Fedora Networking :: Iptables Can't Allow DNS & DHCP To LAN?
Aug 3, 2010
how to let iptables to allow dns & dhcp distributions from the server to the clients only w/out exposing the port dhcp port udp 67,68 and tcp port 67,68 as well from the outside world.DHCP only uses udp, but still I also allowed tcp ports as well just to be sure & also I already allow DNS ports in the firewall w/c is not inluded below. linux newbie here,
when i issued the command below to allow those ports only to the internal network the firewall still blocking it. what seems to be the problem?? #iptables -A INPUT -m iprange --src-range 192.168.0.1-192.168.0.254 -p udp --dport 67 -j ACCEPT
[Code]...
View 1 Replies
ADVERTISEMENT
Jun 5, 2011
eth0 is configured through a dhcp server connected directly to it. [URL]...the answer of the server is a UDP to 255.255.255.255. Please tell me how can it pass through this iptables configuration, because it does.
Code:
iptables -nvL INPUT
(policy DROP)
3281 201K ACCEPT all -- eth1 * 192.168.69.0/24 0.0.0.0/0
0 0 ACCEPT all -- lo * 127.0.0.1 0.0.0.0/0
0 0 ACCEPT all -- lo * 192.168.69.1 0.0.0.0/0
0 0 ACCEPT all -- lo * 93.114.xx.xx 0.0.0.0/0
[Code]...
View 9 Replies
View Related
Oct 22, 2010
Back in April I set up a Ubuntu DHCP server and a multiple VLAN network [URL] to migrate our various servers, workstations, etc off the 192.168.1.1 /24 network that everything was on because we where running out of address space. I built out the new network and everything worked great except our AD server would never get an IP address from the DHCP server (static reservation) and even if I set the IP statically on the AD server it couldn't ping the gateway and noone could log in. After several attempts to resolve this, including bringing in outside help, we where never able to figure out what the problem was.
Now 6 months later I have time to revisit the issue without effecting the live network. I used Acronis and imaged the AD server last Friday, cloned it on to another box with the same hardware, and put it up on the new network that's been sitting unused for the last 6 months. Today when I statically set the IP on the AD server (which is what I want) it connects and I can ping it's gateway 192.168.1.1 and all the way across vlans to a test sales agent workstation at 192.168.8.xxx on vlan 800 but only if I statically assign the agents station an IP address. When I try to get an IP address via DHCP it fails as destination unreachable. Nothing has changed in the last 6 months on the DHCP server but now it for some reason can't ping its default gateway 192.168.1.1. All of the config files are the same as they where left from the post linked above aside from the vlan id's used where changed from 1's to 100's (i.e. vlan 3 is now vlan 300) /etc/network/interfaces
Code:
auto lo
iface lo inet loopback
auto vlan100
iface vlan100 inet static
[code]....
why it can't reach the gateway, when I do a tcpdump I can see the DHCP requests come in on eth0 but the server never responds and I'm pretty sure its because it isn't "seeing" them since it thinks there isn't a network connection but I don't know how to trouble shoot to find out where the problem lies.
View 6 Replies
View Related
Jul 1, 2010
Back in April I set up a Ubuntu DHCP server and a multiple VLAN network [URL] to migrate our various servers, workstations, etc off the 192.168.1.1 /24 network that everything was on because we where running out of address space. I built out the new network and everything worked great except our AD server would never get an IP address from the DHCP server (static reservation) and even if I set the IP statically on the AD server it couldn't ping the gateway and noone could log in. After several attempts to resolve this, including bringing in outside help, we where never able to figure out what the problem was.
Now 6 months later I have time to revisit the issue without effecting the live network. I used Acronis and imaged the AD server last Friday, cloned it on to another box with the same hardware, and put it up on the new network that's been sitting unused for the last 6 months. Today when I statically set the IP on the AD server (which is what I want) it connects and I can ping it's gateway 192.168.1.1 and all the way across vlans to a test sales agent workstation at 192.168.8.xxx on vlan 800 but only if I statically assign the agents station an IP address.
When I try to get an IP address via DHCP it fails as destination unreachable. Nothing has changed in the last 6 months on the DHCP server but now it for some reason can't ping its default gateway 192.168.1.1. All of the config files are the same as they where left from the post linked above aside from the vlan id's used where changed from 1's to 100's (i.e. vlan 3 is now vlan 300) /etc/network/interfaces
Code:
auto lo
iface lo inet loopback
auto vlan100
[code]....
why it can't reach the gateway, when I do a tcpdump I can see the DHCP requests come in on eth0 but the server never responds and I'm pretty sure its because it isn't "seeing" them since it thinks there isn't a network connection but I don't know how to trouble shoot to find out where the problem lies.
View 2 Replies
View Related
Mar 25, 2010
I am puzzled with trying to configure a linux (openSUSE) client to dhcp to eBox DHCP server. I am using dhclient to lease an IP address with dhclient eth0 -s 10.45.48.108 and get a response
openSUSE11232CL1 dhclient: DHCPDISCOVER on eth0 to 10.45.48.108 port 67 interval 4
openSUSE11232CL1 dhclient: DHCPOFFER from 10.45.48.108
openSUSE11232CL1 dhclient: DHCPREQUEST on eth0 to 10.45.48.108 port 67
openSUSE11232CL1 dhclient: send_packet: Network is unreachable
openSUSE11232CL1 dhclient: send_packet: please consult README file regarding broadcast address.
The server reports eBox141 dhcpd: DHCPDISCOVER from 00:0c:29:3e:57:a3 (openSUSE11232CL1.domain.net) via eth0
eBox141 dhcpd: DHCPOFFER on 10.45.200.2 to 00:0c:29:3e:57:a3 (openSUSE11232CL1.domain.net) via eth0
I interpret this as the server receives the request and the client accepting it but the lease does not last long and the connection breaks. what this could be and why the connection breaks? Or my undestanding is totally wrong on how it works and should work? And BTW, where is that README file that's referenced in the message I receive on the client?
View 2 Replies
View Related
Mar 8, 2010
Currently I have my eth0 interface getting a DHCP address but at times the DHCP server will not be reachable. Sooo what I would like my server to do is if it cannot find a DHCP server assign a static address to eth0. Then start the DHCP service so it can then dish out some addresses.How can I do this? Surely it is possible
View 2 Replies
View Related
Aug 22, 2010
I want to run networking on my laptops in different environment (home, office, airport etc). I found that Netowrk Manager assigns information from DHCP although I requested fixed IP and configured the gateway and DNS. If I reconfigure the DHCP server so that there is no free IP address, the laptop refuses to connect. When I remove the interfaces from the network manager, I get the fixed IP address, /etc/resolv.conf is not overwritten from DHCP but WiFi connection cannot be established, there is no dialog for setting WPA-PSK. The static IP address seems to be taken into account only if the DHCP server is not found. I need the static address at home and in my office because I need the possibility to ssh to my laptop from another computer but I need IP from DHCP possibly authenticating against RADIUS (Eduroam) when travelling somewhere else. Is there an easy way how to achieve it and how to switch profiles easily? And I cannot switch DHCP off because some devices in my LAN cannot work without it.
View 6 Replies
View Related
May 14, 2009
i've set up an openvpn server (with dhcp running on it) and i have to create compatible clients.the problem is how to get an ip by dhcp.with ubuntu i made a script like this
/sbin/ifconfig tap0 up
/sbin/dhclient -e tap0
and everything works fine:tap0 goes up and then start a dhcp request to the server on tap0with fedora there is a nice problem i've noticed that is impossible to run dhclient later on a new interface because i receive this error "dhclient is already running".the tap0 goes up normally but i receive this error when i attempt to get an ip.is there a simple way to get an ip?if i try to kill or restart dhclient when the vpn tunnel is up,all'interfaces lost theirs ip and network goes down crashing my vpn...
View 9 Replies
View Related
Jul 7, 2009
I have got DHCP issues with Network Manager. Whenever I try to connect using static IP it works, but when I use use Netowork Manager with DHCP, it seems to try to connect and soon says "Network Disconnected"..I've managed to connect to wlan and eth using network, so there shouldn't be any hardware/driver issue.
View 4 Replies
View Related
Jun 19, 2011
We have a network of 20 boxes and the router dealt with DHCP, but I'm planning to assign the DHCP task to the linux box. Any heads up? eth card configuration, network topology... etc.?
View 8 Replies
View Related
Nov 26, 2010
I am unable to restore my iptables from iptables-save after upgrading Fedora. I cannot get iptables-restore to work, and I have resorted to entering rules manually using the GUI.
View 2 Replies
View Related
Jul 17, 2010
IPtables creates an error during startup as well as when I try to restart it: Here's the output of:
[Code]....
View 11 Replies
View Related
Jan 24, 2009
I noticed that my internet connection wasn't automatically brought up each time I logged into Fedora so I opened the system-config-network tool and edited my network adapter by checking the box marked "automatically start at boot/login." To my surprise, the connection went down and upon trying to click on the device to let the manager bring up the connection the greyed-out phrase "device not managed" appeared underneath the device name and wouldn't allow me to connect.
Even when I used ifconfig/dhclient to get the connection up nothing happened. I could get the router to assign an IP address through DHCP, pinged a few sites to make sure it was legit, but still couldn't use firefox to browse anything. Seems as if network manager GUI is conflicting with command line attempts to bring the network up. I'd like to permanently disable system-config-network if possible because it's acting screwy!
View 5 Replies
View Related
Mar 21, 2009
Yes, another newbie question. Just loaded and updated FC 10. Everything works great with dhcp. Tried to setup static ip to learn more about how to set it up and nothing seems to work. I'm connected to DSL via a router when I ifconfig I get:(basic stuff)inet addr: 192.168.1.7 Bcast: 192.168.1.255 Mask: 255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
I have also tried default gateway 192.168.1.255 and 192.168.1.254.Most of what I have tried above has come from linux websites and faq's.Keeping in mind I am worst than any new newbie you have ever worked with
View 13 Replies
View Related
May 28, 2009
I can access internet when my eth0 is set toDHCP client. But when I set static I can ping goole.com... but my Firefox browser doesn't connect to Interent!
View 2 Replies
View Related
Sep 25, 2009
I need to start DHCP after booting into run level 1.
So i am going to ....
ifconfig eth1 up
what is the command to start DHCP service?
View 7 Replies
View Related
Oct 18, 2009
I'm pulling my hair out to figure out what's gone wrong. I have a small home network with a router and 4 computers, 3 linux boxes and 1 windoze machine.The windoze machine and 2 of the linux boxes (newer ones, one with FC11 and the other with Ubuntu Hardy) are using the router's "Set Static IP" option just fine. However an older FC5 machine I have always gets its IP assigned randomly. As this is the machine I ssh into from overseas via a Dynamic DNS, this is a huge frustration when the power goes off or I need to restart the machine. It's usually 192.168.0.2 but sometimes 192.168.0.3 and occasionally other numbers as well. It _should_ be 192.168.0.130. As near as I can tell, I'm doing everything the same between the machines. The router config is very simple and works for the other systems so I suspect I may have a legacy tweak that I did years ago that's causing the problem.
Anyone know what I can try? I'm afraid I'm not a networking guru (ahem, wouldn't be posting if I were!) so things like "check the this" will be more helpful if there's a clear example. "Check the this...emacs /etc/thisfile/config" and see if XYZ option is TRUE" is far more useful. Again, many thanks. If none of the systems were working right then it would be totally different...but 3 seem to work just fine and happily get their assigned static IPs. It's the one non-conformist that's the trouble...
View 1 Replies
View Related
Jun 5, 2010
I decided to forgo my router's DHCP capabilites and try to make a random computer at my home take on the job.
First of all here's my network topology:
I have a cable modem hooked up to eth0 on my linux box, and this is where my internet comes from and works fine.
I also have another ethernet, eth1, which is connected to a wireless router in bridge mode. My end goal is to have my linux box sit between my internal network and the outside world. Thus it will need to act as a DHCP server, a NAT and as a firewall. Right now I'm just focused on the DHCP part.
Here is a copy of my dhcpd.conf file:
My /etc/sysconfig/dhcpd file has:
However the issue is that it is still listening on eth0. and not issuing any leases on my internal network.
What I think is happening is that it's not recognizing the 10.0.1.x subnet because my router is issuing leases on the 169.254.193.x, even though I put it on bridge mode. But I could be totally off mark.
Also running tcpdump on eth1, I can see requests coming in for dhcp, but my server isn't responding to them.
View 3 Replies
View Related
Feb 12, 2009
I have installed Fedora 10 on my A860 Dell Vostrol Laptop with AR242X Atheros Wireless card. Wireless card worked out of the box and i could detect wireless network and connect to it. But i have a problem that, my wireless connection is not able to get IP address from the DHCP server. Please help me out what can i do to get this working. I am using WEP security and authentication is open system.
I have windows 7 beta installed on the same machine and on that wireless network works fine so i am sure that there is no problem with the wirless network. I am using DIR-300 router from D-LINK. I tried to see packet log on wireshark and there i see that there is no reply to the DHCP discover message. Actually i don't see any RX packets at all. Which is not normal as there is traffic on the network.
View 14 Replies
View Related
Feb 20, 2009
When I install Fedora 10 on a new system, I let it default to DHCP. Later, I change the system to a fixed IP address by running system-config-network, selecting eth0, clicking on "Edit", clicking on "Statically set IP addresses:" and filling in the blanks. Is it possible to accomplish the same thing using commands that could be entered in a script? I assume one of them would be
Code:
ifconfig eth0 address XXX.XXX.XXX.XXX netmask 255.255.255.0
View 1 Replies
View Related
Mar 10, 2009
is it possible to setup a DHCP server using the loopback or a virtual interface? I installed Sun VirtualBox on my fedora system and want to try and kickstart them from within the same box on a virtual network. Is this possible and has anyone done it? I only have a single NIC in the box and it is on my public network.
View 1 Replies
View Related
Jul 15, 2011
How to enable automatic DHCP on Fedora15, in network settings, i chose method Automatic DHCP on IPv4 settings and in proxy settings , i chose method as automatic. However, it is not working.
View 1 Replies
View Related
Jan 2, 2011
My DHCP setting is disabled in fedora 12 . Previously i was using static IP address. I Want DHCP setting enable, any idea.
View 1 Replies
View Related
Apr 26, 2009
I've tried both the firewall interface that comes with Fedora and Firestarter, neither can configure as I want. So I think I'm going to have to do it by hand. In this laptop I have one 10/100 Nic and one wifi connection, at times either of them can be connected to the network. How can I configure IPtables so that any traffic is allowed out, nothing is allowed in (other than std stateful firewall replies), no icmp and that the fw logs any attempts to connect to the laptop?
View 5 Replies
View Related
May 7, 2009
I need to forward a port to use dtella. I'm using Fedora 10, using iptables for my firewall.
I'm currently trying to forward it from terminal with this command:
Code:
sudo iptables -t nat -A PREROUTING -p udp -i eth0 -d [ip address] --dport 11823 -j DNAT --to 192.168.0.2:80
this is what I get from iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
[Code].....
View 9 Replies
View Related
Mar 8, 2011
for quite a while inside of our organization we've been editing /etc/sysconfig/iptables directly without much issues. However it was suggested to us that by doing so we risk losing all those rules whenever some package decides to use lokkit or "system-config-firewal*"Doing a bit of analysis I can't really find any trace of code that would prevent us from maintaining iptables just the way we were (as long as *we* don't use lokkit or system-config-firewall*) since "service iptables save" is a valid technique and uses iptables-save script which is part of iptables package and *not* part of system-config-firewall*
So we've got some evidence that may confirm our usage as valid, however it would be nice to know if indeed this is *not* a recommended way of maintaining iptables and we should reconsider how we approach it.
View 9 Replies
View Related
Apr 21, 2011
I'd like to pass all traffic between bridge ports via the FORWARDING chain, so I changed following sysctl parameters:
Code:
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
[code]...
View 1 Replies
View Related
Jul 9, 2011
Friends the following shall block a particular machine in the same network, what can be done if it is dynamic IP and from other network?
iptables -A INPUT -s 192.168.0.0/24 -m mac --mac-source 00:50:8D:FD:E6:32 -j DROP
View 3 Replies
View Related
Jan 25, 2011
I am trying to design an application which violates the DHCP. Specifically the difficulty in writing this application is physically sending the raw packet. I need some documentation on either a library that supports this or where to look for support for raw packet creation. I am not trying to create a raw datagram, that doesn't meet my needs because a raw datagram is still at layer 3 I need to craft a raw layer 2 PDU.
Specifically I want to
Send a very specific DHCPDISCOVER
Receive a DHCPOFFER
and pull apart the offer while never sending a DHCPREQUEST.
Specifically I am pulling apart various options that are sent in the DHCPOFFER. I have a raw DHCPDISCOVER already crafted and the formatted struct sockaddr_ll where I fault is I can't send the damn thing. Getting the file descriptor after calling socket is okay but what now? How would I write to that file descriptor and have it transmit?
Code:
int connfd;
struct sockaddr_ll bcast;
bcast.sll_family = PF_PACKET;
...
connfd = socket(PF_PACKET,SOCK_RAW,0);
//now what
View 1 Replies
View Related
Jan 25, 2010
I am trying solve a strange problem which ocurred after upgrading many packages including kernel and iptables.This is a Fedora 10 PC acting as a small home-server I've been using over a year without problems. Recently, I've run a yum upgrade and after that, connections outside home wouldn't work. No changes in IPtables (firewall) rules have been done. But connection through local network is working.Symptom is.I've connected to my second PC at home and connected to the server. It works fine on local network. I restart network services (service network restart) and outside connections could be established.I have disabled iptables and ip6tables and after reboots it works fine. But PC is running without firewall.
View 5 Replies
View Related
