Networking :: Unable To Route Traffic Based On Packet Content
May 7, 2011
My linux machine is connected to the outside internet, and I have a minecraft server running on an internal machine (192.168.1.201). Right now, I am forwarding port 80 on the linux machine to 192.168.1.30, which is working.
iptables -t nat -I PREROUTING -i eth0 -d 192.168.1.30 -j DNAT --to-destination 192.168.1.201
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 80 -m state --state NEW,ESTABLISHED,RELATED -j DNAT --to 192.168.1.201
______________________________
I want to filter out the GET/POST requests and forward them to port 8080. I can't seem to get that working.
I've tried this:
iptables -A INPUT -d 192.168.1.30 -p tcp --dport 80 -m string --algo bm --string 'GET' -j REDIRECT --to-ports 8080
View 1 Replies
ADVERTISEMENT
Apr 22, 2011
I have an Ubuntu server box with multiple NICs. I'd like to specify that all traffic bound for a certain IP range goes through one NIC, and everything else goes through the other. Does anyone know how to do that? I'm not a total newbie, but I'm also not a linux guru (but usually can google my way to a solution...usually).
ETA: Source and destination IP for routing.We have 1 NIC with a public IP, all public IP's should talk to it.Another NIC with a private IP, all private traffic should talk to this.In practice, I have some devices on a different subnet of the public IP range we have that will only talk to the private IP.
View 2 Replies
View Related
Jul 12, 2010
I am the new user to ns-2. I would like to know is it possible to send the keys or some value as the packet data (content of the packet) in ns-2 (for wireless environment).
View 1 Replies
View Related
May 11, 2010
I've succesfullly connected to my vpn with kvpnc, but none of my traffic is going through the vpn! I dont know how to route traffic to the vpn. for instance, when I go to whatsmyip.com it still has my previous ip.
View 1 Replies
View Related
Mar 4, 2010
My ISP has given me 3 IP addresses to use for the internet (76.148.200.3, 76.148.200.4 and 76.148.200.5).
If I do a "wget whatismyip.com" or netcat into another server, I am appearing as 76.148.200.3.How do I change my route (command line) in linux to route internet traffic through 76.148.200.5?
Code:
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
# The loopback network interface
auto lo
code....
View 9 Replies
View Related
Mar 28, 2010
I have eth0 and tun0. tun0 is a VPN tunnel going over eth0. Everything on the other end is setup and working fine, when I type Code: traceroute 4.2.2.1 I see my the ping is going over 192.168.2.99 (eth0). When I then type Code: route add -net 4.2.2.1 netmask 255.255.255.255 dev tun0 traceroute 4.2.2.1 I see ping is going over 10.8.0.1 (tun0) instead of eth0, so that is working
What does not work however is when I do Code: route add -net 0.0.0.0 netmask 0.0.0.0 dev tun0 traceroute 4.2.2.1 I get no ping! I believe the problem is because all traffic is routing over tun0, which means even the VPN tun0 needs to go through eth0, it can no longer do this. Is there a way around this where I can route everything except for 114.77.31.26 (which is my VPN gateway for tun0)?
View 18 Replies
View Related
Mar 18, 2011
I just installed a fresh copy of debian (no GUI). I want all my traffic on bash (such as when I do ping or dig or wget, basically whatever) to be sent to localhost:8080. How can I do that? I've a ssh port forward setup that will forward all traffic arriving at my localhost:8080 to another server.
View 4 Replies
View Related
Dec 10, 2010
I'm running Linux Mint 10 . I have a wireless PCMCIA card (Linksys WPC 11 ver.3) that I've put into master mode, and I'm trying to set up my laptop as a wireless hotspot. I am very confident that I want to do this and have no interest in using a wireless router....I say that because that topic inevitably comes up with posts like this. The problem I'm having is I don't understand how to get wlan0 and eth0 to "talk" to each other...That is, I don't know how to set it up so that traffic from wlan0 goes through eth0, so that devices that connect to my hotspot can access the internet.I've seen a few guides about this, but they were either much broader in scope (i.e. much more complex), or for other distributions, etc, and it's too much for me to follow as a linux .
View 6 Replies
View Related
May 10, 2011
I am trying to set up a Linux box that can act as a router (and firewall later). I have a Debian 5 installation and it has two nics in it. I am trying to use the linux route command to set up a route between the two interfaces. I am finding it difficult to do. Let me explain how I am trying to set up my network: I have the ethernet cable from my modem connecting to eth0 of my Debian box, then I have eth1 connecting to a switch, which I connect all my computers and other devices to. I want to have two different ip address schemes for the devices. So here is my interfaces file:
Code:
#eth0 connects to modem
allow-hotplug eth0
iface eth0 inet static
[code]....
So I am wondering, to get my ethernet traffic from eth0 to eth1 and vice versa, do I need to make it so the Gateway for Destination 192.168.1.0 is 10.1.1.1, and for Destination 10.0.0.0, Gateway 192.168.1.0? I have looked at the linux manpage for route and I am still confused. I have also looked at the Debian networking page, but it is still unclear to me how to do this. how I am to use the route command to get this working? Or am I not even supposed to use the route command?
View 4 Replies
View Related
Jun 16, 2010
My issue is with linux routing tables using iproute2, coupled with the iptables MARK target. When I create a rule to lookup a table with iproute2, and the routing table routes an address as type unreachable (or blackhole, or prohibit), if a higher priority rule does a lookup to another table that routes the address as type unicast but that higher priority rule also matches on a fwmark, the packet to that address is never generated locally to even go through iptables packet filtering/mangling in order to mark it, because the lower priority rule that doesn't match on a fwmark says it's unreachable. For example, I have 2 rules installed with ip:
Code:
10: from all fwmark 0x1000 lookup routeit
20: from all lookup unreach
ip route list table routeit
[code]....
Now, in the packet filter, I have an iptables rule to mark packets to destination 10.0.0.5 with 0x1000 in the mangle table and OUTPUT chain. When I generate a packet locally to 10.0.0.5, all programs get ENETUNREACH (tested with strace). However, if I take out the route entry that 10.0.0.0/8 is unreachable, it all works fine and the routes in the routeit table get applied to marked packets (I know because my default gateway would not be 1.2.3.4, but wireshark shows packets being sent to the MAC address of 1.2.3.4).
The best I can surmise is that when generating a packet locally, the kernel tests the routing tables in priority order but without any mark to see if it is unreachable/blackhole/prohibit, and doesn't even bother generating the packet and traversing iptables rules to see if it would eventually be marked and thus routed somewhere. Then I assume after that step, it traverses iptables rules, then traverses the routing tables again to find a route. So is there any way around this behavior besides adding fake routes to the routing table (e.g. routing 10.0.0.5 to dev lo in the unreach table in this example)?
View 2 Replies
View Related
Aug 21, 2010
I have a linux router with 2 physical ISPs and a VPN tunnel that all my traffic passes through. I would like to setup a rule to redirect all traffic from one internal IP address (10.0.0.x) through the physical link only. My current script is as follows.
iptables -F
iptables -X
echo 1 > /proc/sys/net/ipv4/ip_forward
[code]....
My goal is to do something similar to the mangle on the tor traffic, but for an entire host.
View 2 Replies
View Related
Mar 2, 2011
The task I am trying to complete is the virtualization of an IPv6 router created using two fedora machines. Here is the physical setup I have now...
PC1:eth0 <------> network
PC1:eth1 <------> PC2:eth0
PC1:eth2 <------> PC2:eth1
PC1 runs radvd to provide router advertisements to the network and a DHCPv6 server for stateful addresses.Each interface is configured on a separate subnet. PC2 runs a DNS server on eth0. PC2:eth1 is used as an IPv6 client for testing purposes. The connections from PC1 to PC2 are just crossover cables.I've created virtual machines of both PCs and have created 4 virtual adapters on the host machine for each of the local-only interfaces.Now I have this:
PC1:eth0 = HOST eth0
PC1:eth1 = HOST vboxnet0
PC1:eth2 = HOST vboxnet1
[code]....
View 2 Replies
View Related
Apr 22, 2011
I am using Debian 5 and I have some networking experience, however I want to learn to do this the best way possible. I have a Debian box with two nics and I want to connect that to a switch and use my Debian box as a router basically, as well as having a firewall setup within that too.
Should I use iptables to set up nat or the route command or what? I just want to know the group of tools to use in order to set up my network. Network diagram: Internet <------> Debian Box <----> switch <----> hosts I found some guides but they are for linux 2.4 and i'm not sure if they are right.
View 1 Replies
View Related
Nov 21, 2010
My Ubuntu Box has 3 interfaces. eth0 (Internal 192.168.1.0/24)eth1 (External ISP DHCP)eth2 (External ISP Static IP)I need the outgoing traffic to internet for 1 of the internal pc (192.168.1.10) to only go only go through eth2
View 4 Replies
View Related
Sep 24, 2010
I want to explicitly commit bandwidth to only 3 VOIP connections, where a connection is defined as a source IP address, destination IP address, and a traffic class. I would like the traffic controller to put the first 3 VOIP connections into 3 different queues that would have equal priorities that are higher than Best Effort. If a 4th VOIP connection were to start, its packets would be put into the Best Effort queue. When one of the VOIP connections ends, I would like the incoming packets of a VOIP connection that is in the Best Effort queue (assuming there is one) to now start going into the free VOIP queue. Is it possible to do this? Can traffic control keep track of connections being created and deleted like that? If so, how is it done? I would like to avoid having to be constantly updating my filters whenever a connection starts/ends. In actuality, I would want to do this for several different classes.
View 2 Replies
View Related
Dec 27, 2010
We have a need to shape outgoing traffic EXCEPT to certain IP/subnets (sounds opposite to the title, but not really :P), using iptables if possible. We've had decent luck doing it with various things, but one of the big problems is the decrease in download speed (which DOES NOT need to be shaped at all) due to upload shaping. ie, we want the shaping not to apply to TCP/UDP overhead. Semi related but probably not important is the ability to shape virtualised systems as well (ie the guests), but as the guest traffic goes through the host any traffic shaping done on/to the host should affect the guests as well.
View 1 Replies
View Related
May 24, 2009
I have problem with port based routing for local traffic. I can't use trick with iptables -t mangle, ip route table 1, ip rule fwmark table 1 because it works only with forwarded packets. I can't even use patch-o-matic because it's obsolete. And xtables-addons doesn't contain support for "-j ROUTE" yet.
View 2 Replies
View Related
Feb 8, 2011
last friday my schools isp enabled iwsva - interscan web security virtual appliance from trendmicro. all traffic is now filtered, and slowed down. videos and other videostreams are now useless. after this we have had serious problems using our netbooks with ubuntu, and upgrading workstations with ubuntu has become very problematic, or almost impossible. i have to run the update process 6-8 times before all packages are updated.
what can i do to document the problem in a good way. the isp tells me that there are no problems, and that it has to be a linux problem. (ever heard that one before?) the ltsp-clients on my debian servers does not have the same problems, maybe because they are using the proxy on this server?
View 5 Replies
View Related
Apr 20, 2010
do you know if there is any possibility to route/force non-vlan packet to a vlan interface in Linux?
View 2 Replies
View Related
Jan 25, 2011
Under high UDP traffic condition, we find we cannot receive UDP packet (can be captured by tcpdump) from socket neither use bare "recvfrom" nor "select recvfrom " pair. Is there any similar problem reported from user?
Any tunning or socket establish option can help?
Or is there any improvement available from the latest version?
our using linux version is CentOS 5.5
ethernet driver version is Intel (R) Gigbait Ethernet Network Driver version - 1.3.16-k2
View 1 Replies
View Related
Mar 22, 2011
I am running Ubuntu Server 10.10. I have installed OpenVPN using this guide I have set up everything correctly as this guide says, but I am having problems with the config file. I want to securely route all traffic on the client to the server, how ever the server will not start. My config is below:
Quote:
#################################################
# Sample OpenVPN 2.0 config file for #
# multi-client server. #
# #
# This file is for the server side #
[Code]......
The servers ip is 10.0.0.65 and I want to assign the clients the ip range of 10.0.0.200 to 10.0.0.20 When I try to start the server I get the message Fail.
View 8 Replies
View Related
May 10, 2010
I am running Redhat linux 8.0 with 2.4.22 kernel. I am using this server for traffic shaping my static ip clients using tc. There are about 250 clients and I am running mrtg to monitor traffic via cronjobs each 5 minutes. When mrtg run I see too much packets loss in my network. What could be the problem in my server?
RAM is 1gb and processor is Intel Pentium D 2.66GHz.
View 8 Replies
View Related
Mar 28, 2016
I am in serious situation involving PPTP protocol VPN in Debian 8 Jessie stable. I recently became a paid VPN subscriber. Using PPTP; Is there a way to automatically route all traffic through ppp0? Im getting the vpn service killed (ip address goes back to normal unmasked state) whenever there is a power outage (modem reset) and there are alot of those where I live, Im going to get astabilizer and I need a software solution for the situation as well. Theres gotta be a way to route all traffic through the VPN route ppp0 . I tried adding persist and maxfail 0 to the pptp config file but it did not do what i wanted.
Here's my peer configuration file :
pty "pptp blabla.net --nolaunchpppd"
name blablabla
password blablabla
remotename PPTP
file /etc/ppp/options.pptp
require-mppe-128
refuse-eap noauth
persist
maxfail 0
On a second note, its clear to add that I basically need a way to also auto load the line
pppd call blabla.net
and
route add default dev ppp0
On system startup by default so the computer does not use "Wired" connection ^at all^ when not through ppp0. Any other way of not losing VPN anonymity ever due to hardware malfunction.
Is there a way to do this? Ive looked on the net and everything seems like its either from the nineties or can fry my pc , Im no debian expert, less than a year at linux..
Need it to use wired only if ppp0 is being used so if its no vpn, no connection at all period,
View 1 Replies
View Related
Aug 23, 2010
I am running Linux Mint Isadora 9 and recently installed a wireless USB adapter. After installing RT3070 drivers for my RT2070 card I got everything working and life was good. Now, all of the sudden I am having a world of problems connecting to the internet. I can connect to my AP fine, but I cannot access the internet. If I attempt to ping my AP by IP address I get severe packet loss. I cannot ping my AP by url [URL] at all so Im guessing there are some DNS issues as well.
Code:
poe jk # lsusb
Bus 004 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
Bus 003 Device 003: ID 046d:c045 Logitech, Inc. Optical Mouse
Bus 003 Device 002: ID 413c:2005 Dell Computer Corp. RT7D50 Keyboard
[code].....
View 2 Replies
View Related
Sep 18, 2010
Problem Summary: - Linksys WRT54G dd-wrt NOT able to route when in Router mode
Env:
- Linksys WRT54G running dd-wrt v24 firmware
- LAN Subnet: 10.0.0.0/8
- WAN Subnet: 172.16.0.0/16
- Linux FC13 configured as a IPv4 router
- LAN 172.16.0.0/16
- WAN ISP/Public IP
[Code]...
View 4 Replies
View Related
Apr 29, 2010
I have linux workstation. All users home directories are NFS mounts.
Since I am facing packet loss issue users are unable to login to the workstation.
I found the packet loss using mtr from workstation to filer.
Matt's traceroute [v0.54]
Hostname
What are the things I have to check to resolve this packet loss.
Following is the ethtool out put of the workstation
Settings for eth0:
View 2 Replies
View Related
May 8, 2011
I have 3 network interfaces on my Linux Router :
Interface - Gateway - Type
Code:
br0 - 192.168.0.1 - Internet
eth2 - 192.168.1.1 - LAN
tun0 - 10.0.0.2 - VPN (via br0)
What I'd like to do is to route all TCP packets coming from eth2 to tun0 where a VPN client is running on 10.0.0.2. If I delete all default routes and if I add a new route to tun0 like :
Code:
route del default
route add default gw 10.0.0.2
Everything is fine, and everyone on eth2 can reach the Internet using the VPN access. Now the problem is that my VPN client does not allow any other protocols other than TCP. And I also want to allow VPN access only to eth2, no other LAN nor the router itself. use iptables to filter any TCP packets and mark them, so they can be sent to tun0, while any other packets can reach the Internet via br0 (192.168.0.1). I found on the Internet that we can mark packets before they get routed. Using the following commands :
Code:
iptables -t mangle -A PREROUTING -j MARK --set-mark 85 -i eth2 -p tcp --dport 80
ip route add table 300 default via 10.0.0.2 dev tun0
ip rule add fwmark 0x55 table 300
First of all, --dport 80 never work... :/ I wanted to filter TCP 80 packets coming from eth2, but none of them seems to be HTTP packets... oO (very strange...). Nevermind, I decided to forget about the --dport option. I use the "iptables -L -v -t mangle" command to see how many packets are marked, and it is working fine, all TCP packets coming from eth2 are marked. Now the problem is that none of them are routed to tun0 they are all respecting the "route -n" rules... and not the "table 300" rule I have created.
View 4 Replies
View Related
Jan 14, 2011
1. unzip packages.en.gz and then we update some packages version info and SHA1 value in packages file 2. generate new suse/setup/descr/packages, and zip it to packages.en.gz
3. update SHA1 value of packages.en.gz in content fileThen we try to burn an ISO to install, installation fails at the beginning because of incorrect signature of content.
cd:/content invalid signature
Alt+F3 I see the messages:
loading file:/var/adm/mount/content -> /content
[code]...
View 3 Replies
View Related
Nov 30, 2010
Is it possible to have procmail make a decision based on the content of a attachment? My situation is the following, I dailty receive a email from a server on which a backup job of a Progress database is run. This job e-mails the results of the backup in an attachment, based on the result I would like to change the header of the message stating that the backup finished successfully or not.
View 2 Replies
View Related
Jun 21, 2011
I a csv-file (A.csv) with a total of 4.600.000 lines. Thats to many and only a few is necessary. I have a txt-file with 150 lines (X.txt) (all lines is dataset from a mainframe and looks like abc.def.123.456. How do I remove lines from A.csv where none of the dataset from x.txt is present?
View 13 Replies
View Related
