Networking :: Getting A Firewall With Multiple Interfaces?
Mar 11, 2010
I would like a basic firewall on my netbook and first attempted this by using firestarter as i have no experience in writing IPTABLES rules from first principle and to be honest the syntax looks horrific! the problem with firestarted is that when i selected WLAN0 to be the internet connected port everything worked fine until i connected to a VPN at which nothing would work (the only error i got was when pinging an IP address when i got sendmsg not permitted) my normal setup is this.... normally im connected via WLAN0 to the internet. but one one particular network i must activate the VPN to use anything, this creates another interface tun0. both wlan0 and tun0 will be assigned an ip address but only the tun0 will do anything (the wlan0 one is configured by the network to just allow traffic to the vpn gateway and nothing else) what i really need is some way of creating a basic firewall (drop all incomming except ports i specify) that lives on wlan0 unless tun0 is active in which case it moves to tun0
Is there a way to do multiple interfaces in tcpdump? I have found that when using "-i any", not all packets are captured (compared to "-i eth0" on a machine with only one interface). I need to monitor traffic on some machines with as many as 6 interfaces, and get these packets that "-i any" misses. When I give the "-i" option multiple times, it seems to only use the last one.
I have the following setup: Client A, having 2 network interfaces, eth0 and eth1, both with the IP address 192.168.1.1/32. Client B, also having 2 network interfaces, eth0 and eth1, with the IP addresses 192.168.1.2. The routing table on client A has one entry: 192.168.1.2 dev eth0 The routing table on client B has one entry: 192.168.1.2 dev eth1. Basically the idea is to send the upload traffic one one interface and the download traffic on the other interface. (Client B could serve as a gateway). However, with this setup, well... nothing works. The packets received by Client B are ignored. Does the linux kernel have anything against routing packets coming from an interface, although he thinks the source is on another interface?
I have 4 interfaces, dvb0_0 - dvb0_3. Each one has a multicast stream coming in on it. The program I am using to decode these streams only accepts one interface though. How can I "combine" so that the program, listening on 1 ip can get all 4 streams? they are on groups 18.104.22.168-4
I am trying to run some benchmark tests for multicast. What I want to do is have one system send multicast packets and another receive it on all it's interfaces (eth0-eth3). Whenever I run receiver on more than one interface I get echo effect (if I receive on x interfaces then I get same packet x number of times). Is this how it is supposed to behave? It does not make any difference whether I use loop-back or not. I have set SO_REUSEADDR to yes. I run separate instance of receiver on each interface. I am doing this on RHEL5 systems.
I have got a problem in the configuration of the network for my Linux box. The distribution is Slackware 12.2 with the 22.214.171.124-smp kernel. There are three ethernet NIC, one on the motherboard with Atheros AR8121/AR8113 chip and two on PCI card which with RealTek 8169. I installed the module for Atheros which is the atl1e.ko and I defined the configuration for the three NICs in /etc/rc.d/rc.inet1.conf. When I hit the commend ifconfig I see all the three interfaces eth0, eth1, and eth2, but the address are not distributed between the NICs as I'd like so I thought to resolve the inconvience with udev, but I don't know how to proceed because there is a strange situation.
If I control the file /etc/udev/rules.d/70-persistent-net.rules I see a strange situation: Once the file contains nonly a line for the Atheros NIC but if I reboot the system there are the two lines for the two RealTek NICs and everytime the system is rebooted there is a change between these two alternatives. A detail I noted is that the two modules atl1e and r8169 are both always loaded, so udev has always the chance to detect the hardware but for some reason that I don't know something goes wrong. Another related problem that bothers me is the absence of udevinfo and udevtest. Have I perhaps to reinstall udev?
Adapter 2: HTC Desire tethered via USB. When I start from scratch, with no remembered networks in the network manager, the Ethernet is shown as "Auto Ethernet". When I then connect the HTC Desire, the new network is shown in the network manager also as "Auto Ethernet". Previously, when I right clicked on the network manager and selected "Edit Connections", there were multiple "Auto Ethernet" entries under the wired tab.
Now (and I do not know what changed, sorry), I only see one entry. When I edit this entry (say, add a route), then the route is added for both network interfaces. This used to still work, so I was not worried about the name clash, but now it is causing problems so I need to have a different name for each network interface.
configure a server with two network interfaces? This system is physically moved from one network to another every few days (different buildings but connected by a VPN). I'd like to be able to control the IP address of the system depending on which port I plug the network cable into with a static setting. Right now the system will connect to the local network, but any requests to go beyond the subnet get lost. The only way I can get the system to talk outside of its subnet is to comment out the second interface.
I have a built-in gigabit Ethernet card which is connected to a router. Router's IP address is 192.168.2.1 My IP is 192.168.2.161 (eth0) I also have a Nokia N900 connected via USB and its IP is 192.168.1.1. It serves as a second router and on that interface (usb0) my IP is 192.168.1.2 N900 is also connected to a wireless network. Router of that network has the IP 10.0.0.1 and N900's IP is 10.0.0.50 (wlan0) My problem is that I want to reach a server at 10.0.0.7 from my computer. Is there a way I can do that?
I'm trying to connect one computer to two others in an ad-hoc infrastructure.
[computer 1] ---- [computer 2] ---- [computer 3]
computer 2 is running Linux and has a single NIC wlan0. I want to it to connect to both computer 1 and computer 3 so each computer can talk to the other. No switch is available so it needs to be an ad-hoc setup.
I have a weird issue that I have not seen on any forum. My jaunty on DELL studio laptop seems connected to net, but I can not access any network service (ssh, firefox etc.). But when I connect a cable the cable lights blink as it should be and in wireless connection my wifi light blinks.
It was working 2 days ago without problem, and I have not done big changes recently.I removed and reinstalled network-manager and network-manager-gnome. Nothing changed. I see a message in each restart as follows (when Openafs is starting). I can reproduce it with "/etc/init.d/openafs-client restart"
ADVISEADDR:error in specifying interfaces: no existing ip interfaces found
This morning I was configuring a DNS server through Yast at home, I've done it once before (in another wireless lan)and it works perfectly. But this morning, after I clicked "start dns server now", everything freezed, and caps lock light on keyboard kept flashing. I rebooted laptop,it couldn't boot into run level-5 and there were few "skipped" items and "failed" items displayed.... Sorry I'm new to linux so I re-installed it this afternoon, and kept /home partition, formatted / partition.
Everything seems to be fine after re-installation, again I tried configuring a DNS server and clicked "start dns server now", but the same problem appeared, caps lock light kept flashing and I rebooted the laptop but fortunately this time it didn't fail on any items when booting
In Yast-Network Settings, I choose "use controlled with network manager", and I can connect to wireless router and browsing web, but there are no any interfaces shown in Yast-Firewall, and this time, after I clicked "start dns server now", nothing happens, dns server just won't start...
a Netgear router with DHCP off at 192.168.0.1 my computer
eth0 at 192.168.0.2 wlan0 at 192.168.0.2
The wlan0 interface always connects to the router, while the eth0 interface connects to other computers with crossover and acts as a dnsmasq DHCP server for network boot and installation.
If I use the Gnome NetworkManager to enable both connections, that is, with wlan0 connected to the router/internet and eth0 to another computer, both as 192.168.0.2, I cannot access the internet while eth0 is connected.
Why is this? How can I configure my computer to follow wlan0 for Internet usage, but use eth0 for itself (the latter is working but blocking wlan0).
I have a rather urgent problem with my network, I got two virtual network interfaces one internal and one external. The problem is; I can't get connection to internet. The external NIC is set as a NAT and the internal is... internal.
My question is about TCP parameters in Linux. By now, I want to change the default values of:
Initial Timeout ACK Delay Idle Connection Timeout
I have a Linux Box with kernel 2.6.x and 2 ethernet interfaces. I know TCP is a stack that doesn't have anything to do with ethernet devices. Said that, the question: is there a way to set custom values for each interface? For example, a server listening to connections in eth0 would use one value for Idle Connection Timeout and another server listening to connections in eth1 could use a different value for that parameter.
I am learning to setup firewall in my home for that i have selected four system(sys1,sys2....sys4) for testing .I have configured sys2 to act as a firewall with two NIC. sys3 and sys4 are inside the firewall . sys1 is not connected to firewall for testing purpose.
the IP assignments are follows :
sys1 : ( fedora, not connected to firewall i am thinking, But i am not sure )
what happened is that sys1(not connected to firewall) can ssh to sys4(connected,inside firewall),since the rules are written not to ssh form sys1 to sys4..
then I came to know whatever the request I give, It directly goes as sys1 --> sys4. Not as sys1-----> sys2(firewall)---> sys4 .and the firewall is not filtering and processing anything for both inbound and outbound (i think it's my mistake some where). the requests are directly going inside without firewall.
We have a 10.0.0.x network with a working DNS Server (BIND) setup. Recently we purchased Watchguard firewall and configured three networks, so that our internal network can be divided into three networks and talk to each other through firewall routing. So I configured three ips 192.168.0.1,172.16.0.1 and 10.0.0.1 for local network card in the firewall router. I separated three networks and individually configured machines with static ip and given gateway as the above ips. Now, I need to configure DNS server for each zone in the same server which is in the network 10.0.0.x, is this possible?. If yes do I need to setup ip aliases for eth0 in the DNS server with different ips from each network?
I'm testing some network setups, and bought two dirt-cheap USB network interfaces. My plan was to attach these two to an embedded device (sheevaplug) and mess with firewall setups. However, the two interfaces are absolutely identical; they have the same MAC, and lsusb -v is the same for both, line by line (except for device number, which tells the order the devices are plugged in, I believe?). Also, this is a single usb bus (single port, with a hub).
Now, obviously I can't make much of a firewall setup if I can't tell the interfaces apart. I realize I probably hit a brick wall, but does anyone have thoughts on this?
I have two interfaces, gprs0 and gprs1, both connected to the Internet from the same HW device, but through two different access points I just read another blog entry with a guy who had two network cards, using one as a back up - I guess this is a little similar, but should be much easier I am guessing - I am just lost Using ifconfig (IP address given by the network) and route to setup the connection,
ifconfig gprs0 10.20.30.40 up route add default dev gprs0 ping 126.96.36.199 works fine afterwards
There is data being transmitted and received to device again, I guess the kernel just doesn't know where the incoming data should go without the correct routing tables? Or what exactly is going on?The question I have is how do I configure the device to do the correct routing, using only the ifconfig and route commands? Maybe too trivial for you guys, but I am getting tired of goofing around not knowing what is up and down anymore
I installed the latest release of Kubuntu on to my dell laptop about 3 days ago, I fell asleep last night and woke up to my laptop not being connected to my wireless(it was when I fell asleep, it didnt reboot or anything overnight an dno one touched it), so I plugged in an ethernet cable and it still did not detect an internet connection, then finally it connected through my phones mobile internet via Usb.
However none of the built in networking devices are working, I have them all enabled.My WLAN Interface says "Unmanaged" and Networking interface complains the cable is unplugged even when it is not.I know you guys will need some additional info from me to help me.I just used my mobile broadband to install Wicd network manager but thats just a temporary fix, as it doesnt fix my ethernet issue and I want to be able to use the network manager itself to manage my networks.
I'm using Debian Squeeze with backports turned on and I've installed connman and it cannot see my wireless networking interface. I know my wireless card has a working driver because I have WICD on the same system and it connects just fine.I am using the Enlightenment desktop though and it only integrates with the connman wireless manager - so I would prefer to use this instead of WICD. Anyone have any ideas on how I can get connman working? What extra configuration needs to be done after installing?
I added my user to have the same permissions as root to the /etc/dbus-1/system.d/connman.conf file and I added my tiwlan0 to /etc/network/interfaces as a DHCP connection with no changes in functionality :-/. Been searching around online and reading man pages for the last couple days with no good results. Any input would be awesome!