I bought a Cisco 1841 to study for a cisco certs. In iptables terms filtered packets are -j REJECT instead of -j DROP. To make things worse telnet and ping replies are on by default.
View 5 RepliesI was given a Cisco IP Phone (model 7962) and CyberGuard Firewall/VPN (model SG300) from my company. So that I can work from home. But I've been struggling for the past couple of days trying to get it to work. The phone successfully configures it's ip; but it hangs on "Registering".
The setup is such:Cisco phone plugs into the CyberGuard and gets assigned a private IP address; 192.168.48.34; from the CyberGuard.
CyberGuard plugs into my Slackware (12.1) box and gets assigned a private IP address; 10.0.0.191; from the dhcpd server on my Slackware box.
Slackware box then masquerades that 10.0.0.191 into my static public address on the internet.
Port 1723 (PPTP) is open in the iptables firewall on my Slackware box. I've also tried disabling the firewall (ie opening all ports) on my Slackware box.
On my Slackware box; via iptraf; I can see traffic between my Slackware box, the CyberGuard, and my company's server.
Traffic such as:
Code:
And on the company's server; the following is observed:
Code:
My company just keeps saying "open port 1723 + 47". But as I stated above; I have opened them. And Internet searches have revealed absolutely nothing. At this point; I am completely lost as to what may be wrong.
I have three machines say A B and C. I want to make machine B as a router for A and C, so that the ping packets from C to A should be going via B. I have directly connected two interfaces(eth4) of A and B and similarly two interfaces(eth5) of B and C. I have even set up a route between B and C. 1. But I am not able to set a route between B and A.2. If I ping A from eth4 of B(viceversa) it works. When I ping B from eth5 of C it work but not the viceversa.3. Also, if I ping from C to A, B receives the packets, but not A.
View 3 Replies View RelatedI have tried to google it around and couldn't find any good solution for it. What I want is to hook up to the kernel network hooks and for example investigate all of the packets (maybe keep some in the buffer and drop in the kernel so I could send them out lets say 10 minutes later) but from a C / C++ program perspective / level. I know it can be done via iptables but isn't there a way to do it from a program ?? I have found a library called ipq but apparently doesn't work with kernel 2.6.x anymore.
View 10 Replies View RelatedI'm trying to drop all packets from the internet that use a fake ip address so they appear to come locally.
Do I need both lines or only the first ?
--append INPUT ! --in-interface lo --source 127.0.0.0/8 --jump DROP
--append INPUT ! --in-interface lo --destination 127.0.0.0/8 --jump DROP
how can i drop igmp port 0 packets with iptables rule? my log file is full of this router advertisement.
View 2 Replies View RelatedI've got Tyan S4989 with gigabit ethernet controller Intel Corporation 82571EB. Sometimes server starts drop packets and doesn't respond to any connections and all logs doesn't contain any errors. iptables and SELinux switched off on CentOS 5.3(2.6.18-128.1.6).
View 3 Replies View RelatedI have two network interface eth0 and eth1 eth0 is on 192.168.0/24 network connected to the internet eth1 is on 10.10.10/24 network and DHCP for this network the clients connected to this interface can not connect to the internet but they can ping 192.168.0.4 which is the eth0 ip but can not ping 192.168.0.1 cisco router or anything else on 192.168.0/24 I have tried few tricks but still not working
1) iptables -t nat -A POSTROUTING -s 10.10.10.0/24 -o eth0 j SNAT --to 192.168.0.4/24 it did not work
2) iptables -t nat -A POSTROUTING -o eth1 -j SNAT --to 192.168.0.4 did not work as well
I'm Melvin, doing a hardware and networking course at Aptech, Kerala, India.
How to install IOS image (file.bin) via TFTP from Ubuntu to a Cisco 2600 router.
Please post the required steps to configure tftpd in Ubuntu.
And since it is insecure, please post recommendations to secure it.
Which folder will TFTPd use and what binary permissions to assign to this folder?
How to connect a new Cisco router in newly installed Linux pc what are the configuration will have to do.
View 1 Replies View RelatedI'm trying to figure out a simple script to go thought 500 Cisco devices to see if I can SSH to the device. Then display something like this:
10.0.0.1 Yes
10.0.0.2 No
10.0.0.3 No
I tried something like this:
Code:
ssh -q -o BatchMode=yes -o StrictHostKeyChecking=no user@10.0.0.1 "echo 2>&1" && echo "Yes" || echo "No"
When tested the above line it replied No, even if I tried it on a Switch that does not have SSH configure.
i have a linux server runnig oracle applications. i need to access this server from putty using ssh through internet. i did by registering my static ip with the dnydns.org and i am able to connect to the server. but now there is no security to authenticate any user as any one knowing the password can login to it.
i thought of configuring the firewall of linux server but the client ip`s are not static and they change continiously. so thought of keeping one more pc between the server and the router which will do the work of authenticating. but i am confuse as how to configure it to allow the packets coming from the internet after authenticating and to by pass the packets generated from internal LAN?
i need to write a program in c that can sniff packets from Ethernet and distinguish RTP packets from Non-RTP packets, i have no idea what should i do
View 9 Replies View RelatedI have a hardware device with two ethernet ports, eth0 and eth1 running Centos 5. Basically my goal is to forward packets from eth0->eth1 and eth1->eth0 as well as get a copy of these packets for analysis. If I set IP routing to do the forwarding then I won't get a copy of the packets for analysis.
View 3 Replies View RelatedI just finished setting up a Natty box to act as my home router / home web server. I installed beta2 a few days before the final was out and updated all of the packages (also tried a dist-upgrade just in case ).
I performed the following setup:
- set up the webserver and sshd
- set up dhcp server and adressing
- set up rc.local to run rc.firewall with my filtering rules
- set the router live (rebooting it)
And that was basically it. Everything worked fine, except when I tried to open any of the sites that are hosted on the webserver from the outside world. It turned out that all of the ports on the external interface were blocked.
I decided to stop my firewall rules (flushing all rules) and then scan my box from the outside - still, all ports seemed to be filtered. I then decided to reboot the machine, disabling all mention of the rc.firewall script, but the ports were still filtered!
I then disabled apparmor and made sure ufw is disabled, but the ports are still filtered for the outside world. For the internal network they are not filtered.
Is there some other mechanism besides iptables rules that filteres packets?
Does any one know a way to make the filters in Thunderbird permanently delete filtered mail? I tried "Mark Read" then "Delete" (or "Move to Trash") then "Delete". But most of them do not get deleted out of the Trash. I have had the same address since about 1997 and there are certain spams I know I will get every day no matter what and I would like them gone for good. I know I could just Empty the Trash but I sometimes search for things in there, and it has come in handy having all those emails.
View 3 Replies View RelatedBecause of the configuration of my house, I need two routers.I have a DLink ADSL router as my main router and the Belkin N1 as my repeater.I have set up the IP address in the Belkin to be 10.1.1.10 - my DLink is 10.1.1.1. I have disable the dhcp in the Belkin and set the DNS as ISP provided. [URL]..I have set the channel to 11 and in the Ubuntu Network Manger I have set the IPV4 to Link Local Only. I can see the Belkin and connect with my PC.but it will not take me through to the internet.
View 9 Replies View RelatedI want to set up a Linux box as a wireless router to replace our existing Netgear WNR1000 router, as I believe the Netgear does not support the coming IPv6 protocol. Unfortunately, it is not flashable with OpenWRT or DD-WRT presently.
As we have Comcast, our cable modem acts as a dumb modem according to the customer support guy I talked to, and our router is the one that asks for the IP address from DHCP. Thus, when Comcast switches over to IPv6, I don't believe my existing router would work, correct?
My idea is to take a Linux box and put two NICs and a wireless adapter in it, using IPCop or Smoothwall to set up a router. I could then enable IPv6 support for when we have IPv6 with Comcast. Is that possible? Would there be a way to get BIND to hand out private IP addresses in the same subnet on the both the LAN NIC and the wireless card?
I have a desktop PC running Ubuntu 9.10 and Windows 7, and a Eee PC 701 laptop running EasyPeasy Ubuntu 9.04. I'd like to connect the desktop to the laptop with a wired connection (eth0), then the laptop to my ADSL router using wireless (ath0).
I have a crossover ethernet cable (I bought on ebay). I have set up my laptop with a static IP address on my LAN and it uses OpenDNS.
I have added this to /etc/sysctl.conf on the laptop:
net.ipv4.ip_forward=1
Then I tried this on the laptop:
sudo iptables --table nat --append POSTROUTING --out-interface ath0 -j MASQUERADE
sudo iptables --append FORWARD --in-interface eth0 -j ACCEPT
This is a variation on what I found on other sites describing how to set up a router. I don't understand iptables very well, but I gather that the above two lines should set up forwarding so that traffic from my router to the laptop will be forwarded to the desktop, and vice versa.
But this doesn't work. The connection doesn't even establish between the laptop and the desktop.
I'm having trouble getting my network set up the way that I want it/had it. You see, when I first set up my network, I just had my cable modem going directly to my standard wired router (A D-Link DI-604), which had DHCP,and was connected to all of the computers on my network. I had one switch hooked up to one of the ports of the router, but this was a regular switch, and it would not try to assign IP addresses, it would just pass through the DHCP info as I wanted.
Now however, my network setup has changed. My room mate and I both got laptops, and we decided that we wanted to have wireless access so we didn't have to constantly plug in to the router.
Now my network is set up like this: The modem is hooked up to the router(DI-604), which is hooked up on the LAN side to our computers, our switch (which is hooked up to 3 more computers), and to a wireless router card (A Gigabyte GN-BC01).
The wireless router card has two jacks for ethernet. One for WAN, and one for LAN. The LAN side we have plugged only into the computer in which the card is installed.
Now the problem is this: The wireless router card comes with DHCP by default, and it's assigning addresses to the laptops and to the computer hat it's in, and worse, the IP addresses are on a different subnet than that of the main dlink router. The Main (dlink) router assigns addresses from 192.168.0.1 (itself) to 192.168.0.254, while the wireless router card assigns addresses from 192.168.1.1 to 192.168.1.254 (itself).
Because of this, I cannot access services on the wireless network from my wired network or vice versa. The first thing I tried was setting the card to assign addresses from 192.168.0.12 to 192.168.0.253, however it just said "internal error" when I tried to do this. I decided that this may be because it sees that it was being assigned an address on it's WAN side on the same subnet. So the next thing I tried was disabling DHCP and setting the "LAN IP Address" to 192.168.0.12, hoping that the DHCP would just go through the card, like a switch. I would have set the LAN IP address to be assigned by DHCP, but this was not an option, so I decided that'd be the best thing to set it to.
Once again however, setting the LAN ip address to an address on the same subnet as that of the IP assigned to it's WAN side caused it to report an "internal error". I verified that this was the issue by setting the LAN address to several other private IP addresses to test (I.E. 10.0.0.1, 192.168.3.1, 192.168.5.12).
My question then really is: How do I set up both routers so that I can access services and computers from each network from the other network. Should I set them with different subnets and set the gateway on the wireless network to the main router? To the wireless router card? Should I put them on the same subnet? Will it know how to communicate?
Here is a link to (picture) my network diagram. Network Diagram
I am using ubuntu 10.10 and facing problem with cisco VPN connection. VPN connection is getting successful but not able to connect to destination servers.I also tried to add default gw to the the IP which is assigned to my VPN connection but still access to VPN machines not working.
View 1 Replies View RelatedI use VPNC to connect to a Cisco VPN. I am able to connect, but some issues exist when I use SSH. For example, I login through SSH to a computer in the VPN and I execute ls => it works. If I execute ls -la => connection stalls. I think it stalls every time it is supposed to return more content (top, ls /etc).
If I do scp from my end to server => works. If I do scp from server to my end => connection stalls.
I'm trying to install the Cisco VPN client on Ubuntu 11.04, kernel version 2.6.38-8 generic-pae. I need a step by step process since I am an absolute beginner with Ubuntu and this is my first install on the operating system. I have already tried the network manager but connection always fails. I have also tried the website [URL] but this always fails, seems this was made for earlier versions of Ubuntu and earlier kernel versions.
View 9 Replies View RelatedI did a forum search and too much came up that was not the answer I was looking for. I have only Linux devices at work and I was wondering how do Linux Administrators connect to Cisco devices via serial console cable. Cisco recommends 'Hyper Terminal' which was a Windows add-on applications licensed to XP. I think Vista and 7 no longer have the license to use Hyper Terminal. Regardless I don't have any versions of Windows and would like to use a serial cable from Com port 1 to the console port on the device. I can't use SSH since some devices don't support SSH and or I have to do a password recovery.
View 4 Replies View RelatedThese r IP provided by my ISP that i've put on Fedora 8:
WAN IP:xxx.xxx.xxx.17 (eth0)
Subnet:255.255.255.252
Gateway:xxx.xxx.xxx.18
Valid static(public) IP set of 2:
IP:xxx.xxx.xxx.147 & 148 (eth1, eth2)
Subnet:255.255.255.240
i want to run xxx.xxx.xxx.147 as a web server & xxx.xxx.xxx.148 as a ftp server. but I'm able to ping only xxx.xxx.xxx.17(WAN IP) from outside world. Can any1 tell me that how can i bring my 147 & 148 IP online without router.
Is using Cisco AnyConnect for ssl remote access, i loged on on my company vpn.abcd.com , using a username and a password, requested a certificate which was added to Firefox certificates, then installed the AnyConnect client. now i can just start the AnyConnect client to connect without the need to access to my company vpn.abcd.comWhat i want to do is to add a vpn connection to the network manager so its always connected once i powered my computer on, and dont need to start the AnyConnect client to get connected each time.
There were three options Password/SecurID, Certificate(TLS), Certificate(TLS) with TPM.I tried the first one, got a message "Unknown certificate from VPN server "vpn.abcd.com". Do you want to accept it?" , accepted entered my password ---> login failedThe other two options need a certificate files which i dont know how to get, is it the firefoxcertificate, or what ?.
Just wanted to ask a small question... I've set up a VPN connection to my university and i installed and configured everything ok, cause I can connect without any problems...
Now that I'm connected I want my browser to run through the VPN tunnel created by the connection so i can access certain sites that are else inaccessible, but how do i force my browser (I'm using firefox atm) to do that?
When I'm on MAC of Windows OS, as soon as i connect with a VPN, all connection run through them. Fedora seems to ignore the VPN connection and just continues to use my home-network to connect to the internet.
So the basic question is: how do i use the VPN connection.
Iuse FC10, kernel 2.6.27.21-170.2.56.fc10.i686, fully updated system
Probably there is bug in kernel used FC11 [url] This bug freeze computer after ping or other data sending over VPN connection.
Is there any chance to backport this patch to kernel in FC11?
More about this in topic:[url]
cisco vpn client 4.8.5 I have no problem to connect it, but got disconnected every minute after I opened a terminal and ssh to company's server. Not sure what's causing the problem. There's no problem to connect to windows.
View 2 Replies View RelatedProblem with fedora 13, I am no longer able set up a virtual private network using vpn. The following error message appers:
"/usr/sbin/vpnc: no response from target"
No problem when connecting with ubuntu or windows.