Fedora Networking :: Send All Outgoing Traffic To A Specific Nic?

Jun 9, 2011

I use a server with 3 nics,

eth0 192.168.2.100 (internal Web, Mail)
eth1 192.168.3.100 (Default Gateway nic for clients)
eth2 192.168.3.110 (should be default Gateway for all outgoing traffic not belonging to 192.168.2.100 and 192.168.3.100)

They are all on the same machine

i cannot set eth1 or eth2 as default gateway, as outside requests to eth0 would be handled in a false manner (somehow)

is there an easy iptables-rule to say, that outgoing traffic, not belonging to my networks can be redirected to a specific NIC (eth2)?

View 3 Replies


ADVERTISEMENT

Fedora Networking :: IP Masquerading For All Outgoing Traffic In Eth0

Nov 13, 2010

I have a couple of interfaces in a Fedora 14 box:
eth0: internet provided by an adsl router
eth1: LAN

I set up system-config-firewall to masquerade all outgoing traffic in eth0, as I did in other Fedora 13 boxes, but it seems it doesn't work. It sets to 1 /proc/sys/net/ipv4/ip_forward and also set the appropriate rules in iptables. But all traffic is blocked from the LAN to the Internet. "ping www.google.com" works in the Fedora box, but doesn't work in the LAN computers using the F14 IP as gateway. I have another F13 computer elsewhere configured this way and it works fine. But this one has Fedora 14.

View 2 Replies View Related

CentOS 5 :: Send Specific SIP Traffic Only Through Tun0-00?

Sep 20, 2010

I got to establish an OpenVPN connection between two server and I have dhcpd on the client server which feeds a few SIP phones. All these phones are supposed to the register server through the tunnel.Here is the network structure:

Client CentOS:
eth0: 192.168.0.0/24
eth1:192.168.100.0/24
tun0:172.15.0.0/24
DHCPD: feeding above eth1 and all the phones with 192.168.100.0/24

If I ping 172.15.0.1 from the the Client CentOS it works all fine. Everything pings and I can even do SSH. However, the phones which obtain their ip through eth1 on the same server can not reach the 172.15.0.1. I think it's a route issue here. Can you please guide me to the right direction as to how to forward certain traffic through tun0 and leave the rest of the traffic to go through eth0?

I don't want to turn on IPTABLES as this is time consuming for me now and there is VPN setup. It has to do with setting up the routing but I am not sure.

View 4 Replies View Related

Networking :: How To Make Outgoing Traffic Show From Different IP Address?

Nov 4, 2009

I have a Linux IPTables firewall on Centos 5.3.It has one physical interface to the internet and 2 internal interfaces to a DMZ and TRUSTED zone respectively.There are 10 virtual interfaces linked to the physical public interface.Emails are being sent from my server in the DMZ out to the internet, but it is being shown as coming from the firewall IP address.It must show as coming from one of the virtual interfaces.

View 4 Replies View Related

Ubuntu Networking :: Unusual High Outgoing Traffic Generated

Aug 12, 2010

I've noticed recently that a lot of outgoing internet traffic is generated by my laptop (running Ubuntu 10.04 - 64 bit). This wasn't the case previously. I only found out because my wireless broadband traffic allowance suddenly was used up very quickly. I've installed ntop to try to find out where all this traffic is going to.

I did find that there were a very high number (at one stage over 11.000) of active TCP/UDP sessions (see attached screenshot). Although the traffic generated by each is only small (about 100 bits/bytes - not sure what) multiplied by thousands, makes a fair bit of traffic. I wonder if I've got some kind of a virus/bug or do I have a configuration problem with my laptop?

View 6 Replies View Related

Ubuntu Networking :: Iptables: Block Incoming And Allow Outgoing Traffic

Jan 6, 2011

I need to configure iptables to block incoming traffic (except specific ports), but allows all outgoing traffic.

I am able to block incoming traffic, but doing so also prevents outgoing traffic (tested by telnet [URL] 80)

The following was used:

iptables -A INPUT -p tcp --dport ssh -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
iptables -I INPUT 1 -i lo -j ACCEPT
iptables -A INPUT -j DROP

Also, even allowing NOT SYN requests still prevents outgoing traffic.

iptables -I INPUT 1 -p tcp ! --syn -j ACCEPT

Another point:

# modinfo ipt_state
modinfo: could not open /lib/modules/2.6.18-028stab070.14/modules.dep

How to install ipt_state module on ubuntu?

View 2 Replies View Related

Networking :: Correct Command To Filter Outgoing Traffic With Tcpdump?

May 6, 2010

I have a need to make a rather odd filter in tcpdump- I would like to capture only all those packages on interface eth0, that are outgoing(in other words from IP 192.168.1.1, which is IP for eth0 in this computer) and doesn't have src MAC address 11:22:33:44:55:66. However, fallowing command says, that syntax is wrong:

Code:
tcpdump -n -p -i eth0 src host 192.168.1.1 ether src not 11:22:33:44:55:66
Is this possible? If yes, then what is the correct command?

View 3 Replies View Related

Networking :: Trace Incoming And Outgoing Network Traffic For A Give User?

Mar 14, 2010

OS : CentOS 5.3 64bit How to trace incoming and outgoing network traffic for a give user? User 'A' logs in to the system and does various network connectivity As root user need to find what are the outgoing and incoming connection that are related with user 'A'. basically need to check the connection flow. netstat will show ESTABLISHED, LISTEN etc.. need something like tcpdump

Eg:- --user option for tcpdump tcpdump -vv -nn -i eth0 host 10.200.2.1 and tcp dst port 8080 --user A Can someone tell me any tool which can do such thing? Even if it can show the process ID of the client application which is trying to establish network connectivity will do.

View 1 Replies View Related

Networking :: IPtables: Route Outgoing Traffic From Internal Host To Only Go A Internet Interface?

Nov 21, 2010

My Ubuntu Box has 3 interfaces. eth0 (Internal 192.168.1.0/24)eth1 (External ISP DHCP)eth2 (External ISP Static IP)I need the outgoing traffic to internet for 1 of the internal pc (192.168.1.10) to only go only go through eth2

View 4 Replies View Related

Fedora Servers :: Can't Send My Outgoing Mail Using Port 587 / Why Is So?

Dec 10, 2009

I have installed a sendmail server on fedora 10
I try to configure my sendmail server as a mail server to send outgoing email using port 587( because port 25 is blocked). after finishing configuring my sendmail server, i checked out my sendmail server using telnet localhost 587, and it worked fine as below code...

I have tried two different ways for user name: name, or name@mail.mydomian.com, but not working at all, the two results are the same.
PS: I have test port 587 and can use port 587 and Kmail to send outgoing mail using other external relay server

is my wrong configuration for sendmail server or kmail?

View 9 Replies View Related

Networking :: Force TCP Traffic Out Over Specific Interface / When IP Is Bound To Another Local NIC

Aug 12, 2010

I'm hoping some of the Linux network experts can help me with this problem.

Situation: I have a technology which is a WebLogic JEE application that communicates to an Oracle database. Everything is installed in a single Linux virtual machine running in VirtualBox. Traffic from the JEE application goes via JDBC over TCP to the local running database. What I want to do is test a new database firewall server that wants all traffic destined for the database to flow via another virtual machine running the DB Firewall software.So therefore want I need to do is have DB traffic forced out over one interface only to return on another interface on the same VM listening on a different address.

JEE application running in WebLogic bound to 192.168.111.12 (eth1 a VirtualBox hostonly interface). Makes a request for 10.0.111.12 (eth2 a VirtualBox internal interface) which the database is listening on. Because both IPs are on local interfaces, Linux is going to handle the traffic and not route the 10.x traffic via the 192.x interface.I also have running the database firewall server which has a bridge (br0) between the HostOnly network and the Internal network.Both systems are running Oracle Enterprise Linux R5U4, which is basically the same as RedHat.What I want to do is have the request for 10.0.111.12 forced out via 192.168.111.12, bridged over the br0 connection and back into 10.0.111.12 and to the database. My networking knowledge is pretty good, but i'm stuck right now on the right way to do this. I'm pretty sure it is possible, I just need clear advice.

Reason for setup: Ideally I would build the system with the database on a separate machine so that I can easily route the traffic. Unfortunately we have many VirtualBox based demonstration systems with both the application and database installed on the same VM and therefore the amount of work to migrate these two dual VMs is going to be significant, also many of these VMs are demonstrated from laptops which have limited resources and creating a new database VM reduces overall performance. If I can create a way to force the traffic in this manner off and back onto the same VM via the other VM bridge, it would be fantastic.

View 7 Replies View Related

Networking :: Route Traffic From A Single Host Through A Specific Interface?

Aug 21, 2010

I have a linux router with 2 physical ISPs and a VPN tunnel that all my traffic passes through. I would like to setup a rule to redirect all traffic from one internal IP address (10.0.0.x) through the physical link only. My current script is as follows.

iptables -F
iptables -X
echo 1 > /proc/sys/net/ipv4/ip_forward

[code]....

My goal is to do something similar to the mangle on the tor traffic, but for an entire host.

View 2 Replies View Related

OpenSUSE Network :: Outgoing Traffic When Using Virtual Interfaces Changed In OS 11.4

Jun 9, 2011

There is a big problem with opensuse 11.4 and virtual interfaces.Until 11.2 outgoing traffic by default was sent by the eth0 address nevertheless which virtual interfaces did exist if any was used.Now there seems to be sent by the last interface listed with ifconfig.The outgoing address in this case will be 10.0.0.3.This is very problematic with smtp control etc.

View 1 Replies View Related

Server :: How To Do Outgoing Mail Only To A Specific Domain

Jul 16, 2010

I m using sendmail-8.13.8-2.el5 along with MailScanner-4.79.11-1

i want to set a rule so that user1@mydomain.com can send only to anotherdomain.com domain. sending mail to any other domain will be rejected. can it be done by sendmail or MailScanner ??

View 1 Replies View Related

Red Hat :: Discard Outgoing Mail In Postfix That Have Some Specific Content In Attachment?

Jul 30, 2010

Working in a SW company. guys transfer their codes through email outside the company. mailserver running on postfix. Is there any method to filter mails according to contents of attachment not by file extension.

View 3 Replies View Related

Ubuntu :: Postfix Emails Send Outgoing Mail With Wrong Domain Name?

Jan 29, 2010

I just configured my first postfix mail server today. Everything is working correctly except for the fact that on all outgoing emails instead of the mail format being user@mydomain.biz it says user@hostnameofpostfixserver. I've looked everywhere I can think and I cant see where I'm substituting the host-name of the server for the domain name of my email. Where else could it be?Below is my main.cf. I am running ubuntu 9.10.# See /usr/share/postfix/main.cf.dist for a commented, more complete version# Debian specific: Specifying a file name will cause the first# line of that file to be used as the name. The Debian default

View 2 Replies View Related

OpenSUSE Network :: Blocking Outgoing Network Traffic On Workstation?

Sep 14, 2011

As too my question, at this time I dont control the router/firewall an I would like to block a port thats used for guild wars on my workstation for a while. The reason for blocking is children have abused it an lost it.In this case I am trying to block outgoing traffic on port 6112. I have tried setting up a proxy server on the workstation, but the game seems to ignore it an jump on. Due to the environment, I enabled the workstation SuSEFirewall2 firewall an tried setting up "lo" as a internal an configure the firewall as a router, then disable 0/0 an configured for 0/0,tcp,443 an re route port 80 traffic to proxy.

When I had my own internet, I had a transparent proxy enforcing rules for access times. So setting up a proxy on each machine would not be a bad thing, even if it took some creative thinking. I am trying, but seem to be missing something.Ideally, I would like to setup a transparent proxy, as my kids have learned alot about system administration an know to check the proxy module. If all they have to do is un check "Use Proxy" an by pass a local proxy server, then I am kinda defeated. An applications such as firefox have a proxy setting they could set to none instead of system

View 9 Replies View Related

Debian :: Measure Traffic On A Specific Socket?

Jul 19, 2010

Does anyone know how to measure the traffic (packets per seconds in and out) on a specific TCP socket ?

View 3 Replies View Related

Ubuntu Security :: Traffic To Specific Sites Throttled?

Sep 14, 2010

I want to check if traffic to a specific URL is being throttled by a hospital acting as an ISP. A client is having great trouble accessing a hosted web-app from inside the hospital, but access is fine from outside. The hospital IT dept are not interested as the rest of the Internet is fine. I need to trace where the latency is creeping in or where the throttling is happening, if I can do that, the hospital will remove it. Traffic is standard http to a specific URL.

View 9 Replies View Related

Debian Configuration :: Routng Traffic To A Website Via A Specific Interface

Jul 30, 2011

I am running Debian Squeeze on an old pc (AMD K62-500) which serves as my multiwan router and torrent box. Internet uplink is provided via a dsl line and 2 wireless canopy modules.

Setup has been generally fine except when connecting/downloading as free user from sites like rapidshare, hotfile, filesonic, etc. The problem arises when I am connected to these sites using the wireless uplinks because of the shared public ip. I don't really download that much using direct download methods so I don't really see myself being a premium user from these sites.

If these sites are on a specific ip or ip range, an entry on the static routing table would have been fine but when I tried using ping, a different ip would appear to reply each time.

I wonder if there can be a solution like using iptables where in traffic to and from these sites will only use the NIC connected to the dsl line.

View 1 Replies View Related

CentOS 5 Networking :: Configure Firewall - Allow And Forward All Traffic On Eth0 And Block All Traffic On Eth1 Except Ssh Ping

Sep 29, 2010

I need to set up my centOS computer as a firewall in my home network. Ive got 2 interfaces, eth0 and eth1. I want to allow and forward all traffic on eth0 and block all traffic on eth1 except ssh, ping(icmp) and DNS. How do I do this? Ive tried some editing in /etc/sysconfig/iptables but no luck.

View 1 Replies View Related

General :: Setting Up Iptables For Traffic Forwarding On Port 80 From Specific Sources?

Jun 1, 2010

Im running a web server on port80, but i want traffic coming from ip 212.333.111.222 on port 80 to be fowarded to port 9020 on the same server that my web server is rinning at that is my sshd port

View 1 Replies View Related

General :: Finding A Traffic Monitor That Only Counts In A Specific Wireless Network

Jul 28, 2011

I need a simple traffic monitor for Linux, that counts the traffic in a specific wireless network because I have volume restrictions on that one.I tried it using the following iptables rule:

[code]...

iptables -m mac -A INPUT -p all --mac-source <mac-address> ! -s 10.0.0.0/8

where <mac-address> is the router's one. 10.0.0.0/8 is the local subnet. What I actually want is something like --routed-through <mac-address>. Also, is there some way to gather iptables's statistics? Or is there maybe another tool that does what I want (reliable)?

View 3 Replies View Related

Fedora Networking :: Can Ping But Cannot Browse - Outgoing Packets Dropped

Oct 5, 2010

In my Fedora13 machine, while in mobile broadband, i can ping and skype outside, but cannot browse/yum etc. Few output that may be of relevence are here:

$ netstat -s
IP:
149468 total packets received
6 with invalid headers
16174 with invalid addresses
0 forwarded
0 incoming packets discarded
118821 incoming packets delivered
101331 requests sent out
124 outgoing packets dropped
866 dropped because of missing route .....

View 3 Replies View Related

Server :: Send Traffic Down WAN Link Depending On Client IP Address Range?

Apr 15, 2011

I am running Debian Squeeze with the following basic services running:DNS
DHCP
Samba
Squid

The server is setup with three NICs: eth0 (WAN1), eth1 (WAN2), and eth2 (LAN).The server addresses clients with an IP range of 10.0.30.1 - 10.0.30.254. Some clients will be set with reservations so they fall into the 10.0.40.1 - 254 range.

What I want to do is have any outgoing external traffic coming from the first range (10.0.30.0) to use WAN link 1, and any outgoing external traffic coming from the second range (10.0.40.0) to use WAN link 2.

I have sort of got something working. I have created a bare minimum transparent squid3 setup on port 3128, and set the iptables as follows:

Code:
iptables -t nat -A PREROUTING -i eth2 -p tcp -m tcp --dport 80 -j DNAT --to-destination 10.0.0.1:3128
iptables -t nat -A PREROUTING -i eth0 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128
iptables -t nat -A PREROUTING -i eth1 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128

I can get internet access, however obviously it only goes through one WAN link. It also seems slower than it should be. I experimented with tcp_outgoing_address, but seemed to not be my friend.

View 4 Replies View Related

Networking :: Server To Block All Traffic But US Only Traffic?

Mar 15, 2011

I wanted to tell my server to block all traffic but US only traffic. So i followed this guide:[URL].. Now I know, it's the best way to help prevent hackers/crackers (doesn't matter to me what they are called. I just have to stop them). My server only deals with US clients anyways so might as well just start right there for my server's security before getting into the brute force and injection preventions. So I got it all done compiled everything moved to the proper directory. I then started to setup my iptables. Like so

Code: iptables -F INPUT
iptables -F OUTPUT
iptables -I INPUT 1 -s *.*.*.* -p tcp --dport 22 -j ACCEPT
iptables -I INPUT 2 -s *.*.*.* -p tcp -j ACCEPT

[Code]...

After seeing that i went digging in the code and figured it was something todo with memory allocation.

View 1 Replies View Related

Server :: PPTP Traffic - Gre Traffic Is Being Generated During The Browsing / Reduce Traffic

Sep 27, 2009

Recently I notice that when I'm connected to an vpn server (pptpd) and I'm using it as a default gateway my download and upload speed decreases almost to the half of the usual speed. I made a test using iptables in order to count how much GRE packets are generated (except the real traffic itself) in that way:

Code:
iptables -I INPUT -p gre -j ACCEPT
iptables -I OUTPUT -p gre -j ACCEPT

iptables -I FORWARD -s 172.16.10.101 -j ACCEPT
iptables -I FORWARD -d 172.16.10.101 -j ACCEPT
The first 2 rules match all GRE packets between the pptpd server and client, and the next rules - the traffic between the server and the client.

When I turn the counters to zero and begin to generate traffic (to browse, to download etc.) I see that the GRE packets are even more than these in the FORWARD chain.

So, my question is first of all is my test correct and is it true that so much gre traffic is being generated during the browsing (it becames clear that the traffic is double than if the pptpd wasn't used as a gateway) and if yes - can that traffic be reduced?

View 3 Replies View Related

Hardware :: Send High Signal Or Low Through A Specific Pin?

Mar 30, 2010

If I wanted to control a small circuit, how would I send a +5 voltage signal to a specific pin, either it be a parallel port, com port, or maybe a specific pin on a ide (or floppy pin's) wire? My distro of choice would be debian.

View 1 Replies View Related

Ubuntu :: Mailutils - How To Send Mail In Specific Format

Jul 15, 2010

I have installed the package mailutils by following command:
sudo apt-get install mailutils
Now I want to send mail using the following format:
$mail <username>@gmail.com
I am doing the normal procedures but the mail is not sent.

View 1 Replies View Related

Fedora Networking :: Internet Traffic Monitor ?

Mar 9, 2009

Is there a nice easy to use tool that displays (in KB/s) the internet traffic from every IP on a network?

Currently I'm using iptraf, but it's very hard to understand at times.

A little info on my network:

I'm using SNAT for internet sharing.

View 4 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved