At every site i have two provider vsat and wireless connection.I have a linux machine and wanna setup act router for every site.
SITE 1 :
vsat : gw 10.23.128.1
wireless : gw 192.168.100.1
[code].....
I've been on a quest to enable full routing through my openvpn tunnel between my office and the colo. Masquerading will work, however it will throw off anything key based and makes a lot of things just more difficult and vague in general. Is there an easy way to do this via iptables? I tried using quagga hoping it would magically solve my problems, however it does not seem to do my routing for me . I just did a basic static route within zebra...
View 3 Replies View RelatedI have three locations with a central office connected to two remote locations. At the central office I run on a cisco asa 5505 two site to site vpns. The remote end of the first site is a checkpoint firewall , and the remote end of the second site is racoon on debian. Both sites are up and working. However, where at the first site traffic goes both ways, at the second site it only works from the central office to the remote office.
For example, I can ssh from a host in the central office to a host in the first remote site (through checkpoint firewall,) then ssh back from that host at the remote office to any host in the central office. In contrast, after I ssh from a host in the central office to a host in the second remote office (through racoon), I cannot see the central office hosts (ping the ip address of a central office host, ssh, etc. all fail.) The vpn settings at the central office (the cisco asa 5505) are identical. So it seems to me that some routing magic is missing on the host running racoon at the second remote office. Where would such setting reside? racoon config files? iptables?
I have two networks. One of them is wired, the other is wireless. The wired has an internet connection and a few other computers connected to it. The wireless network has a few hosts connected to it too, but it has no internet connection. What I've been trying, fruitlessly, to do, is make all connections that are bound to the internet, or my wired network, be routed that way, and all the connections to the hosts of the wireless network go that way.
Here's the setup..
Wired:
192.168.1.0/24 Gateway = 192.168.1.1
Route internet through here
Wireless
192.168.2.0/24 Gateway = 192.168.2.1
If my computer sends a packet to the internet, it should be routed through 192.168.1.1 If I send a packet to one of the local hosts of the wireless network, it should be routed through 192.168.2.1. Here's the routing table I've set up(This is one of many configurations I've tried)
Code:
$ ip route show
192.168.2.1 dev wlan0 scope link
192.168.2.0/24 via 192.168.2.1 dev wlan0 src 192.168.2.4
[code]....
With this, and everything else, I get destination host unreachable when pinging. The strange thing is that, if I unplug my eth cable, reboot and connect to the wireless network, everything is fine and I can access the router and the others. I'm trying to improve my networking skills, as I've had this of setting up a small linux box as a router for quite some time, for the fun of it, but I need to get routing under control before I go ruin my network.
My hardware has two interfaces: a) ethernet - eth0 b) WirelessLAN - eth1.After power on, eth1 gets associated to WirelessLAN access point.
The ethernet interface of Hadrware and test PC is directly connected to Wireless LAN access point through ethernet cable. Hardware is associated to Wireless LAN access point through eth1 interface.Now, when ethernet cable is connected to hardware, I can ping 192.168.254.254 from test PC.When I removed ethernet cable from hardware, I cannot ping 192.168.254.253 from test PC.I think access point should forward the incoming packet from test pc to hardware's eth1 interface wirelessely. Where am I wrong? Is it related to Kernel's routing table? If yes, how to detect removal of ethernet cable from hardware and change routing table dynmically?
I am running into trouble while trying to set-up a iptables routing policy. I have two machines on the same sub-network (xxx.xxx.153.0). One of the machines is used as a default gw for the other (xxx.xxx.153.250 is a gateway for xxx.xxx.153.142 and xxx.xxx.153.254 is a gw for xxx.xxx.153.250). There is no explanation for why the xxx.xxx.153.250 is in the middle -- xxx.xxx.153.142 can go straight to xxx.xxx.153.254, but is is like that for now.I am trying to find an iptable rule to be executed on the xxx.xxx.153.250 machine to route the packets.
View 3 Replies View RelatedI have a firewall, this consists of three NIC's:
Code: eth0[192.168.0.2] eth1[192.168.1.2] and eth2[10.10.165.2]
I am trying to ping eth0 from eth2, but I am not able to succesfully get a response from pinging the device, I am using:
Code: ping 192.168.0.2 -I eth2
I have tried to insert routing data into the routing table, but it still doesn't work
I have a program that connects to the internet that I would like to route through one of my secondary network interfaces. I need one specific port routed to eth1 instead of eth0. I believe that I should be using iptables for that, but I don't really know how to do it.
View 14 Replies View RelatedI am using Network Manager to connect to a VPN server so that I can access some of the computers on the local network there. When I'm connected, I have two problems: All my internet traffic goes through the VPN. My computer is no longer visible on my local network. I waste a lot of time connecting and disconnecting the VPN. Is there any way I can set up a VPN so that I am still on my local network and only requests to 172.x.x.x go through the VPN. I suspect it can be done with iptables, but all the info about iptables goes WAY over my head.
View 8 Replies View RelatedI just got vpnc setup to work with my VPN at work and now I am trying to figure out how to limit the traffic that is routed through the VPN while I'm connected to it. I only want traffic going to the local domain to be routed through the VPN.This is what my vpnc config file looks like:
Code:
IPSec gateway publicdomain.example.com
IPSec ID XXXX
[code]....
I have internet access using mobile broadband and i also have a wireless network for home usage without internet access.
When my wireless network is connected every application in ubuntu (Meerkat) tries to use it for inernet access (as neededobviously). As soon as i disconnect from the wireless network (and assuming the mobile broadband is on) everything has access to the internet again using the mobile brodband.
How do i tell ubuntu that i don't want it to use my wireless network for internet access?
I find it hard to explain but I will try. I have a small network using CentOS 5.4 with a static ip and I am running a web server which has an local ip of 10.1.10.100 and has the domain name of www.inwoon.net.My problem is I have other computers on the same network and can only access the web server using 10.1.10.100 instead of www.inwoon.net. am finding it to be impossible to test my web site work using external links that call back to my site
View 8 Replies View RelatedI'm often on my corporate network but also need to be on another network simultaneously. At the moment I have to manually switch back and forth between the two. I'm using ubuntu 10.04. I've come across an excellent document that explains how to do this: "Linux Advanced Routing & Traffic Control HOWTO" by Bart Hubert. He mentions:
make sure that your kernel is compiled with the "IP: advanced router" and "IP: policy routing" features
I've downloaded the kernel sources, but I don't find any config options with names like these in them.
sudo apt-get build-dep --no-install-recommends linux-image-$(uname -r)
sudo apt-get source linux-image-$(uname -r)
Searching doesn't reveal anything
~/kernelBuild/linux-2.6.35/debian.master$ grep -iR policy . | grep -i routing
~/kernelBuild/linux-2.6.35/debian.master$
So my question is...how can I tell if the kernel I have has these config options. Failing that, how do I build a kernel that does support these things?
Additional use cases for this knowledge. (1) At work with desktop computer plugged into corporate network. Plug 3g phone into USB port. My corporate network wont allow me to access my external servers over ssh, but the 3g phone will. (2) At home on the corporate VPN, but would like to access my other local network computers.
My routing table does not get complete for some reason. I'm using a Huawei E220 USB modem on openSUSE 11.3 using NetworkManager to connect.When I connect to the net the routing table looks like
Code:
/home/freefox # route
Kernel IP routing table
[code]....
i have a big problem y have to make an alias for the eth0 interface, i made it with yast and my alias was eth0:1, first, if i try to shutdown the interface i cant it give an error and tell me that the interface dont exist and the second threat is if i can put a default gateway for this alias something like this in other distributions:
route add 128.26.6.11 gw 192.168.28.201 dev eth0:1
I'm trying configure my server for routing between vlans, but I'm having troubles with my server after that vlans are set. I can create vlans and routing is OK, but when I trying remove a vlan, restart the network script or restart the server, the CLI freeze and then I can't do anything. Even Ctrl+C or Ctrl+Z isn't work. I can use other terminal or do other SSH connection (if the network interface used by ssh isn't crashed), but if I try use a ifconfig per example, crash again. The unique solution is restart the server. Nothing about this is found in the log.
Opensuse 11.4
Kernel: 2.6.37.6-0.5-desktop
We have a 10.0.0.x network with a working DNS Server (BIND) setup. Recently we purchased Watchguard firewall and configured three networks, so that our internal network can be divided into three networks and talk to each other through firewall routing. So I configured three ips 192.168.0.1,172.16.0.1 and 10.0.0.1 for local network card in the firewall router. I separated three networks and individually configured machines with static ip and given gateway as the above ips. Now, I need to configure DNS server for each zone in the same server which is in the network 10.0.0.x, is this possible?. If yes do I need to setup ip aliases for eth0 in the DNS server with different ips from each network?
View 1 Replies View RelatedI just installed (n this 11.2 system) vmware server (v 2.02), to have access to a few small systems. One of them is a 11.1 guest which I just upgraded to 11.3, successfully (almost).
I have a problem, though: from the host I can not ping/ssh the guest.
Guest to host works fine (including names).
Code:
The firewall is down on both sides. I don't see anything with iptraf in the guest. The IP addres of the guest is correct, unless I'm too tired to see.
Why?
Code:
I'm going to an area with no wired internet connection so I would gather information on if it is possible and how to make working the following configuration for an home network:
a wireless access point connected to a laptop (an old one with a centrino Duo) with a usb stick for UMTS connection to the internet it is possible to use the laptop for routing to the internet the requests (http, ftp, mail etc..) of the PC connected to the home LAN which software have I to install on the laptop?
i know exactly what i need to do, im just not familiar enough with command line to do it properly.i have 7 computers.the first 4 are connected to a router via wireless at one end of the house. of the last 3 only 1 will be able to access the router via wireless, so it needs to share it's one wireless connection via ethernet. this computer i'm going to call 'server'server will have two IP'swlan0 192.168.1.6 this connects to the router that has internet access.eth0 i intend to have the following settingsip:192.168.0.1sub: 255.255.0eth0 will connect to a second router, where the cat5 cable goes from the server, into the internet port of the router where i will define the router's static IP:IP: 192.168.0.100sub: 255.255.255.0gateway 192.168.0.1i have then set the router IP for LAN handling as 192.168.27.1 and all ethernet connections will have a 192.168.27.x IP.
so i need to know how to, without a gui application, use the terminal to assign server eth0 a proper IP address, and tell the server to take the connection it has and share it through eth0 to supply internet for the last 2 computers via ethernet.i had it set up in this way with a windows machine being the one that had the wifi access, but i'd rather have it setup for the ubuntu server to do this task. security is imperative for these 3 remaining machines, so just getting 2 more wifi adapters for a connection to the initial router isn't an option.the 2 that connect to server do so through SSH and though server IS connected via wireless it only makes outward connections through
I am new using SUSE and have one application running. I would like to put the school's new web site that I have runing on localhost on the SUSE box and would appreciate suggestions esp the broad steps involved.Do I install separately Apache, PhP, filezilla, etc. or just install XAMPP?What is the best way to keep the web site updated--ftp or some other way? Teachers want to make routine changes so I have to figure out a procedure.
What is the best way to tie down security besides having good passwords on all Usernames? (I have a 3COM device that I can allow services to specific IP's and define firewall rules. But most incoming would be port 80 which I cannot block.)
I'm trying to block a site for a certain time.How to Block(deny) perticuler website in certain times of the day , by using squid ? and it seemed promising.I added the lines to my squid.conf
acl office_time time MTWHF 3:00-21:00
acl bad url_regex "/etc/squid/block.acl
http_access deny bad !office_time
created a block.acl in the same directory and restarted it.
I have to ubuntu machine (9.10 and 10.4) with a openvpn tunnel between them.This is the situation:
Code:
NetworkA 192.168.0.0/24
|
UbuntuA br0:192.168.0.3 (openvpn bridge between eth0 and tap0)[code].....
UbuntuA has one only interface etho and there are two openvpn instance: one bridge istance with br0 and another instance with tun0.
UbuntuA is not the gateway for networkA. UbuntuB is the gateway for NetworkB.I need to comunicate between pc on networkB e those on networkA.This is the "ping situation" (no pc tested has an active firewall):
ubuntuA vs ubuntuB: OK
ubuntuB vs ubuntuA: OK
pc on NetworkA vs ubuntuA and ubuntuB: OK[code].....
My setup is...I have a wireless access point using laptop as a gateway. The AP is also connected to a switch as is the laptop. So the laptop has two interfaces one wireless and one wired. A third device is using the AP to connect to a server on the internet. The AP sends the packets to my laptop where they are dropped. I've been looking for a solution to this problem without success. Basically is there a way for my laptop to forward all packets it sees from a certain IP address to whatever destination address they have?To clarify, my laptop is just the gateway of the AP and none of the packets are addressed to it at all, it just picks them up using a sniffer or similar tool.
View 1 Replies View RelatedI have a pc with debian 6 (without GUI) installed on it and want to use it as server at home. It has 2 ethernet nics. Now i want to configure the routing process. Searched internet for a long time found something but couldn't get it work.
View 8 Replies View RelatedWhen setting up an SSH proxy, I know you can configure Firefox to route DNS requests through the proxy. Is this possible from linux directly? I'm trying to use wget through the proxy, including DNS lookups.
View 3 Replies View RelatedI have two subnets which I am interested in connecting.
Some basic network details:
Subnet A:
Subnet B:
I am trying to think of any further relevant details, but that seems to be it to me. If I forgot anything, please tell me.
Ok the question. WHAT do I type? (Explicitly!) And WHERE do I type it? In order to reach ubuntu-01.tec.lan, or ubuntu-02.tec.lan from perpetrator.tec.lan or rapine.tec.lan?
I'm interested in using actuall ROUTES. I can already achieve results similair to this with either a NAT firewall, or with VPN.. but that's not what I am interested in.
From what I have found out so far, I should need something like the following:
On Gateway 1B:
Code:
And on Gateway 1A:
Code:
I'm newbie to Wireless. Currently I try to implement EAP-TLS but firstly I need to get the hardware work, allow Access Point to Route from Wireless to Wire (LAN DNS server).
View 4 Replies View RelatedI am having some trouble setting up routing on my Ubuntu 9.10 Server. I have the GUI installed with Webmin and OpenVPN Heres the setup :
1 NIC - WAN - eth0 - IP: 146.231.x.x SUBNET: 255.255.252.0
1 NIC - LAN - eth1 - IP: 192.168.1.1 SUBNET: 255.255.255.0
1 NIC - ADSL - eth2 - dynamic
What I need to do is the following.
All users are connected to the LAN.
All requests for IP range "146.231.x.x", and "domain.com" need to be routed from LAN (eth1) to WAN (eth0).
All other internet requests need to be routed to ADSL (eth2).
-> I have the masquerading in the linux firewall working for NAT, but all traffic goes to ADSL (eth2).
-> I am using OPEN-VPN over the ADSL also.
-> DHCP and DNS work fine.
I also need all ports opened with the route (from eth1 to eth0)
.site gets appended to the end of the hostname every system bootup for me (e.g. hostname.site), even though I've changed the hostname in both the Network Settings and Hostnames sections of YaST. How can I stop this?
View 7 Replies View Related
