Ubuntu Networking :: Public IP Vs Private IP For DHCP Server?
Feb 12, 2011
My Ubuntu server is now providing routing duties to my network, but I'm having trouble opening ports to my network. I have a DynDNS account, so the IP is always current, but I can't ping even my IP directly.
My network map looks like
Internet > SpeedTouch DSL modem with DHCP > eth1 > Ubuntu > eth0 > LAN
With the modem providing a 192.168.1.xx IP to eth1, I can browse fine. The default gateway is my modem. I switched to the public IP of the modem so I could use iptables for firewall duties, but I was locked out of the internet. No gateway was set when I did that, but eth1 received the public IP of my modem.
I'm trying to write a p2p file sharing program using python's built-in libraries. Everything is going well. The only thing is that i'd like to be able to use openssl public and private keys so only a host with the public key could access/decrypt the filesharing. I've gotten these libraries (httplib, basehttpserver, ssl, os) to work using just a pem file containing both the public and private keys but no success with them seperately. Can someone point me in the right direction or offer an alternative? PS, the goal of the project is to create an anonymous, decentralized, secure file sharing program. I want to be able to upload this to sourceforge so everyone can use it, if that's any incentive
After years with Linux and using ssh on a daily basis I have to admit I've never setup public/private key authentication and I've never run passwordless logon to ssh. It's not that I've never tried, I have - I've just never got it working. That to me is an almost alien concept as I am a tinkerer at heart and rarely stop until something is working the way I'd like it to. I get the principle of what's going on but I've always had a mental block about it.
I have a strange problem and I can't seem to find clear information on how to do this . I have 2 loadbalancer set up keepalived NAT mode with 2 interfaces each
We have to connect one PC in private network (campus) with other PC (mostly a modem in our case)in public network. Connection should be peer to peer like and we have to use C coding for establishing connection between this two systems. Is it possible if we use port forwarding or is there any other way?
My router is crap. If I use DHCP it sets all the computers DNS to itself and all DNS requests get cached in the router. It even starts to loose some DNS request if to many are made at once. On my windows PCs this isnt a problem I just set DNS to google's public DNS servers (8.8.8.8 & 8.8.4.4) and bypass my router and ISP alltogether but when i go to pref>network_connections i have to either set DHCP or manual, there is no option to set DHCP with custom DNS. I'm sure there must be a way to do this in terminal, can someone tell me how? I'm using ubuntu 10.10.
Currently my OS is Ubuntu 9.04 Jaunty Jackalope Desktop OS and my web server is Apache2. I have a public address 60.x.y.z and my pc local address is 10.x.y.z. I have a web app in my Apache2 which currently run in localhost(10.x.y.z).
I would like to enable the web app so that it could be browse from outside. I know there maybe some port forwarding process and some commands involved in order to do that. But I have no idea on the steps to do that.
So after tinkering for a while, I was able to configure ssh for private/public key authentication and disabled Password-Authentication. In the past I had some issues with people brute force trying passwords/usernames so I want to avoid this, but I need some form of secure FTP that now doesn't work due to the aforementioned setting.
I created a private/public pair. I put the public on github.But I can never push to github.Every time, it says public denied. In order to push, I need to do this:eval ssh-agentssh-add ~/.ssh/github_dsaThis is driving me nuts that I have to do this every time. So, I just put it in my ~/.bashrc file. I feel like that's a hack. Is this normal?
I have a class in which a have declared a private variable "time". In one of the public functions, I am returning the value of "time" (either directly by using "return time;" or by something similar to "x=time; return x;" but I keep getting a compiling error saying that "time" is not declared in this scope.
Most of our machines have public facing and backend mgmt private nics(ie: 192 or 172 networks). I wrote a rule that matches source ip(our monitor on a 192 network) on udp 161 accept. I want to prevent listening on that port on the public. Is the source rule sufficient or should I match the interface and then source? I know there a many ways to do this. I need to verify from the public network with a port scanner?
I'm trying to set up my laptop to ssh into my home server, but I'm trying to find how to generate the public/private keys. I was able to do it in Slack 12.2 by just running ssh-keygen, but that command is not in 13.x.
I installed OpenSSH via tasksel and am using Webmin for administration. I'd like to be able to SSH externally and want to setup the necessary public/private keys to use in FileZilla. In Webmin, under Servers > SSH Server I can click 'Host Keys' and see an RSA key. Is this the public or private key for my server? Do I need to copy this into a text file to import it into FileZilla on my remote PC (that I want to connect from)? Is that all that needs to be done (aside from opening the port on my router/firewall)? Or, is there an automated way to set this up via Webmin?
At the moment we have one SSH server with the private key being on a usb flash drive, and the public key being on the server in authorized_keys2. Now that three more servers are coming online, should we generate new keys, so we have muliple private and public keys (one pair for each server), or use the same two keys to access all the servers
i am totally new to Opensuse and to filezilla. I formerly used winscp - a windows-client for ssh.now i have a linux box and want to connect to the server via ssh ing filezilla.Can i use the same keys as i used in WinSCP - where should i store them and the third question.I read something about a certain so called certificate-file that has to be created!?
Another question though...i have a fedora 12 server set up and i have created 3 sudo users. I have created 3 putty keys (public and private) using putty key gen and basedn my research i was told to put the public keys in /home/"user"/.ssh/authorized_keys .I did that but when i tried to log on using the key...the server is saying "server refused key" could anyone assist in this issue
I have one doubt that is how can we actually connect a system in private network with the system in a public network using IP address. I have one system in private network (in my campus) I need to connect it with the system on public network (home) using IP address and communicate with each other. How can I do it or is there any other way of connecting these two systems more easily?
In my ~/.ssh I have a number of public keys and one private key (id_rsa). How can I verify which one makes a pair with the private one.Or, can one generate the public one from the private key (in reasonable time)?
I configured ssh on one of my servers to require public/private key authentication and deny access to login requests not using a public/private key. Now I need to unconfigure that,but I can't remember how I did it. I've looked through ssh_config and sshd_config, and nothing rings a bell. Googling only tells me how to enable public/private key authentication, not how to require it or stop requiring it.
My ISP has for a long time had a broken forward/reverese DNS so that my ADSL connection with static IP address resolves to a completely different IP address on a reverse query. This has not been a problem until I upgraded a remote server from 10.3 to 11.3 last weekend and now ssh connections from my ADSL connection to it using public/private keys are being rejected with the following message in /var/log/messages (IP addresses changed): Aug 10 12:00:32 penguin1 sshd[1270]: Address 83.175.246.243 maps to 83-175-246-243.static.dsl.aupex.com, but this does not map back to the address - Possible Break in Attempt!
But if I log in interactively with username & password, the connection succeeds. I've changed the StrictModes setting in sshd_config to 'no' but this hasn't resolved the problem. Obviously something in 11.3 is being stricter about this IP mismatch than it was in 10.2 (and no, the server is not using a firewall). There must be something I can change to make sshd more permissive? I've tried before to get my ISP to fix their problem but no luck. This needs to be sorted as a server at my home (which does not run SuSE) retrieves backups from the remote OpenSuSE 11.3 server every night using scp and these are now failing.
My calling application will accept only strings and interger. we are replacing RSA bsafe library to openssl. using RSA bsafe, we have generated the private and public key in BER format. Then convert the keys, BER format into ASCII format to send the calling function. (these everything done by using RSA supplied bsafe library) same way i have to right using openssl..i m now able convert the RSA public and private key into DER format
Back in April I set up a Ubuntu DHCP server and a multiple VLAN network [URL] to migrate our various servers, workstations, etc off the 192.168.1.1 /24 network that everything was on because we where running out of address space. I built out the new network and everything worked great except our AD server would never get an IP address from the DHCP server (static reservation) and even if I set the IP statically on the AD server it couldn't ping the gateway and noone could log in. After several attempts to resolve this, including bringing in outside help, we where never able to figure out what the problem was.
Now 6 months later I have time to revisit the issue without effecting the live network. I used Acronis and imaged the AD server last Friday, cloned it on to another box with the same hardware, and put it up on the new network that's been sitting unused for the last 6 months. Today when I statically set the IP on the AD server (which is what I want) it connects and I can ping it's gateway 192.168.1.1 and all the way across vlans to a test sales agent workstation at 192.168.8.xxx on vlan 800 but only if I statically assign the agents station an IP address. When I try to get an IP address via DHCP it fails as destination unreachable. Nothing has changed in the last 6 months on the DHCP server but now it for some reason can't ping its default gateway 192.168.1.1. All of the config files are the same as they where left from the post linked above aside from the vlan id's used where changed from 1's to 100's (i.e. vlan 3 is now vlan 300) /etc/network/interfaces
Code:
auto lo iface lo inet loopback auto vlan100 iface vlan100 inet static
[code]....
why it can't reach the gateway, when I do a tcpdump I can see the DHCP requests come in on eth0 but the server never responds and I'm pretty sure its because it isn't "seeing" them since it thinks there isn't a network connection but I don't know how to trouble shoot to find out where the problem lies.
Back in April I set up a Ubuntu DHCP server and a multiple VLAN network [URL] to migrate our various servers, workstations, etc off the 192.168.1.1 /24 network that everything was on because we where running out of address space. I built out the new network and everything worked great except our AD server would never get an IP address from the DHCP server (static reservation) and even if I set the IP statically on the AD server it couldn't ping the gateway and noone could log in. After several attempts to resolve this, including bringing in outside help, we where never able to figure out what the problem was.
Now 6 months later I have time to revisit the issue without effecting the live network. I used Acronis and imaged the AD server last Friday, cloned it on to another box with the same hardware, and put it up on the new network that's been sitting unused for the last 6 months. Today when I statically set the IP on the AD server (which is what I want) it connects and I can ping it's gateway 192.168.1.1 and all the way across vlans to a test sales agent workstation at 192.168.8.xxx on vlan 800 but only if I statically assign the agents station an IP address.
When I try to get an IP address via DHCP it fails as destination unreachable. Nothing has changed in the last 6 months on the DHCP server but now it for some reason can't ping its default gateway 192.168.1.1. All of the config files are the same as they where left from the post linked above aside from the vlan id's used where changed from 1's to 100's (i.e. vlan 3 is now vlan 300) /etc/network/interfaces
Code:
auto lo iface lo inet loopback auto vlan100
[code]....
why it can't reach the gateway, when I do a tcpdump I can see the DHCP requests come in on eth0 but the server never responds and I'm pretty sure its because it isn't "seeing" them since it thinks there isn't a network connection but I don't know how to trouble shoot to find out where the problem lies.
Currently I have my eth0 interface getting a DHCP address but at times the DHCP server will not be reachable. Sooo what I would like my server to do is if it cannot find a DHCP server assign a static address to eth0. Then start the DHCP service so it can then dish out some addresses.How can I do this? Surely it is possible
I am puzzled with trying to configure a linux (openSUSE) client to dhcp to eBox DHCP server. I am using dhclient to lease an IP address with dhclient eth0 -s 10.45.48.108 and get a response
openSUSE11232CL1 dhclient: DHCPDISCOVER on eth0 to 10.45.48.108 port 67 interval 4 openSUSE11232CL1 dhclient: DHCPOFFER from 10.45.48.108 openSUSE11232CL1 dhclient: DHCPREQUEST on eth0 to 10.45.48.108 port 67 openSUSE11232CL1 dhclient: send_packet: Network is unreachable openSUSE11232CL1 dhclient: send_packet: please consult README file regarding broadcast address.
The server reports eBox141 dhcpd: DHCPDISCOVER from 00:0c:29:3e:57:a3 (openSUSE11232CL1.domain.net) via eth0 eBox141 dhcpd: DHCPOFFER on 10.45.200.2 to 00:0c:29:3e:57:a3 (openSUSE11232CL1.domain.net) via eth0
I interpret this as the server receives the request and the client accepting it but the lease does not last long and the connection breaks. what this could be and why the connection breaks? Or my undestanding is totally wrong on how it works and should work? And BTW, where is that README file that's referenced in the message I receive on the client?
I'm currently successfully using the Terminal Server Client to connect to an SBS 2003 server at a remote location. I've been trying to figure out if it's possible to connect to any of the XP machines on the LAN behind it. I currently have to use RWW in IE on a VirtualBox XP machine to do that, and I'd love to be able to get rid of VirtualBox completely.
The server has 2 NICs, one connected to the internet, and the other connected to the LAN. There is only one public IP. The computer I'd most like to connect to has a static, private IP. Anybody done anything like this or have any thoughts on how to get it to work?
I run a server that is connected to several other boxes in a private network (192.168.0.0). I have had no problems previously, but upon a reinstall of Debian squeeze I have no connectivity to the private network: a ping of other addresses on that network fail. Ping and connection to outside world is fine. This box is configured similarly to another on this private network which connects successfully. I have quadruple-checked all my basic information. I post my ifconfig below of the malfunctioning device, then the ifconfig for equivalent nic on a box connected succesfully to the private network.
Questions:
1.Could it be a cable problem? (I don't see how since the cables have not been changed I do not believe since my reinstallation).
2. What about the difference in the last lines of eth1 below and eth2 of the successful box. Is it significant that the bad eth1 reads Memory:fc3a0000-fc3c0000
