Networking :: Netfilter's -state INVALID Triggered By Foreign Dual WAN Routers?

Dec 22, 2010

Recently I am logging the packets that are supposedly INVALID and I found out that I am dropping a lot of packets that seem legitimate (in the sense that they are clients that are allowed to contact us).

Code:
:invalid - [0:0]
-A invalid -j LOG --log-prefix "[DROP INVALID] : " --log-tcp-options --log-ip-options
-A invalid -j DROP
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i lo -j ACCEPT

[Code]...

I would like to know If I can tell a complaining client that his dual-WAN solution is not behaving properly.Should such a dual WAN-router spoof its IP to the one that initiated the connection? And what happens if these packets are not dropped? Will they be accepted by the application or does it depend on the application? It sounds like a security risk if it does. It seems to me those packets will be ignored anyway by the application Netfilter's manual says that it's safe to drop these packets.

View 1 Replies


ADVERTISEMENT

Ubuntu Networking :: Invalid State Because Don't Have IP Address But Firefox And Chorme Work Perfectly

Jun 23, 2011

Kubuntu's Network manager says that my (wired) network is in an invalid state because I don't have an IP address, but Firefox and Chorme work perfectly, as do Synaptic and Software Centre, and a Superkaramba network monitor says that my IP is "192.168.1.101" In fact, the only thing that isn't working is Pidgin, and it says it's "Waiting for network connection."

View 3 Replies View Related

OpenSUSE :: NetworkManager Error: Invalid State

Jun 30, 2011

After updating from 11.3 to 11.4 the networkmanager stopped working for me. When I hover over the KDE NetworkManager icon it says Error: Invalid state. If I click it, it says Network Management disabled and checkboxes (Enable networking and enable wireless - both checked). I already tried removing /var/lib/NetworkManager/NetworkManager.state and restarting the network management (/etc/init.d/network restart). Also reinstalling the NetworkManager package.

View 1 Replies View Related

Networking :: Netfilter: Connection Tracking Bandwidth Accounting?

Dec 10, 2010

On Kernel 2.6.33.4 I get this from /proc/net/ip_conntrack:

tcp 6 431557 ESTABLISHED src=X.X.X.X dst=X.X.X.X sport=44242 dport=993 packets=128 bytes=9267 src=X.X.X.X dst=X.X.X.X sport=993 dport=44242 packets=85 bytes=53950 [ASSURED] mark=0 use=2

On Kernel 2.6.36.2 I get this from that same file:

tcp 6 431665 ESTABLISHED src=X.X.X.X dst=X.X.X.X sport=4640 dport=8082 src=X.X.X.X dst=X.X.X.X sport=8082 dport=4640 [ASSURED] mark=0 use=2

It's missing the data on bytes and packets transmitted through that particular connection. I had written a program that uses this information. Was this pulled out of the kernel on purpose or did I miss some option when compiling the new kernel for my box?

View 1 Replies View Related

Networking :: NETFILTER And Extraction Of Data From Non Linear Area Of Skbuff

Feb 25, 2011

i am writing a netfilter module for linux 2.6.34.6-47 / 2.6.35. while i could capture the packets on the incoming hook since the same came as a single packet in probably the allocated skbuff area by the stack, i found that packets going out of the machine are getting splitted into linear and non-linear area. skb->data gives the total length of packet as correct, but when i extract skb-> data to print it, it prints only ip and tcp header. Now to treat the data i need to extract it and then push it back on the route.

To clarify if my data is 3 bytes . the total length by passing pointers show as 55 bytes = ( 52 byte of header + 3 byte of data), but i can't access these 3 bytes by using skb->tail - skb->data. how to extract outgoing data for any further action and then put it back on route for further encapsulation by the L2 stack or whatever. will skb_linearize() or skb_linearize_cow() be of any use , if yes how and why?

View 1 Replies View Related

Networking :: (Netstat -pl) Foreign Host Can Connect From Any Port (IPP)

May 12, 2010

Netstat has always confused me. I ype netstat -pl and get this:

Code:
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 localhost:ipp *:* LISTEN 1476/cupsd
tcp 0 0 localhost:postgresql *:* LISTEN 13816/postgres
tcp 0 0 *:44223 *:* LISTEN 1288/sshd
tcp6 0 0 localhost:ipp [::]:* LISTEN 1476/cupsd
tcp6 0 0 localhost:postgresql [::]:* LISTEN 13816/postgres
tcp6 0 0 [::]:44223 [::]:* LISTEN 1288/sshd
udp 0 0 *:bootpc *:* 1267/dhclient

I assume that *:* means that any foreign host can connect from any port, but then what does [::]:* mean? and localhost:ipp... what port is ipp? Shouldn't ports be numeric?

View 1 Replies View Related

Networking :: IP Tables With 2 Routers?

Sep 1, 2010

I have 2 routers both with 5 network cards (both different subnets). On both machines I have the following configuration: Eth0 is the internet conection, Eth1 is the conection to the other router and the other network cards are for the subnets.My current Ip tables script allows all the subnets of one router to see each other but not the subnets of the other router.

In the new situation I want not all but specific subnets to see each other (no problem here)The issue is that some of theese subnets are subnets of the other router. For example the subnet of eth2 router1 should be able to connect to eth 3 on router2. This is were eth1 comes in play. My plan was to configure iptables so that in above example eht2 would be forwarded to eth1, which will forward to eth1 on router2.Then the iptables configuration on router2 will forward it to the network card of the correct subnet.

eth2 (router1) -> eth1 (router1)
eth1 (router1) -> eth1 (router2)
eth1 (router2 -> eth3 (router2)

[code]....

View 5 Replies View Related

Networking :: Use OpenVPN On The Linksys Routers ?

May 20, 2011

My boss gave me the task (on a very tiny budget) of wanting to connect our remote offices to our network. Solution I came up with is Site-to-Site VPN.

I want to use OpenVPN on the Linksys Routers (again very tiny budget) and have them connect to our Cisco ASA5505 Firewall, but I am running into major problems.

Question is, even though they both use IPSec SSL are they compatible? If not, is there a work sround?

View 1 Replies View Related

Networking :: Setting Up Two Different LANs Using Three Routers?

Jun 14, 2010

So I have 3 home routers, 1 belkin and 2 netgear. I have my ISP internet connection coming into my belkin, which I then have the 2 netgear routers (from their WAN) plugged into Belkins LAN ports. Now the Ubuntu computers I have on Netgear LAN 1 and Netgear LAN2 can get to Belkin just fine (at 192.168.1.1), but I am unable to access a computer on LAN1 from a computer on LAN2 and vice-versa. My Belkin is 192.168.1.1, my Netgear1 WAN is 192.168.1.100 and Netgear2 WAN is 192.168.1.200. I have the netgears both assigning DHCP IP's from range of 192.168.0.100 to 192.168.0.150 on their LAN ports.

Now, I have set Netgear LAN1 port 80 NAT'd to go to one of my computers on it. I try to access 192.168.1.100:80 from a computer on Netgear LAN2 network and it say host unreachable.What am I doing wrong?

View 1 Replies View Related

Ubuntu Networking :: Transfer Files Between PCs Without Using Routers?

Jul 8, 2010

When I try to copy a file from a shared folder of other laptop, the whole of data passes through the router.This affects the internet bandwidth within the network. Is there a way to access the shared files without necessarily going through the router and also without affecting the internet connectivity.

View 1 Replies View Related

Ubuntu Networking :: Cannot Connect To Linksys-n Routers

Apr 1, 2011

I connect to multiple wireless system each day but when I encounter a Linksys-n router the computer will recognize it and connect but does not go online.

Does this give any clue for why it will not connect?

Code:
802.11a/b/g
System wireless is: Toshiba Satellite M115-S3094 with Intel PRO/Wireless 3945ABG (802.11a/b/g), Ubuntu 10.04

View 1 Replies View Related

Ubuntu Networking :: Routers Ethernet Ports Are All In Use And Can't Get One Of Them

Apr 8, 2011

My first one is the network: Our routers' ethernet ports are all in use and I cant get one of them. So Im asking you what I need to buy. Our router now is a speedport w701v. The new router should have wlan and good working LAN. It shouldnt be very expensive... give me some tips what I should look for (because Im very new with router...) and maybe give me a link where they tested many routers (and where I can trust the results).

View 3 Replies View Related

Networking :: Upgrade To IPv6 - Throw Old Routers Away?

Jan 19, 2011

Does an ISP have to throw away all their old routers if they're trying to upgrade to IPv6?

View 1 Replies View Related

Networking :: Using Iptables To Control Cascaded Routers?

Mar 1, 2011

I recently bought a new wireless router to replace my old wireless router. So now I have a spare router. I also have one or two spare NICs around. I read some articles that I can cascade the two routers (connect one LAN port of one router to the WAN port of the other router) so that I can have two subnets such that one subnet is private to the other subnet.I want to create a guest network similar to this configuration such that it can't access other resources. But from what I read, the guest network must be connected to the first router (which is directly connected to the cable modem) and move everything else (i.e, resources that I want to protect) behind the 2nd router.

Well, this isn't what I really want because all the machines behind the 2nd router will be penalized for performance, e.g. NAT will be done twice by each router if any machine needs to access the internet.Since I have a Linux box (running SuSE 11.3), this is what I am thinking and I am not sure if it can be done and I need some advice. I am thinking to install a 2nd NIC on this box, and connect a CAT5 cable from this 2nd NIC to the WAN port of the 2nd wireless router. This little separate network will be my guest network. My goal is to use iptables on the SuSE box to ensure(a) no traffic is allowed from one network to the other network and vice versa. (b) the guest network can share the cable modem to go the internet.I am still picking up the knowledge of iptables so I don't know if this can be done or not

View 3 Replies View Related

Fedora Networking :: Deny Access To Wireless Routers?

Mar 26, 2009

Here's the issue: from time to time I have to take away my son's access to the internet, so I exclude his laptop from my wireless Linksys router. Works like a charm, or it did until he discovered that my neighbor also has a wireless router, and hasn't secured it.

So my son sits in the corner of the house closest to my neighbor and uses their internet.

Is there any way I can tell his laptop to NOT access a particular router? Or even better, to only access my router?

View 14 Replies View Related

Fedora Networking :: WiFi Does Not Seem To Find Wireless Routers

Aug 4, 2009

Every time I start up my Samsung NC10 the wifi doesn't seem to find my wireless router at all and instead tries to connect to my printers network. To solve this I need to disable and re-enable wireless until it automatically connects. I know this isn't exactly a major problem, it's just getting pretty annoying. I'm using Fedora 11 btw.

View 3 Replies View Related

Fedora Networking :: Computer Behind 2 Routers Can't Connect To Internet?

Mar 6, 2011

I have so many _wired_ devices that I can't get by with just 4 eth cable outlets anymore, so I thought I'd hook up an older router that I don't use as a way to get extra places to plug devices into.

Now it looks like:

Internet
then cable modem
then router1/wifi + (1 eth NAT storage)
then router2 + 4 eth0 computers:
(legacy FC5 box)
(legacy F11 box)
(updated F13 box)
(windoze)

All of the computers EXCEPT the FC5 box are fine (my def of "fine" is I can ssh to and from the other computers and to outside computers, and browse the web).

The FC5 box, however, can ssh to and from computers inside the network just fine, but can't get any kind of web browsing. Nor can it ping to the outside. I get a "Network is unreachable" error. I'm not using a proxy, not knowingly, and my firewall settings haven't changed...it certainly hasn't been blocking port 80 before.

what's the best way to go about adding more ethernet when you need about 7 cables. I'm not really excited to buy a router with 8 ports or anything like that, especially when this seems to _almost_ be working just fine.

View 5 Replies View Related

Fedora Networking :: Routing: 2 HW-Routers, 2 Nics On 1 Server?

Mar 19, 2011

i have a Server, which has 2 nics installed. Each of those is connected to a router, which is connected to internet. On the server, i have apache, maillserver and im-server running. On the other hand, also squid, dansguardian and clam are running. so now: via eth0 i would like to have just the traffic, which is requested from outside (the big bad internet..) to my server (apache, mail, etc). via eth1 i would like to have all OUTGOING (also to the big bad internet) from the server, which is requested by a internal client. And of course all requests to my own server

both nics shall route their traffic to their own router. For better comprehension please consult the enclosed graph. Until now, i did not find a good solution, the default route is set to the traffic from eth0, if not, no external request will find back to a client do you have a idea how to handle this the easiest way?

View 4 Replies View Related

Ubuntu Networking :: Pushing A Desktop Computer Through Two Routers

Mar 26, 2010

I have two routers. One is a Verizon ProLine and the other is a Dlink. My setup is myComputer-Dlink-ProLine-Internet. I'm trying to get port 80 requests from the outside, access my http server on myComputer. I tried port forwarding on both routers, but that didn't work. I also tried to make the ProLine treat the Dlink as a DMZ, but that still doesn't work.

View 4 Replies View Related

Ubuntu Networking :: Cannot Authenticate With Routers BIOS From Server

May 14, 2010

I want to make changes on my router bios for my server I have to go to my windows booted laptop rather than just 192.168.1.1 right here at my server. I only have to do a 360 in my chair and I am at my laptop but I don't want to. Everytime I type the gateway ip it reads off the name of my router and looks fine. But I enter my authentication info and it just returns the login window blank... something ubuntu-side?

WRT160v2 linksys wireless N router (Of course I have cat 5 running to my server)
Ubuntu 10.04 LTS running desktop ontop (because I am still learning how to navigate the console)

View 3 Replies View Related

Ubuntu Networking :: Multiple Ipv6 Routers On A Subnet?

May 6, 2011

I have a 6to4 tunnel running on Ethernet (subnet 2002:ad4c:16cc:1) without problem. It runs radvd and announces a default route back to the Internet like this: "default via fe80::6a7f:74ff:fe0a:fbec dev br0"

On this same Ethernet I have a Linux plugbox (fe80::225:31ff:fe01:cc) which is a gateway to a network of IPv6 enabled sensors. I've assigned this second subnet 2002:ad4c:16cc:2. How do I get the plugbox to announce "2002:ad4c:16cc:2 via fe80::225:31ff:fe01:cc" so that the hosts on the Ethernet (2002:ad4c:16cc:1) will automatically pick up the route? The route works if I add it to the boxes manually. I've tried getting radvd on the plugbox to do this but I've had no success.

View 3 Replies View Related

Ubuntu Networking :: Internet Connection Sharing And Routers?

Jul 25, 2011

I have a modem connected to my router (pfsense on 192.168.1.1) which is then connected to a wireless AP (192.168.1.253). A number of PCs pick up the wireless and all is well.I've just received another broken PC that I've kicked into life and was going to run a FreeNAS box with it to back up a number of the PCs on the network. I've actually hooked this up via ethernet to my "server" PC (192.168.1.125 on its wlan NIC). Its all set up so that the server eth NIC (10.42.43.1) is connected to the FreeNAS box (10.42.43.2) and the FreeNAS box can ping both interfaces of the server, the router and the net, and any other box on the 192.16.1.x network. The problem is that I can't for the life of me get any of the 192 boxes to ping the FreeNAS box. I'm presuming its a routing / gateway issue with the server box but being pretty damn hopeless with these things I've been stumbling about breaking things.

View 5 Replies View Related

Networking :: Configure Cisco VPN Client To Be Used With SOHO Routers?

Feb 4, 2010

I have got different clients with different SOHO routers on sites (Netgear , Linksys, SnapGear,etc.) All those clients use VPN IPSec . As you know that those routers has many entries :

Tunnel name
key lifetime
Preshared Secret
Phase 1 proposal
Phase 2 Proposal etc.

I am trying to familiarize myself to use different VPN clients (a piece of software ), that will be installed on clients, laptops to access their work network from home. I came across a problem with Cisco VPN client V5.0.06 I could not find all the above entries. I know Cisco devices are proprietary, does that mean cisco vpn client is not compatible with those router?

View 1 Replies View Related

Networking :: IPv6 Routers - Quest For The Holy Grail?

Aug 3, 2010

This is a slightly desperate plea...I want to migrate my network (its only a small domestic one) to IPv6. Two reasons for this: one is that it will have to be done sometime in the next 5 years, probably, and two is that I want to use the exercise as a training starter. OK, so here's the problem:

I don't want to just run IPv6 internally, I would like to run it right up to the edge of my network, that is, to the customer edge (CE) router, and I would like that CE router to be able to run dual stack, so that my bastion system can talk IPv6 to it, it can talk IPv4 to my ADSL-connected ISP, and when my ISP is IPV6 enabled, my router will be able to talk IPv6 on both sides. I have been trying to identify a SOHO-class router that will allow me to do this, and have pretty much drawn a blank.

I emailed the usual suspects: D-Link, Linksys, Belkin, Zyxel, Buffalo, Netgear to explain my needs, and of that crowd, Zyxel were the only ones to respond, and they said they didn't have anything. So the question is: Have any of you come across a SOHO router that delivers the following: IPv6, ADSL, Wireless (b/g...n would be nice but not essential) and 4 ports? They've been using IPv6 in Japan and other places for a while if my information is correct, there *must* be a router to do it, even if I have to import it!

View 1 Replies View Related

Ubuntu Networking :: Linksys Routers Ship With A Host File?

Feb 23, 2010

I was pondering over whether or not Linksys routers ship with a host file in it...if it doesn't, can you just manually add one via an FTP transmission?

View 9 Replies View Related

Ubuntu Networking :: Compatibility Between Routers And Built-in Wireless Module?

Sep 2, 2010

I was going to buy a TP-link wireless router (802.11b/g/n) but while I was reading the consumer's reviews I saw some people were saying that they couldn't make it work with ubuntu. So, I'm starting wandering if there is somewhere any compatibility list? I mean if for instance TP-link or D-link would work with broadcom's chip. I would like to use my laptop's built-in wireless module which is HP Broadcom corp. BCM4306 802.11b/g. My laptop is a HP Pavilion zv6000.

View 2 Replies View Related

Ubuntu Networking :: Sporadic Connection To 2wire Router, All Other Routers OK

Sep 7, 2010

One day I lost my WiFi connection while doing nothing particularly interesting. OK then...I investigate, and I find that it only connects occasionally, and when it does, even then it will render a page almost none of the time. I can't even ping anything. I tried going to the router's config page (192.168.1.254 for this one) and found that even that won't load. I power cycled the router, and it did nothing. I thought that the router was dying, but I realized when I switched to Windows 7 (this is a dual boot machine) it works fine. Also, when I went back to Ubuntu and tried connecting to a neighbor down the block's WiFi, it also works fine (this is what I'm using to post this message.) I did all I could to fix this, even to the point of dismantling the machine and moving cards around and such, but it did nothing. I finally formatted my Ubuntu partition and reinstalled, and it also did nothing. It also doesn't work from the Live CD. The router works fine on all the other computers in the house, wired or wireless, and also my phone and PSP's.

While connected, in Firefox, sites sit at "looking up", "waiting for", or "connecting to". It seems to be at random which one. They all time out, none of them say server not found. I thought it was a DNS problem, so I tried some DNS's I know (Google's, OpenDNS, DNS Advantage etc.) but it did bupkis.One thing I notice is that while connected, I have a fantastic signal strength of about 85%, when before any of this happened, it was more around 70%. I didn't move the antenna anywhere or anything having to do with the reception. Also, once connected, it stays connected, it's just getting it initialized that's the problem, but even while connected it doesn't seem to work well.

This is incredibly frustrating, as I did not change anything with the router at all, in any way shape or form. It just spontaneously decided to not like Linux. The router's model is 2700HG-B.Could it be that my wireless card is dying? I've had the thing for 6 years, and had no sign of it failing. I'm thinking that can't be it because it works with the same computer and network, but with a different OS. Could there be something wrong with the Ubuntu driver for my card, ath5k? I was going to say there's something up with wpa supplicant, because I use WPA-PSK for authentication, but I turned that off from another computer and it still does not work.

Again, the problem is that Ubuntu works with every router I can connect to EXCEPT mine, and Windows 7 on the same machine works with the same router. My router works with every other device in the house. I have changed nothing networking related, and even reinstalling Ubuntu did nothing. I would try it with Ubuntu on another machine, but my machine is the only wireless one in the house (and I can't put Ubuntu on the wired ones, that would PO some people),and I would try it with a different wireless card/USB thingy, but I don't have another one.

EDIT: I got some other Live CDs out, I tried Kubuntu 10.04, and Ubuntu 9.10. NEITHER WORK!

View 3 Replies View Related

Ubuntu Networking :: Share Files Across Separate LANS Using 2 Routers

Dec 22, 2010

I have 2 routers, each are assigning IP with DHCP on. One router is plugged into cable modem second router is downstairs plugged into first router. Wire runs in WAN of second router. Each router has its own IP subset. First router assigns IP's to 192.168.1.xxx second router IP's to 10.0.0.xxx

I know I can use the second router as an AP with DHCP OFF. BIG BUT though is my wifi verizon phone got no IP assigned when running like that and wirelessly connecting to the second router. Laptops were just fine. SO, I reconfigured second router with its own subset IP being handed out. Now verizon phone is perfect.

How can I share files between connected PC's using it this way?

View 9 Replies View Related

Networking :: Exchange Routing Between Quagga Routers Via Ospf - Bgp - Ibgp

Jan 13, 2010

I have 2 routers in my network, R1 and R2. R1 is doing BGP with ISP1 and R2 is doing BGP with ISP2. both R1 and R2 are advertising the exact same a.b.c.d/20 network to their neighbor on BGP.

This setup is working perfectly fine, people can enter reach machines and services inside our network regardless of what route they come in through.

The problem i have now is that R1 is now catering for a specific VLAN. now if a packet is destined for a machine on that VLAN but comes in through R2, then R2 does not know what to do with that packet since it is not connected to the VLAN.

This could probably be fixed by adding static routes, but I want this to happen dynamically so in the future, when introducing more vlans the routing table is updated automatically.

Could this be fixed with iBGP or OSPF somehow? I am using Quagga routing software

View 4 Replies View Related

Networking :: Banning Specific Operating Systems From Connecting To Home Routers ?

Dec 9, 2010

I might as well start off by saying that I have the Linux-based Linksys WRT54GL router running the Tomato firmware. I've come up with an idea that I'm not sure is possible. Specifically, setting a router up to ban not by the MAC address of the network card, but by the operating system the machine itself is running.

This way someone could have, say, a laptop dual-booting Windows and Linux and would be unable to access the internal network if they are in Windows. However, if they reboot into Linux (or practically any other OS) they would be able to access the local network safely without the chance of spreading worms and whatever else garbage across the internal network. Similarly, other devices like Xbox 360s, Wiis, etc. would be unaffected since they don't run Windows. [Yes, 360 probably runs some highly modified NT kernel, but almost nothing else is similar to a Windows PC and the whole system is highly locked down by Microsoft, so I'd say it could be an exception.]

I was thinking of specifically banning Windows XP and lower (honestly as f***ed up as I've seen Vista and 7 get, I would consider banning those too...). The idea is to allow, well... everything that isn't Windows (except possibly Win7) to connect wirelessly to the local network.

Unfortunately, I cannot do anything like this just yet, and I'm in the planning stages, trying to figure out if it is even possible. There are unfortunately two computers in the house that aren't mine (one running Windows XP and another Windows 7... go figure, they came with it and either my sister refuses to use anything else or my mom's computer's wireless is a massive PITA to get to work in anything *besides* Windows). My guess is that this is either not possible or would be extremely hard to pull off. What do you guys think?

On the other hand, it would probably be possible to connect two routers to the incoming cable connection, giving them both different settings (SSIDs, WPA passwords, etc.) and only giving Windows users access to the outer router, but it'd be cool to be able to accomplish something like this with one router through its settings.

View 5 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved