Ubuntu Security :: Best Method For Routing Multiple External Static IP's ?
Dec 16, 2010
I have a block of 5 static ip's and 2 servers that push HTTP and other services. What is the best method of configuring/routing traffic to individual boxes on the network?
More detail: One of my static IP's is assigned to a dedicated box for an Ubuntu mirror. Another static IP is assigned to a server with all of the HTTP traffic.
Several configurations function to route traffic appropriately (forwarding proxy or 1-to-1 NAT). However, with 1-to-1 NAT, the box is left open to the world with only the software firewall. Do I really need to place a hardware firewall inline to EVERY server?
Or, what other methods of routing and firewall would you recommend?
View 3 Replies
ADVERTISEMENT
Jun 14, 2011
I've been trying to get it work for 2 days now..
Here's my setup.
MODEM -> router (ISP one don't have access)
from the router it split into 2 connection one to my GW (linux debian) and another to a switch which is connected to a web/email server and the gateway.
My gw use x.x.x.27 and x.x.x.26 (everything I use on these ips is ok)
on the web/email server I have x.x.x.28 29 and 30
With this setup it's ok but I want to eliminate the link to the switch and make it pass thru the GW and i can't manage to get it work!
View 4 Replies
View Related
Apr 14, 2009
I have just installed Fedora 10 on an old laptop and was quite impressed with how smoothly it all went ... until it came to setting up networking!
I have battled for three days now and I'm almost there;
- installed updated firmware to the built in Broadcom 4306 wireless network adapter
- got NetworkManager to work with a static ip address by manually editing the ifcfg-wlan0 file
- managed to get the WPA security to work
The only problem I am left with is that there is no default route; if I set one up using: ip r a default via 10.1.1.1 dev wlan0
Then everything starts working.
If I try to add routes using the NetworkManager gui interface they dont get saved (no suprises there then! ).
I have tried creating a route-wlan0 file in /etc/sysconfig/network-scripts/ but this seems to be ignored by NetworkManager.
Since the NetworkManager GUI is almost useless, does anyone know if there are any other configuration files I can manually modify to get a default route set?
View 6 Replies
View Related
Nov 29, 2010
I have to connect my private adres 10.0.0.2/26 to an external adres 192.168.1.253/16
I am not allowed to use Nat so i have to create a static routing table..
Ive put a router between with 2 nic's:
Ive seen on various sites that :
Should do the trick but it isnt working for me ... Ipforwarding is enabled.. Also when i use the sys/proc command..
How to make the table? I am using Opensuse 11.2
View 5 Replies
View Related
Aug 25, 2010
In configuring static routing between two different subnets.
I have two different subnets as mentioned below:
I have a linux machine with two NICs on which i would like to configure static routing. details of the NICs are as mentioned below:
I have configured the gateway as 10.77.77.1 on machines which fall under 10.77.77.0/24 subnet and 172.16.40.1 on 172.16.40.0/24 machines.
My main motive here is i want communication to happen between both the subnets.
If the following modifications to route-eth0 and route-eth1.
View 3 Replies
View Related
Aug 12, 2010
How to work GNUGK for H.323 Gatekeeper.
I am having a problem, configuring static call routing on GNUGK
In the section
You can see that the routers Local-router1 and 2 has the same dialling plan.
What happens is the gatekeeper send calls randomly to one router or to the other when one of the matching extension is dialled.
What I am trying to do is to force
Any calls coming from Remote1 to go out only throught Local-router1
Remote1 =========================> Local-router1
And any calls from Remote2 to go out throught Local-router2
Remote2 =========================> Local-router2
View 1 Replies
View Related
Jan 10, 2011
I have one external ip address and a few domains. Would it be possible to have each domain on a internal domain and the box that sits on that external ip route to the internal. This would be for a number of server (mail, apache, imap, pop3, https ) So for example:
Some visit domain1.com ->external ip -> 192.168.10.100 Someone else visit domain2.com ->external ip -> 192.168.10.101 and so one with a number of domains
View 3 Replies
View Related
Apr 13, 2010
I'm running Ubuntu 9.10 server at home on VMware Workstation 7. I have two NIC's configured, one NIC is setup to have a direct connection to the network "Bridged", another NIC is setup to have a private network connection on VMnet1.
Network card 1 - 192.168.1.160 (Bridged)
Network card 2 - 10.1.1.1 (Internal access only)
So when I try to access the Internet, I can not go out on the NIC 1. If I try to ping google.com I get a return from 10.1.1.1 "no reply". But I know that NIC 2 is working, because I can ping 192.168.1.160 from the workstation I'm running on.
So I think that my routing is sending traffic out to the wrong NIC, but not sure if this is a metric in the iptables or another place?
The reason for two NICS is to simulate a DMZ where the server will be running Squid, to test proxy from another workstation on the 10.1.1.X subnet.
View 3 Replies
View Related
Jul 8, 2010
Running Fedora 13 and have it working great acting as my firewall/router/samba server etc. The problem is the connection is shared by a fair number of us and the ISP is getting annoyed with the amount of torrent traffic. One of us has access to a wireless network and we'd like to figure out how to route some of the traffic through that without having to disconnect from the current network. I put a wireless card in the fedora box and can connect to the wireless but then it messes up the current network and pretty much nothing works.
At the least if I could run a torrent client (e.g. ktorrent or whatever) on the Linux box and have it download through the wireless card on tcp port XXXXX I would be happy. The torrent client and those tcp/udp ports can be dedicated to that wireless card, the rest of the network doesn't need to get involved if that makes things simpler. Not looking for a step by step tutorial, just an explanation of what needs to be done and a shove in the right direction. My experience is limited to single WAN connections up to this point.
View 1 Replies
View Related
Mar 29, 2010
We have a 10.0.0.x network with a working DNS Server (BIND) setup. Recently we purchased Watchguard firewall and configured three networks, so that our internal network can be divided into three networks and talk to each other through firewall routing. So I configured three ips 192.168.0.1,172.16.0.1 and 10.0.0.1 for local network card in the firewall router. I separated three networks and individually configured machines with static ip and given gateway as the above ips. Now, I need to configure DNS server for each zone in the same server which is in the network 10.0.0.x, is this possible?. If yes do I need to setup ip aliases for eth0 in the DNS server with different ips from each network?
View 1 Replies
View Related
Feb 19, 2011
I would like to download a webpage using WGET which needs a form submission (POST method) in order to appear. I can do that with this command.
wget --post-data="computer=hosts&style=list" http://www.example.com
The problem is there is more than one form on the requested page and I dont know how to tell WGET which one should it POST the data to.
View 3 Replies
View Related
Mar 31, 2011
I have a CentOS5 server with dual ethernet adapters + Webmin installed as my Router / Firewall / DHCP server working successfully with 1 static IP from my ISP. I also have 7 additional static IP addresses from my ISP needing to configure to individual servers inside my network. I have configured the additional virtual interfaces, but am lost on how to route data specifically from additional ISP address to specific internal network address.
Below is my desired configuration.
98.173.159.xx1 = eth0 physical interface ==> eth1 192.168.1.1
98.173.159.xx2 = eth0:1 virtual interface ==> 192.168.1.10 ==> CentOS Server 2
98.173.159.xx3 = eth0:2 virtual interface ==> 192.168.1.20 ==> CentOS Server 3
98.173.159.xx4 = eth0:3 virtual interface ==> 192.168.1.30 ==> CentOS Server 4
98.173.159.xx5 = eth0:4 virtual interface ==> 192.168.1.40 ==> Mac OS X Server 1
98.173.159.xx6 = eth0:5 virtual interface ==> 192.168.1.50 ==> Mac OS X Server 1
98.173.159.xx7 = eth0:6 virtual interface ==> 192.168.1.60 ==> Network Attached Storage Server 1
98.173.159.xx8 = eth0:7 virtual interface ==> 192.168.1.70 ==> Windows 2008 Server 1
View 2 Replies
View Related
Mar 9, 2010
The first is regarding my home network that I've setup. It mainly consists of two laptops, both running fedora. I find myself using rsync, ssh, scp, and the like quite often, but it is very annoying constantly needing to provide a password. This sounds like a job for RSA keys, but is it safe to do so on my laptop I take whenever I travel? If my laptop were to be stolen, my personal and private keys would be available to the thief. Is it instead better to use something like kerberos (which I'm not very familiar with, ie. I've used it at work but never took the time to learn how it works).
This isn't much of an issue with my home network since it is protected behind my router. However, I have the same issue with rsync, and ssh to my work PC. These are the RSA keys I'm worried about if my laptop were to be stolen.
View 3 Replies
View Related
Apr 6, 2010
I have a firewall, this consists of three NIC's:
Code: eth0[192.168.0.2] eth1[192.168.1.2] and eth2[10.10.165.2]
I am trying to ping eth0 from eth2, but I am not able to succesfully get a response from pinging the device, I am using:
Code: ping 192.168.0.2 -I eth2
I have tried to insert routing data into the routing table, but it still doesn't work
View 2 Replies
View Related
Mar 10, 2011
I recently switched to WEP encryption from a functional WPA encryption and I've been having problems since (I need WEP for another device and I understand it's less secure.) I tried updating /etc/network/interfaces for the new network using the information here:
[URL]
interfaces is now:
Code:
auto lo
iface lo inet loopback
auto wlan0
iface wlan0 inet static
[code]..
Is there anything wrong with the above? There is a chance I've made matters worse in my frustration... What troubleshooting steps can I take?
View 7 Replies
View Related
Jan 16, 2011
I had made following entries in my httpd.conf file at centos5.5.
###########################
Listen 80
Listen 8080
Listen 8085[code]....
When i am trying to access the any directory other on port *80, its not being accessible from the static ip which is routed through a DMZ server. http://122.165.35.9:8085 something like this returns the error "could not connect to web browser"
View 3 Replies
View Related
Dec 21, 2009
I have recently setup a new mail server and have simulated sending and receiving on the new email server. The new email server will replace the primary one.I would like to setup the new email server in parallel with the existing one.This way i can observe issues that might occur and be aware of what could go wrong. I want to received mail to be delivered to both mail servers at the same time.I would like to use postfix, exim i find a bit to difficult to understand.I have thought of using transport maps, the only problem is that you can only forward mail to one server at a time using transport maps.I think recipient_bcc_maps and sender_bcc_maps could work, i would just like ideas of how i can do this.
View 5 Replies
View Related
Jan 7, 2011
I don't know if this is Just my Machine, or not. But here is it:
Ubuntu 10.01
Acer Aspire 7740
When the computer is locked. I can smiply go to switch users. when the list of users logins are shown all i have to do is click on my user name and it allows me into my account without typing in a password. I can lock the computer manually or wait for it to time out it doesn't matter. the switch users method allows me to bypass the password protection.
View 3 Replies
View Related
Sep 13, 2010
ok I am using Debian 4 bigmem and I set up static ip for my box. This is for a class and we will be moving the hard drives around the lab to different computers. My question is what do I configure to get Debian to be ok with my using different nics at different times.
My first time I used it, I had eth0, but now I'm on a different computer (same type of hardware on all systems) but my nic is now eth1... And I had to set up static again for that nic. How can I have it just maintain a static ip for whatever nic/mac address on the computer that my hard drive happens to be put on?
View 1 Replies
View Related
Sep 13, 2010
I am using Debian 4 bigmem and I set up static ip for my box. This is for a class and we will be moving the hard drives around the lab to different computers. My question is what do I configure to get Debian to be ok with my using different nics at different times. My first time I used it, I had eth0, but now I'm on a different computer (same type of hardware on all systems) but my nic is now eth1... And I had to set up static again for that nic. How can I have it just maintain a static ip for whatever nic/mac address on the computer that my hard drive happens to be put on?
View 5 Replies
View Related
Aug 14, 2010
i have just recently purchased a SeaGate 1TB External Hardrive. i have very sensitive information on this storage unit that i only want certain people to have access to. is there any way of password protecting the hardrive? preferably using linux or what are my options?
View 9 Replies
View Related
Jul 22, 2010
I'm having a mare with SSL with Apache. I have set it up and if I go to the follwoing address http://192.168.1.2 it seems to work and the pages are delivered to my browser. However if I try to access it from an exernal PC it will not work.
I can get to the non-ssl part of the site so the static ip is resolved and the port forwarding all works.
Does any one have any ideas (and in fact i think I may have just solved it - Ports - 80 mis open but I haven't done anything with 443. Will check it out and post back.
View 1 Replies
View Related
Dec 28, 2010
I recently got an external 2TB hard drive. I want to use it with my Mac Mini, which is triple booting Linux, Mac 10.6, and Windows 7. The problem is, I don't know which file system it should be using. NTFS is read/write in Windows and read-only in Mac, and HFS+ is read only in Windows and read/write in Mac. I'm pretty sure FAT is not a good choice for a disk this big. Is there any way to get this to work?
View 1 Replies
View Related
May 16, 2010
I'm running 10.04 X86_64. I have this 650 GB External Hard Drive With three partitions: one fat32 and two ext4. Sometimes when I plug the drive in X crashes. I get no response at all from the keyboard but the pointer works. I am able to minimize and maximize windows but i cant close them and i cant click on the top bar. Today the error occurred after I transfered some files from one of the ext4 partitions to a 320 GB External HD(single partition FAT32). I pressed the ctrl + alt+ f1 ( to go to the shell :-/) and this strange lines of code where showing up over and over again:
[XXXXX.XXXXXX] ata1.00:status: {DRDY ERR}
Also the following exception:
[XXXXX.XXXXXX] ata1.00:status: Exception Emask 0x00 SAct 0x0 SErr 0x0 action 0x0
When i came back to X (ctrl + alt + f7) and unmounted the drives every worked fine.
View 1 Replies
View Related
Sep 30, 2010
I want to setup my External HDD with multiple operating systems on it. My first question is, If i am running an AMD box at home, will my External drive boot on an intel machine some where else?
Second; How would i go about installing them on my external?
View 2 Replies
View Related
May 26, 2010
I have an external USB hard drive at /dev/sdb1 (NTFS)
2 users: johnny, audio
for some reason this drive is mounted at /media/TREKSTOR_ with johnny as the owner. I can't seem to chown the drive to audio. If I unmount the device, and remount it, the owner is set to johnny again. I need to access this drive from the audio account.It's a 1TB drive, so I wouldn't be able to reformat it to EXT3 easily as it's almost 60% full.
View 1 Replies
View Related
Jun 22, 2011
I'm having some trouble with email being denied because of DNS and/or Reverse DNS issues. I'm hoping someone here is an expert and can shed some light on it for meWe have multiple subdomains, each having it's own entry in the zone file. However, the majority of our traffic goes out an aggregated external IP address with the exception of a few instances such as our mail server and our website(s).We currently have these three records in our example.com zone file:
Code:
example.com. IN A 11.22.333.44
www.example.com. 1H IN A 11.22.333.44
[code]...
View 5 Replies
View Related
Dec 6, 2010
I have a secondary IP (external/Internet, not LAN) for a CentOS box, what do I need to do to make the server bind to that IP as well as it's primary one?
View 2 Replies
View Related
Dec 20, 2010
How to mount multiple external HDD's. I'd like to link or mount the music, torrents, and general files from several external hard drives and apply permissions (in some cases I only want the mount or link to be read only).
My setup:
- Seagate Dockstar running Debian squeeze (it's headless so I don't have a gui running)
- Two external HDD's with one partition on each (250GB and 400GB)
What I'd like to accomplish:
1. Mount the external HDD's to /media/HDDs as read/write (this is already working using udev and autofs and it's available in samba)
2. I'd like the MUSIC directories on both external HDD's to show up under the same mount point. In other words I want the MUSIC folders (from both HDD's) to appear as one large library of music. And I only want this to be readonly. It will be used as the library for mpd and/or squeezebox.
3. Mount a directory used to download torrents to. I'll probably pick on HDD as the target for torrent dowloads. But let me know if you have any other ideas regarding this.
Since I have the first one done, how would I accomplish 2 & 3?
View 1 Replies
View Related
Jan 12, 2010
I would like to mount a (permanently) attached external USB drive so that it is writable by multiple userids. Currently HAL is mounting the drive as writable to my owner user and readable for group and others. My m/c also runs as an FTP server and I would like said FTP server to be able to write files to the external drive. Just being able to specify a gid would probably do the job for me.
I have googled HAL and UDEV and also attempted to configure usbmount to do this, all to no avail. I am running SLES 10.3. So in summary, can I & how do I either make HAL mount the drive with gid=nnn, or should I not use HAL and simply make an entry in /etc/fstab and make sure a I get the same device address for this USB drive each time I boot?
View 4 Replies
View Related
