Server :: Send Traffic Down WAN Link Depending On Client IP Address Range?
Apr 15, 2011
I am running Debian Squeeze with the following basic services running:DNS
DHCP
Samba
Squid
The server is setup with three NICs: eth0 (WAN1), eth1 (WAN2), and eth2 (LAN).The server addresses clients with an IP range of 10.0.30.1 - 10.0.30.254. Some clients will be set with reservations so they fall into the 10.0.40.1 - 254 range.
What I want to do is have any outgoing external traffic coming from the first range (10.0.30.0) to use WAN link 1, and any outgoing external traffic coming from the second range (10.0.40.0) to use WAN link 2.
I have sort of got something working. I have created a bare minimum transparent squid3 setup on port 3128, and set the iptables as follows:
Code:
iptables -t nat -A PREROUTING -i eth2 -p tcp -m tcp --dport 80 -j DNAT --to-destination 10.0.0.1:3128
iptables -t nat -A PREROUTING -i eth0 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128
iptables -t nat -A PREROUTING -i eth1 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128
I can get internet access, however obviously it only goes through one WAN link. It also seems slower than it should be. I experimented with tcp_outgoing_address, but seemed to not be my friend.
View 4 Replies
ADVERTISEMENT
Jun 23, 2009
get me understand the short range and the long range links from routing (and routing protocols') point of view.
View 6 Replies
View Related
Apr 27, 2010
I would like to set a double range of IP address with my DHCP3-server. Now, I have eth0 (which is my only network card) with this IP address : 172.16.93.1 and I have created a second interface eth0:1 with this address: 192.168.3.1. The goal is to give an IP address 172.16.93.X to phones (with option 66) and the IP address 192.168.3.X to the computers.
This is my DHCPD.conf :
ddns-update-style none;
option domain-name "mycompany.com";
option domain-name-servers 172.16.93.1;
default-lease-time 3600;
max-lease-time 2347200;
authoritative;
log-facility local7;
option ip-forwarding off;
default-lease-time 20;
max-lease-time 20; .....
Right now my DHCP server work fine, (I means, no error at the startup ) but the server give always the same kind of IP address, whatever if it's a phone or a computer. I notice something "wired", if I put the :
subnet 192.168.3.0 netmask 255.255.255.0 {
range 192.168.3.100 192.168.3.199;
option routers 192.168.3.254; }
(Which is first in the dhcpd.conf) after the "subnet 172.16.93.0 netmask 255.255.255.0", the server will give IP address 172.16.93.X at all the clients. Is it possible to give more than one IP range with one network card at the same time? And how set the option 66 to only give IP address (172.16.93.X) to the phones?
View 4 Replies
View Related
May 12, 2011
I am working on implementing a protocol on NS2.34 .I really need help to solve this problem . Actually , I don't now whether the problem is generated by the tcl code or the c++ code when I run the simulation, I get this result :
Code:
num_nodes is set 64
INITIALIZE THE LIST xListHead
34
45
channel.cc:sendUp - Calc highestAntennaZ_ and distCST_
highestAntennaZ_ = 1.5, distCST_ = 550.0
SORTING LISTS ...DONE!
code....
View 1 Replies
View Related
Aug 16, 2011
I was looking for live link to download ubuntu mobile but unfortunately I don't find anything... Can someone send me a link for download and a link with the installation instructions ?? All the links that I found are dead.
View 9 Replies
View Related
Sep 27, 2009
Recently I notice that when I'm connected to an vpn server (pptpd) and I'm using it as a default gateway my download and upload speed decreases almost to the half of the usual speed. I made a test using iptables in order to count how much GRE packets are generated (except the real traffic itself) in that way:
Code:
iptables -I INPUT -p gre -j ACCEPT
iptables -I OUTPUT -p gre -j ACCEPT
iptables -I FORWARD -s 172.16.10.101 -j ACCEPT
iptables -I FORWARD -d 172.16.10.101 -j ACCEPT
The first 2 rules match all GRE packets between the pptpd server and client, and the next rules - the traffic between the server and the client.
When I turn the counters to zero and begin to generate traffic (to browse, to download etc.) I see that the GRE packets are even more than these in the FORWARD chain.
So, my question is first of all is my test correct and is it true that so much gre traffic is being generated during the browsing (it becames clear that the traffic is double than if the pptpd wasn't used as a gateway) and if yes - can that traffic be reduced?
View 3 Replies
View Related
May 7, 2010
Is it possible for a client to "export" or "send" it's /dev/cdrom0 to a server via SSH? I have managed to st up a connection with Xserver so I can see the servers gnome interface in my ubuntu client.
View 9 Replies
View Related
May 5, 2010
I've come across a strange issue where any email address that I email with mail returns an error "Bad Address"
Fairly new Centos 5.4 Install, sendmail is the MTA.
Linux 2.6.18-164.el5 #1 SMP Thu Sep 3 03:28:30 EDT 2009 x86_64 x86_64 x86_64 GNU/Linux
DNS is working fine so there isn't a problem.
[root@hn1 /]# host -t mx iol.co.za
iol.co.za mail is handled by 10 mg1.iol.co.za.
iol.co.za mail is handled by 10 mg2.iol.co.za.
iol.co.za mail is handled by 30 vulpix.iol.co.za.
Yet when I try to use mail it fails:
[root@hn1 /]# which mail
/bin/mail
[root@hn1 /]# ls -lrth /bin/mail
-rwxr-xr-x 1 root mail 83K Jan 7 2007 /bin/mail
[root@hn1 /]# mail -s "test" bob@mydomain.co.za
Bad address
Nothing in the maillog.
View 1 Replies
View Related
Feb 16, 2011
If you have a proxy and receive/send data from/to both the client and the server,is there a way to test what part has data to send(client or server) ?
View 1 Replies
View Related
Jan 1, 2011
With Azureus/Vuze, can we set an upload/download rate limit depending on the time of day?
If not, do you know a torrent client allowing this? Client must be available on Linux.
I learned that you can install plugins for Azureus/Vuze. There is one about scheduling. I've tried to install it but I got a NullPointerException.
View 3 Replies
View Related
Feb 18, 2010
I added an init script numbered just before bind9 starts, which needs to see the ipv6 link-local address on eth0. Sometimes this address is not configured, yet. In all cases it eventually is configured.
I am unable to find any script that is configuring the ipv6 link-local address (which is in part based on the MAC address). Does anyone know if there is some script or program that is supposed to be doing this, or is it an internal kernel function?
One workaround I am considering is making this init script go into a loop around sleep 1 to keep checking for the ipv6 address. But I'm concerned this might cause some problems. Any suggestions? I don't want to let it move on to start bind9 until the configuration this script does (more ipv6 addresses) is done.
This is on Ubuntu 9.10 server (for which there is not a prefix choice).
View 6 Replies
View Related
Aug 2, 2011
I need to know how to send message (or execute script ) when the linux machine shutdown or reboot stage.
Actually I want to start a backup linux machine when main server shutdown or Reboot.
simply, how we can run script while init 0 OR init 6 command
View 3 Replies
View Related
Mar 4, 2010
i have a small issue, to make our network more secure, i now require outgoing email to require authentication. Now the problem..i have a automated mailer that does not have the option to authenticate. is there a way to allow a certain email address or the local network to send out without authentication? If i cannot do this for a single email user to allow them through with authentication, how would i remove the authentication paramaters in the postfix smtp..
View 2 Replies
View Related
Feb 13, 2010
I want to configure a VPN over the Internet.I installed the 'openvpn' package, generated the key file, transfered it by a secure way to the client, and setted up the configuration file.
So, in that configuration file I input the IP addresses of the tunneled interfaces. Both IPs are static in the tunnel.
Then, I've heard somewhere that I can assign a dynamic configuration IP for the client. I do this registering a range.
Well, when I tried to change static IP to dynamic IP (changing '192.168.0.2' to '192.168.0.0/24') in the configuration file, the OpenVPN didn't work.
Obviously I don't know what I'm doing, and I really, don't believe that simply changing the IP will make it work, but I tried.
I hope I explained my problem as well.
My configuration file:
# OpenVPN Server Configuration File
dev tun 0
ifconfig 192.168.0.1 192.168.0.2
cd /etc/openvpn
secret key_file
In client I execute the 'openvpn' without the '--daemon' parameter.Then I want that my client uses a IP in a range (192.168.0.0/24, for example), instead of a static IP (192.168.0.2).I also thought to use a DHCP server, but I'm not sure that will work.
View 6 Replies
View Related
May 18, 2010
I have installed a working DNS server on my home network. I have an unique server, devoted to dns, gateway, storage which runs opensuse 11.0 (I known that it is rather old). Two new clients require DHCP. I have installed, using yast, a very simple DHCP server, according to the following config:
option domain-name "XXX.XXX";
option domain-name-servers 192.168.0.1;
option routers 192.168.0.1;
[code]...
(I have tried to add "ddns-update-style none", and to remove the ntp-servers option, since my server is not a time server, without success). Unfortunately, even if the client (a mac running OSX 10.4) receives a right IP and gateway address, it displays neither dns server address nor default domain name. The same mac, on my office network (not managed by me), receives everything.
View 5 Replies
View Related
Oct 15, 2010
I'm troubling setting up my dhcp3-server.Although I've configured "option domain-name-servers 192.168.1.1" in my dhcpd.conf my windows-xp-clients dns-server address is set to 192.186.1.1.This is strange! All other things seem to work correctly.This is my dhcpd.conf:
Code:
ddns-updates on;
ddns-update-style interim;
[code].....
View 3 Replies
View Related
Sep 20, 2010
I got to establish an OpenVPN connection between two server and I have dhcpd on the client server which feeds a few SIP phones. All these phones are supposed to the register server through the tunnel.Here is the network structure:
Client CentOS:
eth0: 192.168.0.0/24
eth1:192.168.100.0/24
tun0:172.15.0.0/24
DHCPD: feeding above eth1 and all the phones with 192.168.100.0/24
If I ping 172.15.0.1 from the the Client CentOS it works all fine. Everything pings and I can even do SSH. However, the phones which obtain their ip through eth1 on the same server can not reach the 172.15.0.1. I think it's a route issue here. Can you please guide me to the right direction as to how to forward certain traffic through tun0 and leave the rest of the traffic to go through eth0?
I don't want to turn on IPTABLES as this is time consuming for me now and there is VPN setup. It has to do with setting up the routing but I am not sure.
View 4 Replies
View Related
Jun 1, 2011
I have set up postfix and dovecot as per the Ubuntu anual and appear to have a functioning mail server.Using the sendmail command I can send mail and I receive mail in ~/Maildir. Using Thunderbird I can read any mails received but I can't send any mail from Thunderbird. I have tried with both STARTTLS and SSL/TLS and whilst I get the prompt for a password I keep getting the message my password for my server is wrong.I have ports 25, 465, 587 and 993. Is that all the right ports?When I ping my domain name it resolves to my router name whereas I believe it should resolve to my IP. Could there be a problem with my host file? I've had a play but to no avail.Here's the error in mail.log.
Code:
westwood@westwood-desktop:/etc$ tailf /var/log/mail.log
Jun 1 19:00:33 westwood-desktop postfix/smtpd[2376]: warning: localhost.localdomain[127.0.0.1]: SASL LOGIN
[code]....
View 2 Replies
View Related
Jan 13, 2010
im trying to send pages of 4096 bytes from kernel layer of server to kernel layer of client over a network. previously i tried the foll. code , for data less than a 100 bytes it worked fine , but for something larger than that the computer hangs......(even the dmesg's wont say why) i also wanted to know how we could use the 'sendpage' function to solve this problem.
Code:
CLIENT'S KERNEL MODULE
struct iovec iov;
char buf[1024];
[code].....
View 1 Replies
View Related
Jul 1, 2010
is there a way to allow unsubscribed email address to send emails to mailman list without having to manually set a filter for that email address?
View 1 Replies
View Related
Dec 31, 2010
I'm assuming that the following should block the complete 178.123.xxx.xxx address range.
Code:
iptables -I INPUT -s 178.123.0.0/24 -j DROP
Then I believe that I need to save this change.
Code:
service iptables save
iptables: Saving firewall rules to /etc/sysconfig/iptables:[ OK ]
However, I'm not so sure that it is actually working based on the fact that there continues to be access to my wiki from that address range. The following is after I made the firewall change.
Quote:
178.123.177.61 - - [31/Dec/2010:04:24:40 -0500] "GET /mywiki/Opera%20Web%20Browser?action=edit&editor=text HTTP/1.1" 200 6346 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
code....
Let me state that I'm new at this iptables thing. I did some reading and decided that I need to make the above change to the firewall but it doesn't seem to make a difference.
View 12 Replies
View Related
Mar 30, 2009
I am setting up a iptables firewall on one of our servers, and I would like to block a range of addresses from getting into the system. I am using a script that does a BLACKIN and BLACKOUT methodology for specific addresses. One example is the following:
Code:
$IPTABLES -A BLACKIN -s 202.109.114.147 -j DROP
...
$IPTABLES -A BLACKOUT -d 202.109.114.117 -j DROP
What would be the correct syntax to use if I wanted to block an entire remote subnet from getting into the server?
View 4 Replies
View Related
Oct 15, 2009
While I was tweaking 5.3 to get it up to speed on a couple of servers, I used to make some use of IRC 9#centos). Haven't looked at it for a while. Decided to fire it up again tonite, only to find things...have changed. Now there is seems to be 2 channels: #centos and #centos-unregistered. I *was* already registered with nickserv, but that didn't seem to work anymore. Re-registered, but am still seeing no traffic at all. My irc client (chatzilla) suggests there are lots of users 'online', but still - not seeing any traffic at all.
View 5 Replies
View Related
Jun 9, 2011
I use a server with 3 nics,
eth0 192.168.2.100 (internal Web, Mail)
eth1 192.168.3.100 (Default Gateway nic for clients)
eth2 192.168.3.110 (should be default Gateway for all outgoing traffic not belonging to 192.168.2.100 and 192.168.3.100)
They are all on the same machine
i cannot set eth1 or eth2 as default gateway, as outside requests to eth0 would be handled in a false manner (somehow)
is there an easy iptables-rule to say, that outgoing traffic, not belonging to my networks can be redirected to a specific NIC (eth2)?
View 3 Replies
View Related
Mar 30, 2010
I use F12 and I need help with correct syntax to specify range of IP address in hosts.allow or hosts.deny or in /etc/exports file eg. 192.168.1.100 to 192.168.1.255.
View 13 Replies
View Related
Feb 24, 2010
I need to create two Access Control Lists for my networks using SQUID proxy. The ip address range from 165.165.42.10 to 165.165.42.50 for one network and from 165.165.42.60 to 165.165.42.90 for another network. How can I make it?
View 2 Replies
View Related
May 18, 2010
Can someone recommend software that can be used to map the geographic location of a given ip address range?
View 1 Replies
View Related
Apr 11, 2011
I have dhcp3-server (isc-dhcp-server) installed on my Debian and now I got a question about how it's giving the IP addresses to new devices.
For example: I connected my laptop and dhcp server gave me 192.168.1.5 address. Will it always give me the same ip address when I connect my laptop or it will eventually change after some time (week-month)? If it's not changing it, then I am wrong about this.
BUT...If I am somehow correct and if it will change in a week and give me another random (like 192.168.1.8) IP even I won't change my laptop network adapter, is it possible to configure dhcp server to always give same IP address depending on what MAC it is?
To make it clear, I want that when I connect new device (new laptop/pc) dhcp server would give it random IP but same time it would note the MAC address and never change the IP on that MAC.
I know about MAC filters, but setting filters is when you know MAC address since beginning and want to assign IP for it, but in my situation I don't know the MAC address.
View 4 Replies
View Related
Mar 15, 2011
I wanted to tell my server to block all traffic but US only traffic. So i followed this guide:[URL].. Now I know, it's the best way to help prevent hackers/crackers (doesn't matter to me what they are called. I just have to stop them). My server only deals with US clients anyways so might as well just start right there for my server's security before getting into the brute force and injection preventions. So I got it all done compiled everything moved to the proper directory. I then started to setup my iptables. Like so
Code: iptables -F INPUT
iptables -F OUTPUT
iptables -I INPUT 1 -s *.*.*.* -p tcp --dport 22 -j ACCEPT
iptables -I INPUT 2 -s *.*.*.* -p tcp -j ACCEPT
[Code]...
After seeing that i went digging in the code and figured it was something todo with memory allocation.
View 1 Replies
View Related
Mar 25, 2010
I am puzzled with trying to configure a linux (openSUSE) client to dhcp to eBox DHCP server. I am using dhclient to lease an IP address with dhclient eth0 -s 10.45.48.108 and get a response
openSUSE11232CL1 dhclient: DHCPDISCOVER on eth0 to 10.45.48.108 port 67 interval 4
openSUSE11232CL1 dhclient: DHCPOFFER from 10.45.48.108
openSUSE11232CL1 dhclient: DHCPREQUEST on eth0 to 10.45.48.108 port 67
openSUSE11232CL1 dhclient: send_packet: Network is unreachable
openSUSE11232CL1 dhclient: send_packet: please consult README file regarding broadcast address.
The server reports eBox141 dhcpd: DHCPDISCOVER from 00:0c:29:3e:57:a3 (openSUSE11232CL1.domain.net) via eth0
eBox141 dhcpd: DHCPOFFER on 10.45.200.2 to 00:0c:29:3e:57:a3 (openSUSE11232CL1.domain.net) via eth0
I interpret this as the server receives the request and the client accepting it but the lease does not last long and the connection breaks. what this could be and why the connection breaks? Or my undestanding is totally wrong on how it works and should work? And BTW, where is that README file that's referenced in the message I receive on the client?
View 2 Replies
View Related
