Networking :: Gateway / Firewall And Log Server
Aug 1, 2009
I got 2 servers, each on different locations (server 1 and server 2). I want all traffic on server1 included web browsing, applications etc., be always going through server2, like a gateway. I want the traffic to be encrypted (maybe use VPN?) So if I browse, or any logs pick up ip adresses from applications used by server1, I want it to display the IP address from server2 (Might be the wrong way to say it).
I always wants server2 to act as an firewall and logserver that logs all the traffic. I was thinking about using Snort for IPS/IDS solutions and OpenVPN for the traffic, but what can I use as a firewall? Most firewalls I find on google has its own OS/Distribution. Maybe Squid for logs? But squid does not support much protocols. Distribution on both servers are updated Debian/Ubuntu based.
View 3 Replies
ADVERTISEMENT
Jul 20, 2011
I want to do is setup a gateway(or router, idk what Ubuntu refers to it as.). So my set up would be Modem>Server>Switch>Router. I know that I need to set up it up as a DHCP server as well. I would also like to setup it up as a firewall too. I already have two Gbit cards that are already configured. So how do I do this? I already tried one tutorial, but it was old and was for Debian. I also installed ebox, but I couldnt figure that out either.
View 2 Replies
View Related
May 17, 2009
Our firewall (debian) currently has 4 public ip addresses (eth0 1.2.3.4, eth0:0 1.2.3.5, eth0:1 1.2.3.8, eth0:2 1.2.3.9) and 3 internal subnets (eth1 10.1.x.x, eth1:0 10.2.x.x, eth2 10.7.x.x). We are experiencing the following two problems which I believe have the same root cause. 1) The firewall cannot access beyond the isp gateway (1.2.3.1). 2) From externally, we can ping eth0 with no trouble, however, pinging the eth0:0, eth0:1 and eth0:2 interfaces have results similar to the following:
Code:
PING 1.2.3.8 (1.2.3.8) 56(84) bytes of data.
64 bytes from 1.2.3.8: icmp_seq=2 ttl=57 time=59.0 ms
64 bytes from 1.2.3.8: icmp_seq=2 ttl=57 time=63.0 ms (DUP!)
64 bytes from 1.2.3.8: icmp_seq=13 ttl=57 time=59.3 ms
64 bytes from 1.2.3.8: icmp_seq=13 ttl=57 time=63.0 ms (DUP!)
64 bytes from 1.2.3.8: icmp_seq=24 ttl=57 time=62.0 ms
64 bytes from 1.2.3.8: icmp_seq=24 ttl=57 time=65.6 ms (DUP!)
I get the feeling that I'm missing something obvious, especially since all traffic on the internal subnets can access externally as normal.
View 4 Replies
View Related
May 12, 2010
I have 17 system (sys1,sys2,sys3.....sys17) in my office, and i am willing to setup a dedicated system to act as a firewall for that i have selected sys1 with two NIC(eth0 for local network and eth1 for internet) and i have configured to access internet in my office for that i have opened a wellknown port 80.but my clients are not accessing the internet..
and please check my sample IP configuration !!!
interface : eth1 (ISP IP)just for example
IP :192.168.0.2
gateway:192.168.0.1
dns:202.56.230.5
dns:202.56.230.6
Interface : eth0 (my local lan )
192.168.1.1
255.255.255.0
IP address of xp clients ranges form 192.168.1.2 to 192.168.1.16 with default 255.255.255.0
my question is that which gateway address and dns i have to give to my clients for accessing internet ?...
View 1 Replies
View Related
Jul 3, 2011
I have a Bubba Two headless PC box and on it a Debian GNU/Linux Squeeze operating system.
I have upgraded my Bubba Two [URL]to Debian Squeeze from Debian Etch following these steps: Running Debian lenny or squeeze on Bubba Two [URL]
After this upgrade I have setup networking on Bubba following these steps: Setting up networking [URL]
In the case [URL] doesn't work, here are these steps:
[Code].....
View 5 Replies
View Related
Jul 20, 2011
So what I want to do is setup a gateway(or router, idk what Ubuntu refers to it as.). So my set up would be Modem>Server>Switch>Router. I know that I need to set up it up as a DHCP server as well. I would also like to setup it up as a firewall too. I already have two Gbit cards that are already configured. So how do I do this? I already tried one tutorial, but it was old and was for Debian. I also installed ebox, but I couldnt figure that out either.
View 1 Replies
View Related
Apr 1, 2010
story is my brother is a dindows lover (gamer) and hes been gettin attacked by virus's,etc cause he runs his Vista setup with no firewall or antivirus
He says the firewall,etc slows down the PC too much for gaming He doesnt want to use Linux as his games wont play on Linux as on dindows
He wants to know if you can install a Linux firewall/gateway or whatever into his Linksys WRT54GC router and thus protect his PC without using a firewall or av in it.
EDIT: precisely; he has a Linksys wireless-G connected to a always-on Verizon Westel 6100G modem so its a wired connection, not wireless
View 6 Replies
View Related
May 27, 2010
On a remote system, when all you have is the ssh CLI -
How do you find out the ip addresses for:the Gateway
the DHCP server
the DNS server
Don't need to make any changes.
Which commands will display this info?
View 1 Replies
View Related
Mar 1, 2011
I've set up a Lan-to-Lan (routed) OpenVPN tunnel. For redundancy I want to set up a second VPN tunnel on a fallback gateway/firewall on the client side. Currently, both sides (server/client) know how to route packets across each others physical LAN. So no NAT is used. When the primary gateway (fw1) is connected to the VPN server all traffic runs via the fw1 tunnel. Than when the secondary gateway (fw2) connects to the VPN server and fw1 is still connected all traffic for fw1 will be delivered to fw2 and effectively destroying traffic intended for fw1. This is of course no problem if I first shutdown (fence) fw1, than set up fw2 to use the gateway IP address from fw1 and set up the VPN tunnel to the VPN server. Effectively replacing fw1 with fw2 on the client side.
However, I can't seem to find a decent howto.
I am also exploring the possibility to let both tunnels active and let OpenVPN (or another tool) decide how to route packets back and forth the different LANs. A virtual IP between two gateway's both running a VPN or something similar. This would be the preferred method of course. However, I don't know how to tackle this one but I'm pretty sure there are people out there who are happy to share their 2 cents.
View 3 Replies
View Related
Jul 11, 2011
I am trying to get a Linux (Slackware 13.37) working in a Windows networking environment. The IT support for this organisation does not extend to Linux support, so I'm limited in what help I can get for this.
I'm trying to get to the point where I can get to the internet to download what I need on this Linux machine.
The situation is this (*fictitious addresses used) -My Linux machine uses a fixed IP address (10.100.150.21)
My Windows machine uses a DHCP assigned IP address (10.100.150.213)Both Linux and Windows machine are configured to access the gateway server (10.100.150.1)So, I can ping the Linux machine from the Windows machine and vice-versa.I can ping the gateway machine from the Windows machine.I can browse Windows Shares on the network via SMB from the Linux machine.I CANNOT ping the gateway machine from the Linux machine with the Destination Host Unreachable message being the error message.
For actual internet access I need to access a proxy server but since the Linux machine can't even ping the gateway server, it fails to ping the proxy.Now, I have been told the gateway is a HW based router and for Windows machine they use some software for authentication to connect to the network. This software isn't available for Linux, so that's why I've been told to use a fixed IP address.My experience of networking is pretty basic and most of the Linux setup is done via running Slackware's setup program.
View 12 Replies
View Related
Apr 2, 2011
I just set up a linux server which is acting as an internet gateway. For specific reasons, clients first make a vpn connection trough the internet to the linux server.
CLIENT ---->Internet----->Linux VPN Server ------> Internet
On the linux server iptables is configured for NAT. The problem is that the internet speed becomes slower than expected. I used windows and RAAS and the speed was pretty good. The server has only 1 NIC(eth0) and an alias interface is added to eth0. The alias is eth:0 with ip address 192.168.0.253
iptables config is as follows:
iptables -P INPUT ACCEPT
iptables -F INPUT
iptables -P OUTPUT ACCEPT
iptables -F OUTPUT
iptables -P FORWARD DROP
iptables -F FORWARD
iptables -t nat -F
iptables -A FORWARD -d 192.168.0.0/24 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -s 192.168.0.0/24 -j ACCEPT
iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -j SNAT --to MY_VALID_IP
View 1 Replies
View Related
May 11, 2010
setup 2 gateway in my email server(opensuse).
now i wan to setup 2 internet lines for my email server, which mean that either one of the line is down, i still can receive mail from another line.
Example
Internet line 1 = ISP1
Internet line 2 = ISP2
my email server got 3 nic which...
eth0 = 192.168.1.2 (255.255.255.0) (from ISP1 GW 192.168.1.1)
eth1 = 192.168.2.2 (255.255.255.0) (from ISP2 GW 192.168..2.1)
eth2 = 168.168.1.2 (255.255.0.0) (connect to local LAN)
now existing GW set on the server is 192.168.1.1, mail receive and send through ISP1. now we wish to set somethings that once the ISP1 line is down, the server will auto switch to ISP2 gateway and continue send and receive mail without manually change of settings
View 9 Replies
View Related
May 29, 2011
I have been searching google for a while now and have not found exactly what I am looking for. I would like to use my fresh install of ubuntu server 11.04 as my router/gateway for my home. I am not an expert at linux by any means but I can usually figure stuff out. I believe I need iptables, bind, and a few others probally. It eventually will also be a samba server but I have done a little with samba before. I do have 2 network cards, my router at the moment is starting to die and would love to have a more powerful router. I would also like to figure out how to do port forwarding in the router, as well as be able to see the load on the network cards. Maybe there is a program to show usage by user? As well as be able to do packet pritorization.
View 4 Replies
View Related
Jul 2, 2010
I posted it on another forum, but could not get response,So I have this cenOS, Ubuntu and windows operating system running on virtual machines.Now I gave them manual ip address, both ubuntu and windows machines can ping the default gateway, but not the CentOS.It should forward 0.0.0.0. to my cisco router address(192.168.5.254),
View 4 Replies
View Related
Jun 16, 2011
I have installed dhcp-server on ubuntu. And server is providing ip address to clients (Window machines) but not default-gateway but I have another network in my network and same configuration and same dhcp-server provides every information.
View 5 Replies
View Related
Feb 14, 2009
Since I have a new internetaccount, 2 days ago, I have a problem on my server [Fedora Core 8]. I use it as a router.
eth0 is for the internet.
eth1 is for my LAN.
But since my new internetaccount my server uses eth1 for the internet. This is a line from my syslog:
Code:
NetworkManager: <info> Policy set 'System eth1' (eth1) as default for routing and DNS. I killed the NetworkManager daemon and now it works but this must not be the way to do it? Where do I tell my server that I use eth0 for routing and DNS?
View 1 Replies
View Related
Mar 26, 2009
I have setup an ubuntu gateway server by using four NIC cards.
eth0 :210.212.235.107 is connected to the internet
eth1 :192.168.1.222 is connected to the local network
eth2 :192.168.2.222 is connected to another network
Here 192.168.1.222 is the gateway for 192.168.1.0 network and 192.168.2.222 is the gateway for 192.168.2.0 network.These network configurations are working fine, but i want to block inter network communication ie from 192.168.1.0 network to 192.168.2.0 network,i want to block the communication for securing the local networks more.I know iptable rule is enough for this purpose .But i cant find the apt rule for this purpose.
View 1 Replies
View Related
Jun 29, 2011
I need to place an Ubuntu machine on a network where I have a DHCP server which does not configure the Degault Gateway parameter (we don't want ordinary users to browse the internet). Is it possible to leave the machine using DHCP and define the Default Gateway manually (as in Windows XP i.e.)? How?
View 1 Replies
View Related
May 18, 2010
I am learning to setup firewall in my home for that i have selected four system(sys1,sys2....sys4) for testing .I have configured sys2 to act as a firewall with two NIC. sys3 and sys4 are inside the firewall . sys1 is not connected to firewall for testing purpose.
the IP assignments are follows :
sys1 : ( fedora, not connected to firewall i am thinking, But i am not sure )
IP : 192.168.2.1 ,
gateway : blank
dns1 : blank
dns2 : blank
sys2 firewall ,IPTABLES )
code....
what happened is that sys1(not connected to firewall) can ssh to sys4(connected,inside firewall),since the rules are written not to ssh form sys1 to sys4..
then I came to know whatever the request I give, It directly goes as sys1 --> sys4. Not as sys1-----> sys2(firewall)---> sys4 .and the firewall is not filtering and processing anything for both inbound and outbound (i think it's my mistake some where). the requests are directly going inside without firewall.
View 3 Replies
View Related
Aug 10, 2010
here's my delema, there is a server on a network protected by a overly restrictive firewall. I can't connect to the server.
I was thinking, does a program exist where the server would connect to another server outside the firewall, then wait for commands? This way there is no port forwarding required. The only program I know that does this is LogMeIn. If you check the logs it does use SSH, and thats even when I blocked the port. Since LogMeIn isn't what I was looking for (Windows Only, full screen capture instead of command line), does an alternative exist?
View 1 Replies
View Related
Jan 28, 2011
post the "perfect" tutorial for setting up a router and firewall for Ubuntu 10.10 Server 64-bit? I'm kind of a n00b when it comes to Linux, so I get really confused with some things, I have seen things on the ubuntu wiki about this... but it really confuses me =
I'm trying to setup my ubuntu sys as a router and firewall... Internet -> Ubuntu (Router) -> Switch (no DHCP on it) -> Computers I've already setup bind and dhcp3 and got those working perfectly... I've also setup Squid3 and Dansguardian for content filtering (blocking ads and such) and got them working too... I want to set it all up to be transparent, and allow the system itself to function as a powerful firewall router, giving absolutely NO issues to client computers connected, and no speed reduction at all.... I want to setup the firewall to allow all outgoing connections, but block everything incoming (stealth the network)... Forcing all http/s traffic to pass through dansguardian, then to squid...
But am very confused on how to pull this off... The system is running Ubuntu 10.10 Server 64-bit, with 4 GB of RAM, 320 GB SSD, and two 1Gb NIC cards... Sorry if I'm not very clear, I do speak english perfectly, but just kinda new to the "Linux world", I was using SONICWALL but that's getting a little too costly to my network and wanna do a free alternative... Something completely CUSTOM, not using some network security distro.
View 1 Replies
View Related
Oct 13, 2010
I have a question about telnet.Is there any way to configure a telnet server without disable firewall.I am using redhat 5.2 and fedora 12.I have lack of knowledge about firewall.
View 1 Replies
View Related
Feb 18, 2010
I'm having this issue with a Linux server that thinks it owns an IP that it doesn't.Background: We used to have a central server connected directly to the DSL modem with two interfaces. interface eth1 was setup to respond to three of our external IPs, I'll call them ext54, ext55, and ext56. The internal interface, eth0, was setup as a gateway for the LAN on IP 192.168.0.1.
We wanted to install a hardware firewall and virtualize the existing server. So now it's setup so that the WAN interface of m0n0wall is connected directly to the DSL modem and responds to ext54, ext55, and ext56 and its LAN interface is the gateway for the 192.168.2.0 network. The server was virtualized and it's eth1 configuration was changed to be 192.168.2.2 with a gateway of 192.168.2.1. Everything seemed to be working fine.
Problem: The server runs apache for our webmail system, which works fine from the outside (since I have m0n0wall NAT port 80 through to 192.168.2.2), but inside it fails.
As best as I can figure the server (which is linux Centos 4.3), thinks that it should still respond to IP ext54 instead of forwarding it on to m0n0wall to figure out where it should go. I've looked through all the config files I can think of on the linux server (ifconfig, route table, hosts file) and I can't see anything that would make the server think it is ext54. I've also checked the logs and config of m0n0wall to see if the packets are getting dropped, and again, I don't see anything.
I guess I should say that our DSL provider gives us the IPs ext54, ext55, ext56, ext57, and ext58. When I tracert the IPs on the server ext54, ext55, and ext56 don't hop at all as if the server itself serves those IPs, but ext57 and ext58 tracerts hop to the m0n0wall gateway correctly...which makes this even crazier in my opnion.
View 6 Replies
View Related
Oct 22, 2010
Back in April I set up a Ubuntu DHCP server and a multiple VLAN network [URL] to migrate our various servers, workstations, etc off the 192.168.1.1 /24 network that everything was on because we where running out of address space. I built out the new network and everything worked great except our AD server would never get an IP address from the DHCP server (static reservation) and even if I set the IP statically on the AD server it couldn't ping the gateway and noone could log in. After several attempts to resolve this, including bringing in outside help, we where never able to figure out what the problem was.
Now 6 months later I have time to revisit the issue without effecting the live network. I used Acronis and imaged the AD server last Friday, cloned it on to another box with the same hardware, and put it up on the new network that's been sitting unused for the last 6 months. Today when I statically set the IP on the AD server (which is what I want) it connects and I can ping it's gateway 192.168.1.1 and all the way across vlans to a test sales agent workstation at 192.168.8.xxx on vlan 800 but only if I statically assign the agents station an IP address. When I try to get an IP address via DHCP it fails as destination unreachable. Nothing has changed in the last 6 months on the DHCP server but now it for some reason can't ping its default gateway 192.168.1.1. All of the config files are the same as they where left from the post linked above aside from the vlan id's used where changed from 1's to 100's (i.e. vlan 3 is now vlan 300) /etc/network/interfaces
Code:
auto lo
iface lo inet loopback
auto vlan100
iface vlan100 inet static
[code]....
why it can't reach the gateway, when I do a tcpdump I can see the DHCP requests come in on eth0 but the server never responds and I'm pretty sure its because it isn't "seeing" them since it thinks there isn't a network connection but I don't know how to trouble shoot to find out where the problem lies.
View 6 Replies
View Related
Jul 1, 2010
Back in April I set up a Ubuntu DHCP server and a multiple VLAN network [URL] to migrate our various servers, workstations, etc off the 192.168.1.1 /24 network that everything was on because we where running out of address space. I built out the new network and everything worked great except our AD server would never get an IP address from the DHCP server (static reservation) and even if I set the IP statically on the AD server it couldn't ping the gateway and noone could log in. After several attempts to resolve this, including bringing in outside help, we where never able to figure out what the problem was.
Now 6 months later I have time to revisit the issue without effecting the live network. I used Acronis and imaged the AD server last Friday, cloned it on to another box with the same hardware, and put it up on the new network that's been sitting unused for the last 6 months. Today when I statically set the IP on the AD server (which is what I want) it connects and I can ping it's gateway 192.168.1.1 and all the way across vlans to a test sales agent workstation at 192.168.8.xxx on vlan 800 but only if I statically assign the agents station an IP address.
When I try to get an IP address via DHCP it fails as destination unreachable. Nothing has changed in the last 6 months on the DHCP server but now it for some reason can't ping its default gateway 192.168.1.1. All of the config files are the same as they where left from the post linked above aside from the vlan id's used where changed from 1's to 100's (i.e. vlan 3 is now vlan 300) /etc/network/interfaces
Code:
auto lo
iface lo inet loopback
auto vlan100
[code]....
why it can't reach the gateway, when I do a tcpdump I can see the DHCP requests come in on eth0 but the server never responds and I'm pretty sure its because it isn't "seeing" them since it thinks there isn't a network connection but I don't know how to trouble shoot to find out where the problem lies.
View 2 Replies
View Related
Apr 29, 2010
So, I have an Virtual Machine running CentOS 5.4. It sits behind a hardware firewall which also does NAT'ing. I've set up plenty of these, so I know for sure the firewall and NAT rules are set up correctly. From the host, I can ping anything in my subnet and the gateway. But I can't ping anything else beyond the gateway. I can perform DNS queries and when I try to ping, it finds the appropriate IP address.But from the outside, I can ping the PUBLIC address (It's a 1 public to 1 private address NAT, not 1 public to multiple private). I've tried it with IPTABLES on and off, with no change.
View 11 Replies
View Related
Jan 25, 2011
I will be relocating to a permanent residence sometime in the next year or two. I've recently begun thinking about the best way to implement a home-based network. It occurred to me that the most elegant solution might be the use of VM technology to eliminate as much hardware and wiring as possible.My thinking is this: Install a multi-core system and configure it to run several VMs, one each for a firewall, a caching proxy server, a mail server, a web server. Additionally, I would like to run 2-4 VMs as remote (RDP)workstations, using diskless workstations to boot the VMs over powerline ethernet.The latest powerline technology (available later this year) will allow multiple devices on a residential circuit operating at near gigabit speed, just like legacy wired networks.
In theory, the above would allow me to consolidate everything but the disklessworkstations on a single server and eliminate all wired (and wireless) connections except the broadband connection to the Internet and the cabling to the nearest power outlets. It appears technically possible, but I'm not sure about the various virtual connections among VMs. In theory, each VM should be able to communicate with the other as if it was on the same network via the server data bus, but what about setting up firewall zones? Any internal I/O bandwidth bottlenecks? Any other potential "gotchas", caveats, issues? (Other than the obvious requirement of having enough CPU and RAM).Any thoughts or observations welcome, especially if they are from real world experience in a VM environment. BTW--in case you're wondering why I'm posting here, it's because I run Debian on all my workstations/servers (running VirtualBox as a VM for Windows XP on one workstation).
View 14 Replies
View Related
Apr 6, 2010
I have been beating my head for the last few weeks on this problem, (although I have been taking the wrong approach, it seems).
I need a gateway to direct web traffic to three separate servers/domains. I have been trying to do this with both a dns server and , (seperatly), apache server to forward requests. The dns server was a no go, and <i can only get apache to redirect http and ftp.
After Googling this ALOT, I believe that what I need is a gateway server to redirect my traffic to the 3 different servers. I have been reading about using using nat and iptables for this and was wondering if anyone had any advice/suggestions on this. The other thought I had was to use something like pfSense to create the gateway, but I am still reading the documentation, and I am unsure if this approach will work.
View 1 Replies
View Related
Nov 28, 2010
I want to configure an Internet Gateway with having proxy, firewall rule, bandwidth controller for an office containing 100 employee. can anyone suggest me which platform will be best and steps how can I implement it.
View 5 Replies
View Related
Nov 15, 2010
we have a problem in accessing the site hosted on our web server from today.Till yesterday it worked fine. But when tried to access through domain name this morning it throws bad gateway error."The proxy server received an invalid response from an upstream server". this is the error i am getting.But it can be accessed fine using the ipaddress.All my dns entries are right.
View 2 Replies
View Related
