i'm attemping to re-route incoming traffic of https to one of my servers. (a windows xp with subversion on it)
problem is if i do that ALL https traffic from other pc's is stopped. meaning i can't get any reply from any url with https;
i need is to have http and https allowed, together with mail server (incoming and outgoing) and ftp, ftps and ssh. all other ports have to be closed.
View 3 Replies View RelatedI have 3 network interfaces on my Linux Router :
Interface - Gateway - Type
Code:
br0 - 192.168.0.1 - Internet
eth2 - 192.168.1.1 - LAN
tun0 - 10.0.0.2 - VPN (via br0)
What I'd like to do is to route all TCP packets coming from eth2 to tun0 where a VPN client is running on 10.0.0.2. If I delete all default routes and if I add a new route to tun0 like :
Code:
route del default
route add default gw 10.0.0.2
Everything is fine, and everyone on eth2 can reach the Internet using the VPN access. Now the problem is that my VPN client does not allow any other protocols other than TCP. And I also want to allow VPN access only to eth2, no other LAN nor the router itself. use iptables to filter any TCP packets and mark them, so they can be sent to tun0, while any other packets can reach the Internet via br0 (192.168.0.1). I found on the Internet that we can mark packets before they get routed. Using the following commands :
Code:
iptables -t mangle -A PREROUTING -j MARK --set-mark 85 -i eth2 -p tcp --dport 80
ip route add table 300 default via 10.0.0.2 dev tun0
ip rule add fwmark 0x55 table 300
First of all, --dport 80 never work... :/ I wanted to filter TCP 80 packets coming from eth2, but none of them seems to be HTTP packets... oO (very strange...). Nevermind, I decided to forget about the --dport option. I use the "iptables -L -v -t mangle" command to see how many packets are marked, and it is working fine, all TCP packets coming from eth2 are marked. Now the problem is that none of them are routed to tun0 they are all respecting the "route -n" rules... and not the "table 300" rule I have created.
I have set up a Virtual machine on a dedicated server from 1and1. I hoped to use a bridge to give the vm direct access to the internet but 1and1 do mac filtering and so the only option is to use NAT.
I used Virtual Machine Manager on my Ubuntu 10.04 machine at home to install Debain Lenny on the vm on the server using KVM and all went well. I put it on a virtual network 192.168.100.0 and i can access it from the host and i can access the internet from the guest using NAT that libvirt set-up.
I bought another ip address from 1and1 with the hope of forwarding packets to the new ip address 11.22.33.02 to the guest vm.
I have tried all sorts of routing rules using iptables without any success.
my virtual network is on virbr1 the guest ip is 192.168.100.50 my external network device is ip say 11.22.33.01 on eth0 with the secondary ip say 11.22.33.02 on eth0:1
Here are the latest rules i tried:
Quote:
iptables -t nat -A PREROUTING -d 11.22.33.02 -i eth0 -j DNAT --to-destination 192.168.100.50
iptables -t nat -A POSTROUTING -s 192.168.100.50 -o eth0 -j SNAT --to-source 11.22.33.02
iptables -A FORWARD -p tcp -i eth0 -o virbr1 -d 192.168.100.50 -m state --state NEW -j ACCEPT
iptables -A FORWARD -t filter -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT
[Code].....
I have a bunch of Ubuntu boxes on one subnet, 192.168.1.0. I have a Windows 7 box on another subnet, 192.168.2.0. I am able to ping and SSH to all servers on the .1 subnet except for one server, which I will call PITA. I will attempt to SSH to PITA, and it won't respond, nor does it respond to pings. I will the SSH to PITA from another of the test servers, successfully connect, and then when I SSH from my Windows 7 machine I can connect successfully. If I first connect via console to PITA and send some pings out (to anywhere, like 4.2.2.2), I can also connect from my Windows 7 machine. I've never seen anything like this.
One of the weird things is that I used PITA to create an image that I then used to create many of the other test servers, and they work fine, so I'm not sure what the problem is. I've checked /var/log/messages and syslog and there's nothing in them that indicates a problem. I've rebooted this server, restarted SSH, changed the IP in case it was conflicting with something else, forced an ARP update in case it was cached (since I had bonded the interfaces), cleared the ARP cache on my own machine, verified Network Manager is not installed...and I still have this issue.
Here are some network-related config:
/etc/network/interfaces
Quote:
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
# The loopback network interface
[code]....
I would like to add a static route, however I do not understand what is meant by the Address setting below
GATEWAY2=10.241.58.62
NETMASK2=255.255.255.224
ADDRESS2=10.241.57.32
Does this mean any addresses beginning with 10.241.57.32 are routed over the gateway 10.241.58.62 an address range
Is it possible to for me directly RDP into my company's RDP server from my Linux OS, in same way I can RDP into it from my Windows OS on my work computer or home computer, which has the RDP setup settings you use to create the session?
Of course I can get into the work machine, and then the RDP session, but is there a way to go straight into it without using the Windows Desktop to click on RDP? Does Linux have an RDP program similar to the setup using on the Windows side, in terms of being able to configure the settings to get into an RDP directly?
I'm setting up apache on centOS 5.5 and administering it from another host on my LAN(this web server has no Xorg). I can ping from the config host to the web server but not the other way. My network is quite a way from being set up so i'm just configuring the web server at the moment, the simplest way i can. It's just trying to get two LAN hosts both with 192.168.1.0/24 I.Ps to talk to each other using a router to connect them.
Here are the outputs of ifconfig and netstat -rn for the web server, the config host and the router:
The ifconfig -a and netstat -rn of the config host are:
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1
[code]....
I'm trying to configure dante so that it only connects to the internet through the PPTP VPN interface (which is ppp1). My configuration file is currently like this:
Code:
internal: 127.0.0.1 port = 3333
external: ppp1
method: username none
logoutput: stderr
user.notprivileged: abc
[Code]...
All I want is to be able to access files on one Ubuntu computer from another Ubuntu computer via a home wireless network. I have been at this for a week now. Scouring the web for answers and so far I have come up with this: Port 22 is open. I have both computers IP addr's via right clicking on the network icon-> Connection Information. ssh is installed and running. Both computers are listening on port22. But when I try Places->Connect to server, I get "no route to host". I'm not a networking guru and I'm at a complete loss on this.
View 9 Replies View RelatedI am trying to access a DVD mounted on a machine running Fedora12 (192.168.0.105). I thought this should be possible with NFS, but the above error message is what I keep getting, no matter what I try.
Here is my mount command:
Code:
mount 192.168.0.105:/mnt/dvd -t nfs /tmp/scaleo
The Fedora 12 machine has the NFS server running, and the corresponding entry in /etc/exports is
Code:
/mnt/dvd *(ro)
I thought this might be a firewall problem, but it persists even if I turn firewalls off on both machines (client as well as server.) Also, doing
Code:
ssh 192.168.0.105
is OK, so what is wrong with the route?
I am trying to access a DVD mounted on a machine running Fedora12 (192.168.0.105). I thought this should be possible with NFS, but the above error message is what I keep getting, no matter what I try. Here is my mount command:
Code:
mount 192.168.0.105:/mnt/dvd -t nfs /tmp/scaleo
I now tried
Code:
mount 192.168.0.105:/mnt/dvd -t nfs4 /tmp/scaleo
and it seems the mount succeeded. So, instead of nfs, one must write nfs4?
I have 2 clients (one IP 200.x.y.52 and another 200.x.y.47) in ADSL conection and a same gateway (200.x.y.1).
When the server send an email, the error "No route to host" appear. I used TELNET 200.x.y.52 25 (110 soo) and the error occurr in both servers and both directions. The Firewall was disabled .
I got this definition:"a process that replaces a series of related, specific routes in a route table with a more generic route." honestly I found it not so clear.. I want to know if this definition is correct and also more details about this subject..
View 1 Replies View RelatedHaving trouble getting my Netgear WNA1000 working thru wireless router. Have tried lots of suggestions from other threads to no avail. Someone suggested that th routing table isn't set correctly, so have been trying to use the follwing to make the proper entry in the routing table: sudo route add -net 192.168.0.1 netmask 255.255.255.0 dev wlan0
Result: error message stating with:
"route: netmask does not match route address"
followed by "Usage" instructions which tell me to do what I just did. Any ideas on how I can populate my routing table with correct entry for my wireless card? Not to complicate matters, but I temporarily turned off encryption on my router to eliminate that as a possibility until I get connected. So maybe it'still trying to connect via encrypted mode - do I need to turn off encryption on my (client) end?
I have openvpn tunnel setup between two CentOS servers. One of the CentOS servers also acts as a DHCP server for some client computers.
Server A= OpenVPN server
Server B= OpenVPN client (connects to Server A with OpenVPN)
The two CentOS servers can ping each other (172.16.0.0/24) via the tun0.
However, client computer connected to Server B (DHCP server) can't reach 172.16.0.1 (which is the OpenVPN server).
I think I am missing some routing in my "ip route show". Following is the full picture:
What command can I issue to get this fixed? something along ip route add?
There is no firewall service on both end. service iptables stop! I can't bridge eth1 and tun0 as DHCP server might mess up the other side. I can't do a push of "redirect-gateway def1" because then clients loose their IP as they send DHCP requests to Server A.
I have set up certain portions of my web site to be forced https:// How do I force, non https:// protocols. I know this sounds confusing, so let me give you an example.
[Code]...
What is the easiest way to setup an incoming and outgoing mail server on centos? Without using a control panel, such was webmin.
View 2 Replies View RelatedI want to have separate incoming and outgoing mail servers with smtp authentication.
Server1 will act as incoming mail server
Server2 will act as outgoing mail server
How can i authenticate domains users of Server1 from Server2 for smtp authentication.
I have a debian box running Apache2 and PHP5.2.6 lenny.
When a request is made via https, php displays the content fine. If the request is made over HTTP the file is offered for download, rather than displaying it.
I know its probably something trivial but I've never seen this issue.
The plot thickens, I can display PHP over HTTP in some directories but not others (which offer the file for download)?
I use php to send newsletter via sendmail.outgoing emails work as needed.I defined a .forward file to get responses in my regular email account.If I use mailx to send emails from root account to my own account, it gets forwarded as needed.If I try to send from outside the box to news@domain.com the email is not received in the box and the sender does not receive an error message.
I am sure I missed something.How do I enable incoming emails?
We have a apache server which have a ssl certificate like www.abc.com. We hosting a website is a online giving shop which need ssl cetificate in https. website of this is www.123.com, it will redirect tow this website owner don't want to show What can I do to achieve this ? Can I use rewrite function in apache to achieve this? How? or we need to buy any other ssl certificate for www.123.com? How can I install multiple sslcertificate in one apache server?
View 4 Replies View Relatedi have a mail server that uses Postfix as a mail server, it runs ok, but i need to add some features to a specific users only.what i need to add is Auto-reply message for some users only.
View 5 Replies View RelatedHow could we bcc all outgoing / incoming email through my Sendmail (8.14) Server?
I tried this /etc/procmailrc
:0c
! backupmail@domain.com
But this get looped and backupmail received multiple emails of each for domain.com while sending locally from one user to another user.
How do i set my ubuntu server to use port 4055 for incoming telnets>
View 1 Replies View RelatedI want to allow 100 incoming connections to my linux server running smtp. I know that tcpserver -c will set the limit of allowed incoming connections, but how can I tell what the currently set limit is?
View 4 Replies View RelatedI installed a new server running CentOS 5.2. I have iptables and SELinux off. The new server will not accept incoming mail. It will send out fine.Our mail server redirects mail for it.help to it.[url]...- [url]....is this server. Any messages sent to this address get stuck in a deferred queue. The error message on each one (from the mail server admin console) is "connection to[url]... [10.9.10.202] - connection refused". I can ping [url].... from the mail server.
This seems like a firewall issue, but it is off. Is there some configuration file I need to change to allow incoming mail? Or is there some test I can run on the new server to further troubleshoot what is going on
How to start https on FC10?[root@smartgateway conf]# openssl versionOpenSSL 0.9.8g 19 Oct 2007
View 1 Replies View RelatedI want to ENABLE SSL on a PORT 2222 :
Now this works fine. But I also want the HTTP URL to work and redirect it to HTTPS.
When I visit http://IP:2222 I get :
Quote:
Bad Request
Your browser sent a request that this server could not understand.
Reason: You're speaking plain HTTP to an SSL-enabled server port.
Instead use the HTTPS scheme to access this URL, please.
Hint: [url]
How should I make this request of [url] CT to [url]
I'm using a box running CentOS 5.5 powered with Apache2. In this machine I hosted several domains and sub domains, managed by Apache's virtual host.
Due to security issue, one sub domain needs to be able to be accessed either using http or https.
My question is: Is it possible to set a sub domain to be able to be reached using both http and https? If it's possible, how to make it happens?
Is it possible to pickup the whole https URI with a sniffer?
IE. [url]
For example, Is there a way to get the sniffer to pick up id=39238?
I have been testing with wireshark, and it only seems to be picking up domain.com.
