Networking :: Sending Out Different Certs (Multiple Gateways)
Apr 6, 2010
I'm hosting a Sendmail Cyrus-Imap server on fedora 12. I recently installed a second NIC on a second internet gateway and successfully configured source based routing. Clients are able to connect over the mail.domain.com received from the gateway 192.168.0.1 to the interface 192.168.0.254. ETH0. Clients are also able to connect from pop3.domain.com and smtp.domain.com from the second gateway 192.168.1.1 to the interface 192.168.1.254. ETH1
I have cyrus-imap certs configured for the mail.domain.com and a Sendmial cert configured for mail.domain.com. My question is how would I tell sendmail and cyrus that the mail.domain.com goes out the ETH0 but deliver the second and third cert (eg cyrus sends pop3.domain.com and sendmail sends smtp.domain.com) to clients connected on ETH1?
View 1 Replies
ADVERTISEMENT
Dec 1, 2010
I have 3 servers interconnected with IPs 192.168.150.1-3. First two has internet connection and third first server uses them as gateways. After googling and reading howtos I managed to get it working: The firewall for ssh on first server is defined
Code:
...
iptables -A EXTIN -p tcp --dport 23 -j ACCEPT
iptables -A FORWARD -p tcp -d 192.168.150.3 --dport 22 -j ACCEPT
iptables -t nat -A POSTROUTING -d 192.168.150.3 -p tcp --dport 22 -j SNAT --to 192.168.150.1
iptables -t nat -A PREROUTING -i ppp0 -p tcp --dport 23 -j DNAT --to 192.168.150.3:22
...
On Seconds server:
Code:
...
iptables -A EXTIN -p tcp --dport 23 -j ACCEPT
iptables -A FORWARD -p tcp -d 192.168.150.3 --dport 22 -j ACCEPT
iptables -t nat -A POSTROUTING -d 192.168.150.3 -p tcp --dport 22 -j SNAT --to 192.168.150.2
iptables -t nat -A PREROUTING -i ppp0 -p tcp --dport 23 -j DNAT --to 192.168.150.3:22
...
And on third route is defined like this:
Code:
ip route add default scope global nexthop via 192.168.150.1 dev eth0 nexthop via 192.168.150.2 dev eth0
It works, but the problem is that connections on third server are shown that their connected from 192.168.150.1 or 192.168.150.2. Are there is any way to keep original connection source address, when connecting to 192.168.150.3?
View 2 Replies
View Related
Sep 2, 2009
Is it possible to run multiple SSL enabled sites (each having it's own SSL certificate) off of one IP address, or do I need a separate IP for each one? Any links to conclusive web pages.
View 3 Replies
View Related
Apr 4, 2016
I am having some troubles using iptable rules on two Servers that act as Gateways pointed to one backend server with only one interface.
To be more exact, i have 3 Servers, 2 of those have a public and a private interface, with different public ips but common private interface ( they connect to the same switch ), the last one only has 1 private interface and is connected to that same switch.
Those 2 servers also act as a gateway and a firewall for the private network.
My problem is that i cannot seem able to route traffic from both of those to the third one and back to the same public ip that the request came from ( effectivly using two gateways on the machine with only one interface ).
As a testing scenario i am using ferm for applying iptable rules that forward ssh traffic ( for example ) to the backend server, and it works well when i do it with one gateway.
When i apply something like this in /etc/network/interfaces on the backend server though:
Code: Select allauto eth0:0 eth0:1
# The primary network interface
allow-hotplug eth0
iface eth0:1 inet static
address 192.168.9X.XXX
netmask 255.255.255.0
broadcast 192.168.9X.255
network 192.168.9X.0
[Code] ....
Even though forcing selection of an interface from the backend server ( like curl --interface ) seems to work well, meaning that the request to the curl appear to happen from the correct public ip, i can still only use one of the public ips to access the server with the ferm rules. Ideally i should be able to ssh to the backend server from both public ips using their ferm rules for forwarding traffic to the backend server.
I feel like i am missing some details on routing that should happen on the firewalls as the backend server seems to be able to use both gateways to access the internet and receive replies from it.
View 2 Replies
View Related
Jun 4, 2009
i'm trying to create a server certificate to used in PEAP authentication .I have installed freeradius on fedora10, openssl-perl , also upgrade all the packages yum upgrade
Now after changing the configuration of openssl.cnf file placed in /etc/pki/tls/openssl.cnf
I am looking for certs.sh file thats comes with freeradius package. and also CA.all & CA.certs file but i couldn't find these files in filesystem .
Is these files are present by default when freeradius and openssl-perl packages were installed or should i have to install or copy these scripts file as these files are necessary to create a certificate for server side.
View 1 Replies
View Related
Mar 24, 2010
I have a CentOS5 box I use to run ASSP for Anti-spam. It has a single NIC. I configure network settings using Webmin. I have two Internet connections managed by different routers.
Router 1 - 10.0.0.254 255.255.255.0
Router 2 - 10.0.0.250 255.255.255.0
CentOS - 10.0.0.30 255.255.255.0
Both routers port forward traffic on port 25 (SMTP) to the CentOS box. The SMTP connections only work for the router that is the default gateway on the CentOS box! If Router 1 is configured as the default gateway in CentOS then I can Telnet to that routers WAN IP on port 25 and successfully send mail! On Router 2 I get no connection unless I change the default gateway in CentOS to be the IP of Router 2 thern Router 1 SMTP connections will not work! I imagine that CentOS is sending out it's responses to the default gateway instead of the Router that initiated the port forward?
View 2 Replies
View Related
Nov 17, 2009
I`ve got a network (192.168.1.0/24)with common internet gateway (gw 192.168.1.253).Everything works good and i have access to i-net through 192.168.1.253 from all loacl machines. Then I tried to make and internal server as a firewall for local subnetwork. It is CentOS 5.3 based.
Code:
[root@router etc]# uname -a
Linux router 2.6.9-89.0.16.EL #1 Tue Nov 3 17:15:02 EST 2009 i686 i686 i386 GNU/Linux
[code]...
View 4 Replies
View Related
May 11, 2010
I installed the CentOS v5.4 on a virtual machine vmware server v1.0. I put the the vmware ethernet on bridged mode and now I have an ip address, subnet mask and dns from my dhcp server from the the office where I am. I edit the file /etc/sysconfig/network and I put there the gateway ip. Now is okay but not at my home where I have another gateway ip. a script who switch between my gateways ?
View 4 Replies
View Related
Feb 25, 2010
I have an rsync backup job scripted and run by cron at 12:00 every day. It emails me the log from rsync. The problem is that it sends the same email every minute starting at 12:00 and ending at 1:00. I can't figure out what I did to cause this. It is not happening on my other ubuntu server.
Code:
# m h dom mon dow command
* 12 * * 1,2,3,4,5 /home/barry/bin/backup.sh > /dev/null
Code:
#!/bin/sh
rsync -aut /usr/share/library /mnt/backup/WordPress > /home/barry/backup.log
[Code]....
View 2 Replies
View Related
Jun 7, 2010
I am setting up a Postfix MTA that will be only sending mail for 10 different domains. We have other servers that will be receiving the mail for the domains so I only need to set up for sending on Postfix.
What my issue is I am trying to configure Postfix so that when it sends mail the header shows what domain the mail came from and not the domain the Postfix server is set to. For example....
[URL]
When I send mail from domain2.com I want it to show in the header it was sent from domain2.com and not from domain1.com. What do I need to set in postfix so that this happens? Right now no matter what domain the mail is from the header always shows the server domain and I can't have that.
View 5 Replies
View Related
Apr 6, 2010
how can i configure my server to send mails from about ten different domains i use google apps and want to know if its possible. Because it sends mail but all goes to spam and i have a static ip
View 9 Replies
View Related
Jul 20, 2009
I'm running a server with two sites which both need to be able to send emails. Currently I have Postfix set up to send email via Google Apps. This works fine, but Google's servers ignore the From: address I specify and substitute the one I logged in with. Is there a way to make Postfix log into Google Apps with a different username based on what site the email is coming from? The server does not recieve any mail itself; Google recieves it and we have it set to forward it to the appropriate person's real email address. I'm only worried about sending mail.
(Postfix is not a requirement here, so if there's another mailer that can do this better, I'm open to ideas. However, sending email directly from the server isn't an option as it's a residential IP address and blocked by most of the big email providers.)
View 6 Replies
View Related
Jan 7, 2010
I have a 64bit linux server with 5 virtual hosts on it. When someone fills out a contact form on one of the sites...I get 15-20 copies of the same email. At first I thought it was the kids clicking send multiple times because the first emails were coming from the children's ministry "Email The Cast" section. But then I started getting multiples from the adult sites too. All contact forms are set to come to me.
What's stranger is that my registration section for one of the sites uses the SAME php script (different file) to email me a notification that someone has registered but I only get 1 copy of that.
View 1 Replies
View Related
Apr 11, 2010
While revoking OpenVpn client certs from Server I am getting following output:
./revoke-full client-xxxxxxx
Using configuration from /etc/openvpn/openvpn-2.0.9/easy-rsa/openssl.cnf
ERROR:Already revoked, serial number 2D
[code]....
View 2 Replies
View Related
Jan 7, 2011
I have two NICs and both having different IPs and Default Gateways. Now CentOS by default picks only one default gateway and puts entry in routing table (route -n). I want to keep both default gateway in active mode to achieve redundancy. For example if traffic enters through eth0 then it goes out using default gateway of eth0 and if traffic enters from eth1 then it goes out using default gateway of eth1. I use command route add default gw 192.168.0.1 netmask 0.0.0.0 dev eth2 then both default gateways becomes active. Now I want to make sure that when server reboots both default gateways are setup. For this I wrote shell script/sbin/route add default gw 192.168.0.1 netmask 0.0.0.0 dev eth0/sbin/route add default gw 192.168.0.10 netmask 0.0.0.0 dev eth1I am calling this script via /etc/rc.local but it doesn't work on boot time however once server is booted and I execute script (sh script.sh) then it works fine.
View 1 Replies
View Related
May 16, 2011
I am considering getting certified in Linux Administration.
1) Which organization is best for getting certified?
2) Which books are the best?
3) What topics should one focus on?
AND (the big daddy)
4) Is it worth it to get certified if one does not have a computer science degree and wants to break in to IT?
View 1 Replies
View Related
Dec 4, 2009
Getting connection reset or time out when trying to rdesktop to a Win2003 server that has been upgraded to use SSL for server authentication. (See [URL]). Works fine connecting to other Win2003 servers, just not the secured ones. I'm using Rdesktop version 1.6.0 on Linux Fedora and also SUSE. To connect to the secure servers, Windows clients use the updated RDP client - version 5.2. As a workaround, I attempted to set up an SSL tunnel for rdesktop but wasn't successful in connecting through that either:
ssh username@10.10.10.10 -L 1024:winserver.work.org:3389
rdesktop localhost:1024
Has anyone been able to use rdesktop to connect to a win server that has been configured to use SSL server authentication for RDP connections?
View 3 Replies
View Related
Dec 6, 2010
Firefox 3.6.12 on Ubuntu 10.10 on my desktop computer is reporting a "this connection is untrusted" error for sites that have security certificates provided by COMODO. Yet, the same sites work fine in Firefox 3.6.x on Windows XP, or Chromium in Ubuntu. Here is the more specific message: "The certificate is not trusted because the issuer certificate is unknown.
(Error code: sec_error_unknown_issuer)" The issuer is listed as "COMODO High Assurance Secure Server CA." Here are some examples that throw this error for me:[URL]... It appears that there was some controversy with COMODO and Mozilla (due to bad behavior by COMODO) in the past, but all I can find on that indicates that this should be not an issue any longer.
Anybody with ideas?
View 1 Replies
View Related
Aug 12, 2010
How to work GNUGK for H.323 Gatekeeper.
I am having a problem, configuring static call routing on GNUGK
In the section
You can see that the routers Local-router1 and 2 has the same dialling plan.
What happens is the gatekeeper send calls randomly to one router or to the other when one of the matching extension is dialled.
What I am trying to do is to force
Any calls coming from Remote1 to go out only throught Local-router1
Remote1 =========================> Local-router1
And any calls from Remote2 to go out throught Local-router2
Remote2 =========================> Local-router2
View 1 Replies
View Related
May 20, 2010
I have an old pentium 3 computer that has ~7 NICs installed. These NICs are attached to modems and other networking equipment. According to the linux ping page on computerhope.com, it seems that one could send a ping from a certain specified NIC. How would one go about this?
View 6 Replies
View Related
Jun 16, 2009
I have a CentOS 5.3 box with three network interfaces in it. Each interface is attached to a separate VLAN and I want traffic to stay on each network segment.What I can�t figure out is why I cannot get each interface to have its own gateway and everything gets sent through the default gateway.The basically takes my possible 3Gb total bandwidth and throws it down a single 1Gb pipe.Then on top of that, if I take down the interface (ifdown) that has the current default gateway,I loose contact to the other two interfaces.When I look at the routes, each one of the interfaces shows the gw as 0.0.0.0 and defers to the default route. So I delete the route and try to add a new route with:
[root@testsan ~]# ip route add 10.1.15.0/24 via 10.1.15.1 dev eth2
but end up with the error:
RTNETLINK answers: Network is unreachable
[root@testsan sysconfig]# cat network
NETWORKING=yes
NETWORKING_IPV6=no[code].....
View 5 Replies
View Related
Dec 15, 2008
I have installed qmail in centos 5 machine. After the installation , the qmail is not able send mails. The output of the qmailctl stat is
[root@testserver qmail]# qmailctl stat
/service/qmail-send: up (pid 28409) 168066 seconds
/service/qmail-send/log: up (pid 20217) 1 seconds
/service/qmail-smtpd: up (pid 20210) 2 seconds
[code]....
View 2 Replies
View Related
Jan 24, 2010
Sendmail will send letters OK, but they never show up. I cannot recieve with dovecot either. Everything seems to be OK, but it never works. I can send and recieve from localhost, but nothing outside.
The router is listening on 143, 110, and 25, and is forwarding just fine, or my site probably would not be visible.My HTTP site is at geekinsnthings.homelinux.org, the other address visible in the output is for anything else. THis is because geekinsnthings.homelinux.org redirects me to 8080 on my IP.
View 2 Replies
View Related
May 23, 2009
I have a laptop (running Fedora 10 KDE version) and a desktop (running Ubuntu 7.10) on my home network. Is there any way to send messages from one computer to another through LAN ?
View 5 Replies
View Related
Dec 10, 2008
I am not a networking expert by any means (in fact I have never taken a networking course), but I have taken several security courses, and generally we wind up discussing replay attacks. For example, the Needham-Schroeder protocol (using symmetric-key cryptography anyway) is flawed because it allows for replay attacks, and I understand why.
I guess my question is actually how someone would perform a replay attack. I know I can sniff network traffic by downloading wireshark. I also have downloaded winpcap and npg on my WinXP virtual machine. I'm trying to use this guide to help me, but I'm quite lost:[URL]What I did was to post a "link" to my facebook profile and I sniffed the traffic using wireshark. What I would ultimately like to accomplish is to copy that packet out of the wireshark output, and then use a tool like npg to transfer the raw packet back to facebook, which should result in a second, redundant post. I just can't figure out how to do that.
I'm pretty sure this should be possible. Facebook only uses an SSL session for authentication during login. After that, the information is just sent in the clear, so I'm pretty sure this should be possible.Can anyone explain how to do such a thing? It would really help my research paper that I'm working on this semester if you can. As of right now the attack we are trying to demonstrate/defend against is using a Windows VM, which is why I'm using winpcap/npg. The attack is actually possible using just about any OS (depending on the exploit used), but our POC is Windows only at the moment
View 4 Replies
View Related
Jun 10, 2009
Suppose I have computer A with ip address on eth0 of 192.168.0.1 and ip address on eth1 of 192.168.1.1. If I send packets to 192.168.1.1 from computer A, it automatically uses the loopback interface. Is it possible to modify the routing table some how to send these packets out on eth0 instead and have them route around the network and come back on eth1.I've tried 'route add -host 192.168.1.1 dev eth0' but it seems to completely ignore this entry.
View 5 Replies
View Related
May 12, 2010
I have an issue when sending snmp traps. I have an embedded system connected to a SNMP manager. I am sending traps from the box to the manager continuosly. After sometime I don't see any trpas coming out.
I get this error message.
Cannot open file /proc/net/tcp ...
: Too many open files
Cannot open file /proc/net/snmp ...
: Too many open files
What could be the reason for such an error?
View 1 Replies
View Related
Apr 28, 2011
I have created this thread as it sis realy hard for me to send traps from my Linux workstation... I m lost with v1/v2/v3 snmp... So here is the initial configuration: (without traps)
rocommunity myrocom
rwcommunity MyL33tP4ss 10.5.32.202
rwcommunity MyL33tP4ss 127.0.0.1
syslocation "FR"
syscontact root
From there i can "poll" my system. But what should i do if i want my Linux system sending traps when disks are full or system overloaded etc...I have found information on Internet but not easily understandable It is for v3:
rwuser admin
createUser admin MD5 mypasword
#
# From there i would have to comment the lines regarding the communities
#
[code]....
10.5.32.202 is my management host ... is this config ok ? But it seems that trap2sink is for v2 ? How does it work ?
View 4 Replies
View Related
Mar 22, 2011
Have extensively Googled and searched on here, but with no success. We have a MYPC service at our company, but our support staff have been well trained in the phrase..."we do not offer support for Linux", but the MYPC service that we have did work recently under Ubuntu 9.04 that I had at home, however since upgrading both my laptop and desktop to 10.10 and 10.4 respectively, neither now work when I use the Citrix 11 Receiver client.
I get; "You have not chosen to trust "GeoTrust Global CA", the issuer of the server's security certificate (SSL error 61." So I got, what I thought were the relevant certificates from [URL].. tes/index.html (see image for a list of certificates) but still no joy. whilst I don't want to call my support department, I wonder if they have taken a conscious decision to block access to the MYPC system from anything other than Windows OSs?
View 4 Replies
View Related
Feb 13, 2011
My two machines are both running Ubuntu 10.10. I want to transfer program files between them using a local area network.
My Ubuntu machines can both see the Window machines on the network, and get files from them. But my Ubuntu machines do not detect each other as being on the network. Nor can my Windows machines detect my Ubuntu machines.
From what I can tell, that's normal, and I've become resigned to using a pendrive to transfer files between the two machines. Or even sending files as email attachments.
there is a clean and easy way to transfer files between two Ubuntu machines on the same local area network.
View 9 Replies
View Related
