Networking :: 2 Internet Connections With Shorewall?
Mar 24, 2011
I've got a Ubuntu Server Linux router that I've got 2 internet connections hooked to. One of them is DSL and the other is cable.
What I'd like to do is have everything go through the DSL connection EXCEPT for one desktop, I'd like that system to go through cable for everything.
Here's a diagram of how I've got things set up.
[URL]
I don't have any more expansion slots on the mainboard of my server for another NIC, also I do a lot of file transferring between a laptop and the desktop I want on the cable connection so I don't want that slowing down the rest of my network.
I've got both providers set up in the providers file and I've got everything going through the DSL connection right now. So far everything I've tried has stopped the desktop from connecting out at all.
- I have setup an application in my local subnet 10.1.0.0/16 which broadcast udp packet.
- My application broadcast from machine with 10.1.2.240 and also broadcast from multicast address 225.1.2.3 using port 3035 (it's the correct multicast address right ?)
- I have develop small application to receive the udp packet from the multicast address. It's running OK.
Problems/question :
How can i setup my firewall (using shorewall) so that user from internet can receive the udp packet from multicast ?
Is it possible to listen udp broadcast address behind the firewall (without setting up vpn connection) ?
I recently installed Fedora 15 now, and during installation I set the internet connection manually, then did update and after reboot, the internet connection settings have been removed. Now I can not set because the network connection to the Internet Connection is inactive. I mention that before the update was functional internet connection.
I have a question, regarding the use of two internet connection on the same server. So, the thing is like this: The server will have 3 network adapters: connected to a DSL modem (on this adapter I have one of the internet connections, a PPPoE connection. It's only purpose is to share the internet connection to all LAN users using SNAT.
eth1 ----> the other internet connection, a much more expensive one actually, used for hosting a website, a domain name server, and a qmail server. eth2 ----> LAN connection So what I want is to make eth1 the "default gateway" (for outgoing mail, DNS requests, etc) and, as I said, use the ppp0 connection on eth0 only for internet sharing in LAN.
My question is (since I'l configure this server in about one week), does anybody have any suggestions regarding how could I accomplish this? I mean, I'm affraid that ppp0 will also try to use the default gateway from the other internet connection and vice-versa. Now, I know I can use the ip route/ip rule commands, but for many reasons I'd like to keep it simple and not use them.
I have two internet connections. One is wired ADSL Broadband & another is USB EVDO modem. I can use only one source at a time. That means the traffic will pass through either ADSL or EVDO. Other connection just sits idle. I want to use both the connections together so that I will have increased bandwidth. Is there a way to do that?
My computer has one NIC card. Both ADSL & EVDO use dynamic IPs.
Is there any way to get drivers working? My hardware switch is on and i have Ubuntu 9.10 running persistently on my usb so i can download the drivers etc. and install them.
I am a user of Ubuntu 10.04 and I use Firestarter because it lets me know which IPs I am connected to, which ports are used, and which applications are using those ports. The problem is that I can't use Firestarter with my non-sudo account (well, I know that I can change my system settings to do that, but I'd rahther not do it).
So the question is: Is there any application that lets the user monitor the internet connection?
I have a firewall ( a pc with debian 5) with 2 internet connections. each connected to a ethernet card (the firewall has 2 ethernet pci cards so it has one connection per card)how can i balance the internet requests from my LAN using this 2 connections?
I have to configure squid server which will have two internet connections on two separate lan cards and both will run simultaneously.I know how to configure squid server with one internet connection
While using Ubuntu two other computers lose their connection. One (main) is connected to the modem, other from the switch to the wireless router, and the one with ubuntu wired via switch. Currently connected with Windows 7, other two are connected. Once booted into Ubuntu rest of the computers disconnect?
I Installed Ubuntu which was on the laptop before and this install doesn't want to work with a Internet connection. I know my connections is good and the Laptop is fine because it used to have dual boot and windows connected fine.
I'm trying to set up an openVPN server for a small office. I've gotten the server running, and configured keys, and been able to connect to the server. The trouble is that once I connect with my windows machine to the server, I am unable to bridge through to the www. I have combed through so many settings and tutorials, and I am confused as to how to set up the interfaces configuration file. Here's a sample of my routing table:
Code: Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 10.8.0.2 * 255.255.255.255 UH 0 0 0 tun0 XXX.XXX.XXX.0 * 255.255.255.128 U 0 0 0 eth0 10.8.0.0 10.8.0.2 255.255.255.0 UG 0 0 0 tun0 default XXX.XXX.XXX.1 0.0.0.0 UG 100 0 0 eth0
How should I be configuring this so that when I'm in the VPN I can get through to the internet?
Can I bind 2 interent connections or more on same fedora server to create bigger one with double bandwidth ,or it needs a specific router to be able to do this.
I have seen several threads lately about slow internet connections here and elsewhere, but I haven't seen anyone post a reply about blacklisting ipv6 so I am curious as to why?Is ipv6 enabled only on certain distro's or is there some other reason that it's not mentioned?
<If anyone wants to try it, to see if it would work for them>
On Slackware 12.2 and Salix 13.0 just add "blacklist ipv6" to the /etc/modprobe.d/blacklist file. I'm not sure about non-slackware based distro's. Unfortunately, I don't know any way of doing it without rebooting.
I'm running ubuntu lucid and i was thinking in purchasing one or more extra wifi cards to try to configure my computer to manage different conections at the same time, with different isp's. The thing is that I'm not quite sure if what i want to do is actually possible.
The easiest way that crossed my mind was to try to configure a / multiple virtual machines that are redirected threw proxies to ubuntu and try to configure that each proxie port goes threw a different internet gateaway. This way i might be able to divide threw different sessions of JDownloader, installed on each virtual machine, the things i want to download. The negative aspect of this idea is having multiple jdownloader sessions will make my laptop work to almost 100% for sure...
Another thought i have was to make JDownloader manage its downloads in only one session redirecting them to my internet conections; the negative thing is that i think i will have to try to modify its source and learn java...
And well my last possible configuration i had in mind was to try to make ubuntu directly add up all my internet conections manage as if it was one. the negative thing here is that i might not be able to get multiple downloads from some sites
Well, all this where just thoughts, im struggling whether to buy another card or not to try to setup any of this configurations but im not really sure if any of them are actually possible. Is there an easy way to manage this?
I just want to take the most out of my internet conections... if i'm at college i have to options that are quite slow, adding them up with two cards would be great, i might also be able to add a third and a fourth conection. Also if i'm on a coffe and i need some bandwith i could try to make it go with an open network arround, etc.
My linux box has 3 network adapter. eth0 connects with ISP, eth1 is for staff network, eth2 is for public user. I want to limit the usage of internet bandwidth. for example, the traffic going through eth0, 75% is for staff network, 25% is for public user.In addition, I setup shorewall on it for port forwarding and filtering, but I felt the traffic shaping of shorewall is complex. I don't need the specific TOS, but only the percentage. could you give me some suggestion?Which software or package I should use to achieve this goal?
My problem is that I would like to load balance or aggregate 2 separate Internet connections on my laptop. Currently a hard line ISP is not available so I'm using an Sierra Wireless 885 USB air card. Thing is the card is quite slow. I also can tether an iPhone to the laptop. The ideal solution would be to have both connections being utilized to help speed up the overall experience, even if it is only a modest gain in speed.
as I do not know much about iptables and basic TCP/IP routing, I'm finding it difficult to implement those solutions. If someone can point me in the right direction ( a slightly dumb down how:to? or better explained? )
BTW, both phone and aircard get dynamic IP's. Running Ubuntu 10.4
I always use Shorewall on my Ubuntu Servers and it works great, one things I have never been able to get right is the TOS.Let say for example I would like:
HTTP traffic (80, but all traffic get routed to 3128 [Squid]) to get highest priority SMTP (25) second highest POP (110) third highest The rest forth
First I will give some background. We have a currently working network that the Previous network Admin assigned an internal IP scheme of 200.1.1.0/24. I have no idea why he would have done such a thing, but it is my job to fix it (and keep our systems up and running). We have a Fedora 10 box on the 200 network that is acting as a router and a firewall (shorewall to be exact).
I added another NIC card (thank you again to all the great people on this forum for helping me get that working) and it is eth2. Assigned it a 10.100.1.A/24 (This is just a variable for the real IP). The other end of the cable that I plugged into that NIC connects to a Cisco Layer 3 switch. I assigned the port that connects to the other end of the cable the IP address of 10.100.1.B/24
Ok, I added the static route of ˜ip route add 10.100.1.0/24 via 10.100.1.A dev eth2' I added loc2 (which is my eth2 adapter) to the /etc/shorewall/zones file. I set eth2 on loc2 in the /etc/shorewall/interfaces file. loc2 eth2 detect I set the lines in the /etc/shorewall/policies file loc loc2 ACCEPT info loc2 loc ACCEPT info I can ping the cisco switch from the linux server itself. From a PC on the original network I can ping the new NIC card in the linux server, but cannot ping the cisco switch, so I figure it has to be either the route or shorewall.
let me show you my config and tell me if its ok Its pretty simple: eth2 -> 192.168.1.0 eth2:0 ->192.168.50.0 eth1 and eth0 are the net interfaces, 1 router each to provide wan failover (not implemented here)
1) Is the hosts file required? 2) I guess I need doing masq from local to each external, and also from local to local even if they share the same interface, hence the eth2 eth2 in the masq file... 3) So is shorewall well implemented in these scripts to handle aliases?
have a problem with my network-manager in ubuntu 10.10.when I dial one of my vpn connections, my other vpn connections be disabled and I can't use them!I tried to restart network-manager and gnome-panel, but it does't seem to solve this problem.
When setting up my server I noticed that I could control the amount of connections; the maximum seems to be 256. My server is currently windows 2003 server which is unlimited connections - before I change the server to F10 I need to be able to have unlimited connections (I often go over 256 connections, I have 25 web sites hosted). How do I do this on F10 or is there a better distro for web servers that have thousands of Internet connections at the one time?
I am wondering if it is possible to force internet/external SSH connections to authenticate with a public key and allow local connections to connect via user and password?
I know Ubuntu can do amazing things, but I was wondering if it can use different Internet connections for different websites.
The Setup: We have 1x unshaped ADSL connection at 4MBPS (fastest available) that's used for office related things, Skype, General browsing etc. We have another ADSL connection, this time shaped and running at 4MBPS, I want to send all requests to facebook, twitter and downloading sites like fileserve, filesonic, hotfile etc. to the shaped connection. Can iptables be used to do this? The unshaped ADSL router is connected to eth0 and has an IP of 192.168.0.1 the shaped ADSL router is connected to eth2 and has an IP of 10.0.2.1 Local lan is connected to eth1 and has a range of 192.168.1.0/24 Can iptables send a certain webpage (*.facebook.*) to eth2 and other pages (*.google.*) to eth0 ?
I am using Red Hat Linux enterpriser 4 using two physical LAN cards.There are two different ISP internet lines coming into a single gateway computer. Is it possible that if in our one network we are using 2 MB bandwidth and from another network we are getting 2 MB bandwidth.(Two different Networks) and combine it into 4 MB. In bonding it combine the bandwidth or it do loadbalancing ?
The question is can we accumulate or add these two bandwidth in Linux machine and it sent total bandwidth 4 to the end users ?
Lan Card A IP Address: 192.168.1.250 2MB Bandwidth l l l
I've been looking through the Debian wiki, searching past topics in the forum, and generally googling, but all to no avail. I'm unable to connect to the internet through any wireless connections, nor through an ethernet cable. I installed the latest weekly image of Debian squeeze. After installation, I found myself on the command line. I installed gnome with
apt-get install gnome-desktop-environment I also tried installing gnome-applets, gnome-netstatus-applet, and gnome-nettool, but I guess they were already installed. When I open System > Administration > Network in Gnome, there's no connections tab in the Network Settings application.
Here's what I think is the relevant portion of lspci -v
07:00.0 Ethernet Controller: Atheros Communications Inc. AR5001 Wireless Network Adapter (rev 01) Subsystem: Hewlett-Packard Company Device 137a Flags: bus master, fast devsel, latency 0, IRQ23 Memory at c2000000 (64-bit, non-prefetchable) [size=64K] Capabilities: [40] Power Management version 2
[Code]...
I'm one of those people migrating from Ubuntu and in Ubuntu I had to add a 'rfkill -unblock all' command to my rc.local file for this laptop. Not sure if that's relevant, but thought more info couldn't hurt.
I have troubels with internet, on different Linux x64 systems on my laptop(Lenovo ThinkPad sl510), but if I load WindowsPE all is OK ( what coud it be? where to search?There is an hardwere firewall/nat/gateway in my local network, it allows only connections to dst ports tcp 80 (http), udp 53 (dns) and no frags, no icmp, deny in and etc. But Windows Internet (the same Firefox) works fine , and under Linux sites doesn't loding full or "connetion timed out"...But if I have can start downloading any file it would be downloaded full (I have downloaded DVD iso of SuSe)Dns throu nslookup responce not evry time...Decreasing of MTU to 1372 didn't help (( Deactivating ip v6 also....What coud it be? What is different betwin Windows and Linux in DNS clients is any alternative dns client in SuSe? Is the trouble only in DNS?
I have a A7V8X-X motherboard with VT6102 [Rhine-II] on board network device. Internet connections work fine for long time on openSuse 10.3, 11.1 11.2 and 11.3. But since a few weeks ago, internet connections began to fail: several times when I want to open any Internet site with Firefox, it answers:
I want to share my WiFi internet connection over LAN, so I'm trying to set up IP forwarding. An old tutorial tells me to go to Network Settings in YaST to do this, but that applet says that NetworkManager is now handling all of that stuff.How do I enable IP forwarding while NetworkManager handles my internet connections?
