Fedora Servers :: Iptables NAT To Multiple Vlans?
Mar 26, 2009
I have eth0 for administration, and vlans eth0.2 eth0.3 and br0 for resource seperation. My esternal interface is ra0.each internal interface is on a seperate subnet, and I have dhcpd giving connecting devices ip addresses out of their assigned network. I want all of the devices to be able to access the internet through NAT, I need to allow them to communicate with port 80 on eth0's subnet
eth0 10.0.0.0/24
eth0.2 10.2.0.0/24
eth0.3 10.3.0.0/24
[code]...
View 2 Replies
ADVERTISEMENT
Feb 7, 2016
I'm trying to setup a DHCP server that serves several different VLANs, we have 5 in total. Our network is working correctly, with static IPs, we're able to ping across without any issues.
When I connect my debian box to an interface on VLAN5, statically assign an address in the correct range, it works. Similarly with all other VLANs.
To configure this box as a DHCP, I set one of the ports on the switch as trunk, connect that to the debian box to allow all VLAN traffic to reach my debian box.
I setup DHCP following the steps on [URL] ....
Then I configured different VLANs by following the steps on [URL] .....
However, with the vlans setup, I am unable to ping anything. This is essentially what I did.
Code: Select allSet the port on the switch to trunk with 802.1 encapsulation
disable eth0
vconfig add eth0 5 # to add vlan 5
ifconfig eth0.5 192.168.5.254 netmask 255.255.255.0 up
vconfig add eth0 5 # to add vlan 10
ifconfig eth0.5 192.168.10.254 netmask 255.255.255.0 up
[Code] ....
I do not know why I am unable to get any connectivity through my VLAN interfaces.
View 2 Replies
View Related
Jun 10, 2011
How can you do it with individual ifcfg-* files?
I've tried adding them like this:
Filename: ifcfg-vlan1:0
BOOTPROTO='static'
ETHERDEVICE='vlan1'
STARTMODE='manual'
USERCONTROL='no'
IPADDR='192.168.1.2/24'
but it fails on ifup, thinking it might be the filename (the vlan tagging being picked up from the name) I tried renaming it but still no go.
I can add IP's via ifconfig, eg ifconfig vlan1:0 192.168.1.2 netmask 255.255.255.0 up
and I'm pretty sure I could add multiples to the ifcfg-vlan1 file but how do I add them from individual config files?
View 9 Replies
View Related
Nov 26, 2010
I am unable to restore my iptables from iptables-save after upgrading Fedora. I cannot get iptables-restore to work, and I have resorted to entering rules manually using the GUI.
View 2 Replies
View Related
Jul 14, 2010
I've got a machine running Ubuntu Server that is on several VLANs. Each VLAN has its own subnet and the server has an address on each subnet. The switches are set to allow tagged traffic to the server for each VLAN that it is on. Switch ports ending with workstations are given untagged ports on whatever VLAN is appropriate. Workstations are given addresses on a subnet for each VLAN via DHCP. All this works great and hosts on any subnet/VLAN can access the server as normal via its address on that subnet/VLAN.
Accessing the machine by its address on a non-local subnet is where I run into a problem. Inter-subnet traffic has to go through a router, which has been set up appropriately. Running tcpdump on the server and pinging it from a workstation on a subnet, using its address on a different subnet, shows the server receives the ping, but sends no response:
Code:
sudo tcpdump -i vlan4 -n
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
[code]...
View 8 Replies
View Related
Apr 16, 2011
I am running Ubuntu server 10.10 and trying to setup iptables rules in /etc/if-up.d/iptables
Quote:
root@host# cat /etc/network/if-up.d/iptables
#!/bin/sh -e
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
Problem is that iptables doesn't get updated and I don't see them when iptables -L is executed after reboot.
View 2 Replies
View Related
Jun 18, 2011
i need to host multiple site under one ip adress, its this posible ?
View 1 Replies
View Related
Aug 4, 2010
I have Postfix + Unix Accounts + Virtual Domains. I have a bunch of domains hosted on my machine, let's call them [URL] [URL] and [URL]... etc Until know, domain2.com, domain3.com were mapped in virtual domains to [URL] So this is how /etc/postfix/virtual looks like:
[URL]
Like I said, all mail accounts are unix accounts, so, if for example I have the user "paul" this user will receive e-mail for ALL DOMAINS. [URL]But as it turns out, I now need a COMPLETELY ISOLATED domain... let's call it [URL]. So If I create a new user, let's call it "steve" I want steve to receive e-mail ONLY on [URL] and not on all others.
I would have to redo the whole thing from the beginning. I'd have to comment out the $mydestination parameter in the main.cf file and start using only virtual domains. So if I have the following users: paul, steve, sally, megan, jenny and I want paul and steve to ONLY receive mail for domain1.com, sally and megan to receive mail for domain2.com and jenny to receive mail for domainX.com, my /etc/postfix/virtual file would have to look like this:
[URL]
I'd have to create the unix account and then start modifying the /etc/postfix/virtual file.
View 1 Replies
View Related
Sep 9, 2010
I've got two sound cards fitted, before I've always killed pulseaudio as a pain in the butt.
Without pulseaudio enabled I could run two audio apps simultaneously, ie run a SDR ( software defined radio) app , and listen to music or watch TV at the same time.
However, with puls audio running, you can only run one, either input to either output. So can a second instance of pulseaudio be run, master and slave perhaps ?
View 6 Replies
View Related
Sep 11, 2010
I'm trying to set up awstats for my web server which runs ISPConfig3. Due to ISPConfig, my log-rotated files have the extension .log.gz, and the naming syntax of DATE-access.log.gz.
According to awstats documentation, I need their tool to merge the log files, however, I cannot get it to work. I always get file not found or pipe error like messages.
Code:
I took a look at permissions, log files are world-readable. Checked path's 1000 times, no typo. When I try to find out whats wrong, the problems usually begins when I try to use the * character in the LogFile variable, ..
Anyone got experience with multiple log files and awstats? ...
View 2 Replies
View Related
Oct 18, 2010
I have around 10 Servers.How to see Dmesg and /ver/log/messages of multiple servers from a centralized location
View 5 Replies
View Related
Jun 3, 2011
iptables and multiple public-facing IP addresses. With the current setup I have a public-facing firewall with iptables which will then forward traffic to a LAN IP. I will hopefully be allotted 1 private IP per public IP, which I hope will make this much more simple. For example, I have server A with the LAN IP of 10.0.0.1 which I would like to have traffic forwarded from 5.0.0.1, the public IP. I also have server B with LAN IP of 10.0.0.2 which I would like to have forwarded from 5.0.0.2, the second public IP. From what I have read and understood, this should be a simple task, however I would just like to double check to make sure that it is in fact possible, and if so, how would it be recommended that I go about doing so. Essentially, I need to forward each public IP to a corresponding LAN IP with all ports.
View 3 Replies
View Related
Nov 27, 2008
We have a new Bussiness DSL line with 16 public addresses.What we want is to setup a DMZ to run some services and internet to the LAN. Here's a schematic of what we want:
Code:
Backup Internet Main Internet
connection connection
| |
| |
SDSL Modem BDSL Modem
[code]....
The webserver has the following settings:
IP: 12.34.56.125
subnet: 255.255.255.240
gateway: 12.34.56.126
What IPTABLES rules do i need to setup to "see" all IP's in the DMZ-2 from the internet?
View 2 Replies
View Related
May 8, 2009
I would like to know if I need multiple IPs' to setup two SSL urls on the same Apache server? Two ssl certificates, one IP - is it possible?
View 4 Replies
View Related
Sep 18, 2010
I am using LDAP to manage the autofs and everything works fine. I have a situation here that I can't figure out how to do. I need to use 2 direct map in auto.master, but the LDAP service doesn't allow me to add 2 "cn: /-" entries in the directory.
The following is my auto.master map:
dn: ou=auto.master,ou=autofs,ou=dolphin,dc=example,dc= com,dc=my
objectClass: automountMap
objectClass: top
ou: auto.master
dn: cn=/-,ou=auto.master,ou=autofs,ou=dolphin,dc=example,dc =com,dc=my
objectClass: automount
objectClass: top
automountInformation: ldap://ldap.example.com.my/ou=auto.iso.indirect,ou=autofs,ou=dolphin,dc=examp le,dc=com,dc=my
cn: /-
I have another ldap entry auto.data.indirect but I have no idea how to inject it into the directory. Any ideas how to implement it? I am using Fedora 13.
View 3 Replies
View Related
Dec 19, 2010
I want to run a server with multiple blog with worpress, is there a tutorial ?
View 2 Replies
View Related
Feb 7, 2011
I need to create a lot of users locally on my server.I have these info:username:GID:UID.How I can make a "for cycle" for make a multiple useradd? (useradd -u UID -g GID -m /home/USERNAME -s /bin/bash USERNAME)I tried to do this:
touch userlist.txt (UID:GID:USERNAME)
100:110:user1
200:210:user2
[code]...
View 6 Replies
View Related
Apr 20, 2011
Can ANYONE point me in the right direction on how to use storage on multiple servers as a single cluster?I thought storage cluster was for that but, after much googling, and even more help from here, I don't think that achieves my goal. My goal is to have multiple servers share a file system, to act as somewhat of a network raid, so if node-A goes down the files are available on other nodes, and hopefully so when the capacity of the nodes are reached I can add nodes to expand the "cluster".
View 6 Replies
View Related
Jul 17, 2010
IPtables creates an error during startup as well as when I try to restart it: Here's the output of:
[Code]....
View 11 Replies
View Related
Feb 7, 2011
I'm looking at setting up a couple automated systems: Here are a few examples:
* Internal accounting system to download and process emails
* Public web server to visit
I could put each system on its own separate box -- for example, it's generally good practice to separate anything that external users have access to (such as a webserver) from internal processes such as accounting. Now, rather than dishing out the money for two separate servers, could I get away with just installing new instances of VMWare on the same box for each system?
To give you an idea, these are not large scale computationally sensitive systems. The accounting one is simply downloading and tallying emails, and the latter is just a webserver with maybe 5 hits per day on a good day. I could definitely pick up a new box for say $50, but I wanted to know the general practice of using VMWare on the same box versus two separate boxes.
View 2 Replies
View Related
Oct 17, 2010
I run a small home server (Debian 4), which acts as my gateway to the internet (ie, firewall) and runs a web server, dhcp, dns, and acts as a file server to the rest of the machines on my home network. Now I know it's never a smart idea to have all those services running on the same machine that is acting as a firewall, but I don't fancy running multiple servers just for home use, as it's mainly allowing me to learn system administration.
I noticed a few days ago that my internet had become unbearably slow, to the point where I could sometimes not load web pages. I spent a while searching through log files on my gateway, to try and find out what was eating up all of my bandwidth. When I came to apache's access.log file, I was confronted with this:
Code:
204.45.41.82 - - [17/Oct/2010:06:25:10 +0100] "GET http://vewice6.nightmail.ru/marriott-grand-cayma.html HTTP/1.1" 200 36921 "-" "Mozilla/4.0 (compatible; M$
204.45.41.82 - - [17/Oct/2010:06:25:11 +0100] "GET http://malaysiapodcaster.blogspot.com/2006/05/blog-post_11.html HTTP/1.1" 200 58681 "-" "Mozilla/4.0 (com$
[code]........
Multiple requests to my server, for totally random websites. I didn't even know it was possible to make those types of queries to a webserver. The only thing that is on the web server is a browser based torrent client. I have only shown a small snippet of the log file, but there are around 90k lines to different web addresses, from many different IPs. What I want to know, is what is happening? :S Why is someone querying MY web server, for web sites totally unrelated to it? And most of all, how can I stop it. My initial was to try and use iptables to block multiple requests from the same ip within a certain time frame, which I think would work as the server shouldn't really get many queries from external networks.
View 9 Replies
View Related
Jan 17, 2011
Looking for a test tool where I can fire up any number of ports (TCP and / or UDP) to listen on.
I am currently getting my using nc but its only 1 port at a time (i know I can open up multiple sessions but thats cumbersome), it can't do UDP, and it closes at the end of the session.
A friend has suggested socat but it looks pretty much the same except it can do UDP, but also cumbersome, I have to manually output to a different file per port, etc.
Basically its so I can quickly test firewall and NAT rules.
View 7 Replies
View Related
Mar 18, 2011
I've configured 802.1Q vlan by creating ifcfg-vlan56 and ifcfg-eth0.10 and got two new interfaces vlan56 & eth0.10. Nethwork is not work in vlans (VID56 & VID10). After /etc/init.d/network stop (or restart) my console hangs... Also hangs ifconfig command from other console. I've got network configuration files from my old 11.3 (i've installed 11.4 on my PC with disks format). I do this whith a same hardware. Now i'm back to 11.3. Vlans work fine. My hw is: GIGABYTE 890GPA-UD3H (RTL8111/8168B).
The message about e100e and vlans is like my problem.
Do you know about this bug? ...
View 5 Replies
View Related
Jun 18, 2011
I am going to start studying IPTABLES for Linux Firewall. Can any one suggest me the best Book for IPTABLES contains everything of iptables.
View 2 Replies
View Related
Apr 1, 2011
I'm curious if anybody can shed some light for me in this department. We're in a large environment with a Windows DHCP Server. We have been tinkering with LTSP on Edubuntu as thin and fat clients. It works great, but right now we just have 1 server handling the lab, which works fine unless we want to expand, which may be very possible.
These are the instructions I received:
Login to your windows server and load the DHCP configuration screen
Create a DHCP reservation for the MAC address you obtained
Add the configuration options below to enable the machine to boot from the LTSP server
017 Root Path: /opt/ltsp/i386
066 Boot Server Host Name: <ip address>
067 Bootfile Name: ltsp/arch/pxelinux.0 # Specify CPU architecture in place of 'arch', for instance 'i386'
From: [url]
I'm curious, what if I want to have multiple Ubuntu servers on the network that I want to have bootable? For example, let's say I have 3 labs, and 3 servers. Server A to Lab A, Server B to Lab B, and Server C to Lab C. I want all C's computers to boot to C, and B to B, A to A, etc.
1 - How would I add multiple entries on the Windows DHCP Server to allow all 3 (A B C) servers to boot?
2 - How would I be able to isolate the clients so ONLY Lab A clients boot to Server A, etc?
View 7 Replies
View Related
Jul 28, 2010
My router has two bridges, br0 and br1. I'm sharing wifi access, and the guest subnet will be 192.168.2.x.The home subnet will be 192.168.1.x. I want all traffic destined for port 80 from the guest net to forward to a proxy port on a box on the home network. That's the only traffic I want to cross the bridges. How do I set this up with iptables on the router?
View 1 Replies
View Related
Jul 29, 2011
I'm trying configure my server for routing between vlans, but I'm having troubles with my server after that vlans are set. I can create vlans and routing is OK, but when I trying remove a vlan, restart the network script or restart the server, the CLI freeze and then I can't do anything. Even Ctrl+C or Ctrl+Z isn't work. I can use other terminal or do other SSH connection (if the network interface used by ssh isn't crashed), but if I try use a ifconfig per example, crash again. The unique solution is restart the server. Nothing about this is found in the log.
Opensuse 11.4
Kernel: 2.6.37.6-0.5-desktop
View 1 Replies
View Related
Jul 27, 2011
I have router based on CentOS system with DHCP server. In one eth I have fiber converter attached in second one I have Cisco Catalyst switch connected. From the switch rest of ports are used to provide internet traffic to rest of network. I wanted to divide each segment of network (based on switch ports) that they don't see each other (it'll be good for me if someone will connect his wireless router to the network not to WAN by LAN port and start be a second DHCP server). So my network configuration:
CentOS:
DHCP with range 10.0.0.1/8 network
Switch ports
1 - CentOS DHCP
2 - second server
[code]....
Parts of networks I've assigned IPs 10.network_part.subnet_part.client_ip so I have addresses for clients: 10.1.1.2/8, 10.2.1.3/8, 10.3.0.4/8, etc ...
I've decided to give each port it's own VLAN like below:
Port / VLAN
1 / trunk
[code]....
I've configured switch ports by using:
(config)# interface Gi0/Port_Number
(config-if)# switchport access vlan VLAN_NUMBER
[code]....
And after doing that whole network stopped working. I think that cisco part of configuration is OK (at least customer ports, I don't know if there is any additional info needed for trunk port). On CentOS router I didn't setup anything regarding VLANs ...
View 4 Replies
View Related
Apr 29, 2010
Is there any possibility to transport one or two VLANs through a VPN (IPSEC) link on Linux
View 2 Replies
View Related
Nov 26, 2010
I want to configure eth0 and eth1 in bonding mode with 2 vlans each (sam existing vlan 100 and 200)configured on 2 Cisco switches. How can I go about that? I got the following procedure for bonding from the internet, is it right?
1. Add the below lines to /etc/modprobe.conf alias bond0 bonding options bond0 mode=1 miimon=100
2. Create bond0 device file, /etc/sysconfig/network-scripts/ifcfg-bond0 with the following content:
DEVICE=bond0
BOOTPROTO=none
ONBOOT=yes
NETWORK=192.168.122.0
NETMASK=255.255.255.0
IPADDR=192.168.122.118
USERCTL=no
[Code]....
View 1 Replies
View Related
