Networking :: Get An Icmp Tunnel Setup Using Ptunnel
Jul 23, 2011
So im trying to get an icmp tunnel setup using ptunnel. When I run it under the same network and use to connect to RDP, it works fine, however when go outside my network and connect in, it does not get anywhere. I can confirm that I have forwarded ICMP packets to the server (if I ping the external ip it will show the status of the server if I unplug it) and that the server is showing signs of registering it.
On the client it just tries to resend the packet "Resending packet with seq-no 0" Over and over Firewall is off for testing so thats not the issue.
View 2 Replies
ADVERTISEMENT
Apr 18, 2011
I have 2 linux servers in different locations. I need to setup a ip tunnel. I follow this steps on both servers:
Server1: ip tunnel add tun0 mode ipip local IP_Server1 remote IP_Server2 dev ethX ip l s tun0 up ip a a 10.10.10.1 peer 10.10.10.2 dev tun0
Server2: ip tunnel add tun0 mode ipip local IP_Server2 remote IP_Server1 dev ethX ip l s tun0 up ip a a 10.10.10.2 peer 10.10.10.1 dev tun0
After creating the tunnel everything is ok, but after a time(maybe some hours), I can't ping the other end of the tunnel (ping to IP_Server1 and IP_Server2 is ok all the time; the connection to internet is very reliable). I have tried "ipip" and "gre" mode, but same result. If I ping from two servers the other end of the tunnel, the connection is again established for some hours and ping is working in both directions.(if I ping only from one side the ping is not working) How can I resolve this issue for no longer having to log on both servers to ping the other end of the tunnel? If I use an crondjob to ping the other end of the tunnel at 2 hours everything is working fine for weeks, but I need other solution.
View 5 Replies
View Related
Aug 12, 2009
I am attempting to setup a network to network VPN tunnel between our main office and a temporary location. This location need full VPN access back to the main office's network.Anyhow we have spent about 3 solid days attempting to make this work without any great success. Here is our network scheme for these two devices.
Network A (Main Office) (OpenBSD using isakmpd)
Network: 172.16.8.0/24
External IP: 1.1.1.1 (obviously not the real IP)[code].....
View 2 Replies
View Related
May 21, 2011
I am setting up a virtual server. Ubuntu 11.04, "minimal provider image".UFW was disabled by default. I set it to default deny. Allowed HTTP, SSH and other standard stuff, and enabled it. All seems to be OK. Adding one rule to block some annoying security scanners causes ping not to work. I'm not an Iptables expert, but it looks OK to me. I got it from some website, rather than invented it myself, but modified to to fit the ufw config file syntax. What in that rule prevents pings?!? It seems completely unrelated.
View 1 Replies
View Related
May 29, 2010
I can set-up an ssh tunnel from machine A to Machine B:-
fred@my-linux:~$ ssh -P myport fred@myserver.homelinux.com
I can successfully logon to machine A to Machine B.
what address and port will my tunnel 'appear' on machine B? I want to send a stream back from B to A up the encrypted tunnel, not over the open network.
View 5 Replies
View Related
Jan 31, 2010
I need to know the procedure to setup VPN between two network. i setup openvpn access server to do this easy. 1. Step by step procedure to setup VPN 2. Setup VPN with DHCP 3. How to check that open vpn is running successfully.
View 1 Replies
View Related
Mar 1, 2011
I've set up a Lan-to-Lan (routed) OpenVPN tunnel. For redundancy I want to set up a second VPN tunnel on a fallback gateway/firewall on the client side. Currently, both sides (server/client) know how to route packets across each others physical LAN. So no NAT is used. When the primary gateway (fw1) is connected to the VPN server all traffic runs via the fw1 tunnel. Than when the secondary gateway (fw2) connects to the VPN server and fw1 is still connected all traffic for fw1 will be delivered to fw2 and effectively destroying traffic intended for fw1. This is of course no problem if I first shutdown (fence) fw1, than set up fw2 to use the gateway IP address from fw1 and set up the VPN tunnel to the VPN server. Effectively replacing fw1 with fw2 on the client side.
However, I can't seem to find a decent howto.
I am also exploring the possibility to let both tunnels active and let OpenVPN (or another tool) decide how to route packets back and forth the different LANs. A virtual IP between two gateway's both running a VPN or something similar. This would be the preferred method of course. However, I don't know how to tackle this one but I'm pretty sure there are people out there who are happy to share their 2 cents.
View 3 Replies
View Related
Dec 1, 2010
how to identify the icmp packets & marking. this below icmp packets marking is not working.
iptables -t mangle -A PREROUTING -p icmp -j MARK --set-mark 0x5
iptables -t mangle -A PREROUTING -p icmp -j RETURN
with the help of port no or any other how can i identify the icmp packet ?... This below two is working fine
iptables -t mangle -A PREROUTING -p tcp -j MARK --set-mark 0x2
iptables -t mangle -A PREROUTING -p tcp -j RETURN
iptables -t mangle -A PREROUTING -p udp -j MARK --set-mark 0x3
iptables -t mangle -A PREROUTING -p udp -j RETURN
View 1 Replies
View Related
Mar 16, 2010
I run a linux box as a gateway behind a satellite modem. The internet link over the satellite modem is only 1mbit so the usage often reaches 100% when someone is downloading/uploading something. I am seeing my ping return time jump from 700ms to 6000ms if someone tries to upload a file (by sending a attachment in a email etc). The satellite operator is saying this is normal, but I have my doubts.
Has ICMP got a lower priority? Should I really be seeing this behaviour? I understand that if it was a TCP packet then it would just be queued until the previous acknowledgement has been received. And if it was a UDP packet then it would have been dropped, but how does ICMP deal with these situations during heavy traffic?
View 2 Replies
View Related
Feb 20, 2011
Is there a way to set the IP that's returned in an ICMP TTL exceeded packet? Reason I ask is I have an edge router with several upstreams, and several downstream routers, and when I traceroute to it I would like only one of it's IP's to show up in the trace (Instead of each . Much like some of the larger ISP's do to mask the IP and hostname of their internal routers.. Is this possible?
View 2 Replies
View Related
Jan 12, 2010
I have One Server which is having IP 10.176.0.155. I want that client 10.176.0.135 is not able to ping this server only & cane it is possible to block through hosts.
View 1 Replies
View Related
Jun 22, 2010
Why linux traceroute uses UDP protocol, we have basic ICMP protocol which is used in MS-windows tracert.Any specific use of traceroute using with UDP,TCP than ICMP?Windows is displaying all HOPs address but linux printing *.*.*
View 8 Replies
View Related
Jul 9, 2009
I have a C program which does.
1. Creates a UDP socket
2. Send the UDP Request packet to the TFTP server.
3. If the TFTP server is not listening in the 69 port, the remote machine send an ICMP ("Port Unreachable") message.
Is there a way to receive a notification from the Linux kernel on receipt of an ICMP packet to the created UDP socket.
View 1 Replies
View Related
Aug 19, 2010
icmp request from an ip that is in the same network as one of the local interfaces is not responded to, if the ping request is received via an interface in a different network. Is this some security feature?
Consider the below network
x.1|RTR1|-y.1---------y.2-|RTR2|-z.2------z.3-|LNX|-x.3
RTR - Router
x.1 -> 192.168.x.1
LNX - Linux machine
[Code]....
View 1 Replies
View Related
Sep 10, 2009
From what I've read, when linux sends a ping it sends without the netmask, so windows server assumes it must be a broadcast? Why doesn't linux send a netmask with a ping?
View 6 Replies
View Related
Nov 13, 2010
I tried to ping some of the pcs on the local network but for those with icmp disabled it doesn't work. I've used
Code:
nmap -sP 192.168.2.0/24
View 3 Replies
View Related
Jan 8, 2011
Installed Ubuntu Server 10.10, included Apache, PHP, and OpenSSH. Apache is up and serving pages, I can connect using PuTTY no problem. Server responds to a pingHowever, attempting to use ping or traceroute from the server results in a Destination Unreachable. Happens even for other 192.168.1.10x boxes on the local network
View 1 Replies
View Related
Feb 8, 2011
Why firewalls does not allow ICMP echo request packets. Why are pings not allowed to certain systems?
View 1 Replies
View Related
Apr 21, 2010
Can any one tell me a network monitoring tool which can monitor remote connectivity and generate a comprehensive report about the link state like up/down, error timings, increase in latency and packet loss rate.
View 3 Replies
View Related
Feb 21, 2011
On my system, I have built my own tunneling protocol, where I relay packets over a non-standardized but verified medium. What I do is capture the packets using iptables and NFQUEUE, relay them over my medium, and at the other end I reinject them using raw sockets. The packet going into the tunnel is exactly the same as the one coming out, verified. The problem is that this doesn't work for ICMP Ping (Echo Request) if the destination of the ping is the same as the tunnel endpoint. If the destination is not the same as the tunnel endpoint, the ping packet is rerouted and arrives as it should at the receiver, and the ping reply comes back to the sender. Does anyone know whats going on? Isn't it possible to send raw icmp to yourself? If not, anyone have an idea what I should do instead?
View 1 Replies
View Related
Jan 14, 2010
I set up a static IPv6 address and a gateway in /etc/network/interfaces. However, a bad router in my network environment alway send wrong ICMP router discovery messages to me. So I have got extra (wrong) IPv6 address and gateway, and the routing is confused. On Windows Servers, I can use "netsh interface ipv6 set interface "Local Area Connection" routerdiscovery=disable" to disable ICMP router discovery. But I don't know how to disable it on Ubuntu 9.10. How could I disable ICMP router discovery for IPv6?
View 4 Replies
View Related
Sep 28, 2010
When I ping our Microsoft Windows terminal server "cluster" farm, I get ICMP warnings that there are duplicate packets. I am able to rdesktop to the cluster with no problems. We are trying to setup nagios to run on this Ubuntu configuration and nagios is reporting the following error:
"PING WARNING - DUPLICATES! Packet Loss=0%, RTA=.98ms.
FPing reports duplicates as well. Is there a setting in the Arp table that needs to be set differently because the "Cluster" MAC address isn't an actual hardware MAC but a virtual MAC address?
View 2 Replies
View Related
Mar 9, 2011
Struggling to get my Linux server accept ICMP redirects not originating from default gateway. No problem to get it working if the redirects is originating from def gw.I know it's not a good solution security wise, but my network is so cluttered I'm forced to do so.
View 1 Replies
View Related
Apr 20, 2011
I have a dedicated host on my lan to monitor other hosts/services using Nagios. I'm in the process of migrating to Zabbix on that host to perform the same purpose. Both Nagios and Zabbix monitor icmp ping latency (Nagios uses ping, Zabbix uses fping) and over time the latency to other hosts grows until threshold alarms are triggered. In one week, the average latency grows from sub-millisecond to over 100 milliseconds, and continues to grow until the Nagios host is rebooted. I have verified the latency numbers using ping/fping from the command line on the Nagios host.
The problem is that pings from the monitored hosts to the Nagios host show normal latency at the time the Nagios host is showing high latency from itself to the monitored hosts. The Nagios host and monitored hosts are all connected to the same Dell 24 port gigabit switch. I already posted this question on the Zabbix forums with a graph of the latency but there were no answers. [URL] why the icmp ping latency is growing over time and how I can fix it short of rebooting the host on a schedule.
[Code]...
View 5 Replies
View Related
Jul 20, 2010
I'm trying to create a VPN through SSH but encounter the following:
Code:
[18:42:11]root@bronzhip:/home/casey# sudo ssh -w 0:0 97.**.***.221 -i VPN
channel 0: open failed: administratively prohibited: open failed
[code]....
View 6 Replies
View Related
Mar 24, 2011
I'm trying to set up a secure web tunnel at home I have an Ubuntu box (desktop), a Mac, and a Windows 7 box. I use all of them for different reasons. I want to be able to route traffic from my browser through my Ubuntu box. I have done this before with proxy servers abroad, but I want to do it using ssh and my box at home so I don't have to pay for a service i.e (Secure Tunnel)etc.
I followed the instructions at http://bit.ly/hAnp6u. However, using my Win7 box, after I set the browser part per the instructions, I get no connection from the browser.
View 1 Replies
View Related
Oct 21, 2010
Is it possible to chain together multiple SSH tunnel hops in a single `ssh -L` command on the client side? I have two gateways I need to get through in order to access a remote host. For a normal SSH client connection, it's simple enough chain this all together by simply appending the additional SSH connection commands to the first one:Code: ssh gateway.1 ssh gateway.2 ssh remote.host.
View 6 Replies
View Related
Jun 20, 2010
I have a headless server, running Fedora 13. I want to make a ssh tunnel to that server from laptop that is also running Fedora 13. Logging into that server over ssh works well, X11 forwarding also works, but I can't establish a ssh tunnel.
At the moment I was trying to connect two small python tcp sample programs, that communicate through port 8000. Running them both on my laptop works well.
What I am trying to do is that I am making two seperate ssh connections to my server, let's say it's address is myserver.com.
1) I make a 'standard' ssh connection to it
Code:
And run the server program
2) I open another terminal window and make the tunnel
Code:
3) I open 3rd terminal window and try to run the client program, that is trying to connect to localhost:8000.
If I understand it correctly, the client should now connect to localhost:8000, ssh would discover that and send that data to myserver.com port 8000. Then the server program on myserver.com is listening on that port and should get that data and send "hello world" string back to the client. Then the client should get that, print it to stdout and exit.
Unfortunatly all what it does is that it just hangs for about ten seconds and then says "connection lost" (timeout?)
I have tried other programs, they also timout.
By passing the -v argument to ssh it outputs:
Code:
When I try to connect the client it prints four more lines:
Code:
So as you see, it says that the connection times out..Also can anybody tell what the "Unspecified GSS failure." means? The possible break in attempt is caused by connecting to the server using the myserver.com address while being in the same local network with the server. If I connect using server's local ip address (ie. 192.168.1.xxx), the message dissappears.
View 5 Replies
View Related
Oct 3, 2010
I Need to make an SSL tunnel over SSH, I need to create exactly an SSL tunnel,I have a situation like that, I heared it is possible,but don't know how to create an SSL tunnel over SSH i am having putty installed on my pc,So i think i can use putty for this purpose, But i don't know how to do this.
View 1 Replies
View Related
Aug 3, 2011
I wanted to create an ssh tunnel but I do not know what commands to run .. my environment is as follows:
LAN Internet Office LAN
Home PC <-> Linux firewall <-> http server..
According to the above what I figure is that I have an internal web server at my job and I need to create a tunnel to access the web server from my PC in my home. I know I can do a port forwarding with the firewall but I don't want to publish this web server to Internet. My home PC and both servers (firewall and web) are ubuntu. My idea is create a ssh tunnel that forward port 8080 on localhost in my home pc, to the firewall (obviously with public ip), and the the firewall forward to port 80 on office web server at my job. Note that the firewall accepts ssh connections to port 22, same for web server...
View 2 Replies
View Related
