Ubuntu Servers :: Use Ipv4 Forwarding To Access LAN Network From The WAN?
Jun 11, 2011
I have an OpenVPN(10.04.2 LTS) server running in bridge (TAP) mode. Its sitting behind a router and then a cable modem. The VPN works perfectly but I have a security concern. In order to allow the VPN clients to connect to the internet, I had to enable IPv4 forwarding on the server. Is this is a security hole? Can a hacker access my servers connection from the internet (without authenticating with OpenVPN) and access my network. Can someone use Ipv4 forwarding to access my LAN network from the WAN
I used this command to enable ipv4 forwarding
echo 1 > /proc/sys/net/ipv4/ip_forward
Without IPv4 forwarding my VPN clients can only access my LAN and router, but they cannot reach my modem or the internet.
I'm forging a gateway server, We have 2 Internet connection that goes to a load balancer router, and goes to my centos server and from our server goes to a switch for Internet distribution or routing.
OS-CentOS 5.5 [root@server etc]# uname -srio Linux 2.6.18-194.el5 i386 GNU/Linux
My eth0 and eth1 has the following configuration and IP
[root@server etc]# cat /etc/sysconfig/network-scripts/ifcfg-eth0 # VIA Technologies, Inc. VT6105/VT6106S [Rhine-III] DEVICE=eth0 BOOTPROTO=none
[code]....
Disabling IPv4 packet forwarding but i already changed it to 1 at sysctl.conf One of the online forum says i need to configure the named.conf deleted some and run it(named.conf) and successful but still when I run network service I still get the :"Disabling IPv4 packet forwarding: net.ipv4.ip_forward = 0" The network is getting the IP range but it doesnt get any Internet connection.
I'm working in windows, and that's why I have been able to access the network. In F14, I was able to access the router address while the internet access ain't. Tried restarting network, and still the problem persists. Tried [URL] and the only thing that i've infered is that IPv4 Failed: FATAL plus, the routing table showed 0.0.0.0 as one of the entries (Gateway). So, i've deleted the wired network configuration from the Network Configuration and checked whether the os would pick it up automatically. It still didn't work.
I'm using Ubuntu Linux as my operating system.In my network only the ipv4 is suported, and I need to access some website through ipv6. How can I do it, is there a way to tunnel from the ipv4 to ipv6.
Is there a way to access today the openSUSE servers via IPv4? My ISP does not support ipv6, nor my router, and I can't install software right now in openSUSE, because it wants to access te servers via IPv6.
If would be grat to have the download.opensuse.org ipv4 address.
I really need to install some packages, they are required for my school project.
messages appear in syslog each day. Each URL has from 2 - 6 attempts at various ipv6 addresses. My question is why is bind9 trying to resolve ipv6 addresses? I have done nothing to enable or disable ipv6 and thought that if not explicitly enabled I would not have to be concerned with it.
What will be the easiest way to ssh connect a VM on VirtualBox, exporting its desktop to host, while it is already running ? I found; Howto Access via ssh a Virtualbox Guest machine.
I've installed Ubuntu Server 10.10 with two network cards. One for external, and one internal.My problem is that as soon as i activate eth1 (external), i can't access the server from the internal network (eth0)
With these settings i can't reach the internal network from inside.If i disable the gateway on eth1 and enable the gateway on eth0, it works.
I had some fun here, with my local Cyrus IMAP daemon. I "updated" the machine to openSuse11.4 (from 11.2) by doing a fresh install. Because some of my involved HW here isn't capable of IPv6, I switched it off using yast2: Netzwerkgeräte/Netzwerkeinstellungen [my translation: Network devices / Network Settings] Globale Optionen [global options] Removed the mark on "IPv6 aktivieren" [activate IPv6]
Then I had a hard fight with Cyrus IMAPd, mostly caused by user brain damage on my part... But one thing really looks like a problem on the Suse side of the fence: My /etc/hosts missed the "localhost"-entry for IPv4 ! This was the contents:
I haven't seen this effect on 11.2 here and I haven't seen it on "my other" machine (running 64 bit version of Suse 11.4). But there I think IPv6 is still activated. I will check this, as soon as I get there.
Should this be reported as a potential bug in 11.4 ? Or is there some way, I could have messed up this. (No I didn't edit /etc/hosts by hand, before I corrected this thing)
How do I assign IPv4 and IPv6 static addresses permanently in OpenSUSE 11.2? Currently I am only able to assign either IPv4 or IPv6 static address not both. I cannot find even the interfaces file(/etc/sysconfig/network/interfaces).
I've setup a webserver with LAMP and wondered if it was possible to edit the files without having to login through FTP, as would be the case if I was editing on an IIS server?
I've been researching this all day with no luck thus far. Basically I need to cutoff port 21/ftp access from IP addresses outside of my local network. My local IP range is something like 192.168.0.100 - 192.168.0.150 -- so anything outside of this range would automatically be blocked.
Any IP address outside of this range would be denied as I use SFTP for remote access, etc. from home, etc.
I've researched IP tables, tcp wrappers, etc. but am still unsure which would be best for what is probably a simple fix.
It seems I can't access smpt servers both from kmail and php. Kmail says
Code:
Sending failed: smtp.gmail.com
The message will stay in the 'outbox' folder until you either fix the problem (e.g. a broken address) or remove the message from the 'outbox' folder.The following transport was used: ... I double checked my settings and they are correct. I can ping smtp.gmail.com. I can send emails using thunderbird on a windows box that is connected to the same network as I am.I also tried turning off the firewall through yast but no joy.
I have installed Ubuntu on four machines at work and have been blown away. On my machine I have Apache setup for web development and other machines can "see" it using my IP address. I would like to have it so they can access by the name of my computer though. I have no local DNS server so I guess I need to hard code the relationship in each machine? Ideally I'd actually like to be able to use subdomains (which I use locally to avoid annoying .htaccess path problems). i.e. from another machine on the network to go to [URL].
I recently installed two PC with debian lenny (kernel 2.6.26). One is called serveur-debian1 and the second one serveur-debian2. I have installed gnome,samba, mysql5, apache2, php5, and Virtualbox,bridge-tools on them. On serveur-debian2, i installed an other virtual debian lenny with apache2,mysql5,php5,nagios and centreon on it to view my network. I remember having installed a soft to access nntp on serveur-debian2 in order to test nagios.
Since a few days, i have problem to access to my servers. rom my windows 7 client, i try to ping serveur-debian1. Response is OK but not for all resquets Always from the same computer, i try to ping serveur-debian2. Response is OK but not for all again.
When i launch a ping on serveur-debian1 and serveur debian2 at the same time i have:
ping 1 to 10: serveur-debian1: response OK serveur-debian2: no response ping 11to 14: serveur-debian1: no response serveur-debian2: response OK ping 15 to 25: serveur-debian1: respone OK serveur-debian2: @ip serveur-debian1 network unreachable (there's no error, it shows me the ip of serveur-debian1)
If i switch on the debian virtual server on the serveur-debian2, and i ping it at the same time, the response is OK for all resquests. The problem is very strange. I can't have a correct connection and when i launch a request from a software which access the mysql server, the requests failed ...
I'm trying to set up my mythtv backend on a headless box. The many tutorials out there tell you to run mythtv-setup from a machine with a display by x forwarding through ssh.
Code:
ssh -X username@ipaddress /usr/bin/mythtv-setup
The x forwarding works fine except that the first part of the mythtv-setup requires you to stop the mythtv-backend process which you have to do as root. It brings up a box asking for your password (much like is would if you just typed sudo xxxxxxx in the terminal) but it won't accept the password. Looking in the auth log it seems that it can't authenticate
Now I know that my account (administrator) can have root privileges because I can sudo xxxx to my hearts content via ssh in the terminal, but it seems to not work when it's being requested from a forwarded X window....
I dont know were to begin to solve my problem and I have been googling for hours to get a hint without any success. I'm runnning a Counterstrike Server on my virtual openSuse server - I'm exploring so don't justify what I am hosting at the moment
I want to make it possible to gain access to the cstrike folde via a ftp login. But I really have no idea were to start. The server is also a webserver, where I can ass FTP accounts for my apache vhosts via plesk - but I dont think this is the solution of my problem, isn't it?
Pre-exsisting issue from 9.04 server, and has never worked right for me. When I try to open an X11 forwarded app on a mac using the command "ssh -X myusername@serverIP" Other linux machines have similar issues from terminal. I can login just fine and preform any actions I want that do not require X11 forwarding, like say firefox or a manager. I just get the error "Error: no display specified" when trying to do anything with X11 forwarding. I have almost no Linux experience but from tinkering and my friends tinkering wonder if I have a x authority issue.
At one point I had ubuntu desktop package installed (forwarding still did not work then), did a unclean uninstall of it installed Xubuntu. Xubuntu did nothing but throw fits saying I did not have authority to preform all sorts of actions, many relating to root access. This box is meant to be a headless file, print and web server with the ability to login remotely as a convince for administration. I have given up on having a working GUI of any kind on this box. I really do not want to reinstall because of the amount of data on the main partition. What can I start trying to look into?
I have set up 10.04 server, got userdir working (/home/username/public_html) so I can access it with h ttp://myipaddress/~username. What do I need to do to get mydomain.com to point to http://myipaddress/~username?
I just bought a domain, let's say it's called example.com
I also have a gmail account, let's say it's: my.account@gmail.com
I want all email to master@example.com to forward to my.account@gmail.com, and likewise I want all e-mail from my.account@gmail.com to be from master@example.com, and have the reply-to also be master@example.com.
I guess the most pressing issue here is setting up some proxy to forward all my @example.com emails to my gmail. I've been looking through the forums and reading some tutorials, but none of them seem to do exactly what I'm looking for.
At first I want say that I'm regular Ubuntu user, not system administrator. I have installed mail server using Virtual Users And Domains With Postfix, Courier, MySQL And SquirrelMail (Ubuntu 11.04). And it's work!
But I have a challenge. I need to get incoming mail (from another server), zipping mail-body (as html or text) and all attachments into zip-archive, compile new mail with this new attachment (zip-archive) and (most important!) sign all this email with signature which locale in pem-file and send it to BCC-address from incoming mail. I don't know how do it or which tutorial start to read.
I've recently had to rebuild our mail server - after the old one over heated - and I've realised I never backed up the config files for exim... so now tyring to work out how the hell to configure what I had....
The setup isn't the most straight forward, so I'll try and explain what happens...
- all emails @longdomain.com are received by an hosted server on the internet - they are then forwarded to @shortdomain.com, the IP for which is our internet connection which fowards port 25 traffic to the exim server - the exim server then spam and virus checks the emails and forwards them to an exchange server (sorry but it works well for us)....
I've installed exim4/spamassassin/clamav successfully, and it's setup to receive emails for the relevant domains and relay from the hosted server on the internet (and some local addresses).
how I then setup exim4 to foward all emails on the relevant domains to the exchange server?
I'm trying to write an iptables config file, but got stuck.So I want to define an IP range that allows full access eth0-eth1 forwarding, and another that is allowed to access some special ip-s. The first part works, I could make the range has full access:
iptables -A FORWARD -m iprange --src-range 192.168.80.20-192.168.80.40 -j ACCEPT iptables -A FORWARD -i eth1 -o eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A FORWARD -o eth1 -i eth0 -j ACCEPT iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE echo 1 > /proc/sys/net/ipv4/ip_forward
But cant find out, how tom make the second rule. How could I put speicified target ip-s in this? I've tried to make a new chain:
I'm facing a challenge in setting up a simple routing between 2 networks. The situation is as follows.We're using 2 networks, 1 that handles all the office traffic and 1 that is used for storage traffic to the NAS. I'm trying to setup a simple router that will forward requests from the office LAN to the storage one, so people can access the NAS interface on the storage LAN.
So, I have a CentOS 5.5 box, connected to both networks that should handle this job. The office LAN is 172.29.38.0/24 and the storage LAN 10.1.2.0/24. IP adrresses of the linux box are 172.29.38.98 (eth0) and 10.1.2.98 (eth1).First I started by enabling IP-forwarding in the kernel:
Code:
# cat /proc/sys/net/ipv4/ip_forward
Below is a copy of the iptables in use:
Code:
# Firewall configuration written by system-config-securitylevel # Manual customization of this file is not recommended. *filter :INPUT ACCEPT [0:0]
[code]....
It just never seems to get to the machine on the other side. I've verified that I can access both networks from the router and I can ping the router from my client.
