Fedora Networking :: VLAN Not Recognizing Incoming Traffic?
May 29, 2011
Before explaining the problem, I have to draw the environment. Because of post size limitations, I'll have to break this post in more than one entry.
Physical view
Code:
+--------+ +---+
|storage1|-----| |
+--------+ | s |
| w |
+--------+ | i | +-------+
|router2 |-----| t |-----|router1|--->Internet
+--------+ | c | +-------+
| h |
+--------+ | 8 |
|router3 |-----| |
+--------+ +---+
Device details
[Code]....
View 14 Replies
ADVERTISEMENT
Jun 29, 2011
My laptop has become very sluggish. So I loaded firestarter firewall. It is reporting loads of incoming UDP traffic. I only use this machine for Skype and Firefox based work as most of my stuff is kept on the cloud. Is it safe to stop all this UDP traffic? It would free up my CPU I guess. It seems port 56095 is getting hammered.
View 8 Replies
View Related
Aug 5, 2010
I am running the latest ubuntu. Sometimes it randomly stops accepting ssh connections, afp/smb connections, and even stops responding to pinging. It is connected via WIFI.
I go over to the desktop and use the browser, and the internet still works fine. Then after a while, it starts accepting incoming traffic again.
View 3 Replies
View Related
Jan 12, 2009
assist me in using the iptables firewall to block all incoming mail traffic (SMTP port 25) except that of a certain IP(s)? the situation is that we have a server that we only want to receive mail from a particular sender.
View 1 Replies
View Related
May 2, 2010
I have a ubuntu computer set up as bridge between gateway and lan, with the lan connected to eth0 and gateway on eth1.
I'm trying to get it to basically block everything incoming except for the ports i specify, but also allow outgoing traffic. I've found, tried, modified som examples i found on the web, but still it wont block incoming traffic (ie, im still able to reach my webserver)
These are the rules, and i can't figure out why it wont block:
Code:
#!/bin/bash
iptables -F
iptables -X
iptables -I INPUT -i eth1 -j DROP
[Code].....
View 1 Replies
View Related
Jan 6, 2011
I need to configure iptables to block incoming traffic (except specific ports), but allows all outgoing traffic.
I am able to block incoming traffic, but doing so also prevents outgoing traffic (tested by telnet [URL] 80)
The following was used:
iptables -A INPUT -p tcp --dport ssh -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
iptables -I INPUT 1 -i lo -j ACCEPT
iptables -A INPUT -j DROP
Also, even allowing NOT SYN requests still prevents outgoing traffic.
iptables -I INPUT 1 -p tcp ! --syn -j ACCEPT
Another point:
# modinfo ipt_state
modinfo: could not open /lib/modules/2.6.18-028stab070.14/modules.dep
How to install ipt_state module on ubuntu?
View 2 Replies
View Related
May 21, 2010
I have set up a Virtual machine on a dedicated server from 1and1. I hoped to use a bridge to give the vm direct access to the internet but 1and1 do mac filtering and so the only option is to use NAT.
I used Virtual Machine Manager on my Ubuntu 10.04 machine at home to install Debain Lenny on the vm on the server using KVM and all went well. I put it on a virtual network 192.168.100.0 and i can access it from the host and i can access the internet from the guest using NAT that libvirt set-up.
I bought another ip address from 1and1 with the hope of forwarding packets to the new ip address 11.22.33.02 to the guest vm.
I have tried all sorts of routing rules using iptables without any success.
my virtual network is on virbr1 the guest ip is 192.168.100.50 my external network device is ip say 11.22.33.01 on eth0 with the secondary ip say 11.22.33.02 on eth0:1
Here are the latest rules i tried:
Quote:
iptables -t nat -A PREROUTING -d 11.22.33.02 -i eth0 -j DNAT --to-destination 192.168.100.50
iptables -t nat -A POSTROUTING -s 192.168.100.50 -o eth0 -j SNAT --to-source 11.22.33.02
iptables -A FORWARD -p tcp -i eth0 -o virbr1 -d 192.168.100.50 -m state --state NEW -j ACCEPT
iptables -A FORWARD -t filter -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT
[Code].....
View 2 Replies
View Related
Mar 14, 2010
OS : CentOS 5.3 64bit How to trace incoming and outgoing network traffic for a give user? User 'A' logs in to the system and does various network connectivity As root user need to find what are the outgoing and incoming connection that are related with user 'A'. basically need to check the connection flow. netstat will show ESTABLISHED, LISTEN etc.. need something like tcpdump
Eg:- --user option for tcpdump tcpdump -vv -nn -i eth0 host 10.200.2.1 and tcp dst port 8080 --user A Can someone tell me any tool which can do such thing? Even if it can show the process ID of the client application which is trying to establish network connectivity will do.
View 1 Replies
View Related
Apr 20, 2010
do you know if there is any possibility to route/force non-vlan packet to a vlan interface in Linux?
View 2 Replies
View Related
Apr 4, 2010
a good IPTABLES protocol to reject all incoming ssh trafiic except for a single IP or IP range?
View 4 Replies
View Related
Dec 5, 2010
I have set up an openvpn server on ubuntu via port tcp 443. The server use a public network and almost every ports are blocked (not 443) So when a client connect to the server, if it send traffic needing a blocked port, the connection cannot been etablished of course. So i d like to know if it is possible to redirect all incoming traffic on the server to an other unblocked port (like 443) to bypass firewall.
I dont think openvpn offer this possibility but maybe with linux it is possible..
View 3 Replies
View Related
Aug 5, 2009
I'm preparing to "follow" these directions which will make VirtualBox's networking behave like VMWare's "NAT" networking. Of course, these instructions are for a Ubuntu/Debian setup.
I am quite certain that I can write a script that'll do the equivalent steps on my Fedora 11 box -- which is acceptable to me. I would, however, like to know how to splice this stuff into NetworkManager and/or /etc/sysconfig/networking/devices/, to do this the "right" way.
The desired networking behavior:
-VM's get assigned addresses via DHCP on a virtual network
-VM's can talk to each other and to their physical host
-VM traffic out to the 'real world' is NATted
View 1 Replies
View Related
Jan 26, 2009
I just have installed FC 10 on a box that I will use as a router/firewall box. On the box I have three interfaces (eth0, eth0.704 (VLAN), and eth1). When the machine boots up, only eth0 and eth1 come up. If I run /etc/init.d/network restart, then eth0.704 will come up. If I add that command to rc.local, then all interfaces come up at boot.
I have the directive ONBOOT=yes in ifcfg-eth0.704. What would cause this vlan interface not to start at boot on the machine?
View 7 Replies
View Related
Sep 8, 2010
I'm currently setting up a vlan network and after reading several man pages I still have 2 questions / problems:
1. I would want to put several subnets into one vlan.Meaning for example, I want to have the following Vlans with subnets:
vlan1 10.1.1.0/24
vlan2 10.1.2.0/24
vlan3 10.1.3.0/24
vlan3 10.1.4.0/24
vlan3 10.1.5.0/24
Is that possible?
EDIT: I found a sample configuration, sadly without any comments, where there are defined some interfaces named vlan1:0 trough vlan1:3. Could that be the option I've been looking for.However in the definition of the vlan1 device it is configured with the subnetmask 255.0.0.0 . I would like to know the mechanics of that option, too.
2. In the wlan part of the network I want to have a dhcp server distributing ip addresses. However I want hosts the server 'knows' (by mac address) to be in a different vlan than those unknown. Is there any way to achieve that? If yes, do I need special wlan access points or can I do it by my configurable switch or by the server?
View 2 Replies
View Related
Aug 20, 2011
I'm having trouble getting Fedora 15 to work with my em/bond/br configuration as it did in Fedora 14. I've got a bonding interface over em1 and em2, and then individual bond vlans (bond0.2, bond0.10, etc...), I then have a similarly named bridge interface (br0.2, br0.10, etc...) for kvm. Regardless of if I assign bond0.2 or br0.2 the IP address, I am unable to ping the gateway, but the native untagged VLAN (bond0, br0) has no issue at all.
To try to isolate this issue down to the switch or Fedora 15, I went with a plain em setup and configured em1, and em1.2 which works as expected. This issue has been plaguing me since Fedora 15 came out and I'm about to trash it and go back to Fedora 14 (Which didn't have this issue), but some of the new kvm features have kept me trying to get over this incomprehensible hump.
View 1 Replies
View Related
Apr 5, 2009
I'm running fedora 8 and i have a TEW-424ub. I recently ditched windows, and the only disk i could get was a Fedora 8 dvd. I used ndiswrapper to get my driver installed, then I used the iwconfig commands to hook myself up to my wireless. However, every time i do the command
Code:
My comp freezes up. I then decided to use the GUI to set it up, as it might be less aggravating. It found my network, i input the key, double-check, and it atttempts to connect, then asks me once again.'
Also, if I go to Network Configuration, and activate my ndiswrapper device, it gives me the error & my comp freezes up "Set Encode" (8B2A) SET failed on device wlan0:0 ; Invalid argument.
View 5 Replies
View Related
Sep 29, 2010
I need to set up my centOS computer as a firewall in my home network. Ive got 2 interfaces, eth0 and eth1. I want to allow and forward all traffic on eth0 and block all traffic on eth1 except ssh, ping(icmp) and DNS. How do I do this? Ive tried some editing in /etc/sysconfig/iptables but no luck.
View 1 Replies
View Related
Mar 15, 2011
I wanted to tell my server to block all traffic but US only traffic. So i followed this guide:[URL].. Now I know, it's the best way to help prevent hackers/crackers (doesn't matter to me what they are called. I just have to stop them). My server only deals with US clients anyways so might as well just start right there for my server's security before getting into the brute force and injection preventions. So I got it all done compiled everything moved to the proper directory. I then started to setup my iptables. Like so
Code: iptables -F INPUT
iptables -F OUTPUT
iptables -I INPUT 1 -s *.*.*.* -p tcp --dport 22 -j ACCEPT
iptables -I INPUT 2 -s *.*.*.* -p tcp -j ACCEPT
[Code]...
After seeing that i went digging in the code and figured it was something todo with memory allocation.
View 1 Replies
View Related
Apr 7, 2009
Using Fedora 10, can anyone tell me how to setup the network scripts to create two network interfaces for vlan x and y. Both interfaces should obtain an ip from dhcp and both interfaces should run over eth0.
View 2 Replies
View Related
Sep 27, 2009
Recently I notice that when I'm connected to an vpn server (pptpd) and I'm using it as a default gateway my download and upload speed decreases almost to the half of the usual speed. I made a test using iptables in order to count how much GRE packets are generated (except the real traffic itself) in that way:
Code:
iptables -I INPUT -p gre -j ACCEPT
iptables -I OUTPUT -p gre -j ACCEPT
iptables -I FORWARD -s 172.16.10.101 -j ACCEPT
iptables -I FORWARD -d 172.16.10.101 -j ACCEPT
The first 2 rules match all GRE packets between the pptpd server and client, and the next rules - the traffic between the server and the client.
When I turn the counters to zero and begin to generate traffic (to browse, to download etc.) I see that the GRE packets are even more than these in the FORWARD chain.
So, my question is first of all is my test correct and is it true that so much gre traffic is being generated during the browsing (it becames clear that the traffic is double than if the pptpd wasn't used as a gateway) and if yes - can that traffic be reduced?
View 3 Replies
View Related
Dec 13, 2010
i set up vlan1 in cat2950 switch
#config t
#int vlan 2
#ip address 192.168.1.7
#no shutdown
i then moved all the interface ports (port 1 - port 24) from the default vlan1 to the vlan2, with....
#int f0/1
#switchport mode access
#switchport access vlan2
the problem is that with the above configuration, i connected 3 linux boxes on the switch but non of them could connect with each other.
when i did a ping, it says "destination unreachable"
what am i missing out here, and whats the fix?
i assigned static ip address to these boxes, also there's no router in this network by the way. i dont think i will need one either as all the machines in in the same vlan2.
View 1 Replies
View Related
Mar 9, 2009
Is there a nice easy to use tool that displays (in KB/s) the internet traffic from every IP on a network?
Currently I'm using iptraf, but it's very hard to understand at times.
A little info on my network:
I'm using SNAT for internet sharing.
View 4 Replies
View Related
Apr 26, 2009
I've tried both the firewall interface that comes with Fedora and Firestarter, neither can configure as I want. So I think I'm going to have to do it by hand. In this laptop I have one 10/100 Nic and one wifi connection, at times either of them can be connected to the network. How can I configure IPtables so that any traffic is allowed out, nothing is allowed in (other than std stateful firewall replies), no icmp and that the fw logs any attempts to connect to the laptop?
View 5 Replies
View Related
Apr 22, 2010
What are the function differences between VLAN and subnetting ?
View 3 Replies
View Related
May 10, 2011
Is there a way to see the vlan tagging associated with an ip addresses on my centos servers from their command line?
View 3 Replies
View Related
Apr 2, 2009
i have configured transparent squid with dansguardian for content filtering i used this squid server ip on client gateway(not on browser) for content filtering, is it possible that i could use this squid server in different VLAN.
View 3 Replies
View Related
Sep 12, 2011
I'm trying to setup a Asterisk box with two NIC's. The idea is that one NIC connects to the LAN on VLAN2 (for internal voice) and the other to the SIP trunk on my ISP's Cisco 1811, configured for VLAN3.
Some info: The Cisco's VLAN1 + 2 are available on my switch. VLAN1 = 10.105.44.x with gateway .254 (the Cisco). VLAN2 = 10.106.45.x with gateway .254 (the Cisco). The Cisco's VLAN3 is available on only a single port on de Cisco, connected to one of de NIC's of the Asterisk box, eth1, with IP 10.106.46.1 and gateway .254 (the Cisco). The other NIC, eth0, is connected to the switch, on a port setup for VLAN2.
So, what I'm trying to achieve: Use eth1 tagged with VLAN3 to connect to the SIP trunk. (I could do this with a static route because my provider has a fixed IP to connect to) Use eth0 for all other traffic.
Here are some config files I've setup so far (I'm stuck on connecting to the SIP provider):
network
NETWORKING=yes
NETWORKING_IPV6=no
HOSTNAME=localhost.localdomain
GATEWAY=10.106.45.254
[Code].....
View 1 Replies
View Related
Apr 12, 2009
I am running Fedora 9 and KDE 4.2.1. I want to set up some traffic shaping on my machine to prevent my torrent client from hogging my entire bandwidth. I.e., I want KTorrent to download and upload to the best of its ability, but still be able to browse the net freely in spite of the torrents. I have done some reading about traffic shaping in Linux. There is lots of material about it, but most of it (such as the lartc.org "howto") is very complex and comprehensive and looks extremely intimidating. Furthermore, most of it addresses situations where you want to distribute traffic between multiple computers in a network. I just want to manage processes on a single machine. I am hoping for a piece of software that lets me assign each a "priority" to each application, or something like that. Like cFosSpeed for Windows.
View 6 Replies
View Related
Aug 23, 2009
I have a 2 machine LAN with both machines having an ethernet card and a wireless card. There is a Netgear router, both eth and WiFi, allowing both machines to access the internet.
On my Linux machine I am looking for some software that allows me to keep track of my broadband usage on that machine, excluding traffic between the two machines.
There are numerous such programmes for this in XP, which use Winpcap and a GUI frontend. The "other" machine on my LAN is XP and uses just such a program.
View 4 Replies
View Related
Feb 23, 2010
I'm currently reading through the Linux Advanced Routing and Traffic Control HOWTO from lartc.org, and I'm wondering whether anyone knows of a file where I could keep qos rules persistent across a reboot, similar to /etc/sysconfig/iptables for netfilter. Should I just write my own script, or does something already exist?
By the way, iproute-2.6.29-4.fc12.i686.
View 2 Replies
View Related