Networking :: Alternative Routing For Local Process?
Nov 26, 2010
I have a multihomed server, connected on two different ISPs. All default trafic goes to ISP1 via wan1. There is special local processes in my system, what must go through ISP2 via wan2. This processes are make connections to TCP:80.
What did I do:
[root@localhost ~]# ifconfig wan1 10.44.8.252 netmask 255.255.255.0 broadcast 110.44.8.255 up
[root@localhost ~]# ip r r default via 10.44.8.1
[code]....
I see that frames goes out with SRC of wan1... I tried this:
[root@localhost ~]# telnet 194.87.0.50 80
[root@localhost ~]# tcpdump -i wan2 -nnt port 80
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
[code]....
The connection did not established... Conntrack does not see it!
I've setup an XP VM using Red Hat's KVM. The physical Red Hat box has two NICs, a fiber one in use and active and a CAT-5 one that is disabled and with no wire connected. The physical box has br0 active and bridging on the subnet of 192.168.10.0/24. ip route show also displays for virbr0 192.168.0.0/16 My physical box (192.168.10.228)can ping the virbr0 IP of 192.168.122.1, but not the XP VM of 192.168.122.228
I have played around with Window's route command to try and setup some method for the Windows VM to ping the 192.168.10.0 network, but have not had any luck. I've also messed around with the Red Hat netmask and such to work it from the Linux side. But then, as would be expected, I can't talk to other Linux boxes on the physical network.
Does anyone have any ideas how to get the Windows box to communicate with the Red Hat box and the other Linux systems beyond while keeping the two distinct networks of 192.168.10.0 and 192.168.122.0 leaving them both as Class C (255.255.255.0)? I mentioned the unused CAT-5 NIC thinking perhaps it could operate as an internal router even with no cable attached. That was just a random thought and I have not even explored that.
I've already designated a machine to act as the router to the hurricane electric tunnel. I created a he-ipv6 device on it and can ping ipv6.google.com. No problem.
The problem happens when I want clients to use that router. That is, I can't ping ipv6.google.com from other machines on my LAN.
I setup /etc/radvd.conf, which seemed to successfully give out addresses to my clients:
I start the daemon and check that my clients have new ip6 addresses. So far so good. On my router, I do a sysctl -p and see that /proc/sys/net/ipv6/conf/all/forwarding = 1. I haven't touched ip6tables/iptables yet. Both are in a flushed state.
My ipv6 router is actually inside the LAN which gets internet from another machine which has let ipv6 packets through using protocol 41. I figure I don't have to worry about anything else because if my router can ping6 ipv6.google.com, the failure point would be there.
So my clients get ip6 addresses, but can't ping6 the router nor the ipv6.google.com. They do resolve ipv6.google.com however and I checked the traffic on the router over he-ipv6 from ifconfig and RX and TX bytes were changing during the ping.
My router has only one physical device for forwarding, eth0 and the tunnel device he-ipv6. Do I need to add some kind of ip6tables to see a simple ping from my clients?
I have problem with port based routing for local traffic. I can't use trick with iptables -t mangle, ip route table 1, ip rule fwmark table 1 because it works only with forwarded packets. I can't even use patch-o-matic because it's obsolete. And xtables-addons doesn't contain support for "-j ROUTE" yet.
I am using Network Manager to connect to a VPN server so that I can access some of the computers on the local network there. When I'm connected, I have two problems: All my internet traffic goes through the VPN. My computer is no longer visible on my local network. I waste a lot of time connecting and disconnecting the VPN. Is there any way I can set up a VPN so that I am still on my local network and only requests to 172.x.x.x go through the VPN. I suspect it can be done with iptables, but all the info about iptables goes WAY over my head.
I have two networks. One of them is wired, the other is wireless. The wired has an internet connection and a few other computers connected to it. The wireless network has a few hosts connected to it too, but it has no internet connection. What I've been trying, fruitlessly, to do, is make all connections that are bound to the internet, or my wired network, be routed that way, and all the connections to the hosts of the wireless network go that way.
Here's the setup..
Wired:
192.168.1.0/24 Gateway = 192.168.1.1
Route internet through here
Wireless
192.168.2.0/24 Gateway = 192.168.2.1
If my computer sends a packet to the internet, it should be routed through 192.168.1.1 If I send a packet to one of the local hosts of the wireless network, it should be routed through 192.168.2.1. Here's the routing table I've set up(This is one of many configurations I've tried)
Code:
$ ip route show 192.168.2.1 dev wlan0 scope link 192.168.2.0/24 via 192.168.2.1 dev wlan0 src 192.168.2.4
[code]....
With this, and everything else, I get destination host unreachable when pinging. The strange thing is that, if I unplug my eth cable, reboot and connect to the wireless network, everything is fine and I can access the router and the others. I'm trying to improve my networking skills, as I've had this of setting up a small linux box as a router for quite some time, for the fun of it, but I need to get routing under control before I go ruin my network.
I have setup squid on a local-only ADSL account as per management to cut costs. But now they have asked to route international sites via another proxy. The local sites should still go through the local proxy and the international sites get routed to another vpn.Is it possible to use iptables for domain names and redirect the traffic.
I want to backup data and upload to online hosting services. I first want to encyrpt my data locally that I want to backup. Since I will be making changes locally to the data, I want some sort of incremental imaging system where the incremental changes are stored in seperate files so that I only have to upload the incremental encrypted changes. Duplicity is an option, but it uses GPG, which makes it a bit complicated; and I was wondering if there was any alternative which was simpler as I am only doing the encryption and backup locally.
EDIT:I have only ONE computer on which the data resides, and on which the backup image image is made. That is, I have a directory foo on my computer, the backup of which will be made to back-foo on the same computer. I want back-foo to be in an encypted form Then back-foo will be uploaded (unencrypted) to microsft live storage or to spideroak storage etc. Since back-foo is encrypted, my upload is secure. And since I'm uploading, I want incremental backup support, that is, the backup utility should create new files which contain the incremental changes so that I can upload only the new files which contain the changes.
I'd like a way to see all of the devices on my local network and what their local IP address is. I recall that I used wireshark to troubleshoot a similar problem a while back, but it doesn't seem to have a way to see all of the devices- only the traffic. (I'd like to do this without having to physically interface with my router if possible, and I am in an encrypted network if that matters)
I have installed a web server on my local network. Everything is well configured and web pages are shown correctly from Internet (outside the local network) using the domain or the public IP.The issue is if I try to see that web pages (using the domain or the public IP) from inside the local network. In that case the router config page (192.168.1.1) is shown instead of the web pages.From inside the local network I'm only able to see the web pages using the internal IP address (192.168.1.XX).
i know exactly what i need to do, im just not familiar enough with command line to do it properly.i have 7 computers.the first 4 are connected to a router via wireless at one end of the house. of the last 3 only 1 will be able to access the router via wireless, so it needs to share it's one wireless connection via ethernet. this computer i'm going to call 'server'server will have two IP'swlan0 192.168.1.6 this connects to the router that has internet access.eth0 i intend to have the following settingsip:192.168.0.1sub: 255.255.0eth0 will connect to a second router, where the cat5 cable goes from the server, into the internet port of the router where i will define the router's static IP:IP: 192.168.0.100sub: 255.255.255.0gateway 192.168.0.1i have then set the router IP for LAN handling as 192.168.27.1 and all ethernet connections will have a 192.168.27.x IP.
so i need to know how to, without a gui application, use the terminal to assign server eth0 a proper IP address, and tell the server to take the connection it has and share it through eth0 to supply internet for the last 2 computers via ethernet.i had it set up in this way with a windows machine being the one that had the wifi access, but i'd rather have it setup for the ubuntu server to do this task. security is imperative for these 3 remaining machines, so just getting 2 more wifi adapters for a connection to the initial router isn't an option.the 2 that connect to server do so through SSH and though server IS connected via wireless it only makes outward connections through
I've got an Ubuntu server hosting our websites and other various things here in our own home. We recently switched to a router that doesn't support loopback (abomination), so I've set up hosts files on our computers so we can access our own sites when on our home LAN.
However, we often take our laptops as we travel about, and I'm guessing due to the hosts files when we try to access our sites, it'll look on whatever local network we're connected to for our server, which won't work, obviously.
Is there a way to set up something like a hosts file that'll only try to look up the local IP of the server when we're on a specific network (our home one), or have one that tries to look for the local IP first, then proceeds to try and resolve the domain name and use the external IP if the local IP doesn't work?
My setup is...I have a wireless access point using laptop as a gateway. The AP is also connected to a switch as is the laptop. So the laptop has two interfaces one wireless and one wired. A third device is using the AP to connect to a server on the internet. The AP sends the packets to my laptop where they are dropped. I've been looking for a solution to this problem without success. Basically is there a way for my laptop to forward all packets it sees from a certain IP address to whatever destination address they have?To clarify, my laptop is just the gateway of the AP and none of the packets are addressed to it at all, it just picks them up using a sniffer or similar tool.
I have a pc with debian 6 (without GUI) installed on it and want to use it as server at home. It has 2 ethernet nics. Now i want to configure the routing process. Searched internet for a long time found something but couldn't get it work.
When setting up an SSH proxy, I know you can configure Firefox to route DNS requests through the proxy. Is this possible from linux directly? I'm trying to use wget through the proxy, including DNS lookups.
I have two subnets which I am interested in connecting.
Some basic network details:
Subnet A:
Subnet B:
I am trying to think of any further relevant details, but that seems to be it to me. If I forgot anything, please tell me.
Ok the question. WHAT do I type? (Explicitly!) And WHERE do I type it? In order to reach ubuntu-01.tec.lan, or ubuntu-02.tec.lan from perpetrator.tec.lan or rapine.tec.lan?
I'm interested in using actuall ROUTES. I can already achieve results similair to this with either a NAT firewall, or with VPN.. but that's not what I am interested in.
From what I have found out so far, I should need something like the following:
I'm newbie to Wireless. Currently I try to implement EAP-TLS but firstly I need to get the hardware work, allow Access Point to Route from Wireless to Wire (LAN DNS server).
I want to use tab networking in my kvm with routing.Can any one guide me how i can do it. i have been reading different guides over the net but not understand any one clearly.I have read this[URL].. One problem is this all my server are remote and no gui is running.I am able to install kvm with ssh console with -nographic and -x "console=ttyS0" option now i want to change from bridging to tap networking with routing.And i have live ip on kvm guest/Virtual machine.
IN LAN default GW box I have a routing rule of 172.17.1.0 192.168.180.100 255.255.255.0 UG 0 0 0 eth3 that sends packets matching 172.17.1.0/24 to eth3 etc. When I ping 172.17.1.50 - it goes correctly when ping is issued in the same box (LAN GW) - falls through to default rule when the ping is done in LAN's boxes i.e. it goes to the LAN GW box and then to Internet incorrectly instead of going to eth3 and 192.168.180.100.
Is there any way of seeing why the packet matches or not the routing rules?
I have a network routing problem that I need to fix using a PC with ubuntu installed.
Here are the details of my problem: - I have two networks. - The first network is an ADSL router with subnet 192.168.1.x. I do not have access to the router nor change any of its configuration. - The second network has a subnet 172.26.x.x and connect via a wireless access point. Some of the devices connected to the network require to have static IPs. - I have a PC with ubuntu installed and two ethernet cards: one connected to the first network and the other connected to the access point. - I need to share the internet connection between the two networks using ubuntu. I already tried before on windows and the sharing worked when both networks were configured to use the same subnet. Once I changed the subnet of the second network, internet sharing stopped working.
Im having a issue with routing internet traffic from my router two different subnets (vlans).
Theres my setup:-
Server:
Both eth0,1 are running dhcp (two scoopes) that works fine!
The output of route -n is:
I have ip_forwarding on aswell, but i can ping the ip on the server running that dhcp scoope ie ping 192.168.4.1 works great but i just cant get the internet on the clients.
I have two linux boxes running RHEL 5.5 with internal ip addresses 10.0.0.114/24 and 10.0.0.118/24, and usual gateway 10.0.0.1. There's an apache listening on both ports 80 and 443 for several websites. This works nice, but the feature for load balancing has to be added. For this, externally, but in the same subnet, a hardware device has been placed for load balancing (we call it "F5"), with internal ip 10.0.0.152 (vrrp for 10.0.0.153 and 10.0.0.154). There's a service address that does NAT via round robin to the servers, 10.0.0.208, managed by the F5 balancer.
If I set as gateway the ip 10.0.0.152 in both nodes, I can use the service address for browsing http and https, *BUT* at a cost that ssh and any other connections, at OS logging level, come from 10.0.0.1, which is innaceptable (i.e., I can' set proper security, regardless the F5 is badly configured), so I have to find another way for this. So, I thought of using iptables mangling capabilities, and my thought is that just changing the default route of the incoming http(s) traffic, everything should be ok. I've done the following:
If I tweak the hosts file in my M$ workstation to test individual access for each server, I can browse the websites with no problem, but if I set the service IP address, I get an error "Document contains no data" in the browser after just a few seconds. Apache logs show nothing in its logs. I can see packets arriving, but seem to go in a loop. I can provide some output, but since surely I'm making some mistake in the process, if I get help with the proper knoweledge about how to fix it, the problem will be solved. But if still someone needs it, I can provide more data.
from the router it split into 2 connection one to my GW (linux debian) and another to a switch which is connected to a web/email server and the gateway.
My gw use x.x.x.27 and x.x.x.26 (everything I use on these ips is ok)
on the web/email server I have x.x.x.28 29 and 30
With this setup it's ok but I want to eliminate the link to the switch and make it pass thru the GW and i can't manage to get it work!
I am sharing my DSL internet connection using a modem+wireless router (single device) to 5 systems. I want all my internet traffic to go through one of the linux boxes in my network.
The problem here is that wireless devices connect directly to the modem+wireless router.
Is such routing of traffic possible??
PS: I am not sure if i could convey my situation clearly...
