Ubuntu Networking :: Route DNS Queries Through Tunnel Too
Jul 6, 2011
I set up a routed OpenVPN server. Everything works fine. But I'd like to route the DNS queries thru the tunnel too. So I added:
[Code]....
Can't find server name for address 10.8.0.1: Non-existent domain Even thou I have a DNS server set up correctly (on the same server as the VPN) with recursion. I verified that by sending queries form external source, which worked fine. I suspect that the Bind server doesn't listen to the tun0-interface only eth0, but the Bind manual says it should listen to all interfaces by default. The server log shows:
Code:
named[9639]: client 10.8.0.10#3807: RFC 1918 response from Internet for 1.0.8.10.in-addr.arpa
How do I get these DNS queries to resolve thru the tunnel?
View 9 Replies
ADVERTISEMENT
May 8, 2011
I have 3 network interfaces on my Linux Router :
Interface - Gateway - Type
Code:
br0 - 192.168.0.1 - Internet
eth2 - 192.168.1.1 - LAN
tun0 - 10.0.0.2 - VPN (via br0)
What I'd like to do is to route all TCP packets coming from eth2 to tun0 where a VPN client is running on 10.0.0.2. If I delete all default routes and if I add a new route to tun0 like :
Code:
route del default
route add default gw 10.0.0.2
Everything is fine, and everyone on eth2 can reach the Internet using the VPN access. Now the problem is that my VPN client does not allow any other protocols other than TCP. And I also want to allow VPN access only to eth2, no other LAN nor the router itself. use iptables to filter any TCP packets and mark them, so they can be sent to tun0, while any other packets can reach the Internet via br0 (192.168.0.1). I found on the Internet that we can mark packets before they get routed. Using the following commands :
Code:
iptables -t mangle -A PREROUTING -j MARK --set-mark 85 -i eth2 -p tcp --dport 80
ip route add table 300 default via 10.0.0.2 dev tun0
ip rule add fwmark 0x55 table 300
First of all, --dport 80 never work... :/ I wanted to filter TCP 80 packets coming from eth2, but none of them seems to be HTTP packets... oO (very strange...). Nevermind, I decided to forget about the --dport option. I use the "iptables -L -v -t mangle" command to see how many packets are marked, and it is working fine, all TCP packets coming from eth2 are marked. Now the problem is that none of them are routed to tun0 they are all respecting the "route -n" rules... and not the "table 300" rule I have created.
View 4 Replies
View Related
Apr 29, 2009
I would like to add a static route, however I do not understand what is meant by the Address setting below
GATEWAY2=10.241.58.62
NETMASK2=255.255.255.224
ADDRESS2=10.241.57.32
Does this mean any addresses beginning with 10.241.57.32 are routed over the gateway 10.241.58.62 an address range
View 3 Replies
View Related
Jan 25, 2011
Having trouble getting my Netgear WNA1000 working thru wireless router. Have tried lots of suggestions from other threads to no avail. Someone suggested that th routing table isn't set correctly, so have been trying to use the follwing to make the proper entry in the routing table: sudo route add -net 192.168.0.1 netmask 255.255.255.0 dev wlan0
Result: error message stating with:
"route: netmask does not match route address"
followed by "Usage" instructions which tell me to do what I just did. Any ideas on how I can populate my routing table with correct entry for my wireless card? Not to complicate matters, but I temporarily turned off encryption on my router to eliminate that as a possibility until I get connected. So maybe it'still trying to connect via encrypted mode - do I need to turn off encryption on my (client) end?
View 2 Replies
View Related
Oct 21, 2010
I got this definition:"a process that replaces a series of related, specific routes in a route table with a more generic route." honestly I found it not so clear.. I want to know if this definition is correct and also more details about this subject..
View 1 Replies
View Related
Jul 5, 2011
I would like configure a DNS server on Debian, only to forward through my ISP DNS servers.
View 4 Replies
View Related
Aug 28, 2011
How often are dns queries sent? Assume I want to connect to a ssh server, will I send one dns-query in order to do that or do I send multiple during my connection? What if I request web-pages, do I send a query only when I enter a site or will I send queries every time I visit a new page on that site?
I'm asking since I'm considering getting an account at dyn.com (the standard account for $30/yr) and it comes with 600 000 queries per month (which is way more than I expect to get but knowing exactly what it means is always good).
View 3 Replies
View Related
Apr 27, 2010
I got a mission to move our company's ns3 from one machine to another.I've installed the djbdns software on other machine, configured it(or at least I think soand if I make a "nslookup www.google.com 195.222.14.7" query from that paticular server then I get an answer straight away, but if i make the same query from local machine i get connection timed out
View 12 Replies
View Related
Mar 4, 2011
I am bit new to Linux and have setup caching-only name server with Centos 5.5. when i do dig server, it provide resolutions. but when i use the server IP as DNS on my windows client, it says, "connection refused" on the NSlookup output. (IP table didn't enable) My server Ip is 192.168.1.253 and bellow is the configuration of "/var/named/chroot/etc/named.conf"
options {
listen-on port 53 { 127.0.0.1; 192.168.1.253; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt"; .....
View 9 Replies
View Related
May 14, 2010
I recently turned on query logging on our name server and immediately saw repeated queries for . (dot). I've not seen this before. It looks like a really sloppy DOS. What would this return if my NS was misconfigured?
May 13 18:11:41.710 queries: info: client 91.202.63.129#56089: query: . IN NS
May 13 18:11:42.083 queries: info: client 91.202.63.129#62826: query: . IN NS
May 13 18:11:42.788 queries: info: client 91.202.63.129#13620: query: . IN NS
[code]....
View 2 Replies
View Related
Oct 3, 2010
I Need to make an SSL tunnel over SSH, I need to create exactly an SSL tunnel,I have a situation like that, I heared it is possible,but don't know how to create an SSL tunnel over SSH i am having putty installed on my pc,So i think i can use putty for this purpose, But i don't know how to do this.
View 1 Replies
View Related
Aug 3, 2011
I wanted to create an ssh tunnel but I do not know what commands to run .. my environment is as follows:
LAN Internet Office LAN
Home PC <-> Linux firewall <-> http server..
According to the above what I figure is that I have an internal web server at my job and I need to create a tunnel to access the web server from my PC in my home. I know I can do a port forwarding with the firewall but I don't want to publish this web server to Internet. My home PC and both servers (firewall and web) are ubuntu. My idea is create a ssh tunnel that forward port 8080 on localhost in my home pc, to the firewall (obviously with public ip), and the the firewall forward to port 80 on office web server at my job. Note that the firewall accepts ssh connections to port 22, same for web server...
View 2 Replies
View Related
Jan 31, 2010
so i start it with ssh -f -R 4096:localhost:22 me@server.com and it comes up and someone can log in at the remote end. how do i close the tunnel from the initiating end ? netstat doesnt seem to identify my end of the tunnel , unless im looking for the wrong thing!
View 1 Replies
View Related
Jan 31, 2010
Browsing via SSH Tunnel very slow When browsing in firefox at work via proxy through ssh on my 8.04 server the speed is near dial up. I have compression enabled, tried restarting ssh, and rebooting the server but it remains so sluggish. At home the connection is quick but the speed is lost in translation once I ssh in. I also tried adding "UseDNS no" to the ssh config but that did not help with the slow login or any other speed issues.
View 5 Replies
View Related
Mar 29, 2010
I tried this :
Quote:
ssh -ND 9999 username@home_router_ip_address
and this is output :
�nani@jebe-kevu-ovaj-PC:~$ ssh -ND 999 nani@nani.homelinux.com
Privileged ports can only be forwarded by root.
nani@jebe-kevu-ovaj-PC:~$ sudo ssh -ND 999 nani@nani.homelinux.com
[code]....
which password is he looking for exacly ? user nani is main user at ubuntu after he asked me for password i typed my nani user password and i got in , after how you can see he ask me for onather password i tried the nani�s password but nothing is heppening ?
View 1 Replies
View Related
Sep 17, 2010
I'm trying to run a script to execute the command
Code:
ssh -D port host
when my laptop connects to internet. I have placed the script in /etc/network/if-up.d/.The scripts is being run when it should, but the SSH-tunnel isn't created.I can however run the script manually, as root, and then the tunnel is created.
View 7 Replies
View Related
Nov 13, 2010
I have a server running Ubuntu Server 10.04 that is a VirtualBox/Samba/SSH server. I have port forwarding set up for ports 22 and 3389 (SSH and RDP) and I want to access the Samba share without opening any other ports. I can connect to it from my internal network, but I want to be able to access it from school. My best guess would be to tunnel the Samba port through SSH, but I don't know how. I will be connecting to it from Ubuntu 10.10 Desktop.
View 9 Replies
View Related
Feb 14, 2011
In the office I use firefox for my work items and chrome for my personal items. I currently use proxy switchy with chrome to browse through an ssh tunnel to my home server. The chrome/switchy part works fine.In order to do this I have to open a command window every morning and execute:ssh -p8181 -D 9999 user@myhomeserver.comThen the command window asks my password and I am up and running. (my ssh server at home is running on port 8181)Is there a way to script this so I don't have to open the command window and enter my password every day (and also to prevent a visible command window from being open and visible)
View 1 Replies
View Related
Jul 19, 2011
I use two Ubuntu machines, one at home and one at work. In order to connect to the machine at work from home I need to connect through a "tunnel server" that controls all the traffic to the machines at work.I am able to connect with ssh to the tunnel server and from the tunnel server ssh my own machine at work. My question is how do I retrieve files form my work machine to the home machine. How do I sync folders between the machines using rsync when the "tunnel server" is in between?
View 3 Replies
View Related
Jul 28, 2011
I don't understand the concept of ssh port forwarding and tunneling.I was going to set up a remote desktop (vnc) connection to my grandmother's laptop that we'll give her soon so if something goes wrong i can fix it from here (she lives on the other side of the world). However, i've read using vnc plain over the internet isn't secure, and that i can secure it by running it through an ssh tunnel.That's what i've understood so far. However, from there on i get confused.
I'd have to run both an ssh server AND a vnc server on her laptop? So what i'd have to do is ssh into her computer, and then while logged on on her computer, somehow open a vnc connection back from the remote server to the local computer? Then i'd go back to my local computer and open a port where the vnc connection is waiting? From the concept, it would seem like i should be able to tunnel all the regular network traffic from the local computer to the remote one through ssh?
View 4 Replies
View Related
Oct 3, 2010
I am currently running 64-bit Windows 7 from my home laptop and I would like to establish an SSH reverse tunnel to my laptop from my work Ubuntu 64-bit machine. I have been reading many "tutorials" that have led me nowhere and I feel as though I'm chasing my tail now. I have done the following on my Ubuntu machine:
Code:
ssh -R 19999:localhost:22 laptop_ip
and on my Windows machine, using putty, did the following:
Code:
Host Name: host_IP
[Code]...
I am able to access my Ubuntu machine when on my work network but there I have been unsuccessful when it comes to trying to remotely access it. I have tried everything that I can think of (though I am a novice). If there is any help/suggestions/ideas that could help, please let me know and don't hesitate to ask for more info!
p.s. I would also like to enable x-forwarding, but for now I would like to have remote access to the Ubuntu machine.
View 6 Replies
View Related
Jul 20, 2010
I'm trying to create a VPN through SSH but encounter the following:
Code:
[18:42:11]root@bronzhip:/home/casey# sudo ssh -w 0:0 97.**.***.221 -i VPN
channel 0: open failed: administratively prohibited: open failed
[code]....
View 6 Replies
View Related
Mar 24, 2011
I'm trying to set up a secure web tunnel at home I have an Ubuntu box (desktop), a Mac, and a Windows 7 box. I use all of them for different reasons. I want to be able to route traffic from my browser through my Ubuntu box. I have done this before with proxy servers abroad, but I want to do it using ssh and my box at home so I don't have to pay for a service i.e (Secure Tunnel)etc.
I followed the instructions at http://bit.ly/hAnp6u. However, using my Win7 box, after I set the browser part per the instructions, I get no connection from the browser.
View 1 Replies
View Related
Oct 21, 2010
Is it possible to chain together multiple SSH tunnel hops in a single `ssh -L` command on the client side? I have two gateways I need to get through in order to access a remote host. For a normal SSH client connection, it's simple enough chain this all together by simply appending the additional SSH connection commands to the first one:Code: ssh gateway.1 ssh gateway.2 ssh remote.host.
View 6 Replies
View Related
Mar 12, 2011
I'm running Ubuntu 10.10 and I'm having problems trying to assign it a static IP address. No matter what I put in the Preferences->Networking area (identifying the interface as Manual)... it still will query DHCP for an address if I run the dhclient command. I'm using to using ubuntu server where I just set the IP in the interfaces config file.
View 1 Replies
View Related
Jan 18, 2010
I run Ubuntu 9.10 locally connecting to CentOS5 on a remote server.When I run the following command in the Terminal;ssh -v -L 10005:localhost:10000 root@remote_ip_address -F ~/.ssh_config -i ~/.ssh/private_key_file_nameafter 'Authentication succeeded (publickey)' I get the following for channel 1;sys_tun_open: failed to open tunnel control interface:Permission deniedhowever, it does open an interactive client-session on channel 2 and my browser will then connect (via URL localhost:10005) to Webmin on the remote server which is the object of the exercise.However, because sys_tun_open failed, I am concerned that the transactions may not be encrypted as I understand they would be in proper tunnelling
View 4 Replies
View Related
Nov 28, 2010
I'm trying to create EoIP interface on ubuntu so i can create a simple tunnel to my mikrotik router. Is there anyone know how or even done that? If EoIP is not possible, is there any other simple way?
I had already read and thought about doing it with OpenVPN, but when I read the community documentation for OpenVPN on ubuntu 10.10, I fear it won't connect the tunnel to mikrotik OpenVPN server, since OpenVPN on ubuntu uses 2 certificate and 2 key files(as i read on the docs), but mikrotik configuration, i can see only 1 certificate can be applied on. This confuses me and make me decide to use EoIP(but i can't find any tutorial/docs about it). I don't actually need the encryption and security, i just need to create a tunnel for ubuntu and mikrotik.
View 2 Replies
View Related
Nov 30, 2010
My friend has a server with 2 ips, 1 primary and 1 secondary/failover. He has given me a shell account and I want to use ssh to route my home http traffic through it like a socks proxy. I connect to his server using the secondary ip like this:
ssh me@secondary_ip -p port -D forwarding_port
It builds a proxy, however it uses the primary ip of the server, not the secondary ip that I logged in with. When using irssi I've bound it to the secondary ip with no problem. If I try to use the -b flag I get the error: cannot bind: Cannot assign requested address.
how I can bind the ssh tunnel to the secondary ip?
View 5 Replies
View Related
Feb 4, 2011
I am using 10.04 ubuntu and I have forgotten my password to login to a ssh tunnel. It is not the root password on my computer. Is there any way I can find the password out, change it, or just start over and create a new one? I know it isn't a connection problem because I can't login to ssh from localhost either. I've tried reinstalling ssh too.
View 3 Replies
View Related
May 15, 2010
I am trying to establish a tunnel from my ubuntu machine 9.10 using miredo package. After installation I wanted to ping an ipv6 address and I get this error:
Address unreachable, destination unreachable
However, when I ping ipv6.google.com I have no problem.
View 1 Replies
View Related
