Here's my scenario:
I want it so any inbound traffic from dsl goes back out the dsl and same for rogers. I've been searching and playing with many docs with no luck.
Anyone know how I do this? The multiple routes are on the same device br0. (which I think is causing all my havoc)
I have 3 network interfaces on my Linux Router :
Interface - Gateway - Type
Code:
br0 - 192.168.0.1 - Internet
eth2 - 192.168.1.1 - LAN
tun0 - 10.0.0.2 - VPN (via br0)
What I'd like to do is to route all TCP packets coming from eth2 to tun0 where a VPN client is running on 10.0.0.2. If I delete all default routes and if I add a new route to tun0 like :
Code:
route del default
route add default gw 10.0.0.2
Everything is fine, and everyone on eth2 can reach the Internet using the VPN access. Now the problem is that my VPN client does not allow any other protocols other than TCP. And I also want to allow VPN access only to eth2, no other LAN nor the router itself. use iptables to filter any TCP packets and mark them, so they can be sent to tun0, while any other packets can reach the Internet via br0 (192.168.0.1). I found on the Internet that we can mark packets before they get routed. Using the following commands :
Code:
iptables -t mangle -A PREROUTING -j MARK --set-mark 85 -i eth2 -p tcp --dport 80
ip route add table 300 default via 10.0.0.2 dev tun0
ip rule add fwmark 0x55 table 300
First of all, --dport 80 never work... :/ I wanted to filter TCP 80 packets coming from eth2, but none of them seems to be HTTP packets... oO (very strange...). Nevermind, I decided to forget about the --dport option. I use the "iptables -L -v -t mangle" command to see how many packets are marked, and it is working fine, all TCP packets coming from eth2 are marked. Now the problem is that none of them are routed to tun0 they are all respecting the "route -n" rules... and not the "table 300" rule I have created.
The goal is to make connection calls (ssh, ping, ...) possible from one LAN (LAN-1) to a number of (at the moment two) separate smaller LANs.These smaller LANs (LAN-2a, LAN-2b, ...) have exact same specifications (same IP range, same number of nodes, ...)!The idea is to use a Fedora box (release 14 with 2.6.35.6-45.fc14.i686) and implement an appropriate iptables routing/forwarding.The Fedora box has three network interfaces:
- eth0 (aaa.bbb.ccc.m) on LAN-1 (aaa.bbb.ccc.0/24)
- eth1 (ddd.eee.fff.n) on LAN-2a (ddd.eee.fff.0/27)
- eth2 (ddd.eee.fff.p) on LAN-2b (ddd.eee.fff.0/27)
[code]....
My Ubuntu Box has 3 interfaces. eth0 (Internal 192.168.1.0/24)eth1 (External ISP DHCP)eth2 (External ISP Static IP)I need the outgoing traffic to internet for 1 of the internal pc (192.168.1.10) to only go only go through eth2
View 4 Replies View RelatedI have setup a second machine with slackware 13.37, it is a "supermicro" which I picked up though my work. the idea was to set it up as a gateway and gradually expand my knowledge of sub networking, iptables, forwarding and the like. after a couple nights of forum searching and "o'reilly" book reading I am still unable to get a proper route working thru the "supermicro" to our dsl router.
What is setup?: I will start from my main machine simply calling it slackbox
slackbox: has two ethernet cards which i have given static ip's to
eth0 192.168.2.16 and eth1 192.168.3.11
eth0 (192.168.2.16) is connected to a switch and then to our dsl router, it is working, I am using right now to work on this forum.
eth1 (192.168.3.11) is connected to the "supermicro" thru a cross-over cable, it also is working, pinging the "supermicro" works.
default gateway on slackbox is set to be 192.168.3.10 (the supermicro)
I only set slackbox's default as 192.168.3.10 when testing to see if the supermicro gateway will work
supermicro: also has two ethernet cards which i have given static ip's to
eth0 192.168.3.10 (this is the card with the cross-over cable connected)
pinging 192.168.3.11 (the slackbox) works.
eth1 192.168.2.24 is connected to our switch as well, it is working, pinging our dsl router works.
default gateway on supermicro is set in rc.inet.conf to be 192.168.2.1 (which is our dsl router)
All my machines have two ethernet cards. This has just made it easy for me to test the setup while still having internet access on slackbox. Yet when testing the gateway from slackbox thru supermicro I am getting "Destination Host Unreachable".
So I have two network Interfaces
eth0 - NAT behind a router
eth1 - Public IP
When ever I restart the machine, both interfaces pull a IP, but the it randomly chooses eth0 or eth1 to have the gateway. I want the gateway to be eth0 always.
[Code]...
Is there some file or setting I can modify in Fedora10 that will always choose 192.168.1.1 on eth0 as the default gateway?
I need to access a Linux box via SSH & Samba that is hidden/connected behind another one on its own local network.
Setup :-
Code:
A switch B C
|----| |---| |----| |----|
|eth0|<-->| |<-->|eth0| | |
|----| |---| |eth1|<-->|eth1|
|----| |----|
E.g., I need to SSH/Samba from A to C. How does one go about this? I was thinking that it cannot be done via IP alone? Or can it? Could B say "hi on eth0, if your looking for 192.168.0.2, its here on eth1"? Is this NAT? This is a large private network, so what about if another PC has that IP?! More likely it would be PAT?
A would say "hi 192.168.109.15:1234"
B would say "hi on eth0, traffic for port 1234 goes on here eth1"
How could that be done? And would the SSH/Samba demons see the correct packet header info and work??
IP info :-
Code:
A - eth0 - 192.168.109.2
B - eth0 - 192.168.109.15
- eth1 - 192.168.0.1
C - eth1 - 192.168.0.2
A, B & C are RHEL (RedHat)
But Windows computers can be connected to the switch. I configured the 192.168.0.* IPs, they are changeable. So I have read that this should be done via iptables? But what is the correct command line to do this? And where does one put permanent iptable config?
I'm working for a very poorly configured WISP currently using Traffic Inspector on windows(url).
Currently each client is manually given an IP address. I'd like to eventually change that, but for now I just want to migrate the server to linux.
I intend to use iptables to forward only those who's mac and ip match against my list:
Code:
# Davit
$IPTABLES -A INPUT -i $INTIF -m mac --mac-source 00:00:00:00:56:83 -s 192.168.0.4 -j ACCEPT
I intend to mark the packets by ip address to limit them to their plan( there are two plans 256kbps and 128kbps)
Code:
# Mark packets to route
code....
exit 0
Does this make any sense? My Major problem is that I don't know how to keep track of how much each client has downloaded. Any advice on how to do that?
We have a new Bussiness DSL line with 16 public addresses.What we want is to setup a DMZ to run some services and internet to the LAN. Here's a schematic of what we want:
Code:
Backup Internet Main Internet
connection connection
| |
| |
SDSL Modem BDSL Modem
[code]....
The webserver has the following settings:
IP: 12.34.56.125
subnet: 255.255.255.240
gateway: 12.34.56.126
What IPTABLES rules do i need to setup to "see" all IP's in the DMZ-2 from the internet?
I am running Ubuntu server 10.10 and trying to setup iptables rules in /etc/if-up.d/iptables
Quote:
root@host# cat /etc/network/if-up.d/iptables
#!/bin/sh -e
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
Problem is that iptables doesn't get updated and I don't see them when iptables -L is executed after reboot.
Trying to setup my box as a router on Ubuntu 10.04. When trying to setup a NAT rule in iptables 1.4.4 like so:
Code:
sudo iptables --table NAT --append POSTROUTING -o eth0 -j MASQUERADE
I keep getting:
Code:
Can't initialize iptables table 'NAT': Table does not exist (do you need to insmod?)
Looking at lsmod, it doesn't look like I have anything NAT related loaded ( I just have iptable_filter, ip_tables, and x_table ). Doing a locate nat, I find a module that looks like it should work. I'm running 10.04.1 LTS - Kernel is 2.6.32-25-generic #45-Ubuntu SMP and it is pretty much stock - haven't done anything fancy... this module looks promising:
Code:
/lib/modules/2.6.32-25-generic/kernel/net/ipv4/netfilter/iptable_nat.ko
but loading it and I get:
Code:
-1 Unknown symbol in module
I've currently got a Xen box with 3 Virtual machines on it, in a routed setup. I'd like to put them all on a private internal network as well, which I'm assuming I'd do with a dummy network card and a xen bridge, but I can't find any information about setting up the xen Bridging setup on top of the existing network-route instlal.
View 1 Replies View RelatedI would like to add a static route, however I do not understand what is meant by the Address setting below
GATEWAY2=10.241.58.62
NETMASK2=255.255.255.224
ADDRESS2=10.241.57.32
Does this mean any addresses beginning with 10.241.57.32 are routed over the gateway 10.241.58.62 an address range
I got this definition:"a process that replaces a series of related, specific routes in a route table with a more generic route." honestly I found it not so clear.. I want to know if this definition is correct and also more details about this subject..
View 1 Replies View RelatedHaving trouble getting my Netgear WNA1000 working thru wireless router. Have tried lots of suggestions from other threads to no avail. Someone suggested that th routing table isn't set correctly, so have been trying to use the follwing to make the proper entry in the routing table: sudo route add -net 192.168.0.1 netmask 255.255.255.0 dev wlan0
Result: error message stating with:
"route: netmask does not match route address"
followed by "Usage" instructions which tell me to do what I just did. Any ideas on how I can populate my routing table with correct entry for my wireless card? Not to complicate matters, but I temporarily turned off encryption on my router to eliminate that as a possibility until I get connected. So maybe it'still trying to connect via encrypted mode - do I need to turn off encryption on my (client) end?
I would like to update my network setup.
Today, I have an ADSL box which is my gateway to internet (192.168.0.1).
I have a Raspberry pi (RPI) which I use as a dhcp & dns server (192.168.0.2).
Recently my mobile phone operator installed a 4G antenna beside my home, and the bandwidth and latency are much better with my mobile phone than with my internet provider (ADSL).
I would like to install a wifi dongle on my RPI (I would get wlan0 & eth0 interfaces)
When RPI detect my shared phone connection (tethering) I would like RPI to automatically route internet:
- from authorized devices on my network to my mobile connexion (wlan0 -> mobile phone).
- from other devices to the standard ADSL internet (eth0 -> ADSL box).
I don't want any device to use the shared 4G connexion, best would be authorized devices to be selected by MAC address. How I should properly setup such a network ?
I have asked about this issue before to no avail but since then I have been able to narrow down the main cause of the crashes. My setup:
HD5770 - Running 2 19" LCD's
HD3300 onboard Running 1 47" lcd
Whenever I am in firefox and have pictures open in the browser and move the mouse to the other 19" monitor it crashes, not everytime but often enough to be annoying. Sometimes when it crashes the screen goes blank and I wind up at the login screen, other times it just goes blank and stays blank.
Anyone know how to configure multi domain in openSUSE 11.2?
View 9 Replies View Relatedi have a laptop and i plunged an external monitor into it. I want to obtain a virtual desktop[ I will privede more debugging info below
video card
01:05.0 VGA compatible controller: ATI Technologies Inc RC410 [Radeon Xpress 200M]
Driver:open source radeon driver distribution kubuntu 10.04
I tried this:
xrandr --output LVDS --mode 1280x800 --pos 0x0 --output VGA-0 --mode 1920x1080 --right-of LVDS --pos 1280x0
it resulted this error 1
xrandr: screen cannot be larger than 1920x1920 (desired size 3200x1080)
Googling about this error i found a old post,it could be outfated that sugested editing xorg.conf. I created a xorg.conf using "Xorg -configure" and i modified the screen section to this:
Section "Screen"
Identifier "Screen0"
Device "Card0"
Monitor "Monitor0"
DefaultDepth 24
[Code].....
I need some help to setup a simple 2 screens extended desktop. From my laptop with an nvidia card, it was very easy and done in seconds. But with my new desktop loaded with amd hardware, it's turning into a nightmare. I've posted on details of my hardware and of this problem here, and I'm encountering new trouble. Since then, my xorg.conf has changed a little without success:
[Code]...
I am currently booting 4 flavors of Linux - Ubuntu 10.04, Xubuntu 10.04, Linux Mint 9 KDE RC and Linux Mint 9 Gnome. There is so little difference between Ubuntu Gnome with the right packages installed and Linux Mint 9 it is redundant and I would like to replace it with Fedora 13 and try that out for a while. I understand that Fedora still uses a legacy Grub while the others are all using Grub2. I also understand that the two bootloaders do not get along. Is there a way to do that? How? If I have Fedora install its legacy Grub to the Fedora partition will Grub2 see Fedora and update itself properly? I'm open to starting clean if that would simplify things.
View 4 Replies View RelatedI have successfully set up a multi-seat configuration using 2 nvidia cards with 2 instances of X running at the same time. Thing is now, I can't access my external hard drive or any usb thumb drives I plug in. Normally when they would just open up after I plug them it, I get an error saying "unable to mount, Not Authorized". How I can regain access to this? I am using Linux Mint 10
View 6 Replies View RelatedI have just bought 2 monitors to be used as a x3 multi setup and 2 graphics cards the same make and model (ATI Sapphire Radeon HD5450). This all works in Windows 7 but I have just booted into Ubuntu and removed the old nVidia drivers and got the supported driver. The problem is only 2 monitors are detected as it would seem that it's only picking up 1 card.
View 1 Replies View RelatedI am running a multi monitor setup with xinerama, and everything works great except when I try to play an FPS such as OpenArena. The mouse doesn't work, it gets stuck to the screen edge.
View 6 Replies View RelatedOne of my colleague ran into trouble with setting up of path variable.
Earlier the entry for PATH in /etc/profile was:
Code:
Now what he mistake is:
He added a new Lines at the end as
Code:
Now due to this he is unable to run commmands now because that has overwritten the earlier PATH varaible.
If he types now:
It shows:
Code:
along with Aiptek, Hanwang, N-trig, Waltop, & WizardPen (Ace Cad, KYE Systems, UC-LOGIC) Tablets Last updated: July 24, 2011 Preliminaries
1) You must have X server 1.8 or up (Maverick has 1.9).
[Code]...
I'm looking to set up a server with attached mass storage device and tape autoloader to run linux. It's set up under Windows at the moment. Goal is to have users, connecting from individual workstations and laptops, backup their data to the linux server. On their personal machine, some users run linux, some MacOS, some Windows. I plan to set up the 5 500 GB drives as RAID5. I understand that if setting up as software raid the format is "physical volume for RAID". Under this setup, will Windows users be able to read/write and function as expected? I can't assume only linux user access.
View 3 Replies View RelatedI want to set up a PDC on my computer using Samba without LDAP, etc. The only thing I need is to share folders between the two ridiculous computers here. I got a 11.3 laptop and this 11.4 desktop. This is the /var/log/samba/log.smbd extract:
Code:
[2011/06/11 08:29:35, 0] lib/fault.c:250(dump_core_setup)
Unable to setup corepath for smbd: Permission denied
[2011/06/11 08:29:35, 0] smbd/server.c:1134(main)
smbd version 3.5.7-1.17.1-2505-SUSE-SL11.4-x86_64 started.
Copyright Andrew Tridgell and the Samba Team 1992-2010
[2011/06/11 08:29:35.951937, 0] passdb/secrets.c:73(secrets_init)
Failed to open /etc/samba/secrets.tdb
[2011/06/11 08:29:35.954910, 0] passdb/secrets.c:73(secrets_init)
Failed to open /etc/samba/secrets.tdb
[2011/06/11 08:29:35.955027, 0] smbd/server.c:1234(main)
ERROR: smbd can not open secrets.tdb
This is the /var/log/samba/log.nmbd extract:
Code:
[2011/06/11 08:27:48.682275, 0] nmbd/nmbd_become_lmb.c:395(become_local_master_stage2)
Samba name server ANTARES is now a local master browser for workgroup XXXXXXXX.WORLD on subnet
[2011/06/11 08:28:08.700572, 0] nmbd/nmbd_serverlistdb.c:343(write_browse_list)
write_browse_list: Can't open file /var/lib/samba/browse.dat.. Error was Permission denied
I have modified in Yast the User Authentication Source to smbpasswd and specified the correct path to the file...
This is the /etc/samba/smb.conf extract:
Code:
passdb backend = smbpasswd:/XXXXXXXX/smbpasswdfile
I erased all the samba related configuration files, uninstalled samba cli/ser samba-yast cli/ser and reinstalled, reconfigured and still have same issue. It worked very well with 11.1... (I clean installed 11.4 yesterday). I thought take sources from samba, compile and then see if it works...
I edited /etc/profile to look like:
# /etc/profile: system-wide .profile file for the Bourne shell (sh(1))
# and Bourne compatible shells (bash(1), ksh(1), ash(1), ...).
if [ "`id -u`" -eq 0 ]; then
[code]....
When i type env, it just shows: PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin It also shows JAVA_HOME, CLASSPATH and others were set up. Trying to get updatetool in glassfish usable for any user and during any session. I did the export command in a shell, and it worked, but not after closing the session. how to do environment variables.
How do i setup jde with emacs and how do i find my jdk path and verison to it?
Here the link i try to found.
[url]