My requirement was to direct certain traffic from various ports down different Internet connections. Basically, for locally generated packets, the OUTPUT chain in the mangle tables is used. You can MARK packets in this chain for ip rule processing.Now the "clear as mud" part. There must be a valid routing decision made without the fwmark, selecting the right source address, even if the gateway ip is invalid.
View 2 RepliesI'm trying to workaround a limitation in a server application. The limitation is that I can only connect to a LOCAL mysql database. I am trying to fool the server in to using a remote mysql database. I was hoping to do this by simply forwarding 3306 to another server on the same subnet.To that end I've set up iptables rules to forward all connections to port 3306 to a non-standard mysql port on a remote server. This works, except that I need to deal with the loopback interface in a special way and I'm stuck.
View 14 Replies View Relatedi have a linux server runnig oracle applications. i need to access this server from putty using ssh through internet. i did by registering my static ip with the dnydns.org and i am able to connect to the server. but now there is no security to authenticate any user as any one knowing the password can login to it.
i thought of configuring the firewall of linux server but the client ip`s are not static and they change continiously. so thought of keeping one more pc between the server and the router which will do the work of authenticating. but i am confuse as how to configure it to allow the packets coming from the internet after authenticating and to by pass the packets generated from internal LAN?
My setup is...I have a wireless access point using laptop as a gateway. The AP is also connected to a switch as is the laptop. So the laptop has two interfaces one wireless and one wired. A third device is using the AP to connect to a server on the internet. The AP sends the packets to my laptop where they are dropped. I've been looking for a solution to this problem without success. Basically is there a way for my laptop to forward all packets it sees from a certain IP address to whatever destination address they have?To clarify, my laptop is just the gateway of the AP and none of the packets are addressed to it at all, it just picks them up using a sniffer or similar tool.
View 1 Replies View RelatedI am running into trouble while trying to set-up a iptables routing policy. I have two machines on the same sub-network (xxx.xxx.153.0). One of the machines is used as a default gw for the other (xxx.xxx.153.250 is a gateway for xxx.xxx.153.142 and xxx.xxx.153.254 is a gw for xxx.xxx.153.250). There is no explanation for why the xxx.xxx.153.250 is in the middle -- xxx.xxx.153.142 can go straight to xxx.xxx.153.254, but is is like that for now.I am trying to find an iptable rule to be executed on the xxx.xxx.153.250 machine to route the packets.
View 3 Replies View RelatedI have a router/modem linux box, connection to DSL through PPP.I also use an OpenVPN service, to which this box connects.My problem is that the speed cap of the VPN is just half that of the DSL connection. I don't need it for internet browsing. Is there a way I can route all the http traffic coming from the client computers (or all of the traffic will do too) through the normal connection?As of now I can only route all traffic either on VPN or normal PPP
View 9 Replies View RelatedI'm running Ubuntu 9.10 server at home on VMware Workstation 7. I have two NIC's configured, one NIC is setup to have a direct connection to the network "Bridged", another NIC is setup to have a private network connection on VMnet1.
Network card 1 - 192.168.1.160 (Bridged)
Network card 2 - 10.1.1.1 (Internal access only)
So when I try to access the Internet, I can not go out on the NIC 1. If I try to ping google.com I get a return from 10.1.1.1 "no reply". But I know that NIC 2 is working, because I can ping 192.168.1.160 from the workstation I'm running on.
So I think that my routing is sending traffic out to the wrong NIC, but not sure if this is a metric in the iptables or another place?
The reason for two NICS is to simulate a DMZ where the server will be running Squid, to test proxy from another workstation on the 10.1.1.X subnet.
Is there any possible way I could add loose/strict source routing for traffic originating from a host ? I mean to add certain hops I want my packet to pass.With iproute2 or maybe iptables ?
View 1 Replies View RelatedI have a firewall, this consists of three NIC's:
Code: eth0[192.168.0.2] eth1[192.168.1.2] and eth2[10.10.165.2]
I am trying to ping eth0 from eth2, but I am not able to succesfully get a response from pinging the device, I am using:
Code: ping 192.168.0.2 -I eth2
I have tried to insert routing data into the routing table, but it still doesn't work
i need to write a program in c that can sniff packets from Ethernet and distinguish RTP packets from Non-RTP packets, i have no idea what should i do
View 9 Replies View RelatedI have a hardware device with two ethernet ports, eth0 and eth1 running Centos 5. Basically my goal is to forward packets from eth0->eth1 and eth1->eth0 as well as get a copy of these packets for analysis. If I set IP routing to do the forwarding then I won't get a copy of the packets for analysis.
View 3 Replies View RelatedI had one two many viruses on Windows, so I am here at Ubuntu.
1. I have installed OpenVPN. I need to connect to an AS/400 after hours.
2. I have downloaded the unbuntu version.
3. I have extracted using the package manager.
How do I actually run the program? There are no icons or anything generated. I know how to configue VPN, not asking that. Just how to run the program.
I've noticed recently that a lot of outgoing internet traffic is generated by my laptop (running Ubuntu 10.04 - 64 bit). This wasn't the case previously. I only found out because my wireless broadband traffic allowance suddenly was used up very quickly. I've installed ntop to try to find out where all this traffic is going to.
I did find that there were a very high number (at one stage over 11.000) of active TCP/UDP sessions (see attached screenshot). Although the traffic generated by each is only small (about 100 bits/bytes - not sure what) multiplied by thousands, makes a fair bit of traffic. I wonder if I've got some kind of a virus/bug or do I have a configuration problem with my laptop?
How would I set up a website that would be only accessible locally. There's a router machine (server) that keeps provides internet access for a number of client machines. I need to set up a learning platform (moodle) locally. The server machine runs moodle server (apache server) and students should have access to their accounts locally (no need to be accessible outside of LAN). First of all, what would be the best network configuration for it.Sorry for a dumb question, but could I just come up with any domain name if everything stays locally within LAN?
View 4 Replies View RelatedI have a home server that I was able to up and till recently able to connect to externally and internally but something has changed. I can't connect through vnc, putty or ftp. if I ping the local address it can't be found. If I try to get to it using its external IP address I can get to the server and put in my user name but it wont accept my password.If I go to the server and use the password it works fine.
View 13 Replies View RelatedI'm behind a very blocked firewall that only allows connections through port 80 and 443. I wish to ssh to my machine at home, but the port is blocked. Is there a simple server that I can run to route my ssh connection through http?
View 2 Replies View RelatedIf you use Nautilus then you can just use the "Connect to server" from the file menu. However if you file manager does not support connecting to servers (like Thunar ) then you can use sshfs.
Code:
sudo apt-get install sshfs
You should create a directory as your mount point, say
Code:
mkdir /media/Server
[Code]....
Because my ISP is blocking every IP port under 1000, I'd like my local nat'ed server to be able to translate incoming and outgoing traffic from some port above 1000 to the default server port locally.Example :
To connect to my IMAP server (default port : 143) from the outside,I'd connect to my public IP, port 1143 (opened and nat'ed to the right server on my router) and the server would translate this port to 143 on the same machine.I wish I could simply configure my router to do that but sadly Linksys doesn't permit such setting... I also could modify the listening port of my server but I prefear to keep the default port inside my network.I think that iptables is the right tool to do that and I never used it and I must say that this tool is not so easy to configure at first sigh
I've got two things I am trying to do and there seems to be no simple solutions. I am wanting to ssh into my Linux box from my laptop (Mac) and play the arsenal of music I have stored on the Linux box back to the laptop locally. I hear of people ssh-ing from work and playing music from home all the time. I have googled for days relentlessly with no way of getting the music to play back to my laptop.
1. I would like to be able to do this outside my LAN. 2. Inside my LAN, I can only seem to get the songs to play on the server. It seems there is a way to forward the sound via ssh somehow. I haven't figured it out yet.
there's a way to locally proxy or spoof just one web page. That is, use tsocks or hosts or something so that when I run an application that requests [URL], it receives /home/user/myversion.html, but for any other address it gets the normal page. Seems simple enough, if a little unusual... (I'm trying to work around a wget bug.)
View 10 Replies View Relatedi know exactly what i need to do, im just not familiar enough with command line to do it properly.i have 7 computers.the first 4 are connected to a router via wireless at one end of the house. of the last 3 only 1 will be able to access the router via wireless, so it needs to share it's one wireless connection via ethernet. this computer i'm going to call 'server'server will have two IP'swlan0 192.168.1.6 this connects to the router that has internet access.eth0 i intend to have the following settingsip:192.168.0.1sub: 255.255.0eth0 will connect to a second router, where the cat5 cable goes from the server, into the internet port of the router where i will define the router's static IP:IP: 192.168.0.100sub: 255.255.255.0gateway 192.168.0.1i have then set the router IP for LAN handling as 192.168.27.1 and all ethernet connections will have a 192.168.27.x IP.
so i need to know how to, without a gui application, use the terminal to assign server eth0 a proper IP address, and tell the server to take the connection it has and share it through eth0 to supply internet for the last 2 computers via ethernet.i had it set up in this way with a windows machine being the one that had the wifi access, but i'd rather have it setup for the ubuntu server to do this task. security is imperative for these 3 remaining machines, so just getting 2 more wifi adapters for a connection to the initial router isn't an option.the 2 that connect to server do so through SSH and though server IS connected via wireless it only makes outward connections through
'm running on Ubuntu and I've succesfully setup apache alongside with a working php & mysql configuration - other computers connected to the LAN can access it by typing in my ip: 192.168.0.9however I would like my webserver to be accessible by all internet users...I've got my ports.conf file in the apache setup to listen on ports 80 and 8080 this is my ports.conf:PHP Code:
Listen 80
Listen 8080
Listen 2000
[code].....
I installed natty finally on my laptop (T410 Lenovo) via an upgrade from maverick. I tested maverick thoroughly first, since I had to perform the upgrade over the network, due to issues with natty booting from DVD. The upgrade went fine to natty, the system came up and I was able to get on locally and install other packages, though I did notice from time to time a lag in network performance. I installed VNC server and started it, as well as other network related services. However, I am noticing a definite issue with the network support and I suspect the natty kernel. The configuration looks sound, ifconfig, netstat and other functions appear to display the correct information, at least what I had with maverick (which worked).
Has anyone else seen issues with natty and networking? The glass looks okay, though I am using xfce and frankly there is nothing new there to really force me to upgrade, its just that this is a new LT and if I can cold install natty right now, it will save me an upgrade later.
System configuration (lshw) is below, ipaddress removed to protect the guilty..:
description: Notebook
product: 2522AP1 ()
vendor: LENOVO
version: ThinkPad T410
serial: R8M9B2Z
width: 32 bits
capabilities: smbios-2.6 dmi-2.6 smp-1.4 smp
[Code]...
I have a pc with debian 6 (without GUI) installed on it and want to use it as server at home. It has 2 ethernet nics. Now i want to configure the routing process. Searched internet for a long time found something but couldn't get it work.
View 8 Replies View RelatedWhen setting up an SSH proxy, I know you can configure Firefox to route DNS requests through the proxy. Is this possible from linux directly? I'm trying to use wget through the proxy, including DNS lookups.
View 3 Replies View RelatedI have two subnets which I am interested in connecting.
Some basic network details:
Subnet A:
Subnet B:
I am trying to think of any further relevant details, but that seems to be it to me. If I forgot anything, please tell me.
Ok the question. WHAT do I type? (Explicitly!) And WHERE do I type it? In order to reach ubuntu-01.tec.lan, or ubuntu-02.tec.lan from perpetrator.tec.lan or rapine.tec.lan?
I'm interested in using actuall ROUTES. I can already achieve results similair to this with either a NAT firewall, or with VPN.. but that's not what I am interested in.
From what I have found out so far, I should need something like the following:
On Gateway 1B:
Code:
And on Gateway 1A:
Code:
I'm newbie to Wireless. Currently I try to implement EAP-TLS but firstly I need to get the hardware work, allow Access Point to Route from Wireless to Wire (LAN DNS server).
View 4 Replies View RelatedI am having some trouble setting up routing on my Ubuntu 9.10 Server. I have the GUI installed with Webmin and OpenVPN Heres the setup :
1 NIC - WAN - eth0 - IP: 146.231.x.x SUBNET: 255.255.252.0
1 NIC - LAN - eth1 - IP: 192.168.1.1 SUBNET: 255.255.255.0
1 NIC - ADSL - eth2 - dynamic
What I need to do is the following.
All users are connected to the LAN.
All requests for IP range "146.231.x.x", and "domain.com" need to be routed from LAN (eth1) to WAN (eth0).
All other internet requests need to be routed to ADSL (eth2).
-> I have the masquerading in the linux firewall working for NAT, but all traffic goes to ADSL (eth2).
-> I am using OPEN-VPN over the ADSL also.
-> DHCP and DNS work fine.
I also need all ports opened with the route (from eth1 to eth0)
using layer 7 filtering how to block the ftp packets?..
In My router i am going to add a below rule.... iptables -A OUTPUT -m layer7 --l7proto tcp --dport 20 -j DROP
above statement will it work in my router?.
1) i have to find the source and destination address in the ip and ethernet headers of a packet that go from my machine to the router.2) Then i have to do the same for the packet that goes from the router to my partner's machine.Then I have to answer the above questions but now for the echo replay.How could i see these address?The result could be found in the output of a tcpdump?
[guest@shakti guest]$ sudo tcpdump -en host 128.238.62.101 and 128.238.61.101
tcpdump: listening on eth0
20:27:36.662737 0:4:75:b5:20:bc 0:3:e3:2a:4a:60 ip 42: 128.238.61.101 > 128.238.62.101: icmp: echo request
[code]....