Networking :: DNAT IPtables - Default Gateway For Return Packages
Nov 26, 2009
Client which uses an ISP with a Linux machine (Server 1) with two network cards. Eth0 with ip 1.1.1.2 and gateway 1.1.1.1 these ip's is not public ip's and falls unders the isp's internal range, eth1 with the internal ip range. OpenVPN listen on eth0 for incoming connections. We want to connect to Server1 from external networks. Due to different reasons the isp could not get the routing sorted and give us an public ip on his network. We had to setup another bos (Server2) with eth0 2.2.2.5 and gateway 2.2.2.1 which is public ip's and eth1 with ip 3.3.3.5. Server 2 can communicate via the ISP internal network with server 1. I use DNAT to forward all incoming connections on server 2 to server 1 but the problem I have is that server uses its default gateway for the return packages and does not sent the reply back to server 2. My iptables rules looks as follows on server 2.
/usr/sbin/iptables -t nat -A PREROUTING -p udp -i eth0 -d 196.25.157.135 --dport 1194 -j DNAT --to 192.168.100.170:1194
/usr/sbin/iptables -A FORWARD -p udp -i eth0 -d 192.168.100.170 --dport 1194 -j ACCEPT
View 5 Replies
ADVERTISEMENT
Mar 10, 2011
I'm having a complicated iptables problem. I'm using a linux poweredge 1750 with 4 ethernet interfaces and 1 wireless interface as a router/firewall/wireless access point.
The Computers on the inside can connect and communicate just fine. The access the outside world and other internal devices with no problems.
DNAT from the outside works just fine for things like ssh, webmin and http. But some protocols and services (ftp with filezilla and runuo) use ports to connect. And then, it is like they hand off the rest of the communication to other seemingly randomly determined ports. And that is when the conversation gets dropped. How do I configure my router to notice these port changes and continue to DNAT the conversation?
View 2 Replies
View Related
Oct 18, 2010
I have been trying to achieve something through iptables but something is going wrong. I want connection/packets arriving to a specific computer (let's call it "server") from another specific computer ("client") inside the same network to be automatically redirected to a remote computer in the internet and vice-versa. I tried doing that using iptables with these commands on the "server" PC:
Code:
iptables -t nat -A PREROUTING --source 'client-ip' -j DNAT --to-destination 'remote-pc-ip'
iptables -t nat -A PREROUTING --source 'remote-pc-ip' -j DNAT --to-destination 'client-ip'
[code]....
View 2 Replies
View Related
Aug 26, 2010
I'd like to (if it's possible, of course) to redirect the packets originated within a linux box, and I've been tryin' to do it through the OUTPUT chain in nat table:
Code:
iptables -t nat -A OUTPUT -p tcp -d 192.168.0.74 --dport 80 -j DNAT --to-destination 192.168.0.17:80
The policy for the rest is ACCEPT.This redirection didn't work this way. If I do lynx http://192.168.0.74:80 I reach 192.168.0.74 host, so there is no redirection.Could I achieve what I'm needing through with IPTABLES' OUTPUT chain (in nat table)?
View 1 Replies
View Related
Jun 3, 2010
I want to find out which server/service a streaming box connects to and maybe also take a look at some packets. The box connects to the Internet via a Linux gateway running Debian I have root access to. I have some basic knowledge about iptables, tcpdump, netstat etc. but couldn't yet figure out how to get this info.
My first approach was with netstat, but this traffic seems not to be visible (which somehow makes sense to me). My next guess was that with iptables it should be possible to log this connections, however I couldn't yet figure out how to.
View 1 Replies
View Related
Feb 3, 2011
This is slackware 12. I'm trying to share my internet connection (on eth0) with a computer connected to eth1.
eth0 is 192.168.0.101, eth1 is 192.168.1.100 (different subnets).
But when I try to make eth1's default gateway the same as eth0's, see the error I get code...
View 7 Replies
View Related
Jan 8, 2010
I am in a big confusion and searching an answer to calm down my mind.I have my eth0 has following configuration
` ` `
IP 192.168.1.100
mask 255.255.255.0
[code]....
View 3 Replies
View Related
Feb 23, 2010
I have installed ubuntu 9.04 Jaunty server from disk. I am connect to my corporate internet. I have put in my http_proxy everywhere I can find to put it. I am getting an ipaddress, gateway, broadcast,etc. My wired is connected. When I try to ping my default gateway it times out. %100 packet loss. I get the ipaddress of the gateway from the (route command).
My configurations on /etc/network/interfaces is correct(I am on another computer so I can't copy and paste) and I even tried updating the drivers for NIC card. I am using a Intel 82567LM-3. I have been working on this longer than I care to admit.
View 7 Replies
View Related
May 4, 2011
Im trying to achieve the multiple uplinks/provider found on LARTC.org. I have to get the IP addresses from my interfaces (EF1 and EF2) by using a script, but i dont know where to look at for the default gateway from each interface which got their ip address from my ISP.
View 1 Replies
View Related
Apr 11, 2010
I have a computer with two interfaces: a fixed connection (eth1) and a modem (ppp0). My goal is to receive UDP packets from both connections concurrently (using the recv() function). The problem is, that the received packets reach the application only when the default gateway is set to that interface's address. For example, if I set the default gw to be in the eth1 subnet, only packets from eth1 reach the application. Other packets are received in the interface (checked using tcpdump), but they seem to be blocked somewhere. The policy defined in iptables is "ACCEPT" for all incoming packets, with no rules at all. I would like to know how to overcome this problem, and anyway how is the default gateway related to incoming UDP?
View 3 Replies
View Related
Nov 11, 2010
I have a dual-homed Debian server running squid, but not acting as a router. Simplied network diagram is below - there are other local hops between the gateways and the Internet.
Code:
(eth0 @ 192.168.44.2) <--> (Gateway1 @ 192.168.44.1) <--> Internet
(eth1 @ 192.168.55.2) <--> (Gateway2 @ 192.168.55.1) <--> Internet
Using Gateway1 gives a very fast, but not always reliable route to the Internet. Using Gateway2 gives a slower, but more reliable route to the Internet. The server uses Gateway1 as the default gateway.
I have written a script that pings three hosts on the Internet, and if all three are down, switches the default gateway to Gateway2. This part seems to be easy, but I'd like know if there is a way of routing a ICMP/ping out eth0 to a host, with all other traffic to the host going out eth1, so I can determine if the Internet is reachable via Gateway1 again.
View 2 Replies
View Related
Apr 7, 2010
I am realtively new to BGP. I use BGP in my network to advertise my /20 subnet. What i would like to know is what is the point of accepting routes from your neighbouring AS(ISP)?My ISP has given me a default gateway, and no matter what I want to reach on the internet I have to go through that default gateway, so why populate the routing table with soo many routes?also, as i understand it, there are 3 kinds of routes that you can accept, those are full routes, directly connected routes and default routes. What is the diffrence between them and again how do they affect routing since my network only has the one default gateway?
View 2 Replies
View Related
Jan 30, 2011
I had a router crap out yesterday. I'd been testing out a new one for the last few days and just reconfigured it to be the main. Took the old one down and everything in my house (Windows 7 PC, XP Files server, Ubuntu PC , windows 7 laptop, android tablet, ps3, etc) seems to be working fine whether it be hard wired or wifi. All except my ubuntu 10.04 laptop. It worked fine before the swap so I can't figure out what's going on.
I'm able to connect to the new SSID without issue but I can't resolve any external names and when I try to ping the default gate way every other packet has (DUP!) behind it. If I'm hardwired I don't get the dup! when pinging the default gateway but I still can't resolve any external names. I have provided the results of an ifconfig and the results of a ping to the default gateway below.
cooley@Quigon:~$ ping 192.168.1.1
PING 192.168.1.1 (192.168.1.1) 56(84) bytes of data.
64 bytes from 192.168.1.1: icmp_seq=1 ttl=64 time=2.98 ms
64 bytes from 192.168.1.1: icmp_seq=1 ttl=64 time=3.04 ms (DUP!)
64 bytes from 192.168.1.1: icmp_seq=2 ttl=64 time=3.50 ms
64 bytes from 192.168.1.1: icmp_seq=2 ttl=64 time=5.72 ms (DUP!)
64 bytes from 192.168.1.1: icmp_seq=3 ttl=64 time=8.09 ms
[Code]...
View 9 Replies
View Related
Jul 2, 2010
I posted it on another forum, but could not get response,So I have this cenOS, Ubuntu and windows operating system running on virtual machines.Now I gave them manual ip address, both ubuntu and windows machines can ping the default gateway, but not the CentOS.It should forward 0.0.0.0. to my cisco router address(192.168.5.254),
View 4 Replies
View Related
Feb 21, 2011
I'm looking for a method to assign a default gateway via dhcp randomly depending on ether the last char of the mac being odd or even, or the time the user connects. Is there a good reliable way to achieve this?
View 2 Replies
View Related
Jun 16, 2011
I have installed dhcp-server on ubuntu. And server is providing ip address to clients (Window machines) but not default-gateway but I have another network in my network and same configuration and same dhcp-server provides every information.
View 5 Replies
View Related
Mar 9, 2011
Struggling to get my Linux server accept ICMP redirects not originating from default gateway. No problem to get it working if the redirects is originating from def gw.I know it's not a good solution security wise, but my network is so cluttered I'm forced to do so.
View 1 Replies
View Related
Apr 22, 2009
I'm using OpenWRT on a WRT54GS. I'm using wifidog in combination with openvpn. For those of you familiar with wifidog, my auth server is located at the other end of an openvpn tunnel and the "wifi dog gateway" is running on the WRT itself. I'm don't really think that wifi dog is the issue. Basically, I'm using openvpn with the "redirect-gateway" option which works well. In this mode, openvpn removes my current default gateway setting and adds the remote openvpn server as the default gateway (as it should). However, overnight, my default gateway on the local network keeps reapperaing (along with the openvpn one as well).
This causes confusion and I don't want any packets (But ovbiously the connection to the actual openvpn server) to go down this local gateway. Why do you think it reappears? Do you reckon openvpn is dropping connection and somehow the normal gateway is being added back? I *could* run a cron script which runs every minute or so with something like "route del default gw xx.xx.xx.xx" (where xx.xx.xx.xx is the default gateway which I don't want to be there) but that is quite messy and means that if I were to ever move the router I would need to reconfigure this and considering that I would like in the future to have many of these wifi dog gateways, this really isn't an ideal option (as every network will have a different default gateway).
View 2 Replies
View Related
Dec 19, 2010
I could not able to configure the default gateway ip address onto the system. i use the route command (" route add default gw 192.xxx.xxx.xxx eth0 ") to add a default gateway onto the routing table but it is "disappear" in the routing table when i had restart the service network.
View 3 Replies
View Related
Oct 21, 2010
I've been struggeling with this for a few hours now, googleing and so on trying to find an easy way to just switch which device I want as primary for internet connections. After long battles I'm at a loss, this is the current automatic routing
Code:
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
85.225.76.0 0.0.0.0 255.255.252.0 U 1 0 0 eth0
85.225.76.0 0.0.0.0 255.255.252.0 U 2 0 0 wlan0
[Code]...
View 1 Replies
View Related
Jun 29, 2011
I need to place an Ubuntu machine on a network where I have a DHCP server which does not configure the Degault Gateway parameter (we don't want ordinary users to browse the internet). Is it possible to leave the machine using DHCP and define the Default Gateway manually (as in Windows XP i.e.)? How?
View 1 Replies
View Related
Feb 19, 2010
I have set the iptables INPUT policy to DROP. As I have expected tcpdump wasn't showing any packages... for a while. Suddenly it begun to show UDP syslog packages being sent by a remote host. It is conform with the configuration of syslog, but since the INPUT policy was set to DROP, with no exceptions, it is not conform with configuration of iptables. Why after setting INPUT policy to DROP, with no exceptions most of the packets recieved before are being dropped and some not, as tcpdump shows?
View 7 Replies
View Related
Aug 19, 2010
I am trying to simply address translate TCP packets from one destination IP to another destination IP (DNAT?) without getting the initial SYN packet. Is this possible? I do not think it is with DNAT since the conntrack needs SYN first.
I have given the command:
The problem is that the first packet that matches this rule will be the SYN-ACK and I suspect it is simply DROPPED.
I am sparing you the gory details of why I would do such a silly thing, but simply put; I need to intercept client-to-server packets through a tunnel, but allow server-to-client packets to follow through the regular network.
I have been working on this for many days w/o success and my learning curve is still steep. I can provide more details as needed.
View 2 Replies
View Related
Dec 4, 2009
I'm having problems with NX, it's doing strange things, trying to connect to some IP host in timbuktoo because my DNS provider's DNS sucks AND because NX is looking up the host "localhost" without first consulting my hosts file (which nsswitch explicitly tells it to do). THAT's all beside the point.
To work around this apparent bug in NX I tried creating an iptables rule to redirect traffic destin for a certain IP (10.x.x.x) to localhost (127.0.0.1) with the following rule: iptables -t nat -I PREROUTING -d 10.x.x.x -j DNAT --to 127.0.0.1. After adding the above rule, my attempts to connect to that host continued to get routed right off into the internet where I DIDN't want them to go. Instead of being redirected to the localhost/loopback address.
It seems DNAT to localhost is not supported? A Google search reveals many other people having this issue but blaming it on everything but iptables. I'm proposing that it's not supported, by design or not, to redirect traffic from a NIC to the loopback network?
View 1 Replies
View Related
Jun 3, 2011
I'm trying to understand and set up port forwarding with iptables. So far I've read a lengthy tutorial on iptables, and I've Googled for hours, searched this forum, but I've been unable to come up with a solution that works for me.The situation I would like to achieve is the following: on one machine, there is a TCP server running bound to its external IP, port 9999. I would like to let another machine connect to this TCP server on port 9000 by forwarding port 9000 to 9999.All the policies of the iptables chains are set to ACCEPT; and I have set net.ipv4.ip_forward = 1. I have no problems using SNAT/MASQUERADE on the same server machine.I have tried the following:
Code:
iptables -F
iptables -t nat -F
iptables -t nat -A PREROUTING -p tcp -i eth0 -d ${SERVER_IP} --dport 9000 --sport 1024:65535 -j DNAT --to ${SERVER_IP}:9999
In order to test this rule, I started a TCP echo server on port 9999. I can connect to it on port 9999, but not on port 9000- this gives me 'connection timed out'. When I do 'iptables -t nat -L -v', I can see that the rule does get matched once per connection attempt.
View 1 Replies
View Related
Mar 21, 2010
I was playing with kde, system tray and widgets. Now all system tray is gone, even if I add it I can not change its size etc. Also my other visual features have changed accidently as well. Plus I can not retrieve workspace icon (4 small windows). I want to return kde to its default setting, like first time.Dist is Slackware 13.0 64bit and Kde 4.0
View 3 Replies
View Related
Sep 3, 2010
so I installed openSUSE 11.3 KDE and fooled around with it and the Plasma Netbook Workspaces and am now back with the regular KDE. Unfortunately something I have done has now caused me to not be able to do simple tings like change the wallpaper, or add Widgets to the desktop. Everything seems to "technically" work, so I suspect that it was a configuration somewhere that I messed up.
Is there a directory or directories I can delete and then log out and back in which will create the environment with default settings? I've done this with Gnome and Xfce when I've really messed it up and it has fixed things a number of times, but I am not sure where KDE stores their config files. I believe is it openSUSE 11.3 with the KDE version that came with it and it was installed from a LiveCD.
View 9 Replies
View Related
Apr 2, 2010
Is there any way to return default theme, in 9.10? because i have installed full mac theme and i really messed everything up, but now i'm bored, so is there any way restore everything easy?
View 2 Replies
View Related
Jun 7, 2010
I need the command for returning my ubuntu netbook remix (newest version) to default settings. The problem is that when I installed a theme, the next time I booted the OS the screen starts blinking and when I enter my admin password, no icons appear. My laptop is Dell 1525.
View 4 Replies
View Related
Sep 14, 2011
In my .bashrc I have the following lines to turn on colors for grep and ls alias ls='ls --color=auto'export GREP_OPTIONS='--color=auto'.I've tried changing the alias to export LS_OPTIONS='--color=auto' but that doesn't work.Is there anyway to use an export instead of alias. And are there actually any benefits to one way over the other?
View 2 Replies
View Related
