Networking :: IPTables NAT - Excluding Subnets For IPSec VPN
Feb 27, 2011
I have a Ubuntu 10.10 box which i've developed an IPTables Firewall script and is forwarding my ports correctly. This service also runs Openswan VPN Server with 2 VPN's, which is also working well.
I have come across a small snag with excluding the multiple VPN subnets I have from the NAT on this box.
I have the line in my configuration file:
-A POSTROUTING -o eth1 -s 10.172.1.0/24 -d ! 192.168.5.0/24 -j MASQUERADE
Which when added to IPTables does make the VPN come to life. But I can't seem to get it to add the second subnet. Unfortunately, I can't do a blanket exclusion such as 192.168.0.0/16 because the second VPN is on a Class B subnet address which I cannot change.
View 1 Replies
ADVERTISEMENT
Aug 18, 2011
Connecting two networks with ipsec on this manual [URL] The two networks are connected, everything works, the question is as follows: For a gateway to multiple subnets, I have access to only one subnet is listed in / etc/sysconfig/network-scripts/ifcfg-ipsec0 DSTNET = 192.168.2.0/24. How do I get access to all the subnets?
View 2 Replies
View Related
Jun 4, 2010
I had configured IPSEC/L2Tp on my Centos 5.4 gateway machine .For testing i had disabled firewall and Ipsec is working fine.I am able to connect from client etc...Now i want to allow Ipsec and l2tp throught Firewall.here is my Current Working Firewall.Only Openvpn is allowed and is Redirected.
eth0=XXXSTATICIPXXX
eth1=192.168.1.81
OpenVpn IP Range = 172.24.0.16/4
Ipsec Ip Range = 192.168.1.0/24
[Code].....
View 2 Replies
View Related
Jan 7, 2010
I want to setup firewall protection with iptables to support IPSec tunnels. That is, the firewall will drop anything from any host if it is not from an established IPSec tunnel. And it will accept anything (any protocols) if it's from an IPSec tunnel.
That is, I need also to open up ping to make ping work. But if I open up icmp, I cannot prevent pings from hosts that's outside my IPSec tunnels. This defeats my purpose.So if my purpose is to allow "anything" within the tunnel and disallow/drop anything outside the IPSec tunnels, how should I setup the iptables rules?
View 3 Replies
View Related
Jul 7, 2010
I have a firewall between two different subnets. The reason for the second subnet within the internal network is because I have a mail server that I want to protect. However, we need to make sure that the mail server can communicate with the internal network as well.
Mail server is 192.168.100.100
Firewall is 192.168.100.1 and 10.110.101.5 (and its gateway is 10.110.101.1 to the router)
I go to another workstation and ping the mail server. I can't. It times out. I do the same from the mail server. It times out as well.
View 1 Replies
View Related
Nov 27, 2010
I have a 2-floor house, with a single ethernet cable from the ground floor to the 1st. Downstair there is my ADSL modem, which is connected to the router upstair through this one cable. Now, I would like to have some more ethernet ports on the ground floor, but there's no room left to run another cable between the floors, so here's the big question: can I run both the modem-router connection and my regular LAN (which are on different subnets) through that one cable, with a switch at both ends?
To make it a little more clear, here is my present configuration
Code:
DOWNSTAIR UPSTAIR
ADSL Modem ------- Router --- Clients
Here is what i would like to do:
Code:
DOWNSTAIR UPSTAIR
ADSL Modem ---- Switch ------ Switch ----(WAN Port) Router --- Clients
Clients ---- ----(LAN Port)
Would it work?
View 6 Replies
View Related
Jun 26, 2010
I have two subnets which I am interested in connecting.
Some basic network details:
Subnet A:
Subnet B:
I am trying to think of any further relevant details, but that seems to be it to me. If I forgot anything, please tell me.
Ok the question. WHAT do I type? (Explicitly!) And WHERE do I type it? In order to reach ubuntu-01.tec.lan, or ubuntu-02.tec.lan from perpetrator.tec.lan or rapine.tec.lan?
I'm interested in using actuall ROUTES. I can already achieve results similair to this with either a NAT firewall, or with VPN.. but that's not what I am interested in.
From what I have found out so far, I should need something like the following:
On Gateway 1B:
Code:
And on Gateway 1A:
Code:
View 5 Replies
View Related
Feb 16, 2011
I have a network routing problem that I need to fix using a PC with ubuntu installed.
Here are the details of my problem:
- I have two networks.
- The first network is an ADSL router with subnet 192.168.1.x. I do not have access to the router nor change any of its configuration.
- The second network has a subnet 172.26.x.x and connect via a wireless access point. Some of the devices connected to the network require to have static IPs.
- I have a PC with ubuntu installed and two ethernet cards: one connected to the first network and the other connected to the access point.
- I need to share the internet connection between the two networks using ubuntu. I already tried before on windows and the sharing worked when both networks were configured to use the same subnet. Once I changed the subnet of the second network, internet sharing stopped working.
View 1 Replies
View Related
Sep 3, 2010
Im having a issue with routing internet traffic from my router two different subnets (vlans).
Theres my setup:-
Server:
Both eth0,1 are running dhcp (two scoopes) that works fine!
The output of route -n is:
I have ip_forwarding on aswell, but i can ping the ip on the server running that dhcp scoope ie ping 192.168.4.1 works great but i just cant get the internet on the clients.
View 8 Replies
View Related
Jan 15, 2011
Bear with me cos i'm just learning this stuff.
I've set up a couple of virtual networks with vmware workstation and experienced the same problem each time. I'll explain the one i'm working on now.
Machines -
Host - Slackware 13.1, VMware workstation 7.x.
VM1 - Vyatta (router).
VM2 - WinXP (client).
[Code]....
BUT I can't ping the XP client from the virtual router, and from the host I can't ping the virtual router.
Why is this?? I assume i've done something wrong but I don't know what.
View 3 Replies
View Related
Mar 3, 2011
i have two subnets with different gateways.i am thinking of connecting them via a linux server which would enable them to communicate.but i dont know how to proceed for getting this done.how should the connection be made and what should be the configuration settings on the linux server.
View 2 Replies
View Related
Mar 17, 2010
I'm trying to build a linux(fedora 12) dhcpd server(and gateway), that have 3 network cards(eth0 have with public ip, eth1 192.168.2.1 class and eth3 with 192.168.3.1 class).
Because I have just a switch, I want to put both cables(from eth1, eth2) in the switch. Every client has 2 network card(eth0, eth1). My question is, is there any way to conf eth0 to take from server ip from 192.168.2.1 class, and eth1 from 192.168.3.1? The internet will work only on eth0.
my dhcpd.conf for now looks like this:
subnet 192.168.2.0 netmask 255.255.255.0 {
option subnet-mask 255.255.255.0;
option routers 192.168.2.1;
[Code]....
View 1 Replies
View Related
Oct 28, 2010
I have some CISCO,Linux related problem with 2 Class C subnets:
192.168.64.0 -> PC5
192.168.65.0 -> PC6
Here's a picture of my situation: [URL]
HQ has to have 2 STATIC routes in order those 2 "PCs" mentioned above to have end to end connectivity with NETWORK A and NETWORK B. Now I try with
route0 -> network: 0.0.0.0, mask: 0.0.0.0, nexthop: Serial 0/0/0
route1 -> network: 0.0.0.0, mask: 0.0.0.0, nexthop: Serial 0/0/1
And it seems to work but I don't think it's proper! I feel it's kinda wrong ... but all my other attempts to set another couple of static routes ends in "Request timed out" and thus connection lost.
View 1 Replies
View Related
Aug 24, 2010
I have an IPsec VPN between 2 Ubuntu 10.04.1 Boxes which is working perfectly. However I cannot get any traffic to route down the VPN link.Interestingly, when checking the routing table, there isn't even a route list for the remote network. This is the same on both sides. Also there isn't an ipsec0 interface listed either.However, when a the command "sudo service ipsec status" is ran, it definately shows the tunnel is up and connected.
View 1 Replies
View Related
Sep 9, 2010
I install openswan on rhel6 and when i execute the command "service ipsec start "
it say:
/usr/libexec/ipsec/addconn Non-fips mode set in /proc/sys/crypto/fips_enabled
/usr/libexec/ipsec/addconn Non-fips mode set in /proc/sys/crypto/fips_enabled
ipsec_setup: Openswan IPsec apparently already active, start aborted
[Code].....
View 1 Replies
View Related
Jul 21, 2009
I'm trying to perform a VPN lan to lan IPSEC connection. By my side, I have a server with 2 IP's, i.j.k.l (destined to act as a VPN gateway) and i.j.k.m (the server). I am a newbie. I don't know if this configuration is normal, but it's forced by our partner.
My configuration is:
OS: Fedora release 7 (Moonshine)
OpenSWAN version: Linux Openswan U2.4.7/K2.6.23.17-88.fc7 (netkey)
ipsec.conf
# /etc/ipsec.conf - Openswan IPsec configuration file
#
# Manual: ipsec.conf.5
[Code]...
View 3 Replies
View Related
Nov 2, 2010
I have a Ubuntu server with multiple NICs and I'm just thinking about a potential scenario that might come up soon.
Imagine I have a network on floor 1 with an independent cable connection to my Ubuntu server -> switch -> assorted devices, on the subnet 192.168.0.x Now imagine friends upstairs have another independent network with cable -> router -> assorted devices, on subnet 192.168.1.x.
How can I set up my server to provide access for the 1.x subnet to the 0.x and vice versa. Ideally the devices all access internet from their appropriate subnet. I've read something about bridging, is this what I need?
View 1 Replies
View Related
Feb 12, 2011
I've been using IPv6 on my local network and through a Hurricane Electric IPv6 tunnel. I've heard that one of the built in features of IPv6 is encryption, both scrambling the data and authenticating where the traffic came from. I've done some searching and heard of SWAN and Racoon, but some of the stuff I found is old and I would like to know what the easiest/best way to set up IPSEC for IPv6 is.
View 3 Replies
View Related
Apr 23, 2010
I have one main subnet 192.168.50.0/24 with a defaultrouter 192.168.50.1 connected to the internet. I have an NFS server on that network. Everything is working as desired and machines are able to see each other and access the internet.
Now, I would like to add two more interfaces to the NFS server (running Slackware Linux), each on its own different subnet, say 192.168.51.0/24 and 192.168.52.0/24. The clients on those new subnets should also be able to access the internet (through the router 192.168.50.1). how to setup routing? Do I need any additional hardware router in between, or just a software configuration on the NFS server?
On a side note I have VLAN capable switches (couple of ProCurve 1800-24G) and would like to separate the three subnets using VLANs instead of using three separate switches.
View 1 Replies
View Related
Aug 25, 2010
In configuring static routing between two different subnets.
I have two different subnets as mentioned below:
I have a linux machine with two NICs on which i would like to configure static routing. details of the NICs are as mentioned below:
I have configured the gateway as 10.77.77.1 on machines which fall under 10.77.77.0/24 subnet and 172.16.40.1 on 172.16.40.0/24 machines.
My main motive here is i want communication to happen between both the subnets.
If the following modifications to route-eth0 and route-eth1.
View 3 Replies
View Related
Jun 4, 2009
i would like to establish a VPN connection which can hold either 'two' hosts..and secondly if that's done i would like to go for more number of users..Can i do it using IPSec services??if yes then how?
View 9 Replies
View Related
Jan 12, 2010
I am trying to remember how to determine the number of subnets there are in a given subnet range. The example range is shown below:Quote:217.133.64.0-217.133.127.255nce I did the binary conversions of the two addresses shown, the address that I got when comparing the two was the following:Quote:217.133.192.0he number of subnets I got from his was 63.Correct me if I am wrong, but is the number of subnets the difference between the number, in this case, the third octet and 255? If there is another, or correct, way of determining the number subnets what would it entail?
View 8 Replies
View Related
Jun 22, 2011
While I successfully configured an IPsec-VPN (I use a similar tho modified setup like this:[URL].. I am now stuck on the next steps. While I can connect to everything I want, I need to configure "access-groups" and/or "users".
The scenario is similar to this: Lets say Host A, B and C allow SSH-Connections and some weird non-standard UDP-Connection from Host-VPN, and are also accessible on other ports with public IP's (like http).
I now want to limit, that an admin-user has access to all of them, while trainee-admin only can access everything on Host B and C, and CEO only can connect via telnet to Host C - and all users can be roadwarriors
(I made this example up to give you an idea what i'm trying to do - hope it makes sense). Now my question is, if someone can point me towards a direction, as I'm quite clueless at the current moment as to what to try. I know that commercial IPsec-Implementations can do this, but can OpenSWAN/... give me something similar?
View 1 Replies
View Related
Sep 1, 2011
I have a server hosting with in a DC and I have two subnet on 1 VLAN. how can I add all the IPs from these two subnet in one go? lets say for instructional purpose they are 192.168.0.0/24 and 192.168.1.0/24
View 1 Replies
View Related
Dec 27, 2010
We have a need to shape outgoing traffic EXCEPT to certain IP/subnets (sounds opposite to the title, but not really :P), using iptables if possible. We've had decent luck doing it with various things, but one of the big problems is the decrease in download speed (which DOES NOT need to be shaped at all) due to upload shaping. ie, we want the shaping not to apply to TCP/UDP overhead. Semi related but probably not important is the ability to shape virtualised systems as well (ie the guests), but as the guest traffic goes through the host any traffic shaping done on/to the host should affect the guests as well.
View 1 Replies
View Related
Dec 13, 2010
I am find myself in need of building what amounts to 3 ip networks on 1 physical lan.
first LAN is another companies network on the 10.0.0.0 network a mix of pc's and equipment
second is LAN new company network 192.168.168.0/24
third network is an ip phone system for both i would like to use 192.168.200.0/24
i am hoping to use the same dhcp server to do this, assigning address to the old company's 10. network via mac address reservation.
View 9 Replies
View Related
Jan 27, 2010
I have set up OpenVPN server using a bridged configuration. My networking "powers" aren't that advanced, so I did this by following the openvpn tutorial for bridged servers. I have tested this with several clients connecting to my server from different locations and it works very nicely (including broadcasts).
My server's LAN IP address is 192.168.2.4, and my LAN's mask is 24. Clients connecting to my server get assigned IP address that also fall within that subnet (i.e., the 192.168.2.x pool contains both physical machines in my home and "virtual" hosts). This is what the OpenVPN walkthrough specifies:
[Code]...
I was wondering if it would be possible for the VPN to fall within a different subnet (such as 10.0.1.x). I would also like to do that without adding another physical NIC to my server, or changing my physical IP address. I would imagine this is possible, since that's how hamachi does it.
View 1 Replies
View Related
Apr 29, 2010
Is there any possibility to transport one or two VLANs through a VPN (IPSEC) link on Linux
View 2 Replies
View Related
Nov 27, 2009
I am trying to setup a HP blade (BL460) server with 2 nics on sles10sp3. I want one nic to connect to a management vlan and and second to connect to the standard network. It should be possible for a desktop in the standard network to connect to either nic by providing the correct ip address.use this server as our first virtualisation hosts server using Xen. I dont want traffic used to upload / download images to the server through nic1 to effect the users traffic on the standard network on nic2. However any attempt at routing (which Im not good at) has led to the tx traffic all going out the default route (users subnet).
Each time I setup the nics via yast2 lan I can get the standard lan nic working ok. but cannot get the management nic working correctly. The server can ping a workstation on another vlan, but the workstation cannot ping the management nic. The default route appears to be forcing all traffic on the host out through this route, which I presume is normal behaviour. Using tcpdump I can see the ping packets received by the server, the server then responds through the default gateway, which the workstation does not see.
However, this normal behaviour will result in extra traffic on the users network when image downloads are initiated from the management interface.If I use a 172.24.1.0 network routed through 172.24.1.1 router setup as our management vlan , and 200.200.1.0 with router 200.200.1.1 as our lan for general users. Where server ips are nic1 10.1.1.10 and nic2 200.200.1.10 My workstation would be 200.200.1.10. If I ping the server at 10.1.1.10
I get no response. If I ping the server at 200.200.1.20 no problem.
Basically I used the network setup recommended by vmware to manage a virtual server. I actually have 4 nics, I thought by just talking about 2 nics the problem would be easier to explain. vmware specify that two nics should be used for management and two for the Lan. This is what I am trying to achieve, but both subnets must operate independently.
View 3 Replies
View Related
Jan 19, 2010
i need to build an ipsec vpn between a linux debian server and a zyxel prestige, The debian server got 2 ethernets connection one for the internal network and the other one is public with a public ip adress.I need to know what i need for the build the tunnel, could you please let me know what i need? Let me explain i have only to configure openswan or i have to configure the iptables or somethings else too? I found this one do you think this would be work for me? [URL]..Is debian a right distro or should i try someone else?
View 2 Replies
View Related