I just got vpnc setup to work with my VPN at work and now I am trying to figure out how to limit the traffic that is routed through the VPN while I'm connected to it. I only want traffic going to the local domain to be routed through the VPN.This is what my vpnc config file looks like:
Code:
IPSec gateway publicdomain.example.com
IPSec ID XXXX
[code]....
I've been trying to connect to my office Cisco VPN several time using the network-manager-vpnc GUI in Ubuntu Karmic with no success. I read a couple of articles and i tried using the direct command line way:
Code:
sudo vpnc office
with the following /etc/vpnc/office.conf file:This is fictional data
Code:
IPSec gateway vpn.office.com
IPSec ID office
IPSec secret 0ff1c3
which worked perfecly.
So i went back to the Network Manager GUI way and i used the same credentials. Same fictional data I got a libnotify message telling me it couldn't connect.Anyone know how i could troubleshoot this issue? Would be great to have it integrated in gnome instead of running a background command which is not tracked by nwm.
In fc10 & fc11 everything worked well with vpnc.
With fc12 vpnc starts allows me to connect to my work site then everything works fine til I try and start a remote desktop connections to a windows client use tsclient. All I get is a blackscreen and my laptop is hung.
At work without the vpnc it works fine if I start the vpnc from nm it performs the exact same way and I get the blackscreen.
I have disable selinux.I also disabled the firewall
there was another gentlemen on here with the same issue.
The only way out is a hard reboot and there are no messages in the logs that say there were any problems.
I need to be able to do the following: Physical Router located at 192.168.40.1
On Ubuntu 10.04 Lucid machine:
eth0 with static ip 192.168.40.2
eth1 with static ip 192.168.40.3
eth2 with static ip 192.168.40.4
Associate a virtual address to eth1 with an entirely different network address such as 192.168.50.1 Do the same (virtual address) for eth2 -- e.g. 192.168.60.1 In the application:
register phone number A at 192.168.40.1 (The application will automatically use eth0 for this)
register phone number B at 192.168.50.1
register phone number C at 192.168.60.1
Somehow forward all traffic (including the register request) sent to 192.168.50.1 to 192.168.40.1 as if the register had been made directly to 192.168.40.1. In other words, the app "sends" registration and traffic to 192.168.50.1 but then Ubuntu forwards it to 192.168.40.1 (but the app does not know that). Similarly, forward all traffic sent to 192.168.60.1 to the router at 192.168.40.1.
Do the same for the reverse, forward all traffic that the router sends back to 192.168.40.3 (eth1) to 192.168.50.1 (within the Ubuntu machine) so that the app knows it is for phone B. Similarly forward all traffic that the router sends back to 192.168.40.4 (eth2) to 192.168.60.1 so that the app knows it is for phone C. Thus, the application believes that it is registering at 3 completely separate routers on 3 completely separate networks via 3 separate network interfaces but in fact is really registering all three to the same router (but does not know that). Similarly, the router believes that it is receiving 3 separate registrations because it receives each registration request and traffic from 3 separate interfaces and thus 3 separate mac addresses (i.e., of eth0, eth1, and eth2). Traffic sent to and from the router for each of the 3 phone numbers (via eth0, eth1, and eth2) are not mixed because the translation happens in both directions.
I am sharing my DSL internet connection using a modem+wireless router (single device) to 5 systems. I want all my internet traffic to go through one of the linux boxes in my network.
The problem here is that wireless devices connect directly to the modem+wireless router.
Is such routing of traffic possible??
PS: I am not sure if i could convey my situation clearly...
I'm currently reading through the Linux Advanced Routing and Traffic Control HOWTO from lartc.org, and I'm wondering whether anyone knows of a file where I could keep qos rules persistent across a reboot, similar to /etc/sysconfig/iptables for netfilter. Should I just write my own script, or does something already exist?
By the way, iproute-2.6.29-4.fc12.i686.
I have an Untangle Box - which for those that don't know is a modified Debian Lenny used as a router, proxy, filter and much more - It has three physical interfaces on it eht0 (incoming traffic), eth1 (Outgoing to LAN after traffic filtered), and eth2 (Called a DMZ NIC, as Untangle can be used as a router). There is also a tun0 interface setup by Untangle for VPN (Not using the Openvpn in Untangle because I need bridged a bridged VPN and this is not an option in Untangles offering), a br0.eth setup by untangle to bridge eth0 and eth1 for traffic flow through as it is inline from router to switch and not acting as the router itself, and a br0 interface that I have setup by bridge script bridging eth2 and tap0 to run OpenVPN as a bridged VPN.
The routes on the machine are as follow:
Code:
untangle:~# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.100.0 * 255.255.255.0 U 0 0 0 br.eth0
192.168.1.0 * 255.255.255.0 U 0 0 0 br0
192.0.2.0 * 255.255.255.0 U 0 0 0 dummy0
192.0.2.0 * 255.255.255.0 U 0 0 0 utun
untangle:~#
I don't see a default route listed here, however, I do have Internet connectivity on the Untangle box itself. I also know that by script to bridge the tap0 and eth2 interfaces adds a default route through the gateway on the network that eth2 is connected to. So the lack of a default route is somewhat puzzling to me, I do have the gateway set through the web based admin interface Untangle offers.
The iptables rules are as follow:
Code:
untangle:~# iptables --list-rules
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-N alpaca-firewall .....
There was an addition output rule in the alpaca-nat-firewall rule that said DROP outgoing interface eth2, I removed that rule with no change. I can ping out from the Untangle server to the eth2 LAN, I can access resources in the eth2 subnet. But I cannot get any reply from the server from anything either in that subnet or not. If I run iftop I can see the incoming traffic form my ping but the Server sends out no reply. I think this is a firewall issue. I can access the server by connecting to the IP assigned to the eth0/br0.eth interface which is in my main LAN. I am also attaching a crude diagram of the previous setup and the new setup (Previous setup used a different server for my bridged VPN).
Is there a rule I can add to ensure that traffic coming in on an interface goes out the same interface? Do I have a rule blocking incoming traffic to eth2/br0? Do I have one blocking sending out on eth2/br0? Do I have a default rule that is killing the traffic on eth2/br0 and I need to add an accept rule for traffic coming in on eth2/br0? I tried adding an accept rule for traffic coming in on br0, but it didn't work. I tried an output rule, but that didn't work, but I may have been bungling these rules as I do not fully understand the syntax and function and body of an iptables rule. The exact original iptables information before I modified anything can be viewed at [URL].
I have problem with port based routing for local traffic. I can't use trick with iptables -t mangle, ip route table 1, ip rule fwmark table 1 because it works only with forwarded packets. I can't even use patch-o-matic because it's obsolete. And xtables-addons doesn't contain support for "-j ROUTE" yet.
View 2 Replies View RelatedI have set up a Virtual machine on a dedicated server from 1and1. I hoped to use a bridge to give the vm direct access to the internet but 1and1 do mac filtering and so the only option is to use NAT.
I used Virtual Machine Manager on my Ubuntu 10.04 machine at home to install Debain Lenny on the vm on the server using KVM and all went well. I put it on a virtual network 192.168.100.0 and i can access it from the host and i can access the internet from the guest using NAT that libvirt set-up.
I bought another ip address from 1and1 with the hope of forwarding packets to the new ip address 11.22.33.02 to the guest vm.
I have tried all sorts of routing rules using iptables without any success.
my virtual network is on virbr1 the guest ip is 192.168.100.50 my external network device is ip say 11.22.33.01 on eth0 with the secondary ip say 11.22.33.02 on eth0:1
Here are the latest rules i tried:
Quote:
iptables -t nat -A PREROUTING -d 11.22.33.02 -i eth0 -j DNAT --to-destination 192.168.100.50
iptables -t nat -A POSTROUTING -s 192.168.100.50 -o eth0 -j SNAT --to-source 11.22.33.02
iptables -A FORWARD -p tcp -i eth0 -o virbr1 -d 192.168.100.50 -m state --state NEW -j ACCEPT
iptables -A FORWARD -t filter -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT
[Code].....
I'm trying to connect to a Cisco VPN at work from Ubuntu 10.10. On earlier versions, I was able to import the config and get it working. In 10.10, though, the best I've gotten is being able to connect to the VPN, see the welcome message, and have packets sent over the tunnel. I don't receive any packets, though.
The command-line vpnc client connects just fine. I found this bug report: [URL]
The symptoms it describes are exactly what I'm seeing. The apparent solution is to "make sure in your config that LZO Compression is enabled (checked) under Advanced"; however I see neither an option for compression nor an "Advanced" tab, button, or anything on my VPN config in Network Manager.
I need to be able to do the following: Physical Router located at 192.168.40.1 On Ubuntu 10.04 Lucid machine:
eth0 with static ip 192.168.40.2
eth1 with static ip 192.168.40.3
eth2 with static ip 192.168.40.4
Associate a virtual address to eth1 with an entirely different network address such as 192.168.50.1 Do the same (virtual address) for eth2 -- e.g. 192.168.60.1 In the application:
register phone number A at 192.168.40.1 (The application will automatically use eth0 for this)
register phone number B at 192.168.50.1
register phone number C at 192.168.60.1
Somehow forward all traffic (including the register request) sent to 192.168.50.1 to 192.168.40.1 as if the register had been made directly to 192.168.40.1. In other words, the app "sends" registration and traffic to 192.168.50.1 but then Ubuntu forwards it to 192.168.40.1 (but the app does not know that). Similarly, forward all traffic sent to 192.168.60.1 to the router at 192.168.40.1.
Do the same for the reverse, forward all traffic that the router sends back to 192.168.40.3 (eth1) to 192.168.50.1 (within the Ubuntu machine) so that the app knows it is for phone B. Similarly forward all traffic that the router sends back to 192.168.40.4 (eth2) to 192.168.60.1 so that the app knows it is for phone C. Thus, the application believes that it is registering at 3 completely separate routers on 3 completely separate networks via 3 separate network interfaces but in fact is really registering all three to the same router (but does not know that). Similarly, the router believes that it is receiving 3 separate registrations because it receives each registration request and traffic from 3 separate interfaces and thus 3 separate mac addresses (i.e., of eth0, eth1, and eth2). Traffic sent to and from the router for each of the 3 phone numbers (via eth0, eth1, and eth2) are not mixed because the translation happens in both directions.
I have two networks. One of them is wired, the other is wireless. The wired has an internet connection and a few other computers connected to it. The wireless network has a few hosts connected to it too, but it has no internet connection. What I've been trying, fruitlessly, to do, is make all connections that are bound to the internet, or my wired network, be routed that way, and all the connections to the hosts of the wireless network go that way.
Here's the setup..
Wired:
192.168.1.0/24 Gateway = 192.168.1.1
Route internet through here
Wireless
192.168.2.0/24 Gateway = 192.168.2.1
If my computer sends a packet to the internet, it should be routed through 192.168.1.1 If I send a packet to one of the local hosts of the wireless network, it should be routed through 192.168.2.1. Here's the routing table I've set up(This is one of many configurations I've tried)
Code:
$ ip route show
192.168.2.1 dev wlan0 scope link
192.168.2.0/24 via 192.168.2.1 dev wlan0 src 192.168.2.4
[code]....
With this, and everything else, I get destination host unreachable when pinging. The strange thing is that, if I unplug my eth cable, reboot and connect to the wireless network, everything is fine and I can access the router and the others. I'm trying to improve my networking skills, as I've had this of setting up a small linux box as a router for quite some time, for the fun of it, but I need to get routing under control before I go ruin my network.
I can't get even a simple NAT router setup to work. The network topology is dirt-simple:
Code:
ISP gateway X.Y.Z.65 ->
Linux NAT router box X.Y.Z.108 (eth1) and 192.168.0.138 (eth0) ->
Windows Vista laptop 192.168.0.2
I'm running Debian "squeeze" - plain vanilla install with Gnome.
[Code]....
At every site i have two provider vsat and wireless connection.I have a linux machine and wanna setup act router for every site.
SITE 1 :
vsat : gw 10.23.128.1
wireless : gw 192.168.100.1
[code].....
I wanted to know if i can install mrtg on a client computer in network and measure the network's router traffic.i know that it can be installed on the server.
View 5 Replies View RelatedMy hardware has two interfaces: a) ethernet - eth0 b) WirelessLAN - eth1.After power on, eth1 gets associated to WirelessLAN access point.
The ethernet interface of Hadrware and test PC is directly connected to Wireless LAN access point through ethernet cable. Hardware is associated to Wireless LAN access point through eth1 interface.Now, when ethernet cable is connected to hardware, I can ping 192.168.254.254 from test PC.When I removed ethernet cable from hardware, I cannot ping 192.168.254.253 from test PC.I think access point should forward the incoming packet from test pc to hardware's eth1 interface wirelessely. Where am I wrong? Is it related to Kernel's routing table? If yes, how to detect removal of ethernet cable from hardware and change routing table dynmically?
I am running into trouble while trying to set-up a iptables routing policy. I have two machines on the same sub-network (xxx.xxx.153.0). One of the machines is used as a default gw for the other (xxx.xxx.153.250 is a gateway for xxx.xxx.153.142 and xxx.xxx.153.254 is a gw for xxx.xxx.153.250). There is no explanation for why the xxx.xxx.153.250 is in the middle -- xxx.xxx.153.142 can go straight to xxx.xxx.153.254, but is is like that for now.I am trying to find an iptable rule to be executed on the xxx.xxx.153.250 machine to route the packets.
View 3 Replies View RelatedI have a firewall, this consists of three NIC's:
Code: eth0[192.168.0.2] eth1[192.168.1.2] and eth2[10.10.165.2]
I am trying to ping eth0 from eth2, but I am not able to succesfully get a response from pinging the device, I am using:
Code: ping 192.168.0.2 -I eth2
I have tried to insert routing data into the routing table, but it still doesn't work
I have a program that connects to the internet that I would like to route through one of my secondary network interfaces. I need one specific port routed to eth1 instead of eth0. I believe that I should be using iptables for that, but I don't really know how to do it.
View 14 Replies View RelatedI am using Network Manager to connect to a VPN server so that I can access some of the computers on the local network there. When I'm connected, I have two problems: All my internet traffic goes through the VPN. My computer is no longer visible on my local network. I waste a lot of time connecting and disconnecting the VPN. Is there any way I can set up a VPN so that I am still on my local network and only requests to 172.x.x.x go through the VPN. I suspect it can be done with iptables, but all the info about iptables goes WAY over my head.
View 8 Replies View RelatedI want to know the IPsec-Advantages and Disadvantages that arise because of its location on the network layer in the OSI-Model. I read rfc2401 and rfc4301 specifications to find out the advantages and disadvantages of IPsec being located on the network layer in the OSI-Model (equivalent to Internet layer in the TCP/IP protocol stack). I really could not find enough good reasons for the advantages and disadvantages of IPsec being located on network layer. Here are some of them that I could think of:Advantage: - No application-specific implementation is needed (in comparison to SSL/TLS) - The ability to connect two subnets on the internet (tunneling mode) - Ability to encrypt the traffic between two end-points (transport mode)Disadvantage: - Complex implementation of ipsec itself - High computation performance when AH and ESP both activated - No encryption for the packets to the destination if it is arrived on the subnet on the other side when tunneling mode is activated.
(the network traffic is no more encrypted inside the subnet)What else can you guys add more to these advantages and/or disadvantages? The focus is IP-sec location on the network layer. (it is a kind of comparison to ssl/tls which is upper layer protocol)I would be grateful to any responses.P.S: I hope that this thread has landed in its right place.
I have internet access using mobile broadband and i also have a wireless network for home usage without internet access.
When my wireless network is connected every application in ubuntu (Meerkat) tries to use it for inernet access (as neededobviously). As soon as i disconnect from the wireless network (and assuming the mobile broadband is on) everything has access to the internet again using the mobile brodband.
How do i tell ubuntu that i don't want it to use my wireless network for internet access?
I noticed a huge data transfer to my computer. I wasn't downloading anything big, I have just opened Firefox, Thunderbird etc. It stopped after a minute but I'd like to know, what that was - this wasn't the first time something like this happened. I promptly started Wireshark and captured a few packets, all of them look like this:
[code]...
I tried to look at [URL]... but that webpage does not work. what the traffic might be caused by? Couldn't anyone hacked my pc?
Is there an easy way to monitor network traffic? I want to make sure my kids are surfing safe...
View 5 Replies View Relatedwhat I want to achieve is just to be able to say to who ever is killing our relatively fast connect that they aren't the only person using the network. Everyone just says "I hardly download anything." which is obviously untruthful as normally I can download at 1.5 MB/s but now loading even google.com takes way too long (same with pinging and all other sites). Once I do this, I can determine whether or not I need to call my ISP and do the long 'on hold' dance and "have you tried rebooting the router" BS.
View 8 Replies View RelatedI am running Ubuntu 10.10, upgraded a few weeks ago from 10.04. I noted from the system monitor that the system was generating a lot of network traffic, on the order of 10Mbps if the information is correct (using system monitor and iftop). From the process table, it appears that smbd is accumulating a lot of CPU time, which sort of makes sense as I use Samba for printing from a Windows 7 laptop. But the traffic seems to be making a round trip as I just rebooted the system and it reports in about 10 minutes of uptime 1.2GB was send and 1.2GB was received. Laptop is used for work, it is sitting idle for the last 30 minutes (VPN connection, etc); no backup or other interaction with the Ubuntu system.
View 6 Replies View RelatedI need software that measure the QoS of network traffic , Any recommend program?
View 3 Replies View RelatedI am manually capturing and injecting Ethernet traffic (using lib_net/lib_pcap libraries) for an application. At the moment , both capturing and injecting are done on the same physical interface (e.g. eth0). The problem is that all the traffic that I inject, are captured again by my application causing an unwanted feedback of injected traffic. This caused that I had to implement traffic filtering when capturing traffic, which is consuming resources and eventually will become too complicated to support.
I have tried using virtual interfaces to separate the capturing and injecting streams, but that also presented the same problem as all the traffic from eth0 is forwarded to both eth0:1 and eth0:2. If possible I would like both streams to go through 1 physical device, using more PDs will be the last resort. I am also looking at using TUN/TAP devices to try and separate the two streams, maybe writing a user-space program that lies between the physical device and the TUN/TAP devices to do the routing of traffic.
I need software that measure the QoS of network traffic , Any recommend program??
View 1 Replies View RelatedVia a network traffic monitoring tool I see that my laptop is generating lots of outgoing (EDIT : incoming !!) network traffic. Although no download program is running or any other program of which I know that could be generating this much traffic. Something strange is going on and I need to know how I can find out which program( s ) are generating network traffic.
View 7 Replies View Related