Networking :: Setup Firewall / Gateway Address And Dns / Give To Clients For Accessing Internet?
May 12, 2010
I have 17 system (sys1,sys2,sys3.....sys17) in my office, and i am willing to setup a dedicated system to act as a firewall for that i have selected sys1 with two NIC(eth0 for local network and eth1 for internet) and i have configured to access internet in my office for that i have opened a wellknown port 80.but my clients are not accessing the internet..
and please check my sample IP configuration !!!
interface : eth1 (ISP IP)just for example
IP :192.168.0.2
gateway:192.168.0.1
dns:202.56.230.5
dns:202.56.230.6
Interface : eth0 (my local lan )
192.168.1.1
255.255.255.0
IP address of xp clients ranges form 192.168.1.2 to 192.168.1.16 with default 255.255.255.0
my question is that which gateway address and dns i have to give to my clients for accessing internet ?...
I already have Linux Enterprise 5 system installed with some server packages such as Webmin, Active Directory, Web Server which also act as Internet gateway. Now I want to add firewall functionality to block clients ip accessing internet.
I have 1 root-server with 2 NICs, both having their own internet IP addresses:
Code: eth0 = 8x.x.x.183 eth2 = 8x.x.x.205 We only have one gateway on that network: Code: gateway = 8x.x.x.1 We want to use eth2 for postfix + http, and eth0 for all the other stuff.
How can this be setup ? With route / ip route / iptables ?
I've set up a Lan-to-Lan (routed) OpenVPN tunnel. For redundancy I want to set up a second VPN tunnel on a fallback gateway/firewall on the client side. Currently, both sides (server/client) know how to route packets across each others physical LAN. So no NAT is used. When the primary gateway (fw1) is connected to the VPN server all traffic runs via the fw1 tunnel. Than when the secondary gateway (fw2) connects to the VPN server and fw1 is still connected all traffic for fw1 will be delivered to fw2 and effectively destroying traffic intended for fw1. This is of course no problem if I first shutdown (fence) fw1, than set up fw2 to use the gateway IP address from fw1 and set up the VPN tunnel to the VPN server. Effectively replacing fw1 with fw2 on the client side. However, I can't seem to find a decent howto.
I am also exploring the possibility to let both tunnels active and let OpenVPN (or another tool) decide how to route packets back and forth the different LANs. A virtual IP between two gateway's both running a VPN or something similar. This would be the preferred method of course. However, I don't know how to tackle this one but I'm pretty sure there are people out there who are happy to share their 2 cents.
I'm using virtual network (NAT network) for my domU.When I change dom0's firewall setup, the domU will fail to connect to Internet anymore.So far, the only way to bring the network back is reboot dom0 !I try to restart service network and libvirtd on dom0 ... it doesn't work.How can I bring the domU network back without reboot dom0 ?
I am learning to setup firewall in my home for that i have selected four system(sys1,sys2....sys4) for testing .I have configured sys2 to act as a firewall with two NIC. sys3 and sys4 are inside the firewall . sys1 is not connected to firewall for testing purpose.
the IP assignments are follows :
sys1 : ( fedora, not connected to firewall i am thinking, But i am not sure )
what happened is that sys1(not connected to firewall) can ssh to sys4(connected,inside firewall),since the rules are written not to ssh form sys1 to sys4..
then I came to know whatever the request I give, It directly goes as sys1 --> sys4. Not as sys1-----> sys2(firewall)---> sys4 .and the firewall is not filtering and processing anything for both inbound and outbound (i think it's my mistake some where). the requests are directly going inside without firewall.
Our firewall (debian) currently has 4 public ip addresses (eth0 1.2.3.4, eth0:0 1.2.3.5, eth0:1 1.2.3.8, eth0:2 1.2.3.9) and 3 internal subnets (eth1 10.1.x.x, eth1:0 10.2.x.x, eth2 10.7.x.x). We are experiencing the following two problems which I believe have the same root cause. 1) The firewall cannot access beyond the isp gateway (1.2.3.1). 2) From externally, we can ping eth0 with no trouble, however, pinging the eth0:0, eth0:1 and eth0:2 interfaces have results similar to the following:
Code: PING 1.2.3.8 (1.2.3.8) 56(84) bytes of data. 64 bytes from 1.2.3.8: icmp_seq=2 ttl=57 time=59.0 ms 64 bytes from 1.2.3.8: icmp_seq=2 ttl=57 time=63.0 ms (DUP!) 64 bytes from 1.2.3.8: icmp_seq=13 ttl=57 time=59.3 ms 64 bytes from 1.2.3.8: icmp_seq=13 ttl=57 time=63.0 ms (DUP!) 64 bytes from 1.2.3.8: icmp_seq=24 ttl=57 time=62.0 ms 64 bytes from 1.2.3.8: icmp_seq=24 ttl=57 time=65.6 ms (DUP!)
I get the feeling that I'm missing something obvious, especially since all traffic on the internal subnets can access externally as normal.
I got 2 servers, each on different locations (server 1 and server 2). I want all traffic on server1 included web browsing, applications etc., be always going through server2, like a gateway. I want the traffic to be encrypted (maybe use VPN?) So if I browse, or any logs pick up ip adresses from applications used by server1, I want it to display the IP address from server2 (Might be the wrong way to say it).
I always wants server2 to act as an firewall and logserver that logs all the traffic. I was thinking about using Snort for IPS/IDS solutions and OpenVPN for the traffic, but what can I use as a firewall? Most firewalls I find on google has its own OS/Distribution. Maybe Squid for logs? But squid does not support much protocols. Distribution on both servers are updated Debian/Ubuntu based.
I have trouble getting a gateway to the internet when setting eth0 with a fixed IP address. The gateway address (192.168.2.1 my modem/router) resets to 0.0.0.0 whenever I apply the changes. DHCP works fine but I need a fixed address for my server.
I want to do is setup a gateway(or router, idk what Ubuntu refers to it as.). So my set up would be Modem>Server>Switch>Router. I know that I need to set up it up as a DHCP server as well. I would also like to setup it up as a firewall too. I already have two Gbit cards that are already configured. So how do I do this? I already tried one tutorial, but it was old and was for Debian. I also installed ebox, but I couldnt figure that out either.
I have a requirement of switch between wireless network with a single wireless device. First it should be switched to adhoc mode and then after sometime switch to infrastructure mode to establish internet connection. Everything works fine except the gateway settings.
I have used: system("route add default gw x.x.x.x dev wlan0") to set the gateway, where x.x.x.x is gatewayip address. I have used this whenever switching happens in addition to ifconfig command to set the ip address and netmask. But this is not setting the gateway ip address. How to set gateway IP address?
System details below OS :CentoS 5.3 Kernel :2.6.18
I have just changed my gateway address,now I can access internet with my browser but unable to run add/remove software as it says no network connection available,system updates are not working as well. What should I do make these working?
Im trying to achieve the multiple uplinks/provider found on LARTC.org. I have to get the IP addresses from my interfaces (EF1 and EF2) by using a script, but i dont know where to look at for the default gateway from each interface which got their ip address from my ISP.
Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0 127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo 0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0 eth0
I need to change the static configuration, like I 169.254.0.0, I don't know how it got there also I want to delete 192.168.1.1 from a static gateway. How can I do this?
On my server I've a OpenVPN gateway and a DNS bind9 serveur At the moment, OpenVPN send opendns address to the clients and it works fine. I would like to use my DNS server for my clients to work with any DNS address. Here is OpenVPN config :
I don't really have a reason for this currently. I recognize all the MAC address on my DHCP client list and keep it rather well locked down. I was just wondering if there was something I could run on the terminal to get more information on a given MAC address on my network. Something kind of like whois for websites.
I would like to configure the eth0 manually. I can configure the ip address and sub-netmask but the system can't hold my gateway ip address (I added). It will keep it 0.0.0.0. I have no problem when I getting IP address from DHCP server.
I'm running Ubuntu 10.04 and my setup is as follows:
As you can see, I am directly connected to router 192.168.25.1, and so my ip address is 192.168.25.101. I want my ip address to be 192.168.13.101, and make router 192.168.13.1 my gateway router. Is this possible under the current physical layout (I do not want to have to connect directly into 192.168.13.1, but keep my computer where it is at)?
When I run tracepath, it shows 192.168.13.1 is one hop away.
What I've tried:
The problem is under this manual setup, I cannot ping 192.168.13.1 and running command netstat -rn returns the following:
I'm having really weird and frustrating DNS issues with my clients unable to properly resolve the server's ip address. They can resolve each other's, and outside systems, but not the server - at least, not correctly, and not all the time.
I have one Ubuntu server set up that does both DHCP and DNS serving to the Windows systems. The server has DNS forwarding turned on to forward to OpenDNS's servers (I've tried using my ISP's dns servers but the problem remains). The server is *not* set up as a firewall; I am actually using a DLink router for that, and the Dlink is *not* set up to serve up DHCP nor DNS.
What I am getting is that my clients - and there are nothing but Windows clients - will not resolve the name of the server. For example, if I do: ping linuxserver
I get back a false IP address of 192.168.0.64 (and I've seen once a 192.168.2.49).
If, however, I put a dot in there: ping linuxserver.
I get back the *correct* IP address of 192.168.0.2, and thereafter, ping'ng linuxserver without the dot will work. Until the dns cache expires, either naturally or with ipconfig /flushdns on the windows clients.
The client *are* getting valid dhcp leases and can resolve everything happy-happy, they just will not get the proper address of the server 100% of the time.
I need to set up a VPN between 2 clients but don't have the foggiest idea where to start. I have searched the internet in vain, I have yet to discover the steps I need to take.
I've been trying to setup an IPSec connection between two routers, but am having trouble with the actual packet routing.
My setup currently is two local networks (192.168.1.0/24[netLANA] and 192.168.0.0/24[netLANB]) that are connected to their own routers (192.168.1.1 and 192.168.0.1 respectively). The routers are both connected to the 194.26.1.0/24[netWAN] network. I wish to setup an IPSec connection between the two routers, to act in tunnel mode between the two local networks.
The first router is a linux box (on the netLANA network) that I am setting up using the ipsec-tools, and the other is a Netgear ProSafe FVS318G (on the netLANB). I've set them both up to have the same configuration for IPSec. Also, on the linux router I have setup a route like this:
Code: $ route add -net 192.168.1.0/24 wlan0
So that all traffic destined for the netLANB network will be routed to the wlan0 interface (netWAN in this case, and therefore over the tunnel).
My problem is that if I ping from any host on netLANA, I can see the ICMP reply comes back to the linux router, but it doesn't get back to the original host.
From the linux router, here is the tcpdump of the ping:
Code: $ tcpdump -n -S -i any 17:06:26.308353 IP 192.168.0.5 > 192.168.1.4: ICMP echo request, id 1036, seq 1, length 64 17:06:26.308780 IP 194.16.1.6 > 194.16.1.5: ESP(spi=0x0ea08914,seq=0x2f), length 116 17:06:26.316287 IP 194.16.1.5 > 194.16.1.6: ESP(spi=0x0be1036c,seq=0x2f), length 116 17:06:26.316287 IP 192.168.1.4 > 192.168.0.5: ICMP echo reply, id 1036, seq 1, length 64
i am pretty much brand new to ubuntu i have messed around with it a little and have gotten my apache2 server up and running what i have some questions on is
1. How can i give my server a actual address and not my ip address?
2. Is there any way i can put like forum software on part of it? if so how?
3. What is the best way to write web pages i know some html so thats how i was able to write what i have now just wondering what best way is
Im trying to setup dhcpd to put certain systems witch have mac address starting with 08:00:* in a certain ip class. How can this be done?So any system with mac address starting with 08:00 to get an ip from this range 192.168.12.2-192.168.12.99.
I have my firewall setup so that only specific subnets/IP addresses can access the system. My issue is that I have remote user/laptop who needs to access the system, but is constantly on a different subnet/dhcp IP address. Is there configuration for iptables where I can enter the mac address of the laptop to allow access to the system and not specify a subnet or IP address?
I have setup a second machine with slackware 13.37, it is a "supermicro" which I picked up though my work. the idea was to set it up as a gateway and gradually expand my knowledge of sub networking, iptables, forwarding and the like. after a couple nights of forum searching and "o'reilly" book reading I am still unable to get a proper route working thru the "supermicro" to our dsl router.
What is setup?: I will start from my main machine simply calling it slackbox slackbox: has two ethernet cards which i have given static ip's to eth0 192.168.2.16 and eth1 192.168.3.11 eth0 (192.168.2.16) is connected to a switch and then to our dsl router, it is working, I am using right now to work on this forum. eth1 (192.168.3.11) is connected to the "supermicro" thru a cross-over cable, it also is working, pinging the "supermicro" works. default gateway on slackbox is set to be 192.168.3.10 (the supermicro)
I only set slackbox's default as 192.168.3.10 when testing to see if the supermicro gateway will work supermicro: also has two ethernet cards which i have given static ip's to eth0 192.168.3.10 (this is the card with the cross-over cable connected) pinging 192.168.3.11 (the slackbox) works. eth1 192.168.2.24 is connected to our switch as well, it is working, pinging our dsl router works. default gateway on supermicro is set in rc.inet.conf to be 192.168.2.1 (which is our dsl router)
All my machines have two ethernet cards. This has just made it easy for me to test the setup while still having internet access on slackbox. Yet when testing the gateway from slackbox thru supermicro I am getting "Destination Host Unreachable".
now existing GW set on the server is 192.168.1.1, mail receive and send through ISP1. now we wish to set somethings that once the ISP1 line is down, the server will auto switch to ISP2 gateway and continue send and receive mail without manually change of settings
