Networking :: Access Firewall Public IP From Internal NATed DMZ Machine?
May 13, 2010
I could no handle/circumvent on the past week, despite of the several "googling" and documents reading. I will try to mention all needed bits... I'm managing a network with the following structure:
eth0: internal net
eth1: DMZ
eth2: 10 mbit/sec sync line with eight public /29 IP's + a /30 interconnection network. All public IP's must use the interconnection's network gateway.
eth3: ADSL with ppoe with fixed IP (ppp0).
Now, a few extra info:
- All internal traffic is routed through ppp0 except when it's destined for DMZ and public IP's range.
- DMZ traffic is routed either through ppp0 or eth2. This is done by source IP.
- eth2 has on IP from the interconnection network, and six public IP's are also defined on eth2. Command: "ip addr add ...."
[code].....
View 6 Replies
ADVERTISEMENT
Mar 22, 2010
How to do NAT in Iptables? ..I am trying to NAT IP public:Port to Internal IP:Port (202.a.b.c SMTP to 172.16.1.169 SMTP) ..
View 14 Replies
View Related
Nov 27, 2008
We have a new Bussiness DSL line with 16 public addresses.What we want is to setup a DMZ to run some services and internet to the LAN. Here's a schematic of what we want:
Code:
Backup Internet Main Internet
connection connection
| |
| |
SDSL Modem BDSL Modem
[code]....
The webserver has the following settings:
IP: 12.34.56.125
subnet: 255.255.255.240
gateway: 12.34.56.126
What IPTABLES rules do i need to setup to "see" all IP's in the DMZ-2 from the internet?
View 2 Replies
View Related
Aug 6, 2010
I will try to explain a bit first about my network typology: I have one cent os 5.5 machine with 2 nics - external one 86.x.x.122 and internal one with 2 IPs: 192.168.1.1 and 89.x.x.121. The ideea is that I have a public subnet (86.x.x.120/29) of IPs which are routable only through 86.x.x.122 so I have a webserver hosted on a different machine with the IP of 89.x.x.122 and GW 89.x.x.121 - everything works perfectly fine, except that I cannot access from the internal network 192.168.1.0 / 24 the so called DMZ (roughly) - the 89.x.x.122.
What really makes me crazy is that I setup the IPtables rules correctly because I can access the webserver from the outside world but I cannot accessit from the internal network...
what I'm missing - why the 192.168.1.0/24 cannot see the 89.x.x.122 machine... What IPtables rules should I add?
View 2 Replies
View Related
Jul 3, 2010
Does anyone know if it is possible to filter/block network traffic between internal hosts on a lan?
Eg. : Linux firewall/router ( 192.168.0.1) - LAN Default G/W - all internal > external traffic gets filtered.
How would you filter tcp/ICMP/UDP traffic from internal host a ( 192.168.0.2 ) to host b ( 192.168.0.3)
All the internal hosts have the linux f/w as the default gateway, and are all on the same /24 subnet.
I would like to know if I can filter traffic between internal hosts.
View 3 Replies
View Related
Jul 28, 2010
I have just installed CentOS and it is working fine!I made a masquerade with the document there: I didn't used the script, because right now, I do not completely understand it, and obviously I am not modifying anything by leaving it like that.I was using Mandriva before and I am used to graphical tools My questions are:I add the following lines in my iptables:
[root@localhost ~]# service iptables stop
[root@localhost ~]# iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
[root@localhost ~]# service iptables save
[code]....
View 1 Replies
View Related
Aug 2, 2011
I'm trying to write a p2p file sharing program using python's built-in libraries. Everything is going well. The only thing is that i'd like to be able to use openssl public and private keys so only a host with the public key could access/decrypt the filesharing. I've gotten these libraries (httplib, basehttpserver, ssl, os) to work using just a pem file containing both the public and private keys but no success with them seperately. Can someone point me in the right direction or offer an alternative? PS, the goal of the project is to create an anonymous, decentralized, secure file sharing program. I want to be able to upload this to sourceforge so everyone can use it, if that's any incentive
View 2 Replies
View Related
Oct 12, 2010
I have installed Ubuntu 10.04 Server on an older desktop with the intent of making it into a firewall box. What I would like to do is hook one nic into the modem, and the other nic into my router. I'm not sure if I want to setup the 2 nics as bridged.
View 1 Replies
View Related
Jan 22, 2011
does somebody know how dnsmasq / iptables need to be configured such that requests to my public IP from lan are correctly NAT'ed to the host that handles them? Currently my routing device treats them like "oh, these are anyway for me, gnam gnam" which actually doesn't work.Unfortunatly setting up NAT rules that redirect requests from my lan correctly as they are redirected from wan is an option I would like to use only if there is no other possibility.I would like some kind of solution that treats packets that are sent to my public IP as normal packets that are not looped back before they even get out. So they would need to be at least sent to the wan gateway where they are directed back where my firewall can successfully treat them like all other public requests.
View 1 Replies
View Related
Feb 4, 2010
Is it possible to provide remote Windows users access to a LAN via the Internet when the LAN itself is connected to the Internet via a SOHO router that is assigned an IP address dynamically? An LQ thread from 2004 includes a suggestion to use VPN and DynDNS.com. Is that still a good solution? Are there any security issues?
Assuming:VPN is a good choice. DynDNS.com or similar can be used to give remote clients the public IP address of the SOHO router. the SOHO router is configured to forward VPN traffic to a Linux system acting as the VPN gateway. then, for a LAN of ~20 IP nodes and less than 5 simultaneous remote clients, are there any other VPN server software solutions to consider other than OpenVPN, Openswan and strongswan?
View 2 Replies
View Related
Feb 13, 2011
I try to access my ubuntu machine via my Windows Machine (Samba Server on Ubuntu Machine). Anytime I try to access the machine it asks me for my password...I enter it but it says it is invalid....is there anyway to reset it? I have already tried to remove and purge everything Samba related and then tried reinstalling, but that still didn't do anything
View 2 Replies
View Related
Aug 5, 2009
I have two nagging problems on one network which I do not have on another elsewhere, both using uptodate Debian servers. The server is on the private subnet behind a router/adsl modem. The symptoms of the one which does not work
1) Users cannot access their web site from lan. If they try, they get to the router web interface, same as if they entered http:10.0.0.138 which is the router's lan address.
2) Users cannot access smtp or pop3 service using the domain name, they can access it only using the servers LAN address.
I fear that I might have not set up the router properly because appart from that the two servers are almost identical but I do not know where I might have made an error.
View 14 Replies
View Related
Apr 9, 2010
I need to access a Windows Server 2000 machine using a Linux machine via KDE, but that will migrate to Gnome. The Linux user to connect to Windows machine, you should open an application 'XYZ' automatically, and only this, denying any unauthorized access. When you close the application 'XYZ' communications (RDP?) Should be terminated. Do I need a log of accesses and possible attempts to circumvent the system and access other application.
View 7 Replies
View Related
Feb 8, 2010
i have a linux server runnig oracle applications. i need to access this server from putty using ssh through internet. i did by registering my static ip with the dnydns.org and i am able to connect to the server. but now there is no security to authenticate any user as any one knowing the password can login to it.
i thought of configuring the firewall of linux server but the client ip`s are not static and they change continiously. so thought of keeping one more pc between the server and the router which will do the work of authenticating. but i am confuse as how to configure it to allow the packets coming from the internet after authenticating and to by pass the packets generated from internal LAN?
View 8 Replies
View Related
Oct 13, 2010
How I can benefit from a public external IP? Do I need a public IP to access my computer from a remote site?run a tftp server ?
View 1 Replies
View Related
Mar 1, 2011
I've run into a weird problem. Two of my linux machines (A and B, both running CentOS 5.5) are connected to the same wall ethernet socket via a hub. Bothf them are configured for static IPs. The trouble is that when machine B goes offline or hits a kernel panic, machine 1 goes offline too. What I've noticed is that in this condition the "route" output from machine A does not show any entry for the default gateway either The contents of /etc/sysconfig/network-scripts/ifcfg-eth0 for machine A are:
Code:
# Realtek Semiconductor Co., Ltd. RTL8111/8168B PCI Express Gigabit Ethernet controller
DEVICE=eth0
[code]...
View 3 Replies
View Related
Aug 28, 2010
I am in the process of setting up my own Linux gateway/firewall using two nics eth0(external network) and eth1(internal network). The Linux gateway hands out ip addresses using dhcp3-server, and uses iptables to route the traffic correctly. Clients are able to connect and access the internet...everything is working great, HOWEVER I can't access my apache virtual hosts websites from the internal network? They work just fine if i access them from the outside world
I can type ip of the web server, 192.168.0.201 and it shows the first virtual host listed in my /sites-enables/000-default folder. but i can't use any DNS entries. I don't have any internal DNS servers running. This doesn't makes sense, because if i replace the linux firewall/router with my normal linksys wrt54G router it works just fine.
View 4 Replies
View Related
Jan 6, 2010
I have my firewall setup so that only specific subnets/IP addresses can access the system. My issue is that I have remote user/laptop who needs to access the system, but is constantly on a different subnet/dhcp IP address. Is there configuration for iptables where I can enter the mac address of the laptop to allow access to the system and not specify a subnet or IP address?
View 3 Replies
View Related
Mar 31, 2010
Basically, I have a windows 2003 server virtual machine (vmware) inside Ubuntu 9.10.
The Ubuntu machine has IFconfig:
Code: sam@sam-laptop:~$ ifconfig
eth0 Link encap:Ethernet HWaddr 00:15:c5:b8:c8:8b
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
Interrupt:17
Why can't I ping or simply access the internal server on my ubuntu machine from a another computer on the 192.168.1.0 (slash)25 physical network? Do I need a bridge? Iptables?
View 4 Replies
View Related
Oct 28, 2010
host is windows 2003 server 64-bit
guest is ubuntu 9.04 server 64bit
Qemu : 0.11.1
Qemu manager: 7.0
from Qemu manager, if network card is using User Networking, it's a NAT and I can see that Guest Ubuntu has an ip address 10.0.2.15 and is able to access the internet. However, as Guest ubuntu is running server so I want to do use Tap networking and I assue with Tap, the Guest ubuntu will get an ip address which is in the same subnet as host machine by dhcp. so from Qemu Manager 7.0, I changed Network card to be:
NE2000PCI
Vlan Number =0
VLAN Type: Tap Networking
Mac address: tap0's mac address from host
TAP Network Adpator: Tap0
Note that tap0 was created by openvpn. and then fired Ubuntu guest, ifconfig shows no ip address on eth0 (which has the same mac address as Tap0) so the guest Ubuntu has no ip address and can't access public.
View 1 Replies
View Related
Jun 10, 2009
I am looking for a solution for our LAN traffic monitoring and would like to use some opensource linux application. I have a linux box with two NIC cards and what I thought is the following: Our setup is as follows. Internet comes in through the router and into the firewall. From the firewall it goes into our switch and distributed among the workstations.
I have no access to the router or the firewall as they are centrally configured. I would like to place a device into the loop through which I could monitor the LAN traffic.
Can I put a linux box between the firewall and the switch and have all packets going through registered and logged? I have a proxy server (non transparent) and that captures some but not all. I would like to get all packets registered without interfering with the LAN etc.
View 3 Replies
View Related
Sep 26, 2009
I'm using Fedora Core 11 and the client OpenVPN on the network-manager into a segmented infrastructure. It works well.
My laptop is on a dmz wireless Zone 192.168.3.0/24 and access Internet through a firewall via a front-end zone 192.168.65.0/24 with wlan0 interface.
But my laptop can access on a back-end zone 192.168.2.0.24 to a server.
When I start the OpenVPN tunnel, I cannot access on my back-end zone because the kernel routing table is modified (all the traffic is routed through the tun vpn interface)
If I define a static route like route add -host 192.168.2.x gw 192.168.3.2 where x is my file serveur, I cannot connect to this server because the routing is make through the tun interface and not by the wlan0 who can access on is gateway
I want to know where changing the kernel routing table file to access on the Internet and on my back-end zone in a same time.
View 4 Replies
View Related
Feb 14, 2011
Within the documentation of example OpenVPN setups there is a setup that shows an OpenVPN Server with two network interfaces. One interfaces is plugged into the public internet network and the second interface is plugged into the private network.
Normally I assume that it would be best to place the OpenVPN system inside the network behind the router and firewall and open only the ports needed on the router to allow access to the OpenVPN system. All other router ports would be closed. This is the first example they show. To see what I am talking about see page(s) 6-7 here -> [URL]
If one were to use the two interface public facing setup, when would that setup best be justified? I guess if you didn't want to open any ports on the router/firewall then this could be justified but then you have to lock down this public system individually instead of having it protected by the network firewall.
View 1 Replies
View Related
May 13, 2009
the only error message I can find comes from "dmesg|tail"all it shows is
"no IPv6 router"any body know what is going on here or where where to look for more clues the next time I get around public wifi Oh the windoze washers and apple polishers don't seem to have any problems at all
View 4 Replies
View Related
Feb 23, 2009
i have been using samba to gain access into windows computer through my pc which has fedora 8 ..can i access the unix machine from another unix machine? is yes then what is the procedures ?
View 4 Replies
View Related
May 14, 2010
I am behind NAT using private IPs like 172.x.x.x in my lab. I need to access programs from other machines which are also behind NAT. What is the syntax of ssh command that i can run? Because when i make connection within one LAN for example:ssh -X 172.x.x.10 to 172.x.x.3 it works fine. I can access programs like gedit, firefox etc. But when i try to do the same on the machine that are behind NAT then i get this error;
[root@localhost ~]# gedit
(gedit:3977):WARNING **: cannot open display:
View 6 Replies
View Related
Jul 13, 2009
Can any outsider(from Public N/w) access my pvt. network.i.e. my clients of my subnet? If yes how ??and if no why?
View 1 Replies
View Related
Nov 15, 2010
I have two laptops with me here at school, one bigger one [home computer], and one smaller one [netbook]. I take the smaller one with me to class and when I'm out and about, however, I keep all of my things on the bigger one. I would really like to be able to set up some sort of SSH port forwarding for the bigger machine so that, when I'm out and I realize I left file X on my home machine, or I want to listen to a certain song, or whatever, I can just scp it to the netbook. The issue is, at my dorm, I'm stuck behind a firewall and can't just set up a SSH daemon and port forward through the router, I need a more clever solution. I do have a home server (not with me at school), which I commonly use for transferring files. Basically, I'm wondering if there is some way I can SSH into my server box, with reverse port forwarding so that, when I am out and about, I can just log into my server and copy files from my home computer for use on my netbook. I've tried a couple of solutions which come up from google "reverse ssh" but haven't been able to get them to work. A step by step guide to doing this would be great. Again, the setup is:
Home server [ssh-able]
Home Computer [behind firewall, can't ssh into at the moment]
Netbook []
Want to be able to SSH from Netbook to Home computer, probably using Home server.
View 1 Replies
View Related
Jan 11, 2011
Just installed Ubuntu the newest release on my laptop . Im dual booting on my laptop. Vista or Ubuntu. I gotta say I love Ubuntu more than vista. I would much rather use ubuntu. My question is I cannot for the life of me connect to my main PC running Windows 7. Reason I want to do this is my PC running windows 7 has all my music which is rather large over 100gigs worth. Looks like it recognizes my PC but I cannot access anything.
Now In windows 7 I have disabled password and made it pretty easy to access files on there. When I boot into vista on my laptop no problem at all getting onto the network to access my main Windows 7 Pc. Any Ideas why Ubuntu can't get into my Windows 7 pc Through my network. Would love to do this that way I don't ever have to boot into vista. Ubuntu is great otherwise.
View 1 Replies
View Related
May 31, 2011
I have a weird issue where all of the machines in my office can all connect to our web server, either via DNS or using the server IP directly. However, on my machine, which is using the same network IP as the rest of the office and I know it's not being blacklisted, I can't access the server at all via SSH or web or mail. I'm the only machine running Linux, I've flushed the network cache using nscd, but this made no difference. Can anyone think of what might be going on here?
View 10 Replies
View Related
