Networking :: Mark All Incoming Packets On Connection?
Apr 6, 2010
I have a router which makes two ppp connections. PPP0 is my default route and is an uncapped ADSL. PPP1 is a Local Only (South Africa) account which has DNS resolving to its IP. PPP1 allows certain connections in. I want all packets coming in on PPP1 to be marked so that after they have been routed through our local servers they can go back out over PPP1. Both connections use dynamically assigned ip addresses. I want to use PPP0 to make a connection to one of our stores, but when our stores connect to us they will be using PPP1. All packets from these incoming connections will need to be routed back over PPP1.
View 14 Replies
ADVERTISEMENT
Oct 30, 2010
Pinging out from my netbook (over wifi, to any host) gets ~0% packet loss. Pinging into it (from any host) gets about 50% packet loss.
The router is a Dlink-DIR615 (rev d, running DD-WRT v24-sp2) but all other hosts on it ping eachother fine. I've tried changing routing, disabling IPv6, using older kernels and using wicd, all with no luck. The wireless connections is at 100% most of the time. This could be a new problem with Maverick, but I may not have noticed it before. I believe this is causing web browsing to be really slow and causing SSH timeouts.
I haven't tried madwifi drivers or nsidwrapper yet.
Edit: just booted into Windows and it has the same problem. Could it be a hardware issue? Also tried with a static IP, with no change.
Strangely, a normal ping gets 50% packet loss, but ping -A gets < 1% loss.
Edit 2: no packet loss at all on eth0.
Code:
# uname -a
Linux hulbert-laptop 2.6.35-23-generic #36-Ubuntu SMP Tue Oct 26 17:03:18 UTC 2010 i686 GNU/Linux
Code:
# ifconfig wlan0
wlan0 Link encap:Ethernet HWaddr 00:25:d3:1a:bc:4b
inet addr:192.168.0.102 Bcast:192.168.0.255 Mask:255.255.255.0
inet6 addr: fe80::225:d3ff:fe1a:bc4b/64 Scope:Link
[Code]....
View 1 Replies
View Related
Apr 4, 2011
I'm trying to use iptables in order to forward all the incoming packets for port 5555 to port 5556 on the same server (192.168.2.101).
I wrote the following commands:
iptables -A PREROUTING -t nat -i any -p tcp --dport 5555 -j DNAT --to 192.168.2.101:5556
iptables -A FORWARD -p tcp -m state --state NEW -d 192.168.2.101 --dport 5556 -j ACCEPT
View 3 Replies
View Related
Nov 2, 2010
I am using a NanoStation 2 in Router mode.The NS is connected wirelessly to my neighbor's router and a switch is connect via ethernet to the NS for LAN use.
The past few days I'm trying to use a VoIP client software to connect to my VoIP account.I use Ekiga Softphone to do so, which requires UDP ports 3478-3479 and 5000-5100 to be open.
So I have opened these ports both on my neighbor's router and on the NS.The problem that I'm encountering is that although I manage to register to the VoIP service, when I answer an incoming call the caller is able to hear me, but I'm not able to hear the caller.So I used wireshark and figured that there is no incoming traffic on my end.
I have used many linux VoIP clients with PCs connecting straight forward to an ADSL router and worked perfectly.
View 1 Replies
View Related
Aug 9, 2010
I want each packet (that match iptables rule) to be delayed by some fixed time interval. How to to this?
Preudocode: iptables -A INPUT -p udp <more conditions> -j DELAY --delay 50000 # delay UDP packets for 50 milliseconds
Update: @related http://superuser.com/questions/147156/simulating-a-low-bandwidth-high-latency-network-connection-on-linux
View 1 Replies
View Related
Apr 21, 2010
I'll like to mark all packet coming from and going to an ip adresse. And I'd like to match that mark packet in an other rule. Ex :
Rule 1 : Mark all packet coming from 192.168.2.0/25 with number 1
Rule 2 : Drop all packets which has been mark with number 1
View 3 Replies
View Related
May 10, 2011
I have a router/modem linux box, connection to DSL through PPP.I also use an OpenVPN service, to which this box connects.My problem is that the speed cap of the VPN is just half that of the DSL connection. I don't need it for internet browsing. Is there a way I can route all the http traffic coming from the client computers (or all of the traffic will do too) through the normal connection?As of now I can only route all traffic either on VPN or normal PPP
View 9 Replies
View Related
Mar 30, 2011
I have a server that I can only access via SSH (it's located far away) and I would like to secure it by blocking all ports except the ones that I need (which are HTTP and SSH). I still want to be able to make outgoing connections to enable software updates and other things.This is my iptables -L -n :
Code:
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpts:1:21
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpts:23:79
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpts:81:65535
code....
In my opinion, this should block all incoming packets except the ones on port 80 and 22, but allow responses to outgoing connections. But a wget http://google.com does not work, it can't establish the connection.
Maybe this is not the best style for iptables rules, but I want to be absolutely sure to not accidently lock myself out from SSH, so I chose not to configure a "block-everything rule".
Does this configuration not enable incoming packets from connections initiated from inside?
View 3 Replies
View Related
Jul 2, 2010
I two servers set up: 192.168.1.150 and 192.168.1.160 Initially, I want all traffic to be served by server 150. So for this purpose I am leaving the IPTables on .150 empty. At a point in time, I want to forward all incoming traffic to be served by .160 instead. I have accomplished this using these commands (on .150):
iptables -t nat -A PREROUTING -j DNAT --to 192.168.1.160
iptables -t nat -I POSTROUTING -j MASQUERADE
My problem is that if I have an open SSH connection to .150 (prior to adding the rules), the packets are still handled by .150 after adding the rules.. e.g. my SSH session stays active. I want these packets to be forwarded to .160, which would effectively disconnect the SSH session. I do not want the packets flat out dropped, I just want them forwarded on in whatever state they are in. If I try a new SSH session, it is properly forwarded to .160
View 5 Replies
View Related
Mar 31, 2010
I'm having problems with my internet connection; it seems to be working fine then every other click of a page there is no connection, then I click it again a second later and it works. I am using a wired network connection plugged into an addon wireless router.
When I use ping under network tools it seems to be fine, then freezes halfway through and doesn't receive those few packets, giving me a transmission percentage of about 70%.
View 2 Replies
View Related
Feb 8, 2010
i have a linux server runnig oracle applications. i need to access this server from putty using ssh through internet. i did by registering my static ip with the dnydns.org and i am able to connect to the server. but now there is no security to authenticate any user as any one knowing the password can login to it.
i thought of configuring the firewall of linux server but the client ip`s are not static and they change continiously. so thought of keeping one more pc between the server and the router which will do the work of authenticating. but i am confuse as how to configure it to allow the packets coming from the internet after authenticating and to by pass the packets generated from internal LAN?
View 8 Replies
View Related
Aug 30, 2010
i need to write a program in c that can sniff packets from Ethernet and distinguish RTP packets from Non-RTP packets, i have no idea what should i do
View 9 Replies
View Related
Mar 24, 2010
duplicate ip, my mistakewhen logged into a fc12 server with ssh, and a node tried to connect to the server using ftp...
View 1 Replies
View Related
Sep 19, 2010
What is the absolute quickest or easiest way to block an incoming connection by their IP address? I'm running an apache2 LAMP server on Ubuntu 8.10. For example, let's say I'm watching my server error logs and I see someone using a script to check for phpmyadmin and other such folders. Right away I know this is a hack attempt. Firestarter does not allow ANY way to block an incoming connection by IP (to my disappointment) and adding the IP to an apache configuration file requires an apache restart (way too much trouble and time).
View 5 Replies
View Related
May 3, 2010
How can I drop or forward a incoming connection from a part of a host like *.alicedsl.de
For example:
The user is connection from *.alicedsl.de on port 12345
So how can I drop this connection or forward to google.com on port 80
View 5 Replies
View Related
Sep 1, 2011
I have been trying to solve this problem for two days now looking at various forums and websites but can't really figure out what's going on here.I have setup postfix on my ubuntu and I can send emails using "telnet localhost 25" and the ehlo thingy. Apache can also send emails. My problem is with incoming emails. When I try to send an email (through Gmail) I get the following error message:
Code:
Delivery to the following recipient has been delayed:
root@example.com
[code]...
View 2 Replies
View Related
Feb 13, 2011
Sometime, I got the error messages as I mentioned in the subject:
Quote:
Feb 14 07:46:48 x proftpd[27487]: x - Fatal: unable to open incoming connection: Transport endpoint is not connected
I'm sure there are some clients connect to server at that time. What does this mean exactly? Why did it happen? Below is my configuration file:
Code:
ServerName"ProFTPD server"
ServerIdenton "FTP Server ready."
ServerAdminroot@localhost
[code]....
View 3 Replies
View Related
Sep 27, 2010
I have a hardware device with two ethernet ports, eth0 and eth1 running Centos 5. Basically my goal is to forward packets from eth0->eth1 and eth1->eth0 as well as get a copy of these packets for analysis. If I set IP routing to do the forwarding then I won't get a copy of the packets for analysis.
View 3 Replies
View Related
Jan 14, 2011
I have setup debian lenny as router - kernel 2.6.26, iptables 1.4.4 and compiled xtables-addons 1.17 There are these rules in:
iptables -t mangle -A PREROUTING -j CONNMARK --restore-mark
iptables -t mangle -A PREROUTING -m mark ! --mark 0 -j ACCEPT
iptables -t mangle -A PREROUTING -m ipp2p --bit -j MARK --set-mark 1
iptables -t mangle -A PREROUTING -m mark --mark 1 -j CONNMARK --save-mark
iptables -t mangle -A POSTROUTING -m mark --mark 1 -j ACCEPT
Unfortunatelly if I try dowload something via router by ktorrent, then there are minimum of packets with id 1 (I find that at the last rule). There are only a few 100B packet with id 1 eventhought I downloaded a few MB with k torrent
[Code]...
View 1 Replies
View Related
May 30, 2010
I wanted to get away from windows, because of the helll lot of issues it gave me. I installed ubuntu in my machine, and i am facing lot of issues to activate internet. May be I am fool number one. So need some help from experts. FIrst my hardware details :-
01:00.0 Network controller: Broadcom Corporation BCM4312 802.11b/g (rev 01)
Subsystem: Hewlett-Packard Company Device 1508
Flags: bus master, fast devsel, latency 0, IRQ 16
[code]....
I have gone thru lot of websites and forums to try to enable the wireless connections. Till now I have installed the ndisgtk_0.8.5-1_i386.deb, ndiswrapper-utils- .9_1.54-2ubuntu1_i386.deb & ndiswrapper-common_1.54-2ubuntu1_all.deb. Then I was able to install the windows driver for my wireless card. But still the status is showing as disabled for the wireless adaptor. Please help to make it working.
View 3 Replies
View Related
Oct 21, 2010
I got a NetGear wireless router recently. Attached it to my Huawei (pardon the spelling) modem. I have a HP 540 laptop running Ubuntu 10.04 The wireless gets connected. But there's an exclamation mark almost all the time. Very frequently these days, the connection gets bogged down or websites just don't open at all. But the icon (with the exclamation mark) shows Active Connection. I don't know where to start looking for bugs. Seems odd. Wireless is connected, I can connect to sites, but there's the exclamation.. and sooner or later, connection goes off but the icon still stays the same with "active" label.
View 7 Replies
View Related
Jun 29, 2011
My laptop has become very sluggish. So I loaded firestarter firewall. It is reporting loads of incoming UDP traffic. I only use this machine for Skype and Firefox based work as most of my stuff is kept on the cloud. Is it safe to stop all this UDP traffic? It would free up my CPU I guess. It seems port 56095 is getting hammered.
View 8 Replies
View Related
May 16, 2011
I have a iptable as firewall, I want to open incoming of port 8080 so I use "# Allow forwarding of incoming Port 8080 traffic" but it didn't work? how can I open just incoming of port 8080?
View 3 Replies
View Related
Jun 26, 2010
I'm using postfix on Ubuntu 9.10 and all I need is to occasionally send automated emails from perl or php scripts when data processing errors occur. In other words, I want to reject any connection attempts from remote clients and otherwise allow nothing except outgoing emails from one particular account.f I add this line to the default main.cf, will it do the trick or is it more complicated?
Code:
smtpd_sender_restrictions reject
View 3 Replies
View Related
Dec 26, 2010
i'm attemping to re-route incoming traffic of https to one of my servers. (a windows xp with subversion on it)
problem is if i do that ALL https traffic from other pc's is stopped. meaning i can't get any reply from any url with https;
View 6 Replies
View Related
May 29, 2011
Before explaining the problem, I have to draw the environment. Because of post size limitations, I'll have to break this post in more than one entry.
Physical view
Code:
+--------+ +---+
|storage1|-----| |
+--------+ | s |
| w |
+--------+ | i | +-------+
|router2 |-----| t |-----|router1|--->Internet
+--------+ | c | +-------+
| h |
+--------+ | 8 |
|router3 |-----| |
+--------+ +---+
Device details
[Code]....
View 14 Replies
View Related
Mar 13, 2010
I'm using Linux Mint 8 KDE, which is essentially kubuntu karmic.
Been trying to set up bittorrent (tried several different apps), have followed all the usual steps, forwarded ports on both Guarddog and my router, but still no incoming connections. Then tried disabling the firewall in Guarddog - still no incoming connections. Never had any problems configuring my router before so can only think that there must be something else blocking ports in linux other than iptables.Also had same problem just using ufw and gufw
View 1 Replies
View Related
Aug 5, 2010
I am running the latest ubuntu. Sometimes it randomly stops accepting ssh connections, afp/smb connections, and even stops responding to pinging. It is connected via WIFI.
I go over to the desktop and use the browser, and the internet still works fine. Then after a while, it starts accepting incoming traffic again.
View 3 Replies
View Related
Jan 12, 2009
assist me in using the iptables firewall to block all incoming mail traffic (SMTP port 25) except that of a certain IP(s)? the situation is that we have a server that we only want to receive mail from a particular sender.
View 1 Replies
View Related
Feb 18, 2010
I'd like to find some sort of program which can tell me how much incoming data I've had in the last 24 hours. It goes by hours, not by days, but anything that's simple and that can display this will do. Is there any sort of program that does this? Something that would fit well with Ubuntu's style wouldn't hurt, but I'm not that worried about it as long as it does the job.
View 1 Replies
View Related
