Ubuntu Servers :: No Traffic Is Being Routed Through The Tunnel?
Aug 9, 2010
I know this has probably been solved multiple times, but I've searched the forum to no avail. I have a PPTP server setup properly with all ports forwarded correctly. A remote machine can connect and authenticate just fine. They get their IP assigned and everything.
The problem is that no traffic is being routed through the tunnel. Or, rather it is but the server doesn't seem to handle it. In a web browser I just get an error message. On a windows client I ran ipconfig and found a gateway address had not been assigned through the VPN tunnel. Could this be the problem? If so, how can I fix it?
This is what is in my /etc/network/interfaces right now.
Code: auto eth0 iface eth0 inet static address 67.202.x.x gateway 67.202.x.1 netmask 255.255.255.0 auto lo iface lo inet loopback My server.conf code....
I can get the VPN server running and everything connects fine from the client. I just don't know how to tunnel all the traffic through the VPS because it involves making the bridge which I'm having trouble with. What exactly am I supposed to put in /etc/network/interfaces?
I have a linux desktop with two connections - fast eth0 and slow modem ppp0. Most of traffic (e-mail, DNS, NTP) can be routed simply by IP/mask. But how about http and p2p (torrents, DC++)? Routing by IP is unacceptable, because there is very huge amount of routing rules. I need route http packets (80 port) through ppp0, p2p through eth0 (10000:65535 ports). I've found that splitting traffic by port is possible with marking packets for different gateways. For begin I cleared all tables and bringed up connections.
I installed the PPTP Client [URL] and can successfully connect to my VPN (creates interface ppp0). The problem is, I'm trying to tunnel all of my traffic on my system through the connection. I've seen conflicting howtos and scripts including pptpclient's documentation (the ip-up and ip-down scripts don't work). How does one simply (even if I type it manually) tunnel the traffic?
System Info: OS: Debian Squeeze, Kernel 2.6.32-5-686 GUI: Gnome (standard one from netisnt unstable install) Main interface: eth1 PPTP interface: ppp0
I'm new to iptable configuration. I've set up a VPN using DD-WRT on my router and it works fine. However the VPN company does not allow port 25 traffic (in case of spammers) so now I can't get my emails sent out.
I'm guessing I can add some rules to my iptable so that all traffic except port 25 traffic can go out through the VPN tunnel. And hopefully, all port 25 traffic will go out through the normal Internet connection.code...
I'm currently tunnelling to my Ubuntu pc at home from my laptop in order to bypass my schools false-positive prone filter. Is there a way to record traffic that both comes to and is delivered by my pc?
Recently I notice that when I'm connected to an vpn server (pptpd) and I'm using it as a default gateway my download and upload speed decreases almost to the half of the usual speed. I made a test using iptables in order to count how much GRE packets are generated (except the real traffic itself) in that way:
Code: iptables -I INPUT -p gre -j ACCEPT iptables -I OUTPUT -p gre -j ACCEPT
iptables -I FORWARD -s 172.16.10.101 -j ACCEPT iptables -I FORWARD -d 172.16.10.101 -j ACCEPT The first 2 rules match all GRE packets between the pptpd server and client, and the next rules - the traffic between the server and the client.
When I turn the counters to zero and begin to generate traffic (to browse, to download etc.) I see that the GRE packets are even more than these in the FORWARD chain.
So, my question is first of all is my test correct and is it true that so much gre traffic is being generated during the browsing (it becames clear that the traffic is double than if the pptpd wasn't used as a gateway) and if yes - can that traffic be reduced?
Hi, I have a server at my home which is a Ubuntu 9.1 which is setup as a NFS server using NFS v3. I am also using DYN DNS to access my home server remotely from another location using SSH. Everything works good, I can sucessfully log in to my server from my laptop via SSH, however my problem mounting my NFS share which consists of appx. 300 mp3 files. My question is:
1 How Do I Tunnel a NFS share through a SSH tunnel?
2 Is there any other configuration? needed to be done to the router?
3 is there anything needed to be configured to the server or my laptop?
4 Manual mounts is fine for me I don't care about automounting.
I just want to be able to mount the NFS share via the SSH Tunnel and play my music and access other files from my server.I just need the steps to set up this connection.
Does anyone know the best and simplest way to do this? I'd like the share to be mounted over the tunnel on boot with as little scripting as possible and be as secure as possible without exposing more than one port to the outside. I will be trying this method: [URL]... once the tunnel is established and 'always on' NFS would take care of the file system mount obviously. Lots of the information I have been reading is not up to date it seems. Does anyone have any experience with this?
I have an Ubuntu 11.04 instance running on Amazon EC2. I am currently using it as an SSH tunnel/SOCKS proxy. Most of my Net activity is on a Windows 7 machine running PuTTY. This setup is working very well. So well that a few of my friends have expressed interest in accessing it. Question is, how do I share this proxy, without giving away my private key and root access? I would like to limit users to only being able to set up an SSH tunnel/SOCKS proxy, with no shell access. What other security measures would you recommend for such a setup? I googled a bit and saw references to rbash and chroot. I have already changed the SSH port, and set the EC2 firewall to allow inbound SSH only from my ISP's address range. My friends use the same ISP. They would probably be running Windows 7/Vista, and PuTTY too.
I have a number of computers on a LAN. There are 3 laptops and 1 desktop, all running windows. I also have a Ubuntu server in the garage which servers up files to all those on the LAN. The server is not visible outside of the LAN for security reasons. Now, I want to track all traffic from any computer in my house that is coming and going in and out from the inter-tubes. I do not want to add this as a service to my current server as (a) it is behind the LAN and (b) I don't want to mess with security issues with that server.
I think I could set up a computer (an extra) which is between the modem and the router with two ethernet cards which would be able to monitor all traffic coming and going. This computer would, obviously, be exposed to all potential attacks as it wouldn't be behind the router's firewall. I'm not sure exactly how that would like or what software to use.
My kind isp had set up a authoratitive dns server that can't be cancelled that points to the wrong ip address. Hence I need to take all the traffic going into server A at the ip address aa.aa.aa.aa and send it all onto server B at ip address bb.bb.bb.bb. After much head scratching, I managed to achieve it as follows:- On the server at ip address A, set up following :-
iptables -t nat -A PREROUTING -d aa.aa.aa.aa -j DNAT --to bb.bb.bb.bb iptables -t nat -A POSTROUTING -d bb.bb.bb.bb -j MASQUERADE
my servers are configured with:Ubuntu 10.10 server 64bit;Lighttpd MySQL-Server I need to make graphs for traffic (bandwidth usage) and cpu load every month. I tried to configure mrtg but after 48h, it didn't produce graphs.(I can't install apache2)
I am running Ubuntu Server 10.10. I have installed OpenVPN using this guide I have set up everything correctly as this guide says, but I am having problems with the config file. I want to securely route all traffic on the client to the server, how ever the server will not start. My config is below:
Quote:
################################################# # Sample OpenVPN 2.0 config file for # # multi-client server. # # # # This file is for the server side #
[Code]......
The servers ip is 10.0.0.65 and I want to assign the clients the ip range of 10.0.0.200 to 10.0.0.20 When I try to start the server I get the message Fail.
I'm using Ubuntu server 9.10 with 2 NICS (Internet-router-eth0, eth1-LAN). I use iptables to generate rules for 20 computers, but when I execute the script, ALL TRAFFIC DROPS, including the server. What am I doing wrong?
Code: #!/bin/sh #eth0 192.168.0.50 - connected to Internet #eth1 192.168.1.51 - connected to LAN #192.168.1.52 - workstation1 #set default policies iptables -P INPUT DROP
[Code]...
iptables -A FORWARD -i eth1 -o eth0 -p tcp --dport 80 -s 192.168.1.52 -j ACCEPT. The reason I'm doing this is, I just want to open necessary ports in the server and restrict LAN usage.
I have a server on my router on the DMZ. All outside traffic goes to it. This server has Apache running and the domain mysite.com resolves to the the DMZ web server. I have a second server on the LAN that also has apache running. I want to set up another domain, myothersite.com to resolve to the second server on the LAN. Since the main server is on DMZ I have the DNS A records for myothersite.com pointing to the public IP that the DMZ is on.
How do I get myothersite.com to resolve to the second webserver on the LAN? What configuration do I need to do on my DMZ server so it routes traffic for myothersite.com to the other server on teh LAN? Do I use BIND DNS? If so please advise on how to set that up. BIND DNS seems confusing and I having trouble knowing how to configuring it. Is there another option besides BIND?
I want to know that how can i store network traffic in MySql Database. What i want to do is identify no of client requests hitting a server throughout the day...I have to store no. of request hitting a server in every 15 mins and insert that into database so that i can obtain a network traffic pattern.
I searched for a tool but cudn't find any that satisfy my requirements..
We have something on our network that is reaking havoc with our content filter. I am trying to track it down, but so far I have been unsuccessful. We have approximately 500 devices in 100+ different locations spread across 9 states. Looking at each computer is not really feasible.
I need a machine that can sit in between our network and our internet connection and graphically monitor in real time and logs how much traffic each device is sending and receiving. It would need to sit inline so it has to have two nics and be able to pass traffic. The machine also needs to be transparent. Reconfiguration of our routers or workstations is not an option.
I have used ethereal and wireshark before. Ethereal may be a viable option, but wireshark seems to provide lots of information, but no practical way to make use of it. how to set up the box to be a transparent device on the network that will allow internet bound traffic to flow (freely)?
I currently have one of our clients set up to use a routed VPN for their 5 laptops to connect to the server remotley. And this works brilliantly. They are about to bring on a remote office that will need a VPN connection back to the main office, so I was going to set up a bridged connection between the two sites (and possibly more sites in the future).
So my question is whats the best way to go about this? Can I have one instance of OpenVPN running with tun0 set up for a routed connection to the laptops and add a second tun (tun1) to the config that will be for the bridged connection between the sites? Or am I going to have to run multiple instances of OpenVNP, one for the routed and another for the bridged?
If routed and bridged have to run in seperate instances, will I have to add another instance for each new remote site that needs a connection? Can a bridged config connect to multiple sites, or have multiple tuns in the one config?
I'm running ASSP on Ubuntu 10.04.1 it's mostly working fine. I have one problem which has been bugging me for some time. I don't want to filter outbound mail, but if I can relay (proxy) my outbound mail through ASSP, then it can automatically add to the whitelist.
As ASSP is a proxy, I need a server to send it to once ASSP receives it. I've tried my ISP, but this failed and they weren't willing to confirm if a connection attempt was received at their end.
Can anyone help me with troubleshooting steps or a better suggestion for how I can set this up. I'd love to know why my ISP setup didn't work, but I don't know a tool for monitoring IP traffic in Ubuntu SE, in windows I use Wireshark is there any equivalent I can setup for Ubuntu or a tool I can use in windows which will show all traffic, Ubuntu and windows server are on the same netgear switch, not sure it's smart enough to copy all traffic to another port for monitoring.
I have a linux server I'm intending to use as a firewall. The server has the following adapters
eth0 - Public IP (VLAN2) eth0:1 - Public IP2 (VLAN2) eth1 - 10.241.4.4 (VLAN4)
the Default gateway is my ISPs gateway. Additionally, I have the following route set: route add -net 10.0.0.0 netmask 255.0.0.0 gw 10.241.4.1
I have a server that exists on VLAN 208 at IP 10.241.209.67/21., its GW is 10.241.208.1 (first IP in /21 range)
as it is on the 10.0.0.0/8 network, traffic from the firewall is successfully routed from that server through my router to the FW and out to the Internet. The FW can ping, ssh, etc... the server and vice versa.
I want an iptables rule that will allow me to forward port 4401 on eth0:1 to 10.241.209.67:4401.
Is this possible since the IP is not on the same subnet as eth1, even though it is accessible?
I'm a bit better than a neophyte linux user. I have not made port forwards with it in the past without scripts to assist so I'm looking for not just "it is possible", but also the syntax of how to add it.
I am building a router and I wonder if I have some rules like this and /proc/sys/net/ipv4/conf/all/accept_source_route is 0 will it work.
Code: echo 1000 TEST >> /etc/iproute2/rt_tables iptables -A PREROUTING -s 192.168.2.0/24 -t mangle -j MARK --set-mark 1 ip rule add fwmark 1 table TEST ip route add default via 192.168.3.5 dev eth2 table TEST
I am not quite sure is it source routed packages at all. And also even if it works with my router will next firewall drop such packages. I have mentioned before that some things like:
Code: ip route add default via 192.168.3.5 dev eth2 src 192.168.2.0/24 do not work
I need to set up my centOS computer as a firewall in my home network. Ive got 2 interfaces, eth0 and eth1. I want to allow and forward all traffic on eth0 and block all traffic on eth1 except ssh, ping(icmp) and DNS. How do I do this? Ive tried some editing in /etc/sysconfig/iptables but no luck.
I have three machines say A B and C. I want to make machine B as a router for A and C, so that the ping packets from C to A should be going via B. I have directly connected two interfaces(eth4) of A and B and similarly two interfaces(eth5) of B and C. I have even set up a route between B and C. 1. But I am not able to set a route between B and A.2. If I ping A from eth4 of B(viceversa) it works. When I ping B from eth5 of C it work but not the viceversa.3. Also, if I ping from C to A, B receives the packets, but not A.
I have searched google, but can't really get the hang of setting this up.Most howtos are setting up a DHCP and PXE on the same box. At the present my DHCP is done by my router and I want to set up the PXE server on my main PC.My router can re-direct traffic types based on ports (UDP or TCP) to an IP but can't do the bit about directing the pxe loader name (and I really don't want to ssh into it and start messing about there)If I redirect the port (what ever it may be, help required here) how would I go about setting up the Ubuntu PC to do the load and pass back to the PC trying to PXEboot?
In addition to 2 "desktop" machines, I recently set up an Ubuntu Server with Apache2, but when I try to access my www.homepage from a machine locally connected to the same router (via both wired & wireless interfaces), I am directed to the Login page of the router, not to the www.homepage. Yet, when I access the www.homepage from elsewhere, my www.homepage is accessible.
I can browse to my www.homepage by entering the local IP address into browsers on both local machines, so I know the machines are talking to each other. Just not letting me get in via normal internet browsing channels.
Server: Ubuntu 11.04 Webserver: Apache2 Router: D-Link DIR-615 IP Address of: 192.168.0.110 (reserved on router, static on server)
I wanted to tell my server to block all traffic but US only traffic. So i followed this guide:[URL].. Now I know, it's the best way to help prevent hackers/crackers (doesn't matter to me what they are called. I just have to stop them). My server only deals with US clients anyways so might as well just start right there for my server's security before getting into the brute force and injection preventions. So I got it all done compiled everything moved to the proper directory. I then started to setup my iptables. Like so
