Networking :: Ip Masquerading With Mac Address Filtering?
Apr 30, 2010
I pay for wifi usage. The access points are using mac address filtering. I know this because I can spoof the mac of another computer of mine and get it online. I'd like to get both the computer's online. I've been trying to do ip masquerading. It hasn't been working so far. I am not sure if the computer connected to mine through a cross over cable is revealing its mac address to the access points when communicating. If so, how does one get around this? ping shows connectivity between the two computers.
I'm trying to shape bandwidth using HTB method and filtering classes with destination mac address. for this I've found two codes but none of them seem to filter bandwidth as i want (test with iperf)
code 1 Code: tc qdisc add dev eth0 root handle 1: htb tc class add dev eth0 parent 1: classid 1:1 htb rate 1000kbit ceil 1000kbit tc filter add dev eth0 parent 1: protocol ip prio 3 u32 match u16 0x0800 0xFFFF at -2 match u16 0xM4M5 0xFFFF code....
I have my system set up with sendmail (going through my ISP SMTP server) but when I sent an email using sendmail it was defaulting the from address to user.host.domain or something similar. So I read up about masquerading [URL] and managed to get it to USERNAME@myisp.com however I want to change USERNAME to a different value because my ISP username is different from my machine username. My aim is just to get the from address to be [URL]. This machine is only used by me so I don't need it to be different for different users if that makes things any easier...?
I have recently installed Fedora 12 and want to share my internet connection with other pc's at my home including windows pc. My linux machine is connected to internet via DSL connection.
I have a couple of interfaces in a Fedora 14 box: eth0: internet provided by an adsl router eth1: LAN
I set up system-config-firewall to masquerade all outgoing traffic in eth0, as I did in other Fedora 13 boxes, but it seems it doesn't work. It sets to 1 /proc/sys/net/ipv4/ip_forward and also set the appropriate rules in iptables. But all traffic is blocked from the LAN to the Internet. "ping www.google.com" works in the Fedora box, but doesn't work in the LAN computers using the F14 IP as gateway. I have another F13 computer elsewhere configured this way and it works fine. But this one has Fedora 14.
I am fairly new to Ubuntu/Linux and I have somehow managed to get a server up and running. For the past few months I have been trying to get masquerading working.
I have 2 network cards eth0=Internal Lan IP address 192.168.0.254 eth1=router External IP address 10.0.0.1
I want all my internal lan traffic to go through my linux box & only have port 80 & 3128 go through squid. So for all pop3/smtp action I want the linux machine to act like a router & for port 80 & 3128 I want it to go through squid.
I am setting up a computing cluster in my lab, as below. all the "eth0" IP addresses are static (for cluster communication) and the "eth1" of the front node is the only one connected to the internet through lab's DHCP server (which is connected to a centralized computer center in the university). The thing I wish to do is to do some sort of IP masquerading to enable all the nodes to have internet access. I actually google around and read some books. The similar things I came across is setting rules in iptables but I did not manage to get any of them working. I am using Ubuntu Lucid 64-bit on all machine.
I have a question regarding the use of iptables as sort of a firewall I suppose? Using a linux router which has a server machine connected to it. The router is also acting as a PPTP VPN server, which I would like to allow some friends to connect to so that they can VPN to my LAN.
The question I have is how I might be able to use iptables to apply restrictions to the VPN traffic to only access 1 IP? The server is on the LAN with an IP of lets say 192.168.1.25, and the VPN given IP range is 192.168.1.51-55. The router has the .1 IP, but the PPTP server on that router uses an IP of 192.168.1.50. How might I restrict the traffic from the VPN connections to only be able to access the .25 server, and possibly only on certain ports? I don't want to allow the VPN connections full access to everything on the LAN and especially not to WAN.
I am trying to block unappropriated sites on my ubuntu 11.04 with openDNS I installed it and in addithion to the catagoriegs I checked I also added some sites to the always block list, everything according to the site should work. But the problem is that nothing is blocked (also the sites in the always block list). I cleared the browsers cache but it didn't help when i try to clear the local cache with the provided command in their site I think it says it ignored my network.
About firefox,I want to block images only on facebook automatically so I added [URL] to the always block list in the images category and it should work but it just won't block the images. I should note that I use the same method on chrome and there it work like a charm. how to get that working on firefox?
I am manually capturing and injecting Ethernet traffic (using lib_net/lib_pcap libraries) for an application. At the moment , both capturing and injecting are done on the same physical interface (e.g. eth0). The problem is that all the traffic that I inject, are captured again by my application causing an unwanted feedback of injected traffic. This caused that I had to implement traffic filtering when capturing traffic, which is consuming resources and eventually will become too complicated to support.
I have tried using virtual interfaces to separate the capturing and injecting streams, but that also presented the same problem as all the traffic from eth0 is forwarded to both eth0:1 and eth0:2. If possible I would like both streams to go through 1 physical device, using more PDs will be the last resort. I am also looking at using TUN/TAP devices to try and separate the two streams, maybe writing a user-space program that lies between the physical device and the TUN/TAP devices to do the routing of traffic.
I work at a cybercafe and i am currently plagued by users who, despite the warning not to, continue to watch porn and use p2p software on my connection. I have done some preliminary research on how to filter the web content as well as to reduce the bandwidth used by p2p software on my network. I found that a solution that has worked for many with regard to web content control is danguardian + squid or privoxy in conjunction with a firewall like firehol or something of the sort. Others use an os like untangle or clear os and install it on a stand alone server. then others use open dns. although i would like the open dns solution, i will need to install a dns client, ddclient and i am a linux newbie so and ddclient requires some compiling or so, and i'm not yet into that. I am also currently not in the mood to dabble into untangle or clear os bcos it will cost me a lot do download the iso's. Internet access is costly over here.
Before i go ahead to implement the steps in any of the tutorials i have seen, i am wondering if such a measure will even help at all.You see, at my cafe, i use my server to share the connection to all my clients. I connect to the internet using a gsm modem. then i have two nic's. nic1 is set to share my connection and my router connects to that nic1. nic2 connects to my router using a static ip to enable communicate with my clients. If i implement something like dansguardian on my server, will it solve the problem for me, that is, do i have to also re-implement the steps i took to configure dansguardian on all the other pc's, that is, my clients?
My network is: ISP --> SonicWALL--> Proxy --> LAN Currently Sonicwall is running VPN, DHCP, port forwarding etc.. in a range of 10.0.0.0/24 and I have tried to configure Squid Proxy for content filtering (using squid 3 Transparent mode on Fedora 10 and Iptables). Now I need to implement the proxy over my network without changing the SonicWALL current settings (VPN, Port forwarding and DHCP).
I've been on a quest to enable full routing through my openvpn tunnel between my office and the colo. Masquerading will work, however it will throw off anything key based and makes a lot of things just more difficult and vague in general. Is there an easy way to do this via iptables? I tried using quagga hoping it would magically solve my problems, however it does not seem to do my routing for me . I just did a basic static route within zebra...
is this possible on 2 Linux boxes will act as a INTERNET Firewall + Filtering: 1st PC = CENTOS 5.5 functions as a firewall using iptables with two NICS 1=ETH0 connected to internet with a public ip and 1=ETH1 with ip address of 10.0.0.1 connected to the 2nd PC Centos 5.5 with squid/dansguardian with ip address of 10.0.0.2
2nd PC = Centos 5.5 functions as a squid + dansguardian internet filtering with 2 NICS 1=ETH0 with ip address of 10.0.0.2 connected to the ETH1 of the 1st PC with ip address of 10.0.0.1 and 2nd ETH1=connected to LAN (172.16.1.0/24)
does this make sense? this might be confusing but I just want to try this, to protect incoming ssh from our previous Sys admins who intended to enter the LAN 172.16.1.0/24 network. And also to confuse them that they have to pass through 10.0.0.1 - 2.
Currently my OS is Ubuntu 9.04 Jaunty Jackalope Desktop OS and my web server is Apache2. I have a public address 60.x.y.z and my pc local address is 10.x.y.z. I have a web app in my Apache2 which currently run in localhost(10.x.y.z).
I would like to enable the web app so that it could be browse from outside. I know there maybe some port forwarding process and some commands involved in order to do that. But I have no idea on the steps to do that.
I am working on implementing a protocol on NS2.34 .I really need help to solve this problem . Actually , I don't now whether the problem is generated by the tcl code or the c++ code when I run the simulation, I get this result :
Code: num_nodes is set 64 INITIALIZE THE LIST xListHead 34 45 channel.cc:sendUp - Calc highestAntennaZ_ and distCST_ highestAntennaZ_ = 1.5, distCST_ = 550.0 SORTING LISTS ...DONE! code....
Version 10.04 LTS. Installed desktop version and network worked but I needed a static IP address and the install configures for a DHCP configured address. I tried changing to static address using the System->Preferences->Network Connections application but was unable to get the system to come up with the network up.
So I manually modified the /etc/network/interfaces and the /etc/resolv.conf files. I restart the system but when I do an ifconfig, I don't see a configured IP address on eth0 (only the loopback address). If I run /sbin/ifup eth0 everything then works fine and ifconfig shows the correct address bound to eth0.
I'm running Ubuntu 10.10 and I'm having problems trying to assign it a static IP address. No matter what I put in the Preferences->Networking area (identifying the interface as Manual)... it still will query DHCP for an address if I run the dhclient command. I'm using to using ubuntu server where I just set the IP in the interfaces config file.
I am running my own Postfix mail server. Some time ago I noticed that most email was rejected because of the server's dynamic IP address. So I got a fixed IP address. However then I noticed that some mails got rejected due to failing the reverse DNS check. So my ISP told me to get a range of IP addresses and they could then create a PTR record for one of those addresses. That is now running but it turns out that the IP address used for the PTR record is a ... dynamic IP address. So Spamhaus PBL rejects my emails again.
I have a few external IP's assigned to me by my ISP. I have IPcop as my router/firewall. I am wondering how to bind 1 of my external ip's to my internal ip address. So I do not have to port forward, etc. For Example, 77.77.77.77 to 192.168.1.123 and on the server it see's the external IP address.
In my job I use some ethernet embedded devices. They take an ip address from dhcp server or auto ip. I only know mac address.How can I obtain ip from mac address? In other words I need a rarp packet generator.
I dont know for what reason, since 2 days, I started having this message whenever I try to start httpd.I commented "Listen 443", restarted httpd started correctly. I needed to comment "listen 443" in order to be able to start httpdWhat is strange is when I do
l have been trying to enable masquerading in sendmail. I've started from scratch. Here's what I did: 1.My Mail Server name is "ids.com" and local hostname is "server" 2. When I send the mail from my user to other user. The mail goes with user@server All this allows me to send mail from all of my computers. Now, to get masquerading:
3. I have MASQUERADE_AS(`ids.com'), MASQUERADE_DOMAIN(`ids.com'), and FEATURE(`masquerade_entire_domain'). I also added "ids.com" to /etc/mail/local-host-names to be able to receive mail addressed to that domain. This masquerades mail originating on the server, but still the mail from the other computers has a "From:" line of the form user@hostname.
I have set up OpenVPN Server on a VM (Ubuntu 10.10) running virtualbox bridged to the host. Everything is working fine excepts the fact that I cant seem to be able to assign internal IP (VPN Server) to client connecting. Let me explain: All my clients are connecting and accessing the internet without any issue. Where I have an issue is that all my clients come out the other way on the internet with my server ip address which kind of defeat the purpose. Is there a way (keeping in mind that I am running the server in a VM) to have all my clients accessing the internet with an IP provided by the VPN Server?
I have a Centos 5.5 Server, Servername is CentOS1. It has a Forum and a HelpDesk. The Help Desk software SENDS and acknowledgement to the user and emails to all the people on the support desk. Users can reply to emails only by accessing the helpdesk NOT by mail. Thus the server is configured to only SEND mail and not to receive any mail at all.
Mail Server is Sendmail. Hosts file reads : - # Do not remove the following line, or various programs that require network functionality will fail. 127.0.0.1CentOS1.tech.xxxxx.com CentOS1 localhost.localdomain localhost ::1localhost6.localdomain6 localhost6
There is NO MX Record because this server receives NO mail, it's send only. Unfortunately, the mail it sends has a From Header which is @CentOS1.tech.xxxxx.com. I want it to send from @xxxxx.com. I've read all the howtos on Masquerading and I've tried many, many things, but with the same results. It will NOT change the From. I had it working perfectly a long time ago with a SuSE server, but I can't for the life of me remember what I did. I know I also battled a bit.
The last few lines of sendmail.mc read : - LOCAL_DOMAIN('localhost.localdomain')dnl dnl # dnl # The following example makes mail from this host and any additional dnl # specified domains appear to be sent from mydomain.com dnl # dnl MASQUERADE_AS('xxxxx.com')dnl dnl FEATURE(masquerade_envelope)dnl dnl FEATURE(masquerade_entire_domain)dnl dnl MASQUERADE_DOMAIN(localhost)dnl dnl MASQUERADE_DOMAIN(localhost.localdomain)dnl dnl MASQUERADE_DOMAIN(CentOS1.tech.xxxxx.com)dnl dnl MASQUERADE_DOMAIN(CentOS1)dnl dnl MASQUERADE_DOMAIN(tech.xxxxx.com)dnl MAILER(smtp)dnl MAILER(procmail)dnl dnl MAILER(cyrusv2)dnl
I've tried each one of the MAQUERADE_DOMAIN in turn, none of them work and yes, I have remade it.
I have some problem getting masquerade works, but no luck. I created a cronjob that do a backup which will notify me by email. I was able to received the email with from "root@domain.mydomain.com" I want to change this to root@mydomain.com, I tried do the masquerade and it does not work.
