Networking :: Install A Hardware Firewall And Virtualize The Existing Server?
Feb 18, 2010
I'm having this issue with a Linux server that thinks it owns an IP that it doesn't.Background: We used to have a central server connected directly to the DSL modem with two interfaces. interface eth1 was setup to respond to three of our external IPs, I'll call them ext54, ext55, and ext56. The internal interface, eth0, was setup as a gateway for the LAN on IP 192.168.0.1.
We wanted to install a hardware firewall and virtualize the existing server. So now it's setup so that the WAN interface of m0n0wall is connected directly to the DSL modem and responds to ext54, ext55, and ext56 and its LAN interface is the gateway for the 192.168.2.0 network. The server was virtualized and it's eth1 configuration was changed to be 192.168.2.2 with a gateway of 192.168.2.1. Everything seemed to be working fine.
Problem: The server runs apache for our webmail system, which works fine from the outside (since I have m0n0wall NAT port 80 through to 192.168.2.2), but inside it fails.
As best as I can figure the server (which is linux Centos 4.3), thinks that it should still respond to IP ext54 instead of forwarding it on to m0n0wall to figure out where it should go. I've looked through all the config files I can think of on the linux server (ifconfig, route table, hosts file) and I can't see anything that would make the server think it is ext54. I've also checked the logs and config of m0n0wall to see if the packets are getting dropped, and again, I don't see anything.
I guess I should say that our DSL provider gives us the IPs ext54, ext55, ext56, ext57, and ext58. When I tracert the IPs on the server ext54, ext55, and ext56 don't hop at all as if the server itself serves those IPs, but ext57 and ext58 tracerts hop to the m0n0wall gateway correctly...which makes this even crazier in my opnion.
View 6 Replies
ADVERTISEMENT
Jan 25, 2011
I will be relocating to a permanent residence sometime in the next year or two. I've recently begun thinking about the best way to implement a home-based network. It occurred to me that the most elegant solution might be the use of VM technology to eliminate as much hardware and wiring as possible.My thinking is this: Install a multi-core system and configure it to run several VMs, one each for a firewall, a caching proxy server, a mail server, a web server. Additionally, I would like to run 2-4 VMs as remote (RDP)workstations, using diskless workstations to boot the VMs over powerline ethernet.The latest powerline technology (available later this year) will allow multiple devices on a residential circuit operating at near gigabit speed, just like legacy wired networks.
In theory, the above would allow me to consolidate everything but the disklessworkstations on a single server and eliminate all wired (and wireless) connections except the broadband connection to the Internet and the cabling to the nearest power outlets. It appears technically possible, but I'm not sure about the various virtual connections among VMs. In theory, each VM should be able to communicate with the other as if it was on the same network via the server data bus, but what about setting up firewall zones? Any internal I/O bandwidth bottlenecks? Any other potential "gotchas", caveats, issues? (Other than the obvious requirement of having enough CPU and RAM).Any thoughts or observations welcome, especially if they are from real world experience in a VM environment. BTW--in case you're wondering why I'm posting here, it's because I run Debian on all my workstations/servers (running VirtualBox as a VM for Windows XP on one workstation).
View 14 Replies
View Related
Feb 5, 2011
Currently I am working on one project in which I am transferring existing setup to Open Source platform. I am having brand new IBM server with two NIC card and want to setup Firewall. I am searching for good solution which suits to me. Which firewall system I should go for? I am thinking of IPCop.
1) Firewall should support OpenVPN
2) Easy to manage for Resident technician
3) Should be block streaming, facebook and others sites.
View 1 Replies
View Related
Jun 23, 2010
I have an existing unix user that some how didnt make it into the copy over to our LDAP server. How do I add an existing unix user to an existing LDAP directory? Will ldapadd work? I was under the impression ldapadd required an ldif file to work properly.
View 7 Replies
View Related
Apr 8, 2010
I am working on setting up some networking connections here. [URL]. Depending on your router make and model. You can disable the dhcp server on the router if you go to advanced setup and in the dhcp option You should find two radio buttons off and on click off and you will disable the dhcp server on the router refer to your router documentations. I do not wish to disable the DHCP on my router (2wire). I have fixed the router so it assigns static IP addresses - by following the Management and Console Diagnostic" portion on this page: [URL]. There are 7 machines getting IP addresses from the 2wire router. Of the 7, I have configured 4 to have static IP addresses allocated to them by the router.
For example, the domain here is : 2wire.gateway.net
If I have a host named "zazu", and I ping zazu.2wire.gateway.net, I get the right IP address.
I am working with a product (ZIMBRA) that
-> requires for the host to "have MX records".
-> that you get a FQDN when typing "hostname"
-> that you get a FQDN when typing "hostname -f"
Basically, the way it is supposed to be set up is:
ZIMBRA (internal) <----> Kerio Mail Server (Windows) <---> email from the outside world
So, in a sense, the Kerio Mail Server is to forward mail received from the outside world to ZIMBRA and ZIMBRA is to send mail to the Kerio Mail Server to send it to the outside world. From what I see at these links: [URL] And [URL]. You have to set up some kind of DNS server? Why? Don't both the DHCP server and DNS server serve the same thing? How can I incorporate a DNS server into my setup when the 2wire (with DHCP) is working just fine?
View 3 Replies
View Related
May 10, 2011
I need to install different version of Perl with needed modules to Test Run a perl script (ASSP) without affecting the existing one as the old version of Perl is buggy with seg fault.
View 5 Replies
View Related
Aug 1, 2009
I got 2 servers, each on different locations (server 1 and server 2). I want all traffic on server1 included web browsing, applications etc., be always going through server2, like a gateway. I want the traffic to be encrypted (maybe use VPN?) So if I browse, or any logs pick up ip adresses from applications used by server1, I want it to display the IP address from server2 (Might be the wrong way to say it).
I always wants server2 to act as an firewall and logserver that logs all the traffic. I was thinking about using Snort for IPS/IDS solutions and OpenVPN for the traffic, but what can I use as a firewall? Most firewalls I find on google has its own OS/Distribution. Maybe Squid for logs? But squid does not support much protocols. Distribution on both servers are updated Debian/Ubuntu based.
View 3 Replies
View Related
May 18, 2010
I am learning to setup firewall in my home for that i have selected four system(sys1,sys2....sys4) for testing .I have configured sys2 to act as a firewall with two NIC. sys3 and sys4 are inside the firewall . sys1 is not connected to firewall for testing purpose.
the IP assignments are follows :
sys1 : ( fedora, not connected to firewall i am thinking, But i am not sure )
IP : 192.168.2.1 ,
gateway : blank
dns1 : blank
dns2 : blank
sys2 firewall ,IPTABLES )
code....
what happened is that sys1(not connected to firewall) can ssh to sys4(connected,inside firewall),since the rules are written not to ssh form sys1 to sys4..
then I came to know whatever the request I give, It directly goes as sys1 --> sys4. Not as sys1-----> sys2(firewall)---> sys4 .and the firewall is not filtering and processing anything for both inbound and outbound (i think it's my mistake some where). the requests are directly going inside without firewall.
View 3 Replies
View Related
Aug 10, 2010
here's my delema, there is a server on a network protected by a overly restrictive firewall. I can't connect to the server.
I was thinking, does a program exist where the server would connect to another server outside the firewall, then wait for commands? This way there is no port forwarding required. The only program I know that does this is LogMeIn. If you check the logs it does use SSH, and thats even when I blocked the port. Since LogMeIn isn't what I was looking for (Windows Only, full screen capture instead of command line), does an alternative exist?
View 1 Replies
View Related
Jan 28, 2011
post the "perfect" tutorial for setting up a router and firewall for Ubuntu 10.10 Server 64-bit? I'm kind of a n00b when it comes to Linux, so I get really confused with some things, I have seen things on the ubuntu wiki about this... but it really confuses me =
I'm trying to setup my ubuntu sys as a router and firewall... Internet -> Ubuntu (Router) -> Switch (no DHCP on it) -> Computers I've already setup bind and dhcp3 and got those working perfectly... I've also setup Squid3 and Dansguardian for content filtering (blocking ads and such) and got them working too... I want to set it all up to be transparent, and allow the system itself to function as a powerful firewall router, giving absolutely NO issues to client computers connected, and no speed reduction at all.... I want to setup the firewall to allow all outgoing connections, but block everything incoming (stealth the network)... Forcing all http/s traffic to pass through dansguardian, then to squid...
But am very confused on how to pull this off... The system is running Ubuntu 10.10 Server 64-bit, with 4 GB of RAM, 320 GB SSD, and two 1Gb NIC cards... Sorry if I'm not very clear, I do speak english perfectly, but just kinda new to the "Linux world", I was using SONICWALL but that's getting a little too costly to my network and wanna do a free alternative... Something completely CUSTOM, not using some network security distro.
View 1 Replies
View Related
Jul 20, 2011
I want to do is setup a gateway(or router, idk what Ubuntu refers to it as.). So my set up would be Modem>Server>Switch>Router. I know that I need to set up it up as a DHCP server as well. I would also like to setup it up as a firewall too. I already have two Gbit cards that are already configured. So how do I do this? I already tried one tutorial, but it was old and was for Debian. I also installed ebox, but I couldnt figure that out either.
View 2 Replies
View Related
Oct 13, 2010
I have a question about telnet.Is there any way to configure a telnet server without disable firewall.I am using redhat 5.2 and fedora 12.I have lack of knowledge about firewall.
View 1 Replies
View Related
Feb 24, 2011
I have centos with software firewall enable , but i want to set up hardware firewall can anybody guide how to install and configure hardware firewall in centos
View 3 Replies
View Related
Sep 11, 2010
virtualization means putting more virtual computers on 1 physical computer. What my question is about is the other way around. Namely: how to make from different physical machines 1 virtual computer? The point is that I would like it to have the following features: data redundancy: data should be stored on at least x other physical computers access should be able to done on any physical node (so no master node).I would need to be able to place a normal Linux system on top of the virtual layer, so I can get all the benefits of Linux.I would like data to migrate automatically and physical computers to be able to be pulled/added at will.
I've been looking through Google for those things but I didn't find anything that only remotely resembled what I needed.Maybe you can give me a hint where to look at, or on what terms I would need to search?
View 3 Replies
View Related
Aug 4, 2015
My current situations is this:
I got an W520 with an i7-2720QM and Nvidia Quadro 1000m. I want to virtualize with Debian as host and Windows as guest. Therefore i want to assign my Nvidia GPU to the guest.
The reason for this choice is because I'm an mechanical engineering student, and that requires alot of windows-only programs (CAD/FEM/matlab etc)..
I got stuck at Nvidias error 43 problem.
Current situation:
I know all my hardware supports VT-d and is activated.
I got the intel-iommu=on as a boot parameter in grub.cfg.
I have stubbed and blacklisted my Quadro gpu so the Win7 guest can acces and use it.
I got win7 installed and running, it detects and refuses the quadro card because its virtualized. I have tried used the 377.88 Driver and the newest, with and without kvm as hidden. I have deleted all hypervisor tags.. It still reports error 43 ..
This is my config file over my virtual windows machine:
Code: Select all<domain type='kvm'>
<name>win7</name>
<uuid>5ebc2f74-7bbd-482d-99f4-660155187f8d</uuid>
<memory unit='KiB'>6291456</memory>
<currentMemory unit='KiB'>6291456</currentMemory>
<vcpu placement='static'>4</vcpu>
[Code] ....
Do I use Xen insted?
View 4 Replies
View Related
Nov 22, 2010
I'm probably in way over my head, but have recently been given a job that will be utilizing the systems in the Subject. My employer will be sending me to school for the basics (Red Hat System Administration). I currently have a Macbook Pro that I would like to be able to virtualize a server and install RHEL 5 to begin to read through manuals and anything else I can get my hands on. Wondering if the community has any advice for operating/installing RHEL 5 on a Macbook (virtualized preferably), as well as any other useful advice or comments in regards to 'speed learning' these systems.
View 2 Replies
View Related
Feb 7, 2011
In my recent tribulations getting Linux based tools working at work I've gotten a lot of good answers just by searching here. But since this question is very subjective, and details are important, my searches just weren't quite working out.
I've been using Linux off and on since 94, Slackware... a stack of floppies as long as my arm. I say off and on because I've always been of the opinion that Windows had a superior selection of ready-to-run desktop software... I still think that's true, but since I'm pushing open source more at work ($44K a year to use Exchange? Seriously?) I figure it's time to throw in behind it at home, too.
My biggest hangup with a total transition is gaming. I can handle my desktop suite needs just fine with Open/LibreOffice and Seamonkey. The limited work I do with graphics and sound can be handled just as easily with existing open source applications (though I'm not really sure about video playback, yet. Finding good codecs for HD video that work well with Linux based players, WMP and Windows Media Center is kind of a pain in the ass.) Hell, pretty much everything I do on a day to day basis... a drastic improvement over 5 years ago.
The games, on the other hand, are killer. Two of my off and on favorites, World of Warcraft and EVE Online are reportedly well supported by Wine. A good chunk of my game collection, though, was purchased through Steam, which I understand has some issues with Wine. And there's also concerns about future games that get released ... some of which is offset by the constant improvement in Wine and similar packages.
What I'm considering as an option is simply going with Xen for a paravirt Windows guest and running my games in that. What I need to know, though, is how well will that conceivably work? Will a Windows XP or 7 (which one would I want?) guest in a Xen DomU have better gaming support than Wine provides? What other things am I not taking in to consideration that I should? Should I use Xen or whatever the free VMWare is (I'd prefer Xen, open source and all, but it VMWare would really do the job where Xen wouldn't...)?
AMD Phenom X4 955
8GB RAM
SATA 30GB SSD
2TB RAID storage which I would prefer to keep as a single chunk, but meh... it's 2TB.
I have installed CentOS 5.3-5.5, FC 13 and 14. Ubuntu, Debian and., all the major distros and all the hardware is supported by the prebuilt kernels.
Actual uses: MP3 rip/playback. Web browsing. Quicken. Occasional word processing/spreadsheet, media conversion including the dreaded DVD ripping (I buy the DVDs for my kids, but they can't touch them :P), and... hell, whatever it is that we do with our desktops and take for granted. Games. Lots of DirectX games.
View 3 Replies
View Related
Jan 13, 2011
We have two CentOS 5 servers in production (web and database). We are setting up a single staging server that will mirror the configurations of these servers as closely as possible. What is the easiest way to ensure the exact same software and configs as the production servers are setup on the new staging server. Our contracted data center provider has already informed us that they do not perform images and NO we do not have physical access to the machines. It is undetermined whether we will be virtualizing the staging server into two virtual servers yet, so for the purposes of this post lets assume we are not. I'm seeking a faster/more precise method than doing this by eye and hand.
Some information on our web server code...
View 4 Replies
View Related
Apr 18, 2010
i have a backtrack install that i would like to keep while installing suse for an everyday OS; i start the install process but when it gets to partitioning the hard drive, it doesnt seem to recognize anything already being on there; it just gives me the setup for suse, ie:
sda1 ext3 = OS sda2 or sda5 = swap. do i have to configure a partition scheme? i installed ubuntu on a desktop alongside windows very easily due to grub graphical install/partition; is there not a similar function for suse?
View 6 Replies
View Related
Apr 21, 2010
I have a small home-office network. On that network I have two linux computers, one is a client the other a server.
On the server I have NFS Server setup and mount some NFS exports on the client computer.
On the server I have the firewall on and here it becomes a little tricky.
Since both the server and the client connect to the router the interface (eth1) is theoretically both an internal & external zone.
The router is commercial grade and therefore has a good firewall on it which is also setup. Therefore the firewall on the server is really more of a backup than a necessity. But that's fine, and by having the server's firewall on 'fail2ban' is able to work which I like to have working so I don't want to just turn off the server firewall even though I have good security from the router.
However, when I turn on the server's firewall, the client computer cannot see the NFS server when scanning for server -- done by: clicking on "Choose" next to "NFS Server Hostname" when adding an NFS share in the NFS Client in YaST. Clearly something is being blocked even though I have both "NFS Client" and "NFS Server Service" allowed in the server firewall. The Firewall config. files for these are below.
The Firewall configuration is pretty much "out of the box". That is I have the services I need opened up for the external zone, the other zones are left at their default which means the internal zone, although not used (i.e.: attached to any interface), is completely open.
The perfect solution I guess would be to setup my client computer to connect through a different NIC (perhaps eth0), make that the "Internal Zone" and therefore allow all traffic through to it while still blocking the server from the external zone. However, I cannot make that physical change to my network for now so I am looking for an in between (non-perfect) solution.
In this case I am guessing that means opening up extra NFS ports to the external zone so I have full NFS functionality. I don't mind this because like I said, the router firewall is the main line of defense anyway.
So, given all of the above could someone tell me what I would need to additionally open up in the server firewall to make the NFS server detection work on the client while the firewall was on. Or, if you have a cleverer/better solution without me changing my physical network that would be great.
Hopefully I have written this in enough detail and clearly enough so that all the parameters are clear but if not, feel free to ask me what you like and I'll try to make it clear.
Code:
## Description: Firewall Configuration for NFS kernel server.
#
# Only the variables TCP, UDP, RPC, IP and BROADCAST are allowed.
# More may be supported in the future.
code....
View 6 Replies
View Related
Jun 8, 2009
I'm using CentOS 5.3, and I want to allow my samba server from selinux. I disabled my selinux and it works fine, but I want to keep my seline firewall on and want to allow other workstation to access my samba server.
View 8 Replies
View Related
Jun 27, 2011
i m unable to ssh my one centos 5.6 remote server from my one server
Code:
ssh -v root@sxyz.abc.com
OpenSSH_4.3p2, OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
[code]...
i even turn off all firewall rules on both server i can able to ssh from my home or any other pc to remote pc so i don't think there is any problem in target pc
View 9 Replies
View Related
Jul 1, 2011
I recently ran across a client that wanted me to set up a new IDE Drive in his existing Red Hat Server. I reluctantly agreed to try. I am completely uneducated in Linux and could use some input. The server itself appears to be set up in text mode as all that I see is text after the initial boot up screen goes away. It, at present is set up in an old dell machine on a 3 Gig drive and all he wants is to be able to add a secondary drive to extend storage capacity. What do I need to do to prepare the drive and OS to accomplish the task? The secondary drive is 120 Gig. I reformatted the drive, as a fat 32 and installed it into the machine. The board sees it. The network does not
View 7 Replies
View Related
Feb 9, 2011
Currently I have 3 hard drives
2pcs 10gb almost the same
1pc 20gb
I have a layout of
(10.2gb)
/dev/hda1 boot 104391 83 Linux
/dev/hda2 9912105 8e Linux LVM
(10.1gb)
/dev/hdb1 9873328+ 8e Linux LVM
(20.4gb)
(unpartitioned)
The two 10g is setup as lvm and I want to make raid1 using the 20gb hdd. Almost all I see is raid1 first in the internet.
View 11 Replies
View Related
Mar 25, 2011
I suspect this is an initial configuration bug. All firewall logs seem to be going to all
three files. That causes a lot of clutter in the log files, and makes it difficult to see whether there are any serious problems being logged.
View 9 Replies
View Related
Jun 29, 2010
how i will write my own telnet server instead of existing one.please give me the path for telnet.c file in the linux kernel
View 9 Replies
View Related
Apr 24, 2009
I have a system that has the following partitions:
Now SDC is a new drive I added. I would like to pool that new drive with the raided drives to give myself more space on my existing system (and structure). Is this possible since my raid already has data on it?
View 1 Replies
View Related
Apr 20, 2011
I have a RAID5 with 5x2TB HD's and I'm planning a major hardware overhaul. My server currently runs on a Pentium4 3.2 Ghz (pre multicore technology) on a SuperMicro mobo. I'm planning to switch to an AMD Phenom II X6 1100T Black Edition Thuban 3.3GHz, 3.7GHz Turbo 6.
So here's the question. Can I just plug my drives to the new board and restart the RAID like nothing happened? I don't have space to backup all my data if I have to recreate the RAID from scratch. Intel and AMD should be binary compatible (I mean the RPM's work) so I should be able to invoke mdadm to assemble the RAID after I install Linux on the new server. Right?
View 3 Replies
View Related
Nov 25, 2009
I have configured web server now i want add additional web domain to my web server how can i add it.
View 2 Replies
View Related
Jul 20, 2009
I have an existing proxy server which connects to my main office in London. I would like to move this server to a guest in Xen environment. Or i can install the proxy server on the guest and copy some relevant files? But please note that the environment is slightly different
Old Server: Redhat 4 with proxy 5.1
New Xen guese: Redhat 5
View 1 Replies
View Related
