I have my firewall setup so that only specific subnets/IP addresses can access the system. My issue is that I have remote user/laptop who needs to access the system, but is constantly on a different subnet/dhcp IP address. Is there configuration for iptables where I can enter the mac address of the laptop to allow access to the system and not specify a subnet or IP address?
View 3 RepliesI'm trying the tail -f 172.16.X.XX /var/log/squid/access.log to view the sites requested by the client ip 172.16.X.XX but the result is it still open all the ip's requesting for the internet access. is there any tail commands that can monitor only the specific IP address requesting for internet access.
View 2 Replies View RelatedSomething strange with my firewall i used firestarter I dont know why i cannot ping outside on a specific IP address here is my setup. I have IP from ISP
119.92.56.77 - eth0
192.168.50.1 - eth1
with DHCP features from 192.168.50.1 - 254. my problem is i cannot ping this specific IP address which is 119.93.232.234 if you can try there and pinging is ok but here cannot because that IP address (119.93.232.234) they used that to connect to our openvpn which is the IP is 119.92.56.78 <---- this system linux(centos) or IP has no firewall enabled. meaning i separeted this connection. which my setup is like this for OPenVPN
[code]...
i have problem with my configuration iptables, i have configured for transparent like this,
for masquerade -> iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
for transparent -> iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-ports 3128
how to make a rule if there 1 address i dont want to redirect to port 3128? in other words 1 specific address just run on port 80.
I want to setup 1Gbps our lab network and we purchased 'Buffulo Giga layer switch ' with 24ports. Is there a way to tell DHCP to assign specific IP to a particular MAC address of a machine ? We want to use DHCP and whatever the port we use ,it should have same IP ..
View 1 Replies View RelatedI have 17 system (sys1,sys2,sys3.....sys17) in my office, and i am willing to setup a dedicated system to act as a firewall for that i have selected sys1 with two NIC(eth0 for local network and eth1 for internet) and i have configured to access internet in my office for that i have opened a wellknown port 80.but my clients are not accessing the internet..
and please check my sample IP configuration !!!
interface : eth1 (ISP IP)just for example
IP :192.168.0.2
gateway:192.168.0.1
dns:202.56.230.5
dns:202.56.230.6
Interface : eth0 (my local lan )
192.168.1.1
255.255.255.0
IP address of xp clients ranges form 192.168.1.2 to 192.168.1.16 with default 255.255.255.0
my question is that which gateway address and dns i have to give to my clients for accessing internet ?...
I hv Cent OS 5.3 installed as server. I hv a network of approx 100 desktops and laptops. For a security purpose i want to block certain laptops from gaining a the network access using dhcp. Can we block the ip address leasing if a specific MAC address request for a ip lease?
View 7 Replies View RelatedI am looking for a solution for our LAN traffic monitoring and would like to use some opensource linux application. I have a linux box with two NIC cards and what I thought is the following: Our setup is as follows. Internet comes in through the router and into the firewall. From the firewall it goes into our switch and distributed among the workstations.
I have no access to the router or the firewall as they are centrally configured. I would like to place a device into the loop through which I could monitor the LAN traffic.
Can I put a linux box between the firewall and the switch and have all packets going through registered and logged? I have a proxy server (non transparent) and that captures some but not all. I would like to get all packets registered without interfering with the LAN etc.
I could no handle/circumvent on the past week, despite of the several "googling" and documents reading. I will try to mention all needed bits... I'm managing a network with the following structure:
eth0: internal net
eth1: DMZ
eth2: 10 mbit/sec sync line with eight public /29 IP's + a /30 interconnection network. All public IP's must use the interconnection's network gateway.
eth3: ADSL with ppoe with fixed IP (ppp0).
Now, a few extra info:
- All internal traffic is routed through ppp0 except when it's destined for DMZ and public IP's range.
- DMZ traffic is routed either through ppp0 or eth2. This is done by source IP.
- eth2 has on IP from the interconnection network, and six public IP's are also defined on eth2. Command: "ip addr add ...."
[code].....
At school, the shop I work in has machines that run windows xp and cannot be updated to the latest SP (consider these machines "B"). This means that they are quarantined whenever connected to the network. There are also workstations that we would like to be able to connect to "B" for the sole purpose of dropping a file into a directory. These machines we will call "A" and are considered trusted.
I have No control of the school's network. I have a spare PC with two NICs as well as a 5 port switch. My thought was to use the spare PC as a gateway/router/VPN and setup an isolated "network b" consisting of all the untrusted systems. Disallow all traffic other than the VPN connection. Connect via vpn from the 4ish trusted workstations "A" to Network B. I could use mac filtering (I think) to accomplish this and disallow any computer not specifically authorized, thereby isolating the untrusted computers completely.
I have a server with a /data/ directory, everything in the /data/ folder has "-rwxrw-rw- 1 root root" permissions.all works fine, multiple users are mounting this over a lan and everyone is able to modify files. However I would like to be able to access the /data/music/ directory from the internet.
Is it possible to configure sshfs to only accept logins from a user restricted to reading the /data/music directory, or would it be possible to tunnel nfs over ssh in such a way that everyone on the lan 192.168.0.xxx has unrestricted access to the data directory, but something coming from outside only has read access to the music directory. Although is one were tunneling nfs over ssh, the nfs mount request would appear to come from the server itself. The router is at 192.168.0.1 and the server is at 192.168.0.3.This Seems very much like what I want to do, however I'm having a bit of trouble getting this to work well with other users mounting with full rights over the lan too.
i am using openssh 5.2-p1, i want to restrict user "admin" to login to the server from a specific IP address, for this purpose i have tried the following blocks in sshd_config file.Following is the part of the sshd_config file which i have modified
#The following commands will only allow specific IP to login to ssh.
#AllowUsers admin user1 user2
#AllowGroups
# override default of no subsystems.Subsystem sftp internal-sftp
Match Group sftpgroup
ChrootDirectory /home
AllowTCPForwarding no[code].....
i want to restrict admin user to login to the server only from 172.16.100.221 IP which can be done by using AllowUser line, but i dont want to use AllowUser line,
can I deny the access to my server for a specific OS? I have one PC which I want to give it acces from winxp, but if it's boot into ubuntu I want to deny all access to my server, same IP, same ethernet card
View 8 Replies View RelatedRight now my setup is as follows: I have an Asus Eeepc 900 running Netbook Remix named eeepc, and a media centre running 64-bit Ubuntu named media.When I try to ping or ssh into one machine from the other, for exampleCode:$ ping mediaI get an "unknown host name" error. However, pinging the device's IP address works. How do I get the computers to recognize each other's host names? Did I miss something in the setup?
View 2 Replies View RelatedI have a site in India that needs to be accessed by our offices round the world. I have added AllowUsers lines for the static IP's in those offices. However, we also have a couple of people who travel and don't have static ip's. Is it possible to enable both AllowUsers for the offices and have certificate access for the others?
View 1 Replies View Relatedus robotics router, trying to access 192.168.2.1, worked on windows xp, just switched to lucidi have tried using both firefox and chrome, neither will access my router
View 7 Replies View RelatedI have a strange problem. I have to clone my MAC address (and specify a different MAC address) to get internet. Without the new MAC address I get an IP address but no internet. This happened with my old (updated from 7.04 -> 10.10) OS installation and with a new, clean install of 11.04. So I have a workaround. But I don't know what the problem is.
Ps. I recently switch modem and router. And I had the problem with old and new modem/router combinations.
How can I set the firewall to automatically ban an ip address when it scans my computer? something similar to configserver firewall for whm.
View 2 Replies View RelatedWhen I try to access at physical address (0xD0000), we known that it is necessary to convert physical address to virtual address using function IOREMAP(0xD0000, 1024) and return me 0xC00D0000.
Now our doubt is when I have a board with I/O in address 0x150, is it necessary to convert this address to other virtual address??? or with inb(0x150) return me state of I/O in this address? How can I known where is this I/O address in my map memory?
I am learning to setup firewall in my home for that i have selected four system(sys1,sys2....sys4) for testing .I have configured sys2 to act as a firewall with two NIC. sys3 and sys4 are inside the firewall . sys1 is not connected to firewall for testing purpose.
the IP assignments are follows :
sys1 : ( fedora, not connected to firewall i am thinking, But i am not sure )
IP : 192.168.2.1 ,
gateway : blank
dns1 : blank
dns2 : blank
sys2 firewall ,IPTABLES )
code....
what happened is that sys1(not connected to firewall) can ssh to sys4(connected,inside firewall),since the rules are written not to ssh form sys1 to sys4..
then I came to know whatever the request I give, It directly goes as sys1 --> sys4. Not as sys1-----> sys2(firewall)---> sys4 .and the firewall is not filtering and processing anything for both inbound and outbound (i think it's my mistake some where). the requests are directly going inside without firewall.
I have a couple of openSUSE 11.2 machines and each is directly connected to the Internet (they are not behind a router, firewall, etc). I want them to be able to communicate without any firewall restrictions, but keep the firewall rules for all other IP addresses. Is this possible? the software package I'm trying to use randomly chooses a port to use in the range of 32768-61000 and I don't feel comfortable having a port range that wide open on both machines.
View 5 Replies View Relatedwe are trying to install this NIC Rosewill RC-400 Chipset RTL8169S-32 in Ubuntu 9.04 we downloaded the drivers from Rosewill website (For kernel 2.4.x and 2.6.x V 3.1) but when we follow the instruction in the readme file and do make clean modules and error comes out
Code:
make -C src/ clean
make[1]: Entering directory `/home/trinity/Desktop/r8169-6.006.00/src'
rm -rf *.o *.ko *~ core* .dep* .*.d .*.cmd *.mod.c *.a *.s .*.flags .tmp_versions Module.symvers Modules.symvers rset[code]...
So I went do realteak downloaded latest available drivers that seems to be were release yesterday did same command and same error So I made only make and it went fine did then make clean modules and went fine so made make install, depmod -a and modprobe r8169 verify int was up and getting correct ip from router but I'm not able to access the internet or ping any IP address
Code:
xxx@xxx-desktop:~$ uname -a
Linux xxx-desktop 2.6.28-18-generic #60-Ubuntu SMP Fri Mar 12 04:40:52 UTC 2010 i686 GNU/Linux
xxx@xxx-desktop:~$
how to block a specific MAC address
View 2 Replies View Relatedhost is windows 2003 server 64-bit
guest is ubuntu 9.04 server 64bit
Qemu : 0.11.1
Qemu manager: 7.0
from Qemu manager, if network card is using User Networking, it's a NAT and I can see that Guest Ubuntu has an ip address 10.0.2.15 and is able to access the internet. However, as Guest ubuntu is running server so I want to do use Tap networking and I assue with Tap, the Guest ubuntu will get an ip address which is in the same subnet as host machine by dhcp. so from Qemu Manager 7.0, I changed Network card to be:
NE2000PCI
Vlan Number =0
VLAN Type: Tap Networking
Mac address: tap0's mac address from host
TAP Network Adpator: Tap0
Note that tap0 was created by openvpn. and then fired Ubuntu guest, ifconfig shows no ip address on eth0 (which has the same mac address as Tap0) so the guest Ubuntu has no ip address and can't access public.
Running Ubuntu 9.10. In the Remote Desktop config dialog I get: "Your desktop is only reachable over the local network. Others can access your computer using the address 127.0.0.1 or tabatha.local." I understand this means only the loopback ip address is available. All my other machines show their true local ip address (e.g., 192.168.1.104) in this dialog. Thus I cannot log on to this desktop from other machines.
When I try to do a remote logon from another Ubuntu 9.10 box (or from an XP box using a VNC viewer), I get: "Connection to 192.168.1.102 has been closed." What steps are needed to make this machine show its actual ip address? All file sharing between the various machines is working properly and all windows shares back and forth between XP and 'nix, and among the the vaious XP boxes and linux boxes are available as designed.
I have vps box with debian. I have two ip addresses, but first (default) is currently unavailable. In that case there is many problem. Fortunately wget has --bind-address option so I can download. My question is how can i configure apt-get, aptitude to use specific address?
View 1 Replies View RelatedI would like to COMPLETELY block a specific IP address using iptables. I found this one:
Code:
iptables -A INPUT -p tcp -s xxx.xxx.xxx.xxx -j REJECT --reject-with tcp-reset
Will this work? How do I undo the changes later?
I have create distro groups in zimbra and have add member sin there. when i connect an account on mapi etc. [URL] i have create a persona in order client to send from [URL] rather than [URL] How can i restrict inside postfix to relay using [URL]?
View 1 Replies View RelatedI am trying to get apache to listen to specific IP address and I have read up of the listen command (http://httpd.apache.org/docs/2.0/bind.html) I can get virtual sites to work but not the apache it self.
View 5 Replies View RelatedI'm running gnome desktop on squeeze system. When I boot my system seems to be using my internet modem as its dhcp server. The rest of the machines on my lan are correctly using my router for that purpose. As a result, what happens then is that my debian machine frequently gets a duplicate ip address assigned to it. I would like to specify to my debian computer that I want it to use the specific fixed ip address of my router for dhcp purposes.
View 9 Replies View Related