Server :: Multiple Network Zone - Firewall Routing
Mar 29, 2010
We have a 10.0.0.x network with a working DNS Server (BIND) setup. Recently we purchased Watchguard firewall and configured three networks, so that our internal network can be divided into three networks and talk to each other through firewall routing. So I configured three ips 192.168.0.1,172.16.0.1 and 10.0.0.1 for local network card in the firewall router. I separated three networks and individually configured machines with static ip and given gateway as the above ips. Now, I need to configure DNS server for each zone in the same server which is in the network 10.0.0.x, is this possible?. If yes do I need to setup ip aliases for eth0 in the DNS server with different ips from each network?
I tryed to setup a second IP address with yast on a openSUSE 11.2 on eth0 as eth0:2nd but with a different firewall zone. But SUSE firewall just see eth0.
I want to define with services are available on with IP address. Also with custom rules I can't specify a destination IP.
So now can I do this with yast? Or have I todo this manually without SUSE firewall?
I have a work desktop plugged into the work network. As I opened my firewall settings I noticed that it is turned off. My question is how should I configure it? I saw that the interface isn't assigned to any zone... I should assign to internal zone and open some port that I need in order to work? There are some guidelines for configuring the firewall?
I have a DNS server with 3 zonesone is dynamic with an associated reverse and one is static Everything was fine until I added a single host in the staticzone then the server stopped resolving names in that zoneThe only way I could get it to work again was delete the whole zone and re enter the zone and hosts
My question is about DNS use of the $TTL directive. I realize the $TTL directive stands for TimeToLive, my question is why would you specify different TTLs in the zone file? I have a zone file with
$TTL 300 machine machine machine TTL 3600
[code]....
I'm not sure why you just wouldn't specify the same TTL for all systems or at least not have all the 300's grouped together and all 3600s grouped together. The file I'm looking at has about 12 different groups of 300 and 3600 TTLs.
I'm trying configure my server for routing between vlans, but I'm having troubles with my server after that vlans are set. I can create vlans and routing is OK, but when I trying remove a vlan, restart the network script or restart the server, the CLI freeze and then I can't do anything. Even Ctrl+C or Ctrl+Z isn't work. I can use other terminal or do other SSH connection (if the network interface used by ssh isn't crashed), but if I try use a ifconfig per example, crash again. The unique solution is restart the server. Nothing about this is found in the log.
I have recently setup a new mail server and have simulated sending and receiving on the new email server. The new email server will replace the primary one.I would like to setup the new email server in parallel with the existing one.This way i can observe issues that might occur and be aware of what could go wrong. I want to received mail to be delivered to both mail servers at the same time.I would like to use postfix, exim i find a bit to difficult to understand.I have thought of using transport maps, the only problem is that you can only forward mail to one server at a time using transport maps.I think recipient_bcc_maps and sender_bcc_maps could work, i would just like ideas of how i can do this.
I just installed (n this 11.2 system) vmware server (v 2.02), to have access to a few small systems. One of them is a 11.1 guest which I just upgraded to 11.3, successfully (almost).
I have a problem, though: from the host I can not ping/ssh the guest.
Guest to host works fine (including names).
Code:
The firewall is down on both sides. I don't see anything with iptraf in the guest. The IP addres of the guest is correct, unless I'm too tired to see.
I'm having problems with my route rule in Firewall, I have two links that are working, and set the firewall to use multiple links at once. What has happened is that when i look the IPs of the clients, (its have for default the route to Link 2), they are changing or losing the rule route for link 2 and have in Explorer the Link 1 in any site for show me ip address, then after some seconds back to normal. And the firewall is not configured to do routing load balancing. What can be? Exist some configuration of kernel to accept this configuration ? Like ip route source or anything ?
I suspect this is an initial configuration bug. All firewall logs seem to be going to all three files. That causes a lot of clutter in the log files, and makes it difficult to see whether there are any serious problems being logged.
Running Fedora 13 and have it working great acting as my firewall/router/samba server etc. The problem is the connection is shared by a fair number of us and the ISP is getting annoyed with the amount of torrent traffic. One of us has access to a wireless network and we'd like to figure out how to route some of the traffic through that without having to disconnect from the current network. I put a wireless card in the fedora box and can connect to the wireless but then it messes up the current network and pretty much nothing works.
At the least if I could run a torrent client (e.g. ktorrent or whatever) on the Linux box and have it download through the wireless card on tcp port XXXXX I would be happy. The torrent client and those tcp/udp ports can be dedicated to that wireless card, the rest of the network doesn't need to get involved if that makes things simpler. Not looking for a step by step tutorial, just an explanation of what needs to be done and a shove in the right direction. My experience is limited to single WAN connections up to this point.
I have a server machine that is running SUSE Linux Enterprise Server 11. I set up a mysql server there. Now I want to access this mysql server from my laptop. I used the following command,
> mysql -h 12.246.5.70 -u davidehs -p
I found if the firewall on the server machine is running, I can not connect the mysql server from my laptop. If I stop the firewall first, and the do the connection, I can access the mysql. how to keep the firewall running and allow the remote mysql incoming requests?
I have a server machine that is running SUSE Linux Enterprise Server 11. I set up a mysql server there. Now I want to access this mysql server from my laptop. I used the following command,
> mysql -h 12.246.5.70 -u davidehs -p
I found if the firewall on the server machine is running, I can not connect the mysql server from my laptop. If I stop the firewall first, and the do the connection, I can access the mysql. Do you guys have any idea how to keep the firewall running and allow the remote mysql incoming requests?
I have a block of 5 static ip's and 2 servers that push HTTP and other services. What is the best method of configuring/routing traffic to individual boxes on the network?
More detail: One of my static IP's is assigned to a dedicated box for an Ubuntu mirror. Another static IP is assigned to a server with all of the HTTP traffic.
Several configurations function to route traffic appropriately (forwarding proxy or 1-to-1 NAT). However, with 1-to-1 NAT, the box is left open to the world with only the software firewall. Do I really need to place a hardware firewall inline to EVERY server?
Or, what other methods of routing and firewall would you recommend?
This morning I was configuring a DNS server through Yast at home, I've done it once before (in another wireless lan)and it works perfectly. But this morning, after I clicked "start dns server now", everything freezed, and caps lock light on keyboard kept flashing. I rebooted laptop,it couldn't boot into run level-5 and there were few "skipped" items and "failed" items displayed.... Sorry I'm new to linux so I re-installed it this afternoon, and kept /home partition, formatted / partition.
Everything seems to be fine after re-installation, again I tried configuring a DNS server and clicked "start dns server now", but the same problem appeared, caps lock light kept flashing and I rebooted the laptop but fortunately this time it didn't fail on any items when booting
In Yast-Network Settings, I choose "use controlled with network manager", and I can connect to wireless router and browsing web, but there are no any interfaces shown in Yast-Firewall, and this time, after I clicked "start dns server now", nothing happens, dns server just won't start...
I have two networks. One of them is wired, the other is wireless. The wired has an internet connection and a few other computers connected to it. The wireless network has a few hosts connected to it too, but it has no internet connection. What I've been trying, fruitlessly, to do, is make all connections that are bound to the internet, or my wired network, be routed that way, and all the connections to the hosts of the wireless network go that way.
Here's the setup..
Wired:
192.168.1.0/24 Gateway = 192.168.1.1
Route internet through here
Wireless
192.168.2.0/24 Gateway = 192.168.2.1
If my computer sends a packet to the internet, it should be routed through 192.168.1.1 If I send a packet to one of the local hosts of the wireless network, it should be routed through 192.168.2.1. Here's the routing table I've set up(This is one of many configurations I've tried)
Code:
$ ip route show 192.168.2.1 dev wlan0 scope link 192.168.2.0/24 via 192.168.2.1 dev wlan0 src 192.168.2.4
[code]....
With this, and everything else, I get destination host unreachable when pinging. The strange thing is that, if I unplug my eth cable, reboot and connect to the wireless network, everything is fine and I can access the router and the others. I'm trying to improve my networking skills, as I've had this of setting up a small linux box as a router for quite some time, for the fun of it, but I need to get routing under control before I go ruin my network.
I am setting up my home network. Currently, I have one computer (Munchen) which I have set in my router to receive SSH requests. This works just fine; I can SSH into that box from anywhere. I just put together a new computer, which I want to be a file repository, my ftp server, my http server, etc. What I would like is to be able to SSH into that machine from anywhere, then SSH into the other computers on that network from there.
Here is where I really don't understand the concept of what is going on. I can SSH past the router into one computer just fine either from anywhere (that makes sense to me). I can SSH from my new computer (Chemnitz) into Munchen (which is where the router points to and is running sshd) by using its local IP address, but I can't go from Munchen to Chemnitz (even though the server is running and the firewall should be allowing the connection). [URL]
Details of the system setup are below. Munchen (receives all port 22 requests now) Ubuntu 10.04 Chemnitz (I want to receive all port 22 requests and SSH into other computers on the network from it. Ultimately it will be a file sharing box, hosting a webpage, running an ftp server, etc.) Fedora 14
I would like a basic firewall on my netbook and first attempted this by using firestarter as i have no experience in writing IPTABLES rules from first principle and to be honest the syntax looks horrific! the problem with firestarted is that when i selected WLAN0 to be the internet connected port everything worked fine until i connected to a VPN at which nothing would work (the only error i got was when pinging an IP address when i got sendmsg not permitted) my normal setup is this.... normally im connected via WLAN0 to the internet. but one one particular network i must activate the VPN to use anything, this creates another interface tun0. both wlan0 and tun0 will be assigned an ip address but only the tun0 will do anything (the wlan0 one is configured by the network to just allow traffic to the vpn gateway and nothing else) what i really need is some way of creating a basic firewall (drop all incomming except ports i specify) that lives on wlan0 unless tun0 is active in which case it moves to tun0
I have what will soon become a file server here running Mandriva 2009.1 and I need to set it up for use. There are 6 physical drives, sda-sdf. According to my fstab (pasted below), the OS is installed on sdb.. and for some reason I have a swap partition on sda and sdb. I had a horrible time getting a working installation, and that's probably leftover from a previous attempt.
Question 1: Can I simply edit my fstab to remove the swap on sda, effectively confining all system resources to sdb? The end result I want is all storage space over all drives accessible from a single mount point which can be accessed over the network.
Question 2: Once I sort out the weird fstab, what's the best way to go about setting this up? I imagine I need to format & partition the other drives (all but sdb).. but as far as organizing the free space, what's the best way? Is it possible to have multiple physical drives accessible from a single mount point? Or will the users have to use each drive separately? I was thinking I could create a directory on sdb (in /home?) to use as a root for the network share, and then automount the other 5 physical drives there. Does that make sense?
I'm wondering a couple of things about my LAMP stacks:
1) How do I get a list of all the network cards installed in a linux box? I've run this command and it shows 2 network cards which is probably all of them: Code: mii-tool -v
2) How can I check the percent utilization of a given network card? I.e., at any given time, what linux command will tell me the how much of a network card's bandwidth is being consumed? I've checked both ethtool and mii-tool and I don't really see any helpful stats.
3) How can I make sure that a linux box will optimally use both network cards? I'm a bit fuzzy on how IP addresses and network cards and hostnames work together.
We have a new Bussiness DSL line with 16 public addresses.What we want is to setup a DMZ to run some services and internet to the LAN. Here's a schematic of what we want:
Code:
Backup Internet Main Internet connection connection | | | | SDSL Modem BDSL Modem
I'm often on my corporate network but also need to be on another network simultaneously. At the moment I have to manually switch back and forth between the two. I'm using ubuntu 10.04. I've come across an excellent document that explains how to do this: "Linux Advanced Routing & Traffic Control HOWTO" by Bart Hubert. He mentions:
make sure that your kernel is compiled with the "IP: advanced router" and "IP: policy routing" features
I've downloaded the kernel sources, but I don't find any config options with names like these in them.
So my question is...how can I tell if the kernel I have has these config options. Failing that, how do I build a kernel that does support these things?
Additional use cases for this knowledge. (1) At work with desktop computer plugged into corporate network. Plug 3g phone into USB port. My corporate network wont allow me to access my external servers over ssh, but the 3g phone will. (2) At home on the corporate VPN, but would like to access my other local network computers.
Samba is working correctly if Susefirewall2 is off. I have added Samba client and Samba Services for extern access but samba is not working when firewall is now on. Which services should I also add ?
I will cut to the chase. I am running three ubuntu computers on my local network:my desktop which runs ethernet, and two laptops which run wireless on the same network, and all from the same router. For purpose of this thread, I am concentrating on this one issue with pulse(assuming its pulse doing this). When I have two computers running at the same time, or even all three, I can hear bursts of sound coming from the other computer, not all the time, but consistently. I don't know what is causing this. I've searched hi and low in all ubuntu pulse audio forums and those mentioning pulseaudio and I have not seen this issue posted anywhere. Most threads deal with issues of not being able to get pulse to recognise audio from one computer to the other...mine is just the opposite...I'M TRYING TO STOP THIS FROM HAPPENING!...... If I'm listening to my music on my desktop, I don't want to hear what my son is playing on his laptop...and vice versa. all the computers at my home are running lucid lynx, latest updates and latest approved kernel as of the date of this post. 2.6.32-26-generic.
I am wanting assistance with getting Zoneminder working under ubuntu 11.04.I have ran the install and setup the settings via http://ipaddress/zmadded the camera re instructions.I cannot view anything via Zone Minder.Cam is a Logitech Pro 5000
My routing table does not get complete for some reason. I'm using a Huawei E220 USB modem on openSUSE 11.3 using NetworkManager to connect.When I connect to the net the routing table looks like
Code: /home/freefox # route Kernel IP routing table
