On my server I've a OpenVPN gateway and a DNS bind9 serveur At the moment, OpenVPN send opendns address to the clients and it works fine. I would like to use my DNS server for my clients to work with any DNS address. Here is OpenVPN config :
[Code].....
I'm having really weird and frustrating DNS issues with my clients unable to properly resolve the server's ip address. They can resolve each other's, and outside systems, but not the server - at least, not correctly, and not all the time.
I have one Ubuntu server set up that does both DHCP and DNS serving to the Windows systems. The server has DNS forwarding turned on to forward to OpenDNS's servers (I've tried using my ISP's dns servers but the problem remains).
The server is *not* set up as a firewall; I am actually using a DLink router for that, and the Dlink is *not* set up to serve up DHCP nor DNS.
What I am getting is that my clients - and there are nothing but Windows clients - will not resolve the name of the server. For example, if I do: ping linuxserver
I get back a false IP address of 192.168.0.64 (and I've seen once a 192.168.2.49).
If, however, I put a dot in there: ping linuxserver.
I get back the *correct* IP address of 192.168.0.2, and thereafter, ping'ng linuxserver without the dot will work. Until the dns cache expires, either naturally or with ipconfig /flushdns on the windows clients.
The client *are* getting valid dhcp leases and can resolve everything happy-happy, they just will not get the proper address of the server 100% of the time.
I've searched through google, and all I can find are instructions on how to set up a L2TP/IPSec VPN that works with macs and iPhones. I'm NOT trying to set up an L2TP/IPSec VPN. I'm trying to set up a pure-ipsec vpn.
The iPhone IPSec client is a built-in cisco client, I believe. I'm staying away from L2TP and PPTP because I need multicast packets to go through. *edit: wow, i just noticed that the title says "8.10 LTS". Oops! I obviously mean "8.04 LTS". Gah, the lack of sleep got to me.
I don't really have a reason for this currently. I recognize all the MAC address on my DHCP client list and keep it rather well locked down. I was just wondering if there was something I could run on the terminal to get more information on a given MAC address on my network. Something kind of like whois for websites.
View 1 Replies View RelatedUsing CentOS 5.5, FreeRADIUS 2.1.7.
Objective is simply to be able to allow wireless clients access to my network based on their MAC address (I have about 10 WAPs around the country which I need to be able to manage user access centrally). Not interested in LDAP or dishing out keys/certificates etc.
I have been trying to follow the guide here. Sounds like it's exactly what I need but I'm not sure about a few things.
1) For each of the conf files am I supposed to be replacing everything currently existing in the respective file with what is suggested?
2) "raddb/modules/file" does not exist, so I assume I should use "raddb/modules/files"?
3) If I uncomment the line:
Code:
#rewrite_calling_station_id
under the "raddb/sites-available/default authorize{}" section, the radiusd startup gives me the following error:
/etc/raddb/sites-enabled/default[69]: Failed to find module "rewrite_calling_station_id".
If anyone familiar with FreeRADIUS 2 could answer these queries I might be on the right path
what are use cases for static ip address for clients or servers.
View 3 Replies View RelatedI have 17 system (sys1,sys2,sys3.....sys17) in my office, and i am willing to setup a dedicated system to act as a firewall for that i have selected sys1 with two NIC(eth0 for local network and eth1 for internet) and i have configured to access internet in my office for that i have opened a wellknown port 80.but my clients are not accessing the internet..
and please check my sample IP configuration !!!
interface : eth1 (ISP IP)just for example
IP :192.168.0.2
gateway:192.168.0.1
dns:202.56.230.5
dns:202.56.230.6
Interface : eth0 (my local lan )
192.168.1.1
255.255.255.0
IP address of xp clients ranges form 192.168.1.2 to 192.168.1.16 with default 255.255.255.0
my question is that which gateway address and dns i have to give to my clients for accessing internet ?...
I have an FTP server which is linked to a user account in a chroot jail and I have disabled anonymous access (anonymous_enable=NO). I can FTP into this server from Windows command line FTP client and every other FTP client I have used with no problems.
However, I have been trying to access it via a web browser (firefox) using ftp://<server name>. This connects and prompts me for my login details, which I enter as I should. But then I get a 425 connection error.
In my /var/log/secure log, I see the entry: -
Why is Mozilla Firefox trying to connect as an anonymous user when it has already prompted me for my login details?
Don't work nslookup from clients guest OS.I have LinuxMint 7 and I'm installed VirtualBox on her. I created three guests OS. Two CentOS and XP
Name
The first CentOS linux1.starline.ca
The second CentOS centos.starline.ca
The third XP xp2.starline.ca[code].....
On the clients guest OS nslookup don't work. It write : timed out; no servers could be reached .What is going on? Why nslookup don't work from clients guest OS?On client machine in the file /etc/resolv.conf have record ameserver 168.135.88.2
I've been having this problem since 10.6 released, but have until now been successful with the "just use Thunderbird" response. My sendmail server hasn't been changed, but as clients upgrade from OSX 10.5 to 10.6 suddenly mail.app will no longer connects to send SMTP messages through the server. (IMAP connections to the same server using the same user/pass combinations work perfectly) When I look at the logs, things basically stop right after the STARTTLS command.
Google indicates alot of people are having similar problems, but I'm not seeing any solutions. Do any of you administrate sendmail servers where some of your clients are using Apple's Mail.app on Snow Leopard, and if so what settings are you using? At this point, I'm happy to make changes to the server to accommodate Apple's issue, I have too many Mac users connecting to my server. I just can't figure out what to change. I've enabled virtually every possible login authentication combination, and none of them work.
Connection from MANY VNC clients to ONE Server?
View 3 Replies View RelatedCode:
DMZ
Server--Router0--Modem0 ISP2--Modem3--Router3--Client3
/
Client1--Router1--Modem1--ISP1--WAN
/
Client2--Router2--Modem2 ISP3--Modem4--Router4--Client4
The Server in the above diagram can be accessed by Client3 and Client4 but not at all by Client1 or Client2. Router0 specifies the Server as a DMZ Host. I would be more specific but this is not my server. I don't use a DMZ, I forward ports when they are needed. In this case I represent ISP1 and the server belongs to a befuddled client. Client1 & Client2 can send packets to each other, no problem. Could the DMZ be breaking communication between the Server and Clients 1 & 2?
i have successfully setup PPTPD on my server and I can open a VPN tunnel but my clients can only ping the server's IP, they don't have access to the internet through the VPN.
i have searched different forums and understand that I have to create a route on the server to route packets between the VPN interface and my internet gateway, but I didn't manage to get this work.
here is what my setup looks like:
Code:
root@r31495:~# ifconfig
eth0 Link encap:Ethernet HWaddr 00:1c:c0:c7:13:35
inet addr:94.23.197.XX Bcast:94.23.197.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
[Code]....
I'm setting up a network for a school. The network has 11 client computers (windows xp) and a server (fedora 10) All I need to do is have a share for all the children to use. (this I did by adding each client to the workgroup specified on samba then I just map the drive). The issue turns out to be that I have over 300 users. The users don't always use the same computer therefore I need the users to be registered on all 11 clients. How can I do this? I have been searching and I've not gotten anywhere. How can I add the computers to a domain instead of a workgroup? What can I use?
View 1 Replies View RelatedI'm trying to get a pptp server up and running. The server starts just fine, but encounters errors when a client tries to connect.
Code:
CTRL: I wrote 32 bytes to the client.
Dec 29 23:27:48 frankenstein pptpd[9402]: CTRL: Sent packet to client
Dec 29 23:27:48 frankenstein pptpd[9403]: CTRL (PPPD Launcher): program binary = /usr/sbin/pppd
[code]....
I assume the failed read line is the culprit. I am currently running on a test machine. There is no firewall. I read on this error points to a firewall misconfiguration, but there isn't one.
I've been the las 4 days setting up my first VPN (OpenVPN bridged). The server is up and running OK but when I try to connect I've got this message in the client log.
Quote:
TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
TLS Error: TLS handshake failed
[Code].....
I am having FC11 with an HP prineter attached my firewall is disabled I trying to print from my laptops after I have setup samba and shared the printer , It was working fine when I was installing FC4 and FC5 I am not sure what is missing when I tried to print from the XP box I got "Test pge failed to print" error what I have really noticed in the xp and vista box is that when I go to the printer settings inside control panel , pressing the ports tab and checking to what port I am printing I see that the port "\samba-serverprinter" is not created there this is the log
[code]...
I can't seem to get the X server to allow access from clients on other hosts. (I know, not exactly a network problem, but. I made the change in /usr/share/gdm/defaults.conf to be : DisallowTCP=false
and this worked on another CentOS system, but it hasn't fixed it on this one. What other things could prevent other clients from connecting to the X server? From the local host, I get :
Warning: Tried to connect to session manager, Authentication Rejected, reason : None of the authentication protocols specified are supported and host-based authentication failed although the client DOES actually create the window and work! So, maybe this message is a clue.
From the remote host, I get : Error: Can't open display: 10.10.1.20:0.0 Which is not terribly informative. Is there a log somewhere which details why a connect request was denied? The files in /var/log/gdm are not very informative.
I have an Edubuntu server with two nics joined to the primary windows domain and I can log on with domain credentials and everything is AOK. I used LikewiseOpen 6 to join the server to the primary domain. So, on my Edubuntu server eth1 is connected to the primary domain and has a static IP. eth2 also has a static IP and is the DHCP for the thin client subnet, connected to a switch. IP forwarding is enabled.
DOMAIN - eth1 - Edubuntu Server - eth2 (SUBNET) - switch - clients
So far, so good: I can log on the thin clients with one of the local accounts specified on the Edubuntu server and with that account I can surf the net and, if I supply domain credentials, browse the primary domain. Problem I have is:
I can't work out how to log on to the primary domain with a Active Directory account directly from a thin client. If I try DOMAINuser to log on, after giving the password, the password screen refreshes and 'domainuser@11.*.21.*'s password' appears under the blank password box. The IP in that message is the IP for the subnet and not the primary domain. I feel like I'm miss-understanding some basic simple step but I just can't figure it out.
My 32-bit Ubuntu 9.10 [Karmic Koala] LTSP server has two NICs, one with Dynamic IP set by a DSL modem and the other with static IP of 192.168.0.254. I also have 4 thin Clients that boot from this server without any problems and another computer with Ubuntu 9.04 running some PHP programs with dynamic IP given by the same DSL modem. When I send requests to these PHP programs from thin clients, they all give the LTSP server's dynamic IP as their IP so I cannot trace who has sent this request to response back.
I actually know this is logical. Because the requests are sent by a program that's actually running on the LTSP server rather than the thin client. But my question is How can I run a program on a thin client with it's own IP? I also should mention that the dhcp3-server service running on the LTSP server has no conflicts with the DSL dhcp on the network and I know that the 4 thin clients get the IPs ranging from 192.168.1.101 through 192.168.1.104 from the dhcp3-server service. Because I can ping them while they're on. but /sbin/ifconfig on them shows info about the LTSP server.
I'm sure this is possible... I'm just not sure how. Yet! I have three machines. One is at home behind my firewall and has a dynamic IP. That's fine as I don't really want to open any ports on my home firewall. The second is at work sitting behind the firewall there- and I'm not even going to ask for approval to NAT an IP to my PC at work :-).
The third is in a data center far away. I only have a shell account on this server but other than that shell account not being root, I can do most anything I like with that account. What I would like to do is SSH to this server simultaneously from my home and work PCs and, via this third machine, make them talk.
This is pure geekery so it doesn't matter what they say to each other; I just want to make them talk. Maybe one uploads a file and the other just pulls down that file. Maybe one opens a FIFO on the remote server and starts writing to it while the other starts snarfing that data. In fact, I like this latter idea best, I think. How would you do it? What scripts (fired by cron if need be since I'm ostensibly away from at least one of the PCs at any given time) would you use?
My computer running Ubuntu 10.10 cannot see the Samba shares on either of my two Windows XP machines. I have Samba installed and configured, I am on the correct workgroup. However, under "Network", there is only one item - Windows Network, which contains no workgroups. I am hosting a share on this Ubuntu PC, but I haven't had the time lately to see if I can view it from the Windows XP computers. If I click Connect to Server, and enter the IP Address of one of my XP computers, I can connect to them. However, if I enter the computer's name I get "Failed to retrieve share list from server" without a specific share, and with it I get "Failed to mount Windows share."
View 2 Replies View RelatedI cannot get a static IP to work on Fedora 11. Using Network Manager, I set the IP to 192.168.1.130, the subnet mask to 255.255.255.0 and the gateway to 192.168.1.0 but it doesn't work. I also tried 192.168.1.1 for the gateway, which is what I used in FC7 but still no luck. I verified that these are the settings that I used in FC7, I don't remember ever having a problem before with this.I do remember someone telling me not to use Network Manager in conjunction with Network Configuration... does that make sense? That was for FC9 on my laptop and it was for the wireless so perhaps that doesn't apply here. I did try unchecking the box for Network Manager and using strictly Network Configuration but it still didn't work.
View 10 Replies View RelatedI'm trying to give some windows users a permanent connection to a samba share behind a firewall over the public Internet. I know I can give them access with something like winscp (which they have done) but really I'd like to do it with a VPN so it seems seamless to the user. However I have no idea how to set up the server to support this and am finding the documentation a bit confusing. The samba share is on a Debian box and the firwewall is a Linksys WRT54GL.
View 1 Replies View Relatedi have the following ip assignments
fedora (iptables)
eth0 -private :192.168.1.1
eth1 -public : 186.117.50.6
squid proxy
192.168.1.10:3128
my clients range
192.168.2.0/24
how can i make my clients to browse internet only from proxy server my network is NAT 'ed. Please specify a iptable rule to allow internet access for my clients to browse ONLY if they come through proxy server.
Everything worked fine until very recently, and without apparently ANY change to the settings on the server, a secondary IP that was assigned to my server won't work anymore..Any IP attached to the same server works fine.. So in my case, the problematic IP is 213.8.155.67. The other IP (213.8.155.42) works without any problem.How would I go about troubleshooting this?
ifconfig:
eth0 Link encap:Ethernet HWaddr 00:26:B9:44:11:3A
inet addr:213.8.155.33 Bcast:213.8.155.127 Mask:255.255.255.128
inet6 addr: fe80::226:b9ff:fe44:113a/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
[code]...
I have openvpn tunnel setup between two CentOS servers. One of the CentOS servers also acts as a DHCP server for some client computers.
Server A= OpenVPN server
Server B= OpenVPN client (connects to Server A with OpenVPN)
The two CentOS servers can ping each other (172.16.0.0/24) via the tun0.
However, client computer connected to Server B (DHCP server) can't reach 172.16.0.1 (which is the OpenVPN server).
I think I am missing some routing in my "ip route show". Following is the full picture:
What command can I issue to get this fixed? something along ip route add?
There is no firewall service on both end. service iptables stop! I can't bridge eth1 and tun0 as DHCP server might mess up the other side. I can't do a push of "redirect-gateway def1" because then clients loose their IP as they send DHCP requests to Server A.
Kubuntu's Network manager says that my (wired) network is in an invalid state because I don't have an IP address, but Firefox and Chorme work perfectly, as do Synaptic and Software Centre, and a Superkaramba network monitor says that my IP is "192.168.1.101" In fact, the only thing that isn't working is Pidgin, and it says it's "Waiting for network connection."
View 3 Replies View RelatedI run an centos server. From the console I can ping google.com and get a reply. But when I ping another address say xyz.com, the IP address is resolved (11.22.33.44) but there is no reply. In the same network in our office from my desktop I ping [URL] and there is a reply.I turned of the firewall but still the same problem.
View 9 Replies View Relatedi know exactly what i need to do, im just not familiar enough with command line to do it properly.i have 7 computers.the first 4 are connected to a router via wireless at one end of the house. of the last 3 only 1 will be able to access the router via wireless, so it needs to share it's one wireless connection via ethernet. this computer i'm going to call 'server'server will have two IP'swlan0 192.168.1.6 this connects to the router that has internet access.eth0 i intend to have the following settingsip:192.168.0.1sub: 255.255.0eth0 will connect to a second router, where the cat5 cable goes from the server, into the internet port of the router where i will define the router's static IP:IP: 192.168.0.100sub: 255.255.255.0gateway 192.168.0.1i have then set the router IP for LAN handling as 192.168.27.1 and all ethernet connections will have a 192.168.27.x IP.
so i need to know how to, without a gui application, use the terminal to assign server eth0 a proper IP address, and tell the server to take the connection it has and share it through eth0 to supply internet for the last 2 computers via ethernet.i had it set up in this way with a windows machine being the one that had the wifi access, but i'd rather have it setup for the ubuntu server to do this task. security is imperative for these 3 remaining machines, so just getting 2 more wifi adapters for a connection to the initial router isn't an option.the 2 that connect to server do so through SSH and though server IS connected via wireless it only makes outward connections through