Seems like this should be a simple question, but I've looked around and have not found an obvious location to keep custom policy based routing rules in Ubuntu./etc/network/if-up.d comes to mind, but I was wondering is that was a "standard" spot. Also it doesn't seem like these rules really need to run each time an interface is up'ed or down'ed.
View 4 RepliesI'm trying to configure Iptables and I just want to block everything but http/https. However, my connection is pppoe, so I have the ppp0 interface. Pretty much every Iptables tutorial that I found don't teach how to deal with this kind of setup. I'm forwarding the ppp0 to eth0 and I could configure the input rules and they're working. After this, I need to configure the output but nothing seems to work.
The current working rules are:
Code:
Chain INPUT (policy ACCEPT 7858 packets, 5792K bytes)
pkts bytes target prot opt in out source destination
299 201K ACCEPT all -- any any anywhere anywhere state RELATED,ESTABLISHED
0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:www
0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:https
11 820 DROP all -- any any anywhere anywhere
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- eth0 ppp0 anywhere anywhere
0 0 ACCEPT all -- ppp0 eth0 anywhere anywhere state RELATED,ESTABLISHED
Chain OUTPUT (policy ACCEPT 10791 packets, 1951K bytes)
pkts bytes target prot opt in out source destination
I don't understand what those "state RELATED,ESTABLISHED" rules do. Also, I don't know if this rules are secure, because i'm very confused about the ppp0/eth0 interfaces.
This one has been driving me nuts for some days now:My Gentoo box which is acting as an internet gateway has two point-to-point interfaces, ppp0 (PPPoE to my ISP) and ppp1 (PPTP VPN link to IPREDator). Packets from my local network are just routed through ppp0 and now the fun part starts: I want to MARK (netfilter...) all packets originating from one specific user on that box in order to use another routing table that will contain a default route via the ppp1 interface.Marking seems to work fine as does the second routing table. But quite mysteriously (at least for me), the packets sent out on ppp1 contain the wrong source IP address, namely the address associated with ppp0.So here is what ifconfig and friends tell me:Network interfaces:
Code:
# ifconfig ppp0
ppp0 Protokoll:Punkt-zu-Punkt Verbindung
[code]...
I have 3 gateways in my office. I want to redirect all web traffic (port 80 and 443) through one gateway and ssh connections through other one. All machines have single network interface. For this what I did is created an ip alias et0:1 and assigned ip to it. Then wrote an ip route rule to route packets from eth0:1's ip to other gateway. All other traffic will go through default gateway. But here I am not sure how I can make web browser to use eth0:1's ip. It's using eth0 's ip. I wrote a ip table rule to change source ip of http packets to et0:1's ip. But rule is on POSTROUTING chain. So I think it's happening after routing.
View 4 Replies View RelatedI have problem with port based routing for local traffic. I can't use trick with iptables -t mangle, ip route table 1, ip rule fwmark table 1 because it works only with forwarded packets. I can't even use patch-o-matic because it's obsolete. And xtables-addons doesn't contain support for "-j ROUTE" yet.
View 2 Replies View RelatedI'm having trouble to configure my debian (2.6.26-2-686) with some routing tuning. In fact, I have a VPN provider. I want my Squid Proxy use this VPN provider and I have to use policy routing because my ISP forbid IP spoofing.
View 2 Replies View Relatedwrote a network emulator program in c programming. It can run for ubuntu terminal with good performance.But i have to make it for web-based user configuration. So i had setup apache web server and write this program in cgi script and try to execute this program from web page.This program must be run in root privilege($sudo -s) and add the iptables rules such as (#iptables -A OUTPUT -j QUEUE). So my question is how to add iptables rules in my cgi scripts? How to set the superuser(root privilege) permission to access my program through web server?
View 2 Replies View RelatedAfter a system update a couple of days back - which as far as I can remember included some xorg packages - neither of the policy files I have written for my keyboard, synaptics touchpad and mouse work.Below are the files and the Xorg log file.
99-x11-keyboard.fdi
<?xml version="1.0" encoding="UTF-8"?>
<deviceinfo version="0.2">
[code]...
I have a firewall, this consists of three NIC's:
Code: eth0[192.168.0.2] eth1[192.168.1.2] and eth2[10.10.165.2]
I am trying to ping eth0 from eth2, but I am not able to succesfully get a response from pinging the device, I am using:
Code: ping 192.168.0.2 -I eth2
I have tried to insert routing data into the routing table, but it still doesn't work
I've created live squeeze usb-hdd and if I boot first time the udev system writes the MAC address of the network interfaces into /etc/udev/rules.d/70-persistent-net.rules.Because I use full persistence, the file is there on the next boot and I don't get network running automatically on other computers. My problem is, howto remove 70-persistent-net.rules every time during the startup?
View 5 Replies View RelatedI have 2 live IP based Linux systems .
[Code]...
Both systems connected in same LAN based network . Both WAN live ips are connected through different modems. Problem is that , no system is able to ping or connect with other system with Live ip , though they are able to connect through LAN ip and both systes are accessable and also able to browse internet (google etc..) Ping error :-- Destination Host Unreachable.
I need to create filename 70-android.rules in the directory /etc/udev/rules.d/I have Adm privileges in my user account properties, but when I use sudo to create this file the Ubuntu OS does not allow me the privilege... I am running Ubuntu 10.04 LTS and here's the Terminal output below:daddy@gatomon-laptop:/etc/udev/rules.d$ sudo cat > 70-android.rulesbash: 70-android.rules: Permission denieddaddy@gatomon-laptop:/etc/udev$ ls -ltotal 8drwxr-xr-x 2 root root 4096 2011-03-16 18:03 rules.d-rw-r--r-- 1 root root 218 2010-04-19 04:30 udev.conf
View 2 Replies View RelatedWhen I reboot my computer, my iptables sets itself to a policy of dropping everything, adds a bunch of rules, and a bunch of extra chains, to the effect that (due to everything being set to drop) I can't do anything. I know how to fix this from the terminal to the extent of just clearing most of it and changing the policies back. However, what I don't know is how to make it stay that way. I have a file with the iptables rules I want, so every time I start up I just run iptables-restore, but I don't want to have to do this every time, particularly since others use this computer who do not have admin privileges.
I've tried changing /etc/network/interfaces with the added code pre-up iptables-restore < (etc) But that never does anything, or if it does it just makes stuff work even less. I've tried changing init.d before based on similar info elsewhere, still no luck. I don't know how to get it to stick, and I don't know why it is defaulting to the rules it is, other than that I used a firewall app a while ago and afterwards this was the result, for which I uninstalled that app after no success using it to reverse the damage.
I assembled a small multimedia center based on XBMC Live (Ubuntu). And cannot configure bluetooth. In older versions of bluez was hcid.conf file, through which I can set options iscan, pscan and lm (link mode). In new versions of bluez 4.xx instead of this file is used main.conf and these parameters there is not provided. How apply these settings to the bluetooth adapter at system startup and when I connect the adapter to the usb port? In general, the system behaves is not clear. Sometimes the adapter after the system is turned on, and sometimes it turns off.
View 1 Replies View RelatedThere's probably not too many Linux users how have their desktop Linux distros set to be console only as opposed to using an X server or a GUI. There's plenty of reasons to take this route and many ways to go about it, and I'll attempt to show you a (mostly) unbiased view on this choice, especially centered around the way I do it. Here's my setup: Dell Inspiron 1545, Core 2 Duo, 4 GB RAM. I have Windows XP, Ubuntu 8.04, and my main OS: Debian Squeeze.
UBUNTU USERS!!!
Debian Squeeze is probably the best option for a Ubuntu convert. Making Ubuntu console based is kinda hard and not recommended by me because it's such a large OS, and living in a text only computer is generally a minimalist idea, so having such a bulky base is both memory intensive and kinda gross. Debian uses apt-get, so people who grew up in a Ubuntu environment should feel at home with the sudo commands and such........
Is it possible to only view certain chains and more specifically certain chain policies with options when doing:
iptables -L
I would like for example view FORWARD ACCEPT rules instead of waiting for all of the drop rules to load when viewing a firewalled iptables.
What is the difference between Fedora 15 Live cd & Fedora 15 Install DVD?
I am unable to install using Live cd on my Pentium 3 based system.
Will the Install DVD solve that problem?
Max ram is 512MB on my system & there is no more room for any upgrades.
I have set the iptables INPUT policy to DROP. As I have expected tcpdump wasn't showing any packages... for a while. Suddenly it begun to show UDP syslog packages being sent by a remote host. It is conform with the configuration of syslog, but since the INPUT policy was set to DROP, with no exceptions, it is not conform with configuration of iptables. Why after setting INPUT policy to DROP, with no exceptions most of the packets recieved before are being dropped and some not, as tcpdump shows?
View 7 Replies View RelatedI want to implement bandwidth shaping policy in a virtual environment. So i have 2mbps link, which i want to distribute it among Email,http(s),ssh,... and some other traffic. I want to do this in a virtual environment, for testing purpose. I want to run this script on a virtualbox virtual machine, which has ubuntu installed on it. and then use that as the router.
(a) is there any software that could simulate email,http,... traffic so that i could test it?
(b) my second question is (though not related to networking) how do i set a (virtual) machine as a router? or is it even possible?
I searched and found several solution but those are distro specific. I need to find out if distro is running in live mode (from CD, USB) instead it's installed on hdisk. The solution should be independent of distribution.
View 7 Replies View Relatedi know exactly what i need to do, im just not familiar enough with command line to do it properly.i have 7 computers.the first 4 are connected to a router via wireless at one end of the house. of the last 3 only 1 will be able to access the router via wireless, so it needs to share it's one wireless connection via ethernet. this computer i'm going to call 'server'server will have two IP'swlan0 192.168.1.6 this connects to the router that has internet access.eth0 i intend to have the following settingsip:192.168.0.1sub: 255.255.0eth0 will connect to a second router, where the cat5 cable goes from the server, into the internet port of the router where i will define the router's static IP:IP: 192.168.0.100sub: 255.255.255.0gateway 192.168.0.1i have then set the router IP for LAN handling as 192.168.27.1 and all ethernet connections will have a 192.168.27.x IP.
so i need to know how to, without a gui application, use the terminal to assign server eth0 a proper IP address, and tell the server to take the connection it has and share it through eth0 to supply internet for the last 2 computers via ethernet.i had it set up in this way with a windows machine being the one that had the wifi access, but i'd rather have it setup for the ubuntu server to do this task. security is imperative for these 3 remaining machines, so just getting 2 more wifi adapters for a connection to the initial router isn't an option.the 2 that connect to server do so through SSH and though server IS connected via wireless it only makes outward connections through
I have a network routing problem that I need to fix using a PC with ubuntu installed.
Here are the details of my problem:
- I have two networks.
- The first network is an ADSL router with subnet 192.168.1.x. I do not have access to the router nor change any of its configuration.
- The second network has a subnet 172.26.x.x and connect via a wireless access point. Some of the devices connected to the network require to have static IPs.
- I have a PC with ubuntu installed and two ethernet cards: one connected to the first network and the other connected to the access point.
- I need to share the internet connection between the two networks using ubuntu. I already tried before on windows and the sharing worked when both networks were configured to use the same subnet. Once I changed the subnet of the second network, internet sharing stopped working.
My Laptop is connected to 2 different network (Wireless "gateway 10.170.8.1" ;cable wired "gateway 192.168.1.1")the gateway 192.168.1.1 is the default i want all application like firefox that connect via http and https port 80 and 443 to use the gateway 10.170.8.1)
else to use the default gateway
I've got an Ubuntu web server running 9.04 & Apache2. Ive got 2 NICs, one with an internal address for the LAN and one with and external address for the WAN to host the websites. My IP configuration is as follows (/etc/network/interfaces):
# The loopback network interface
auto lo eth0 eth1
iface lo inet loopback
# The primary network interface (WAN)
iface eth0 inet static
[Code]...
When i do a traceroute from a LAN PC and it makes it all the way to the router and then just stops. I'm probably missing something very simple, its been probably 10 years since i took a class in this.
I need to be able to do the following: Physical Router located at 192.168.40.1
On Ubuntu 10.04 Lucid machine:
eth0 with static ip 192.168.40.2
eth1 with static ip 192.168.40.3
eth2 with static ip 192.168.40.4
Associate a virtual address to eth1 with an entirely different network address such as 192.168.50.1 Do the same (virtual address) for eth2 -- e.g. 192.168.60.1 In the application:
register phone number A at 192.168.40.1 (The application will automatically use eth0 for this)
register phone number B at 192.168.50.1
register phone number C at 192.168.60.1
Somehow forward all traffic (including the register request) sent to 192.168.50.1 to 192.168.40.1 as if the register had been made directly to 192.168.40.1. In other words, the app "sends" registration and traffic to 192.168.50.1 but then Ubuntu forwards it to 192.168.40.1 (but the app does not know that). Similarly, forward all traffic sent to 192.168.60.1 to the router at 192.168.40.1.
Do the same for the reverse, forward all traffic that the router sends back to 192.168.40.3 (eth1) to 192.168.50.1 (within the Ubuntu machine) so that the app knows it is for phone B. Similarly forward all traffic that the router sends back to 192.168.40.4 (eth2) to 192.168.60.1 so that the app knows it is for phone C. Thus, the application believes that it is registering at 3 completely separate routers on 3 completely separate networks via 3 separate network interfaces but in fact is really registering all three to the same router (but does not know that). Similarly, the router believes that it is receiving 3 separate registrations because it receives each registration request and traffic from 3 separate interfaces and thus 3 separate mac addresses (i.e., of eth0, eth1, and eth2). Traffic sent to and from the router for each of the 3 phone numbers (via eth0, eth1, and eth2) are not mixed because the translation happens in both directions.
How can I find the IP of a router wirelessly so I can use the second router for a better signal? (A farther reaching wireless card is what im trying to make it do)
also how can I find the subnetmask this way?
I am establishing a VPN connection with a Cisco VPN server, but only want outgoing connections to a certain set of IP addresses to actually go through the VPN. I tried something like this:
Code:
sudo iptables -A OUTPUT -t mangle -p tcp -d 111.222.0.0/16 -j ROUTE --oif tun0
but keep getting
[code]...
I have a server that has two NIC cards installed eth0 and eth1 we use a linksys router (192.168.2.1) which runs DNS for our LAN. I have installed Squid on the server which runs Ubuntu server (8.04 Hardy) w/ GUI. I can surf the net on the server with google chrome configured to use proxy server localhost:3128...works good. The router is wire directly to eth0. I have my laptop (running Ubuntu Hardy) wired to eth1 and I want to be able to surf the Internet through my server. From my laptop, I can ping 192.168.2.100 which is the IP address assigned to eth1[?] by my router. I assume I need to establish a route from my laptop to my server. I would like to archive this via the CLI and I am not having any luck thus far. If I add static IP addresses to eth1on the server and eth0 on my laptop will this simplify the process? How can I add a route which will allow me access to the Internet via my laptop?
Server:
Code:
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 1000 0 0 eth1
0.0.0.0 192.168.2.1 0.0.0.0 UG 100 0 0 eth1
0.0.0.0 0.0.0.0 0.0.0.0 U 1000 0 0 eth0
ifconfig eth1 on the server:
Code:
eth1 Link encap:Ethernet HWaddr 00:30:48:85:cc:1b
inet addr:192.168.2.100 Bcast:192.168.2.255 Mask:255.255.255.0
inet6 addr: fe80::230:48ff:fe85:cc1b/64 Scope:Link
Up Broadcast running Multicast MTU:1500 Metric:1
RX packets:7701 errors:0 dropped:0 overruns:0 frame:0
TX packets:7898 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:5572718 (5.3 MB) TX bytes:1506869 (1.4 MB)
Base address:0x9000 Memory:ef400000-ef420000
My setup is...I have a wireless access point using laptop as a gateway. The AP is also connected to a switch as is the laptop. So the laptop has two interfaces one wireless and one wired. A third device is using the AP to connect to a server on the internet. The AP sends the packets to my laptop where they are dropped. I've been looking for a solution to this problem without success. Basically is there a way for my laptop to forward all packets it sees from a certain IP address to whatever destination address they have?To clarify, my laptop is just the gateway of the AP and none of the packets are addressed to it at all, it just picks them up using a sniffer or similar tool.
View 1 Replies View RelatedI have a pc with debian 6 (without GUI) installed on it and want to use it as server at home. It has 2 ethernet nics. Now i want to configure the routing process. Searched internet for a long time found something but couldn't get it work.
View 8 Replies View Related