Networking :: Most Of Traffic Can Be Routed Simply By IP/mask?
Jun 28, 2011
I have a linux desktop with two connections - fast eth0 and slow modem ppp0. Most of traffic (e-mail, DNS, NTP) can be routed simply by IP/mask. But how about http and p2p (torrents, DC++)? Routing by IP is unacceptable, because there is very huge amount of routing rules. I need route http packets (80 port) through ppp0, p2p through eth0 (10000:65535 ports). I've found that splitting traffic by port is possible with marking packets for different gateways. For begin I cleared all tables and bringed up connections.
Code:
# iptables -F -t mangle
# iptables -F -t filter
# iptables -L -t filter
Chain INPUT (policy ACCEPT)
[Code].....
View 7 Replies
ADVERTISEMENT
Aug 9, 2010
I know this has probably been solved multiple times, but I've searched the forum to no avail. I have a PPTP server setup properly with all ports forwarded correctly. A remote machine can connect and authenticate just fine. They get their IP assigned and everything.
The problem is that no traffic is being routed through the tunnel. Or, rather it is but the server doesn't seem to handle it. In a web browser I just get an error message. On a windows client I ran ipconfig and found a gateway address had not been assigned through the VPN tunnel. Could this be the problem? If so, how can I fix it?
View 1 Replies
View Related
Aug 3, 2010
I have a linux server I'm intending to use as a firewall. The server has the following adapters
eth0 - Public IP (VLAN2)
eth0:1 - Public IP2 (VLAN2)
eth1 - 10.241.4.4 (VLAN4)
the Default gateway is my ISPs gateway. Additionally, I have the following route set: route add -net 10.0.0.0 netmask 255.0.0.0 gw 10.241.4.1
I have a server that exists on VLAN 208 at IP 10.241.209.67/21., its GW is 10.241.208.1 (first IP in /21 range)
as it is on the 10.0.0.0/8 network, traffic from the firewall is successfully routed from that server through my router to the FW and out to the Internet. The FW can ping, ssh, etc... the server and vice versa.
I want an iptables rule that will allow me to forward port 4401 on eth0:1 to 10.241.209.67:4401.
Is this possible since the IP is not on the same subnet as eth1, even though it is accessible?
I'm a bit better than a neophyte linux user. I have not made port forwards with it in the past without scripts to assist so I'm looking for not just "it is possible", but also the syntax of how to add it.
View 2 Replies
View Related
May 19, 2010
I am building a router and I wonder if I have some rules like this and
/proc/sys/net/ipv4/conf/all/accept_source_route is 0 will it work.
Code:
echo 1000 TEST >> /etc/iproute2/rt_tables
iptables -A PREROUTING -s 192.168.2.0/24 -t mangle -j MARK --set-mark 1
ip rule add fwmark 1 table TEST
ip route add default via 192.168.3.5 dev eth2 table TEST
I am not quite sure is it source routed packages at all. And also even if it works with my router will next firewall drop such packages. I have mentioned before that some things like:
Code:
ip route add default via 192.168.3.5 dev eth2 src 192.168.2.0/24
do not work
View 5 Replies
View Related
Mar 10, 2011
I currently have one of our clients set up to use a routed VPN for their 5 laptops to connect to the server remotley. And this works brilliantly. They are about to bring on a remote office that will need a VPN connection back to the main office, so I was going to set up a bridged connection between the two sites (and possibly more sites in the future).
So my question is whats the best way to go about this? Can I have one instance of OpenVPN running with tun0 set up for a routed connection to the laptops and add a second tun (tun1) to the config that will be for the bridged connection between the sites? Or am I going to have to run multiple instances of OpenVNP, one for the routed and another for the bridged?
If routed and bridged have to run in seperate instances, will I have to add another instance for each new remote site that needs a connection? Can a bridged config connect to multiple sites, or have multiple tuns in the one config?
View 3 Replies
View Related
Aug 13, 2010
I have three machines say A B and C. I want to make machine B as a router for A and C, so that the ping packets from C to A should be going via B. I have directly connected two interfaces(eth4) of A and B and similarly two interfaces(eth5) of B and C. I have even set up a route between B and C. 1. But I am not able to set a route between B and A.2. If I ping A from eth4 of B(viceversa) it works. When I ping B from eth5 of C it work but not the viceversa.3. Also, if I ping from C to A, B receives the packets, but not A.
View 3 Replies
View Related
Apr 2, 2010
I have searched google, but can't really get the hang of setting this up.Most howtos are setting up a DHCP and PXE on the same box. At the present my DHCP is done by my router and I want to set up the PXE server on my main PC.My router can re-direct traffic types based on ports (UDP or TCP) to an IP but can't do the bit about directing the pxe loader name (and I really don't want to ssh into it and start messing about there)If I redirect the port (what ever it may be, help required here) how would I go about setting up the Ubuntu PC to do the load and pass back to the PC trying to PXEboot?
View 1 Replies
View Related
Sep 29, 2010
I need to set up my centOS computer as a firewall in my home network. Ive got 2 interfaces, eth0 and eth1. I want to allow and forward all traffic on eth0 and block all traffic on eth1 except ssh, ping(icmp) and DNS. How do I do this? Ive tried some editing in /etc/sysconfig/iptables but no luck.
View 1 Replies
View Related
Apr 13, 2010
Is it possible to Mask my IP in Ubuntu?
View 2 Replies
View Related
Mar 11, 2010
How can I add this to Ubuntu so that I can effectively use both networks connected to my machine. All I do in WinXP is run this from the command prompt: route -p add 10.0.0.0 mask 255.0.0.0 10.15.122.9
View 3 Replies
View Related
Aug 9, 2010
How do i mask my ip address with ubuntu 10.04
View 1 Replies
View Related
May 20, 2011
In addition to 2 "desktop" machines, I recently set up an Ubuntu Server with Apache2, but when I try to access my www.homepage from a machine locally connected to the same router (via both wired & wireless interfaces), I am directed to the Login page of the router, not to the www.homepage. Yet, when I access the www.homepage from elsewhere, my www.homepage is accessible.
I can browse to my www.homepage by entering the local IP address into browsers on both local machines, so I know the machines are talking to each other. Just not letting me get in via normal internet browsing channels.
Server: Ubuntu 11.04
Webserver: Apache2
Router: D-Link DIR-615
IP Address of: 192.168.0.110 (reserved on router, static on server)
[Code]....
View 7 Replies
View Related
Mar 15, 2011
I wanted to tell my server to block all traffic but US only traffic. So i followed this guide:[URL].. Now I know, it's the best way to help prevent hackers/crackers (doesn't matter to me what they are called. I just have to stop them). My server only deals with US clients anyways so might as well just start right there for my server's security before getting into the brute force and injection preventions. So I got it all done compiled everything moved to the proper directory. I then started to setup my iptables. Like so
Code: iptables -F INPUT
iptables -F OUTPUT
iptables -I INPUT 1 -s *.*.*.* -p tcp --dport 22 -j ACCEPT
iptables -I INPUT 2 -s *.*.*.* -p tcp -j ACCEPT
[Code]...
After seeing that i went digging in the code and figured it was something todo with memory allocation.
View 1 Replies
View Related
Sep 27, 2009
Recently I notice that when I'm connected to an vpn server (pptpd) and I'm using it as a default gateway my download and upload speed decreases almost to the half of the usual speed. I made a test using iptables in order to count how much GRE packets are generated (except the real traffic itself) in that way:
Code:
iptables -I INPUT -p gre -j ACCEPT
iptables -I OUTPUT -p gre -j ACCEPT
iptables -I FORWARD -s 172.16.10.101 -j ACCEPT
iptables -I FORWARD -d 172.16.10.101 -j ACCEPT
The first 2 rules match all GRE packets between the pptpd server and client, and the next rules - the traffic between the server and the client.
When I turn the counters to zero and begin to generate traffic (to browse, to download etc.) I see that the GRE packets are even more than these in the FORWARD chain.
So, my question is first of all is my test correct and is it true that so much gre traffic is being generated during the browsing (it becames clear that the traffic is double than if the pptpd wasn't used as a gateway) and if yes - can that traffic be reduced?
View 3 Replies
View Related
Jun 10, 2011
I have an ubuntu machine connected to my network which is used as a Minecraft server, storage, and a subsonic server for music. For the most part, the only person using these services, especially during downtime, is just me at home. Which is why I'm surprised that 2-days ago I detected that my network was being slowed to a crawl. There I found that the ip connected to my ubuntu was moving around 170,000 kb on my Netlimiter 3 program.
I have no idea why that is, I closed my ports that were forward for the ubuntu servers, but the bandwidth keeps leaking. Disconnecting the network from the ubuntu computer or turning off the computer stops the odd downloading and uploading. If anybody would have any information of what I can check or shut down in Ubuntu, please let me know. I'm fairly a beginner to the OS, but haven't been able to find a similar problem on this forum.
View 6 Replies
View Related
Jul 10, 2011
I've been trying to revive my old Acer Aspire 3680, which is supposed to have Acer InviLink 802.11b/g Wi-Fi CERTIFIED solution, supporting Acer SignalUp wireless technology, as shown is in Specification.The system simply doesn't detect Wi-fi and I don't know how to make it work.
View 9 Replies
View Related
Apr 5, 2010
I am using ubuntu Lucid and connected to a network with windows machines.Our network admin changed some settings in the network, and all machines need to change their subnet masks to access local machines (e.g. I am getting "unable to mount" message when I try to connect other Windows PC's on the network.)
If I open the connections panel, and "Edit" the "Auto eth0", I can get: IPv4 Settings -> Method -> Manual -> Addresses -> Add .And I am pretty sure I will put new subnet mask address into "Netmask" box, what to put others? Namely:
IP Address, Netmask, Gateway and below:
DNS Servers, Search Domains
I can get some info about my network connection by right clicking network icon on the panel, and select "Connection Information" Tried to fill manual settings with some of those info (the ones made some sense to me) but I still cannot mount windows network drives, plus my internet connection dies.So, is there any way to change Subnet Mask "ONLY", without touching any other setting.
View 2 Replies
View Related
Apr 27, 2010
We have something on our network that is reaking havoc with our content filter. I am trying to track it down, but so far I have been unsuccessful. We have approximately 500 devices in 100+ different locations spread across 9 states. Looking at each computer is not really feasible.
I need a machine that can sit in between our network and our internet connection and graphically monitor in real time and logs how much traffic each device is sending and receiving. It would need to sit inline so it has to have two nics and be able to pass traffic. The machine also needs to be transparent. Reconfiguration of our routers or workstations is not an option.
I have used ethereal and wireshark before. Ethereal may be a viable option, but wireshark seems to provide lots of information, but no practical way to make use of it. how to set up the box to be a transparent device on the network that will allow internet bound traffic to flow (freely)?
View 3 Replies
View Related
Dec 2, 2010
The problem is that it simply won't connect in Ubuntu at all. In fact, to write this, I am using Windows. I am running 10.10. I downloaded the necessary file and installed it with my package manager, but it still won't work. What do I need to do to make it work?
View 6 Replies
View Related
May 18, 2011
I just installed a OpenSuse 11.4 box. Now when I do a 'ls -l' I see the date format different than on all my other boxes even though I have identical regional settings. Is there a way (env var) to control this behaviour ?
View 6 Replies
View Related
Feb 24, 2011
I want to extract some information from ifconfig,
E.g.:
inet addr:123.123.123.123 Bcast:123.123.123.255 Mask:255.255.254.0
I want to extract the mask value, how can I do that? I've tried using
Code:
grep -o "Mask:*" test1.txt
but it only outputs "Mask:" I need to get 255.255.254.0
View 3 Replies
View Related
Mar 25, 2009
In bash, what does an exclamation mask followed by a question mark mean?
View 1 Replies
View Related
May 11, 2010
I've succesfullly connected to my vpn with kvpnc, but none of my traffic is going through the vpn! I dont know how to route traffic to the vpn. for instance, when I go to whatsmyip.com it still has my previous ip.
View 1 Replies
View Related
Jul 11, 2010
I have a comcast business network adapter that has a 4 port switch. It also handles nat 1 to 1 translation for static IPs (That's just how they do it, there is no other choice).
In port 1, I have a cat6 that brings traffic to and from my linux machines, allows me to vpn, ssh, a mail server, etc. Everything here is fine.
In port 2, I have a netgear router that is setup with a point to point VPN for a client.
Here are the issues:
1. Machines that are connected to the netgear vpn router/switch can access machines on my network - I don't want this.
2. I can't access the machines connected to his lan from my lan - I need this to administer his machines somehow. Even if I have to VPN to the concentrator and do it like that.
Here is the network structure.
Code:
Internet <-> 10.10.10.1 -> switch with 10.10.10.x machines
|
-> internal vpn IP 10.10.10.50
|
[Code]....
The external network for the VPN is 10.10.10.x and the internal is 10.10.20.x. So, a machine with IP 10.10.20.100 can get to 10.10.10.X and I don't want that. I guessing it's doing this because technically, I'm 'from the internet' on 10.10.10.x and the vpn machines are going 'out to the internet'. Is there a way to have this:
vpn -> gateway traffic only?
I have a cisco 1811w at my disposal if I need to use it; however, I'm all thumbs when it comes to cisco IOS and networking in general.
View 4 Replies
View Related
Dec 1, 2010
I'm trying to inspect network traffic from my iPhone / iPad / Kindle / other wi-fi only consumer electronic device. To do this I man-in-the-middle myself (connect laptop to LAN via wire, create wireless Ad-hoc network, bridge the connections, then connect my device to the ad-hoc wi-fi network) and use Wireshark to watch the traffic.
In the past this has been adequate for my needs (just wanted to watch and see what potentially private info was being leaked about me / see that banking / amazon / etc apps were going over SSL). Now I've noticed that applications are almost all using SSL (which is great) but they are way to active for my taste. I'd like to use these apps but want to know what's happening in the background. I know that corporations dead-end SSL connections at their proxys to inspect the traffic and then re-establish the connection on behalf of the user for the trip across the internet. While I find the corporate use a bit distasteful, I think this is exactly what I'd need to do to myself. Any suggestions for how to do so or other ideas on how to get the packets in the clear?
View 3 Replies
View Related
Oct 19, 2010
How are packets treated that do not match any of the filters?
View 4 Replies
View Related
Feb 23, 2011
I want to simulate video traffic in ns2.31 .I have added mpeg4_traffic patch in Contributed codes in NS2 web site . I receive segmentation fault error ,when I debug code I got a lot of error ,I don't know what to do ? does no one know how should transmit video in ns2 ??
View 14 Replies
View Related
Jan 18, 2010
How do i find my internet address, subnet mask, gateway,etc in Ubuntu?
View 1 Replies
View Related
Feb 11, 2010
for providing an earlier solution from which I have modified and butchered the below script.The intended purpose of this script is to take a subnet mask for example 255.255.255.0 and turn it into the corresponding wildcard mask value in this case it would be /24I have got to the point where I have the binary value, the script is
Code:
#!/bin/sh
#takes mask from ifconfig
[code]...
View 4 Replies
View Related
Jan 14, 2010
I've blown a couple of DVDs trying to burn them with correct file masks (directories and files are read-only). There doesn't seem to be any documentation for K3b (building the index doesn't do squat and the help says "The file or folder help:/k3b/index.html does not exist"). I can't seem to figure out a setting that simply copies everything the "way it is."
View 7 Replies
View Related
