Networking :: Force TCP Traffic Out Over Specific Interface / When IP Is Bound To Another Local NIC
Aug 12, 2010
I'm hoping some of the Linux network experts can help me with this problem.
Situation: I have a technology which is a WebLogic JEE application that communicates to an Oracle database. Everything is installed in a single Linux virtual machine running in VirtualBox. Traffic from the JEE application goes via JDBC over TCP to the local running database. What I want to do is test a new database firewall server that wants all traffic destined for the database to flow via another virtual machine running the DB Firewall software.So therefore want I need to do is have DB traffic forced out over one interface only to return on another interface on the same VM listening on a different address.
JEE application running in WebLogic bound to 192.168.111.12 (eth1 a VirtualBox hostonly interface). Makes a request for 10.0.111.12 (eth2 a VirtualBox internal interface) which the database is listening on. Because both IPs are on local interfaces, Linux is going to handle the traffic and not route the 10.x traffic via the 192.x interface.I also have running the database firewall server which has a bridge (br0) between the HostOnly network and the Internal network.Both systems are running Oracle Enterprise Linux R5U4, which is basically the same as RedHat.What I want to do is have the request for 10.0.111.12 forced out via 192.168.111.12, bridged over the br0 connection and back into 10.0.111.12 and to the database. My networking knowledge is pretty good, but i'm stuck right now on the right way to do this. I'm pretty sure it is possible, I just need clear advice.
Reason for setup: Ideally I would build the system with the database on a separate machine so that I can easily route the traffic. Unfortunately we have many VirtualBox based demonstration systems with both the application and database installed on the same VM and therefore the amount of work to migrate these two dual VMs is going to be significant, also many of these VMs are demonstrated from laptops which have limited resources and creating a new database VM reduces overall performance. If I can create a way to force the traffic in this manner off and back onto the same VM via the other VM bridge, it would be fantastic.
View 7 Replies
ADVERTISEMENT
Aug 21, 2010
I have a linux router with 2 physical ISPs and a VPN tunnel that all my traffic passes through. I would like to setup a rule to redirect all traffic from one internal IP address (10.0.0.x) through the physical link only. My current script is as follows.
iptables -F
iptables -X
echo 1 > /proc/sys/net/ipv4/ip_forward
[code]....
My goal is to do something similar to the mangle on the tor traffic, but for an entire host.
View 2 Replies
View Related
Jul 30, 2011
I am running Debian Squeeze on an old pc (AMD K62-500) which serves as my multiwan router and torrent box. Internet uplink is provided via a dsl line and 2 wireless canopy modules.
Setup has been generally fine except when connecting/downloading as free user from sites like rapidshare, hotfile, filesonic, etc. The problem arises when I am connected to these sites using the wireless uplinks because of the shared public ip. I don't really download that much using direct download methods so I don't really see myself being a premium user from these sites.
If these sites are on a specific ip or ip range, an entry on the static routing table would have been fine but when I tried using ping, a different ip would appear to reply each time.
I wonder if there can be a solution like using iptables where in traffic to and from these sites will only use the NIC connected to the dsl line.
View 1 Replies
View Related
Feb 2, 2011
I've got 4 or 5 of these TRENDnet USB network adapters ( TU-ET100c ) that I use frequently when I'm configuring firewalls or IPS devices for customers. I use them in combination with VirtualBox to test. They've always worked great until my new laptop I just got, and I put 10.04 on it. Previously I was on 9.x. Sometimes they will give a link light, other times not. And when they do the interface shows that it's up, but I can't get any traffic across the interface.
[code]...
View 3 Replies
View Related
Jan 16, 2010
How do you count the traffic on the interface, friends ?
I have a router for a medium-size LAN. HTTP-traffic goes through the transparent proxy, logs are parsed with Sarg, so that's the way I look how much megabytes my users 'do' daily.
Now I want to get rid of proxy, just to do sNAT. But I still want to know the daily traffic of my users (even in general, not for each user).
The router is run by Slackware 12.2.
View 1 Replies
View Related
Jun 9, 2011
I use a server with 3 nics,
eth0 192.168.2.100 (internal Web, Mail)
eth1 192.168.3.100 (Default Gateway nic for clients)
eth2 192.168.3.110 (should be default Gateway for all outgoing traffic not belonging to 192.168.2.100 and 192.168.3.100)
They are all on the same machine
i cannot set eth1 or eth2 as default gateway, as outside requests to eth0 would be handled in a false manner (somehow)
is there an easy iptables-rule to say, that outgoing traffic, not belonging to my networks can be redirected to a specific NIC (eth2)?
View 3 Replies
View Related
Sep 25, 2010
When setting up an alias for eth0, the interface works as expected for normal traffic, but does not receive broadcast traffic.
Host 1's setup:
Code:
Pinging host 1's normal interface from host 2 works as expected:
Code:
Pinging host 1's alias interface from host 2 works as expected:
Code:
Broadcast pinging from host 2 only gets a reply from host 1's real interface (as well as some other uninteresting devices on the network):
Code:
I have confirmed by listening on both interfaces using netcat, and broadcasting using netcat, and again only the real interface receives data.
Is this by design, or is it possible to get interface aliases to receive broadcast traffic?
View 1 Replies
View Related
Sep 12, 2011
Currently I have a server which runs under centOS 5.6. It is dedicated to the VoIP application of my customer.I have a problem for which I have the solution but I didn't managed to achieve it.So, let me explain you the context.Here is the networking aspects of my environment
VoIP Provider_____Gateway_____________My server
ADSL Provider____(non pingable)
x.x.x.2 <====> A.A.A.1 <======> A.A.A.3
[code]....
View 2 Replies
View Related
Mar 4, 2010
I've got a machine running 9.10 with two network interfaces, one being motherboard based (atl1) and the other in a PCI slot (e100). By default at boot the interfaces come up in the wrong order. I'd prefer to have the e100 come up as eth0 instead of eth1. And then have the atl1 come up on eth1 instead of eth0. Both interfaces use static addresses and IP4 routing should be active across them. Where do I configure things to force the specific settings?
View 2 Replies
View Related
Mar 2, 2011
The task I am trying to complete is the virtualization of an IPv6 router created using two fedora machines. Here is the physical setup I have now...
PC1:eth0 <------> network
PC1:eth1 <------> PC2:eth0
PC1:eth2 <------> PC2:eth1
PC1 runs radvd to provide router advertisements to the network and a DHCPv6 server for stateful addresses.Each interface is configured on a separate subnet. PC2 runs a DNS server on eth0. PC2:eth1 is used as an IPv6 client for testing purposes. The connections from PC1 to PC2 are just crossover cables.I've created virtual machines of both PCs and have created 4 virtual adapters on the host machine for each of the local-only interfaces.Now I have this:
PC1:eth0 = HOST eth0
PC1:eth1 = HOST vboxnet0
PC1:eth2 = HOST vboxnet1
[code]....
View 2 Replies
View Related
Feb 16, 2010
I have a DELL running CentOS 5.4 with 2 active NICs, one with an external IP address (eth0) on 123.456.78.9 and another that is connected to our internal network (eth1), 192.168.2.x. When I reboot the server, everything works glowingly. External traffic is correctly routed over the external interface (eth0) and internal traffic over the internal interface (eth1). After some random amount of time, a couple of hours and sometimes a couple of days, all traffic starts getting routed over our internal network, so DNS requests fail, internet pages don't load, smtp connections fail, etc.
I'm assuming that everything that's not headed for our .1, .2 or VPN internal networks would go out the external interface. And why this works for a period of time and then stops working is beyond me. And when external traffic starts going over the internal interface, I just reboot and it starts working like it's supposed to again.
View 13 Replies
View Related
Apr 24, 2010
I have a fairly clean install of Debian 5.04 on a G5 tower and am having some local network sharing problems. The machine linuxG5 has an address of 192.168.1.4 and when I am logged into that machine I get the following output
silver@linuxG5:~$ nmap localhost
Starting Nmap 4.62 ( http://nmap.org ) at 2010-04-24 10:19 EDT
Interesting ports on localhost (127.0.0.1):
Not shown: 1706 closed ports
PORT STATE SERVICE
21/tcp open ftp
22/tcp open ssh
25/tcp open smtp
[Code]...
View 2 Replies
View Related
May 24, 2009
I have problem with port based routing for local traffic. I can't use trick with iptables -t mangle, ip route table 1, ip rule fwmark table 1 because it works only with forwarded packets. I can't even use patch-o-matic because it's obsolete. And xtables-addons doesn't contain support for "-j ROUTE" yet.
View 2 Replies
View Related
Nov 21, 2010
My Ubuntu Box has 3 interfaces. eth0 (Internal 192.168.1.0/24)eth1 (External ISP DHCP)eth2 (External ISP Static IP)I need the outgoing traffic to internet for 1 of the internal pc (192.168.1.10) to only go only go through eth2
View 4 Replies
View Related
Apr 18, 2009
I have an Asterisk-server with 2 interfaces, a WAN-interface (eth1) and a LAN-interface (eth0).
SETUP : IAX-provider(internet) --> firewall --> Asterisk-server --> switch --> clients_on_LAN
So everything coming from the IAX-provider on port 4569 is forwarded to the Asterisk-server's WAN-interface (eth1). This needs then be routed to an internal SIP-phone (an IVR-system will define which one) via eth0. When a call is initiated from an internal SIP-phone (they register to the IP-address assigned to eth0) it needs to be routed via eth1 to the gateway (192.168.4.250). Asterisk will setup an IAX-channel on WAN-interface (eth1) to the IAX-provider (via gateway). So... will this work :
Code:
route add -net ip_IAXprovider netmask 255.255.255.0 gw 192.168.4.250 dev eth1
Code:
route add -net 192.168.4.0 netmask 255.255.255.0 dev eth0 (no gateway needed for the LAN-interface, communications to the gateway need to go via the WAN-interface !)
View 4 Replies
View Related
Apr 19, 2009
I have an Asterisk-server with 2 interfaces, a WAN-interface (eth1) and a LAN-interface (eth0).
SETUP :
IAX-provider(internet) --> firewall --> Asterisk-server --> switch --> clients_on_LAN
So everything coming from the IAX-provider on port 4569 is forwarded to the Asterisk-server's WAN-interface (eth1).
This needs then be routed to an internal SIP-phone (an IVR-system will define which one) via eth0.
When a call is initiated from an internal SIP-phone (they register to the IP-address assigned to eth0) it needs to be routed via eth1 to the gateway (192.168.4.250). Asterisk will setup an IAX-channel on WAN-interface (eth1) to the IAX-provider (via gateway).
So... will this work :
route add -net ip_IAXprovider netmask 255.255.255.0 gw 192.168.4.250 dev eth1
View 9 Replies
View Related
May 26, 2011
When I run OpenVPN server - tap0 adapter, it breakes Teredo(Miredo) IPv6 address down. I dont need IPv6 on OpenVPN, so is there any way to disable IPv6 on tap0 completely?
View 2 Replies
View Related
Aug 6, 2011
As part of my job, I have to configure a lot of network devices that are configured through web pages. This generally means plugging in to them via ethernet, going to their default IP address and reconfiguring them. I set my IP address using ifconfig, which is much faster than plugging numbers in to networkmanager's GUI. The problem is, NetworkManager seems to take the interface down at random.I could disable NetworkManager but then I don't have a wireless connection.Is there a way to tell NetworkManager to temporarily ignore what is happening on a specific interface or should I just ditch NM altogether when doing this kind of work and use wpa_supplicant to get on my wireless?My co-worker with the Windows machine is looking over my shoulder and chuckling
View 2 Replies
View Related
Apr 19, 2010
How can I force a Wine application (or Wine itself) to use a specific network interface? I have installed hamachi and am trying to play starcraft over virtual LAN. However, when I run Starcraft with hamachi running, it does not work. I have now determined that hamachi creates a network interface called "ham0". How do I force Wine/Starcraft to use the "ham0" network connection? I have looked into forcebindip but it crashes on wine.
View 1 Replies
View Related
Mar 28, 2011
im trying to ping from a specific interface, I have a wired and a wireless connection both going into my laptop.
My wired adaptor eth0 is on the ip 172.16.109.75 my wifi adaptor wlan0 is on the ip 192.168.1.69
when I ping google with my eth0 unplugged with the following command
Code:
conneco@mcr-pc-29334:~$ ping -I wlan0 www.google.co.uk
PING www.l.google.com (74.125.230.115) from 192.168.1.69 wlan0: 56(84) bytes of data.
64 bytes from 74.125.230.115: icmp_seq=1 ttl=51 time=32.7 ms
[Code].....
View 1 Replies
View Related
Apr 8, 2011
How can I force a Wine application (or Wine itself) to use a specific network interface? I have installed hamachi and am trying to play starcraft over virtual LAN. However, when I run Starcraft with hamachi running, it does not work. I have now determined that hamachi creates a network interface called "ham0". How do I force Wine/Starcraft to use the "ham0" network connection?I have looked into forcebindip but it crashes on wine .
View 5 Replies
View Related
Aug 9, 2009
Is it possible to apply a rule to a specific local IP? For example lets say I have a two IP's assigned to my server, 1.1.1.1 and 2.2.2.2.;.I want to deny all connections going to 1.1.1.1 only asides from a couple of trusted IP's I will define.
View 1 Replies
View Related
Oct 13, 2010
I want to build a topology of this kind:
|eth0 (a.a.a.a) |
Linux PC |<----------------> | ROUTER
|eth1 (b.b.b.b) |
|<----------------->|
the linux machine has two interfaces eth0 (a.a.a.a) and eth1 (b.b.b.b) connnected to two interfaces of a router. Now that if I send any packet destined to b.b.b.b from a.a.a.a interface on the linux machine, it should take the folowing path: eth0->router->eth1 . and it should be the same for vice versa.
View 1 Replies
View Related
Jul 12, 2010
I have two NIC card that connect to different networks. code...
View 3 Replies
View Related
Nov 20, 2010
I'm looking for a powerful network traffic monitor that can do all of the following (or at least a combination of tools that can do the following):
Tell me how much data was downloaded/uploaded on an interface this month and the previous month tell me how the traffic was used throughout the monthshow which internal IPs (IPs in the 192.168.1.0/24 network) used how much traffic show which ports/protocols on those IPs used all that traffic
Hhow LIVE traffic flow statistics that can tell me total speed of traffic going through an interface as well asshow which internal IPs (IPs in the 192.168.1.0/24 network) are using how much of the traffic show which ports/protocols on those IPs are using that traffic
This tool will run on a linux router through which all my internal PCs are connected to the Internet. This means the tool(s) need to work with NAT (traffic being forwarded and not necessarily destined for the interfaced being monitored).
The distribution being run doesn't have a package manager so any packages or dependencies have to be manually compiled and SCPed over file by file. For this reason, the tool/tools need to be simple (things like vnstat, not things like ntop that have their own web interface).
I know that vnstat can tell me the first bullet point so it's only there incase there's a tool out there that can do everything. If there's a tool that can only do the second or third bullet point, that's great too - I'll just keep using vnstat and look for something else to do the other task.
View 6 Replies
View Related
Jun 25, 2011
I run a bunch of CentOS 5.6 servers, where we continuously deploy our software. Our software comes in self-made rpm packages from a network-local yum repository. As bugs happen in software development, I sometimes want to downgrade to the previous release, so force the installation of a specific version of the package.I tried the allow-downgrade plugin, but so far no luck. Neither yum update nor yum install seem to work with allow-downgrade. (It does not seem to do anything?). Does anyone have a working example for yum --allow-downgrade?
This is what I tried:
1) Show current yum version
[root]# yum --version
[code]....
View 5 Replies
View Related
Jul 19, 2010
Does anyone know how to measure the traffic (packets per seconds in and out) on a specific TCP socket ?
View 3 Replies
View Related
Sep 20, 2010
I got to establish an OpenVPN connection between two server and I have dhcpd on the client server which feeds a few SIP phones. All these phones are supposed to the register server through the tunnel.Here is the network structure:
Client CentOS:
eth0: 192.168.0.0/24
eth1:192.168.100.0/24
tun0:172.15.0.0/24
DHCPD: feeding above eth1 and all the phones with 192.168.100.0/24
If I ping 172.15.0.1 from the the Client CentOS it works all fine. Everything pings and I can even do SSH. However, the phones which obtain their ip through eth1 on the same server can not reach the 172.15.0.1. I think it's a route issue here. Can you please guide me to the right direction as to how to forward certain traffic through tun0 and leave the rest of the traffic to go through eth0?
I don't want to turn on IPTABLES as this is time consuming for me now and there is VPN setup. It has to do with setting up the routing but I am not sure.
View 4 Replies
View Related
Jul 15, 2010
I decided I was going to compile XChat from source today for "fun." What I ended up doing was spending a few hours getting it to compile, then find out everything didn't work the way I thought it did. I was under the impression that after I ran "sudo make install" I was "upgrading", when in reality I'm just installing a seperate version alongside the old one. Apparently I have to keep the old version so every program that was compiled with it will continue to work, so how do I:
1) Force a program to use a specific version of GTK when compiling.
2) Find where my version of GTK installed to.
I've asked some people and I've just been told to "learn LD_PRELOAD". I've googled and can't figure how I could even apply that to my current problem
View 3 Replies
View Related
Jul 11, 2011
concerning controlling the windows in virtual desktop.
a) Say to a application to be launched to virtual desktop 2 for example.
b) How can you ask from a virtual application to be only visible at one virtual desktop. For example I work on virtual desktop 6 and I want to start skype that should be on virtual desktop 2. Right now If I launch the app on virtual desktop 6 it will appear on the same one. Would it be possible to ask for an applicaiton to be launched on an other virtual desktop. If yew how?
View 7 Replies
View Related