and i can access the internet from the guest using NAT that libvirt set-up.
I bought another ip address from 1and1 with the hope of forwarding packets to the new ip address 11.22.33.02 to the guest vm.
I have tried all sorts of routing rules using iptables without any success.
my virtual network is on virbr1 the guest ip is 192.168.100.50 my external network device is ip say 11.22.33.01 on eth0 with the secondary ip say 11.22.33.02 on eth0:1
Here are the latest rules i tried:
Quote:
iptables -t nat -A PREROUTING -d 11.22.33.02 -i eth0 -j DNAT --to-destination 192.168.100.50
iptables -t nat -A POSTROUTING -s 192.168.100.50 -o eth0 -j SNAT --to-source 11.22.33.02
iptables -A FORWARD -p tcp -i eth0 -o virbr1 -d 192.168.100.50 -m state --state NEW -j ACCEPT
iptables -A FORWARD -t filter -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT
[Code].....
View 2 Replies
View Related
Sep 16, 2015
I'm running OpenVPN service on both debian server and client. When start connection between client and server, I expect all the computer traffic (except ARP and DHCP requests) go through created tunnel. However, when I capture packets on wlan0 on client (the only connection going outside host) using Wireshark, I can see DNS requests visible and sometimes incoming TCP traffic as well, but most of the traffic is going through tunnel as expected. I provide both configurations of client and server and client routing table for inspection. I changed server address to avoid server exploitation in the case of some big configuration mistake.
Commands to run OpenVPN services are:
Code: Select allFor client: sudo openvpn --config /etc/openvpn/client.conf &
For server: sudo openvpn --config /etc/openvpn/server.conf &
**Client routing table when VPN is OFF**
Code: Select allKernel IP routing table
Destination   Gateway     Genmask     Flags Metric Ref  Use Iface
default     192.168.1.1   0.0.0.0     UG  1024  0    0 wlan0
192.168.1.0Â Â Â *Â Â Â Â Â Â Â Â 255.255.255.0Â Â UÂ Â Â 0Â Â Â 0Â Â Â Â 0 wlan0
[code]...
I searched through many forums and documentation and I found, that for all the traffic going via VPN is command: *push "redirect-gateway def1"* neccessary, however, I have leaks despite this command being in place. I already spent over 2 days with this and tried to configure it in many ways, now I have no clue what I'm missing.
View 0 Replies
View Related
Dec 12, 2010
I installed the PPTP Client [URL] and can successfully connect to my VPN (creates interface ppp0). The problem is, I'm trying to tunnel all of my traffic on my system through the connection. I've seen conflicting howtos and scripts including pptpclient's documentation (the ip-up and ip-down scripts don't work). How does one simply (even if I type it manually) tunnel the traffic?
System Info:
OS: Debian Squeeze, Kernel 2.6.32-5-686
GUI: Gnome (standard one from netisnt unstable install)
Main interface: eth1
PPTP interface: ppp0
View 1 Replies
View Related
May 10, 2011
I am trying to set up a Linux box that can act as a router (and firewall later). I have a Debian 5 installation and it has two nics in it. I am trying to use the linux route command to set up a route between the two interfaces. I am finding it difficult to do. Let me explain how I am trying to set up my network: I have the ethernet cable from my modem connecting to eth0 of my Debian box, then I have eth1 connecting to a switch, which I connect all my computers and other devices to. I want to have two different ip address schemes for the devices. So here is my interfaces file:
Code:
#eth0 connects to modem
allow-hotplug eth0
iface eth0 inet static
[code]....
So I am wondering, to get my ethernet traffic from eth0 to eth1 and vice versa, do I need to make it so the Gateway for Destination 192.168.1.0 is 10.1.1.1, and for Destination 10.0.0.0, Gateway 192.168.1.0? I have looked at the linux manpage for route and I am still confused. I have also looked at the Debian networking page, but it is still unclear to me how to do this. how I am to use the route command to get this working? Or am I not even supposed to use the route command?
View 4 Replies
View Related
May 5, 2010
The network in my company use Squid Proxy serveto browse internet.Browser is IE or Firefox, and OS is Windows XP.The company need to use a new software for work, but the software don't have function that can configure Proxy server to connect to Server outside.I don't want to NAT port on router because I cannot control the traffic.Is there any software same as Proxy Client ... installed on Windows XP?My idea is that the software same as ISA server - ISA client
View 1 Replies
View Related
Nov 16, 2010
I just got vpnc setup to work with my VPN at work and now I am trying to figure out how to limit the traffic that is routed through the VPN while I'm connected to it. I only want traffic going to the local domain to be routed through the VPN.This is what my vpnc config file looks like:
Code:
IPSec gateway publicdomain.example.com
IPSec ID XXXX
[code]....
View 2 Replies
View Related
Aug 8, 2015
I have a laptop connected to internet via wlan0. I also have eth0 interface and with it I share internet. I want to modify/filter all the traffic passing by the first laptop, something like this:
Code: Select all          *---------------------------*
          |    LAPTOP 1      |   *--------------* ?
          |-----*  *------*  *----*   |       |
  INTERNET<------>|wlan0|<-->|MY_APP|<-->|eth0|<---->|ANOTHER LAPTOP|
          |-----*  *------*  *----|   |       |
          *---------------------------*   *--------------*
I know that in FreeBSD it is possible to use ipfw for that purpose, because it build-in into kernel. We set for example rule Code: Select allipfw add divert 2000 ip from any to 1.0.1.1
and we can use our own application to process those packets, reinject them forward etc. It will work also fast, because as I said, it build into kernel.
Is there any standart Linux-based solution to do the same? I found some info about netmap-ipfw. Is this a correct solution? Or I have to use for example IP-aliases and iptables to do that?
I need to process all the IP-packets, not only TCP/UDP/etc-protocol. Solution also must be very fast.
View 0 Replies
View Related
Aug 11, 2010
I would like to redirect traffic coming from a machine A through a SOCKS proxy (setted on machine B)Machine B run "ssh -D 4242". So that create a SOCKS proxy on machine B.Machine A would like to connect on the internet, but the only way is to use machine B SOCKS proxy. The problem is machine A don't know how to use SOCKS Proxy. (Actually, i can just set ip, netmask and gateway on machine A).So, I would like to set up something on machine B that will redirect all traffic coming from machine A throught the SOCKS proxy.
View 1 Replies
View Related
Jul 10, 2011
I am running on debian squeeze 6.0.2. I have been using it for the last id say 3 weeks and really am enjoying it.
I generally use transmission-gtk to share files over the internet. Normally I seed torrents at 110-160kb/s for hours at a time. However after messing around with firestarter my upload speed for seeding torrents rarely peaks over 70kb/s. I have purged firestarter with no success of my regular upload speed, and am very confused as to what happened. I also notice sometimes when it will get to about 70kb/s it will immediately drop down to the 20-30kb/s range.
For incoming bittorrent connections I use port 37294. I have set port 37294 to be allowed in my firewall, and forwarded in my router (since purging firestarter did not help I just reinstalled it).
I have also read allowing ports 6881-6889 is important, but I have never done that in my history of using torrents, and I have never experienced a decrease in UL speed like this.
Have I done something incorrect? I have never had this issue on other machines?
View 2 Replies
View Related
Jan 29, 2010
I have a server on my router on the DMZ. All outside traffic goes to it. This server has Apache running and the domain mysite.com resolves to the the DMZ web server. I have a second server on the LAN that also has apache running. I want to set up another domain, myothersite.com to resolve to the second server on the LAN. Since the main server is on DMZ I have the DNS A records for myothersite.com pointing to the public IP that the DMZ is on.
How do I get myothersite.com to resolve to the second webserver on the LAN? What configuration do I need to do on my DMZ server so it routes traffic for myothersite.com to the other server on teh LAN? Do I use BIND DNS? If so please advise on how to set that up. BIND DNS seems confusing and I having trouble knowing how to configuring it. Is there another option besides BIND?
View 2 Replies
View Related
May 16, 2011
How do I redirect all the UDP traffic on port 27016 of my current dedicated server to a new IP port 27015 using IP tables?
View 1 Replies
View Related
Apr 4, 2010
a good IPTABLES protocol to reject all incoming ssh trafiic except for a single IP or IP range?
View 4 Replies
View Related
Sep 20, 2010
I have a strange iptables issues. I have just built a new Debian install and starting adding some real basic rules (see below) the problem seems to be that the localhost itself can't get any returning traffic. That is, it seems to be allowed outgoing traffic but not the connected, returning traffic. Ordinarily allowing Established Connections would resolve this, see the rule below, but it hasn't. Why this doesn't work. Removing the last DROP in the INPUT chains obviously makes the traffic work!
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -j ACCEPT -p tcp --dport 22
iptables -A INPUT -j ACCEPT -s x.x.x.x
iptables -A INPUT -j ACCEPT -s x.x.x.x
iptables -A INPUT -j ACCEPT -s x.x.x.x -p tcp --dport 80
iptables -A INPUT -j ACCEPT -s x.x.x.x -p tcp --dport 8080
iptables -I INPUT 1 -i lo -j ACCEPT
iptables -A INPUT -j DROP
View 3 Replies
View Related
Jul 30, 2011
I am running Debian Squeeze on an old pc (AMD K62-500) which serves as my multiwan router and torrent box. Internet uplink is provided via a dsl line and 2 wireless canopy modules.
Setup has been generally fine except when connecting/downloading as free user from sites like rapidshare, hotfile, filesonic, etc. The problem arises when I am connected to these sites using the wireless uplinks because of the shared public ip. I don't really download that much using direct download methods so I don't really see myself being a premium user from these sites.
If these sites are on a specific ip or ip range, an entry on the static routing table would have been fine but when I tried using ping, a different ip would appear to reply each time.
I wonder if there can be a solution like using iptables where in traffic to and from these sites will only use the NIC connected to the dsl line.
View 1 Replies
View Related
Mar 28, 2016
I am in serious situation involving PPTP protocol VPN in Debian 8 Jessie stable. I recently became a paid VPN subscriber. Using PPTP; Is there a way to automatically route all traffic through ppp0? Im getting the vpn service killed (ip address goes back to normal unmasked state) whenever there is a power outage (modem reset) and there are alot of those where I live, Im going to get astabilizer and I need a software solution for the situation as well. Theres gotta be a way to route all traffic through the VPN route ppp0 . I tried adding persist and maxfail 0 to the pptp config file but it did not do what i wanted.
Here's my peer configuration file :
pty "pptp blabla.net --nolaunchpppd"
name blablabla
password blablabla
remotename PPTP
file /etc/ppp/options.pptp
require-mppe-128
refuse-eap noauth
persist
maxfail 0
On a second note, its clear to add that I basically need a way to also auto load the line
pppd call blabla.net
and
route add default dev ppp0
On system startup by default so the computer does not use "Wired" connection ^at all^ when not through ppp0. Any other way of not losing VPN anonymity ever due to hardware malfunction.
Is there a way to do this? Ive looked on the net and everything seems like its either from the nineties or can fry my pc , Im no debian expert, less than a year at linux..
Need it to use wired only if ppp0 is being used so if its no vpn, no connection at all period,
View 1 Replies
View Related
