Networking :: Isolate Untrusted Computers While Retain Access From Specific PCs
Sep 24, 2010
At school, the shop I work in has machines that run windows xp and cannot be updated to the latest SP (consider these machines "B"). This means that they are quarantined whenever connected to the network. There are also workstations that we would like to be able to connect to "B" for the sole purpose of dropping a file into a directory. These machines we will call "A" and are considered trusted.
I have No control of the school's network. I have a spare PC with two NICs as well as a 5 port switch. My thought was to use the spare PC as a gateway/router/VPN and setup an isolated "network b" consisting of all the untrusted systems. Disallow all traffic other than the VPN connection. Connect via vpn from the 4ish trusted workstations "A" to Network B. I could use mac filtering (I think) to accomplish this and disallow any computer not specifically authorized, thereby isolating the untrusted computers completely.
View 5 Replies
ADVERTISEMENT
Jul 15, 2011
I have used Awk in the past to isolate the file name from a given path..that is to say, I may have a list of files contained in list.txt.Can someone please post the Awk command that would do this? (I assume it will be very similar in form to the Awk command I showed above.)The point is, sometimes I may want to isolate the second directory, sometimes I may want to isolate the third directory or tenth or whatever - so I am hoping that if someone posts the Awk command to isolate the second level directory (to produce the output I showed in Fig.3) it should be fairly obvious by looking at the form of this command how to alter it and so isolate any other directory I want.
View 5 Replies
View Related
Mar 12, 2011
it is possible to change the root directory for a single, particular program. For example, I have an executable, 'miscreant.bin' that has all of it's required libraries in a directory named "libraries", in the same directory as the said executable. I can launch the program and make it use the libraries included with the executable rather than the system with:
Code:
/lib/ld-linux.so.2 --library-path ~/miscreant/libraries ~/miscreant/miscreant.bin
...or...
Code:
env LD_LIBRARY_PATH=~/miscreant/libraries ~/miscreant/miscreant.bin
With either, miscreant can be portable. But, I would also like to change the root directory (like chroot) of miscreant, so that the directory "~/miscreant/sandbox" becomes the root ("/"). So, if miscreant created a file named "/home/bryan/miscreant", it will be redirected to "~/miscreant/sandbox/home/bryan/miscreant". I am running Crunchbang 10 (Statler) on a 32-bit Atom netbook.
View 5 Replies
View Related
Mar 31, 2010
my main computer hostname is home, and the others are ubuntu and eduardo.In home, I try to configure samba, downloading it with "sudo apt-get install samba" and then downloading at the synaptic manager the samba-common-bin thing.I shared my folders as ROOT in home and I cannot access from ubuntu and eduardo.Then I googled and I found this site: Quote:URL]Well... I follow all steps and I can't access these files.What I need to do to share files between these computers???
View 9 Replies
View Related
Apr 22, 2010
but Im thinkng of completely switiching to Ubuntu,But all of my friends are on Windows...We have a LAN of abt 100-150 .. Is there is any GUI software thru which I can see all the files which are being shared on the network by Windows PCs,I know abt Samba ...but that is only computer specific & also that is reverse way...& doing from command will be tiresome task for all PCs.
View 3 Replies
View Related
Feb 27, 2011
The problem started happening a few days ago. Only my linux computers are affected. Yup, that's right. My roommates running windows have zero problems.
What's the problem? Suddenly, I cannot access 2 websites: namely facebook and netflix. I just get a "waiting for facebook.com" status from my browser, and it waits there patiently until the browser finally gives up. I haven't found any other sites that give me this issue. Gmail, ....., flickr, etc all work fine.
This happens using both firefox and chrome browsers. I've tried using Ubuntu 10.10 (on my desktop) and Peppermint (distro based on ubuntu, runs on my laptop). Both machines access the internet via wifi. Both have the same problem! o_O
Both machines are up-to-date. I've rebooted many times. I've tried booting an old kernel. I haven't installed any new software lately. I've tried disabling all plugins for the browsers. I've tried power-cycling our internet modem. I've tried changing my DNS settings to use Google's Public DNS service. Nothing helps.
Actually, one small piece of information: If I put my browser in incognito mode, I can get to the "sign-in" page for both facebook and netflix. But upon putting in my credentials, I still cannot reach my custom user home page for either site.
View 9 Replies
View Related
May 20, 2009
I have built a linux router with a pc having two network cards. I am running ubuntu 8.10.
I have enabled forwarding on the router. One network (192.168.1.0/24)is connected to eth0 and another (192.168.2.0/24) is connected to eth1.
The interfaces have addresses 192.168.1.1 and 192.168.2.1.
On any side side of the network, I can ping both interfaces on the router.
However when I ping a machine on the other side of the network, I get 100% packet loss.
I have not touched iptables on the router or any machines.
What I am doing wrong?
View 2 Replies
View Related
Jul 11, 2010
I have a comcast business network adapter that has a 4 port switch. It also handles nat 1 to 1 translation for static IPs (That's just how they do it, there is no other choice).
In port 1, I have a cat6 that brings traffic to and from my linux machines, allows me to vpn, ssh, a mail server, etc. Everything here is fine.
In port 2, I have a netgear router that is setup with a point to point VPN for a client.
Here are the issues:
1. Machines that are connected to the netgear vpn router/switch can access machines on my network - I don't want this.
2. I can't access the machines connected to his lan from my lan - I need this to administer his machines somehow. Even if I have to VPN to the concentrator and do it like that.
Here is the network structure.
Code:
Internet <-> 10.10.10.1 -> switch with 10.10.10.x machines
|
-> internal vpn IP 10.10.10.50
|
[Code]....
The external network for the VPN is 10.10.10.x and the internal is 10.10.20.x. So, a machine with IP 10.10.20.100 can get to 10.10.10.X and I don't want that. I guessing it's doing this because technically, I'm 'from the internet' on 10.10.10.x and the vpn machines are going 'out to the internet'. Is there a way to have this:
vpn -> gateway traffic only?
I have a cisco 1811w at my disposal if I need to use it; however, I'm all thumbs when it comes to cisco IOS and networking in general.
View 4 Replies
View Related
May 22, 2010
Alright so i just wanted to try and get remote desktop connections running so i can access files on the other computers in my house. For my first try i went after my laptop. I'm using rdesktop.
First couple times i tried i typed in
Code:
After about 15 seconds it would pop back with
Code:
I realized that my laptop's firewall was blocking the packets, so i created a custom rule that allows all TCP packets on port 3389. So i fired up rdesktop again. Now it pops back with:
Code:
But instantaneously, not after 15 seconds (not sure if thats significant or not.) I checked my firewall's log and it allowed the tcp packets.
View 6 Replies
View Related
Mar 4, 2010
I'm looking to install Linux on two of my home computers. Here they are, with a brief description of what they will be used for. Rig #1: main desktop: Dell Dimension, P4 3.0GHz, 2GB Ram, 128MB PCIe Video Card Currently, I have WinXP Pro installed and it is my main workhorse computer.
I would like to have a fairly full featured distro that I can test drive as an alternative to WinXP (which I use mostly for web browsing and mp3s and games... I know I may be out of luck with getting many of my games working on linux, but I can live with that). The only other caveat with this machine is that it has to work using a USB wireless network adapter. The wireless router is nearly inaccessible and too far away to plug into. And there are no wired ports in the house.
Rig #2: old computer: Celeron 850, 512MB Ram, 30GB HD, 64MB AGP Video card My really old computer that has just been sitting around collecting dust. I would like to install a fairly lightweight distro (for obvious reasons) to play around with. Maybe get some experience using linux from an admin perspective, like installing/compiling packages, running servers, etc...
I have already tried to install Linux Mint and Xubuntu on my main desktop. While both installed without any errors, neither of them was able to boot into linux. Presumably because of this bug:
bugs.launchpad.net/ubuntu/+source/grub2/+bug/403408
Which seems to be a problem with Grub/Ubuntu. So I'd like to stay away from Ubuntu. So what are some distros that you guys would recommend for these two rigs, given my potential uses/limitations?
View 5 Replies
View Related
Jan 6, 2010
I have my firewall setup so that only specific subnets/IP addresses can access the system. My issue is that I have remote user/laptop who needs to access the system, but is constantly on a different subnet/dhcp IP address. Is there configuration for iptables where I can enter the mac address of the laptop to allow access to the system and not specify a subnet or IP address?
View 3 Replies
View Related
Jan 22, 2010
I have a server with a /data/ directory, everything in the /data/ folder has "-rwxrw-rw- 1 root root" permissions.all works fine, multiple users are mounting this over a lan and everyone is able to modify files. However I would like to be able to access the /data/music/ directory from the internet.
Is it possible to configure sshfs to only accept logins from a user restricted to reading the /data/music directory, or would it be possible to tunnel nfs over ssh in such a way that everyone on the lan 192.168.0.xxx has unrestricted access to the data directory, but something coming from outside only has read access to the music directory. Although is one were tunneling nfs over ssh, the nfs mount request would appear to come from the server itself. The router is at 192.168.0.1 and the server is at 192.168.0.3.This Seems very much like what I want to do, however I'm having a bit of trouble getting this to work well with other users mounting with full rights over the lan too.
View 5 Replies
View Related
Mar 9, 2010
I have two computers, running Debian Lenny 5.0.3, suddenly they cannot access the Debian depositories and even when typed debian.org, the site does not come up! I used another hard disk with a different distro and one of the computers, and it did access the debian site. Any reason for this?
View 3 Replies
View Related
May 19, 2011
I am interested in sharing an external drive between two computers. I do not want to disconnect the drive from one and then connect it on the other one - I want to share it.
Would this work with an external USB drive and a normal USB hub? Or is it something more complicated/impossible?
Also connecting the machines via network is not possible - it has to be USB, or I can connect it to one machine also via Ethernet but the second connection has to be USB.
View 8 Replies
View Related
Feb 15, 2010
I need to download emails via IMAP in thunderbird. However, I want the downloaded emails to be accessible from other computers offline. How can I download so that the downloaded copy is readable by thunderbird copies on any computer?
View 3 Replies
View Related
Apr 21, 2011
I want to configure a remote internet facing server as git server. I would like to restrict access to the server to a few systems (access is restricted to select computers, not users). I first thought of using ssh key, but the key can be copied to another system hence that alone is not sufficient. I am having a dynamic IP, so simple IP based firewall blocking is also not possible. I was thinking about the possibility of using both SSH Key and IP based access. Is it possible to update the firewall rule whenever my ip gets changed?
View 6 Replies
View Related
Feb 10, 2011
I would like to determine what computers are currently connected to my access point/router via the command line in Linux.
View 2 Replies
View Related
Aug 6, 2011
I am trying to make my home server accessible to the whole web. I have installed Nginx on my Fedora 15 64-bit Linux machine, and it works with localhost but it doesn't work online or allow other computers on the network to access it via the IP address. It keeps coming back with: Could not connect
I have port forwarding. I have even tried different ports but they all seem to be blocked. What could be wrong? I have a netgear router.
View 4 Replies
View Related
Jun 16, 2009
I have installed debian to run Squid cache as a caching proxy.
Ive been bashing away now for 2 days and i have managed to install squid (i first tried manually, but that did not work so i used synaptic software packager to install it (from Administration menu)
That went well, thereafter i installed webamin to work with squid in a GUI
I have managed to start squid and added my range of IP addresses to the ACL list
I have added the proxy restriction too.
Now, i tried to test it.
I opened Iceweasel Web browser (on the same machine) and setit to use the Proxy server: localhost and port:3128
That works fine.
But when i try to change the proxy setting to my machines ip (where squid is installed) :
Proxy server: 10.0.0.35 and port:3128
That does not work.
Am i missing something, please help
I then tried to set another windows PC on the network to:
Proxy server: 10.0.0.35 and port:3128
That also does not work.
I also edited the conf file to http_access allow all, but i do not know if i have doen it correctly, but maybe there is another problem?
View 1 Replies
View Related
May 28, 2011
I have three computers in my network, but two will be mentioned. Computer A is a Linux Mint 9/Windows 7 dual-boot, and I have just installed Mandriva Free 2010.2, which I will call Computer B.
Now my main problem is that Computer B, while it can see and access Computer A's shares as well as the third computer, the aforementioned computers cannot access Computer B. The message was: "Unable to mount location/Failed to mount Windows share." Now, the SMB protocol was used because of the third computer and Computer A have Windows OSs installed in them.
What I originally wanted was that I can share Computer B's NTFS partition, namely Documents and Downloads, to the other computers. And I can't do that, because of the error message.
What I can do, however, is use Computer B to view shares from the other two computers (Computer A, as an example). By my experiences in Linux Mint, I understand that I'd have to mount my Windows partitions in order to share them. I don't even know if my NTFS drive in Computer B is mounted, though that is what was described.
View 2 Replies
View Related
Mar 18, 2010
Ever need to provide access to multiple PC's and did not have a router only a hub. Maybe this isn't original thinking, but then again maybe you didn't think of doing it this way (which i am sure there are many ways to do it) So I have 2 Ubuntu Servers, 1 Windows Box and a Hub - All 3 with internet access off of single ip and single Ethernet port.
While searching for a backup method today I came across Clonezilla. I was wondering if this was the right thing for me and since I needed to backup my roommates PC for a reformat and install of Windows I decided I would give it a try, but only if it would work. I didn't want the hassle of going into the main part of the house and finding out what cord was what as there is a cable modem connected into a switch (4 static IP's with internet) and one port of the switch hooked to a router) Anyways, didn't work he was on the router I was on the switch)
But this got me thinking. When I setup my server to do this, during one of the setup scripts it said it was setting up Internet access for client machines and that it was assigning them IP addresses threw a DHCP server that it had installed.
So, I dug up the hub connected the internet cable to hub up link and Server 1 on port 1 Server 2 on port 2 and Windows on port 3 The main server gets the internet provided IP address and routes it to the hub via a virtual interface. Server 2 is configured for DHCP and the windows box, It was set to get info automatically but it didn't fill the DNS info so I had to manually do that (just a heads up) I decided to use OpenDNS Servers (208.67.222.222 & 208.67.220.220) but im sure putting in the gateway IP address would have worked too.
So, by now if you need this I am sure you are excited and want to get to it. Like i said there are probably other ways of doing it, ways that don't involve you installing clonezilla and DRBL, maybe even just DRBL is needed, maybe one of them installed whats needed as a dependency- all I know is it works, if you know - elaborate so people know, but hey- this way not only do you have internet access on all PC's you can deploy custom images to them as well.
View 1 Replies
View Related
May 12, 2011
I want to restrict the type of files that can be accessed on my web server.For example only flash movies (SWF files) and one specific PHP file.I can think of a number of ways of doing this:1. Linux file permissions, but since the SWF files need to access various PHP files and those PHP files need access to other files themselves that may not work.2. Using mod_rewrite if that is possible, I don't know as I have never used it.
View 1 Replies
View Related
Apr 16, 2011
all the packages which I have installed which are in experimental but which can be downgraded or can be had from unstable. Is there such a way ?
View 8 Replies
View Related
Sep 10, 2010
I'm not really a network security guy or anything. I'm setting up an FTP server on my lan. I know how to install the software and how to setup my router but still have a couple question for an expert...
1. Which version of Ubuntu should I install? Server?
2. How can I isolate this machine from the others on the lan?
View 6 Replies
View Related
Dec 5, 2010
how to isolate users from a group ie accounting and force them to change their password upon login
View 1 Replies
View Related
Jan 31, 2011
im trying to connect two computers on lan.One computer has: VMWare Workstation and has Opensuse 11.3 mounted in it.The other computer has: VMWare Player and has Opensuse 11.3 mounted in it.Both computers are connected to a switch with cables.I have followed this guide in both computers:Depanati singuri calculatorul!: Opensuse 11.3 - configure local networkin order to setup a network.In one computer, if i go to: Computer---Network---Network folder, i only see one machine. When in fact i could see both of them right
View 9 Replies
View Related
Feb 28, 2010
i have been studying linux for 3 month ,so i have solved some problems related with server part.The problem i have is the squid access.Can I allow some IP's to download files on squid.I mean i already give access to download by reply_body tag,andwant to give permission only one specific IP for unlimit access to download.Is there any solution
View 3 Replies
View Related
Feb 20, 2010
I have configured squid server and it is working fine. I want that only specific ip addresses in my LAN should be able to access internet and for that I have given these entries in access control lists in squid.conf file:
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443
acl Safe_ports port 80
acl Safe_ports port 21
acl Safe_ports port 443
acl Safe_ports port 70
acl Safe_ports port 210
acl Safe_ports port 1025-65535
acl Safe_ports port 280
acl Safe_ports port 488
acl Safe_ports port 591
acl Safe_ports port 777
acl CONNECT method CONNECT
acl QUERY urlpath_regex cgi-bin ?
acl apache rep_header Server ^Apache
acl our_networks src 192.168.0.181/255.255.255.0 192.168.0.182/255.255.255.0
And in http access I have given this:
http_access allow our_networks
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost
http_access deny all
In this I want that only 192.168.0.181 and .182 should be able to access internet but Now the problem is that all the IPs in the LAN like 192.168.0.20 are also able to access internet. What changes I need to do to allow access to specific IP addresses. I am not using any firewall or iptables entries and i am manually changing in the firefox at client side to access internet.
View 3 Replies
View Related
Mar 27, 2010
I'm trying to isolate a number from a text file using sed. The text file looks like this:
-GARBAGE-GARBAGE-GARBAGE- Number of frames: 183933 frames Codec -GARBAGE-GARBAGE-GARBAGE-
I tried the following:
Code:
sed "s/^.*Number of frames: //g; s/ frames Codec.*$//g" "info.txt" > "frames.txt"
Strangely, it only seems to be stripping off the end, but not the beginning, like so:
-GARBAGE-GARBAGE-GARBAGE- Number of frames: 183933
I'm obviously not using the command correctly, so what am I doing wrong?
View 8 Replies
View Related
Oct 24, 2010
How to isolate my home files from wine 'c' drive, i.e.,why does the 'up' gui connect the two?
View 1 Replies
View Related
