LHN Linux Forums

Costa Vakalopoulos new here!

dokokoy — Sat, 18 May 2013 07:00:40 GMT

Hi I'm Costa Vakalopoulos,
I'm new to this community forum..
I hope that I'm welcome here

regards
Dr Costa Vakalopoulos Richmond

Gaspare Scot Buonavita"Newbie"

chimalaya — Thu, 16 May 2013 16:02:07 GMT

hello everyone...(+_+)

BY:
Gaspare Scot Buonavita

Gaspare Scot Buonavita who is online

lakus — Thu, 16 May 2013 15:49:03 GMT

I am Gaspare Scot Buonavita Glad to part of the linuxhomenetworking community

Best Regadrs:
Gaspare Scot Buonavita

what is the --kerneltz in iptables command.

pradiptart — Thu, 16 May 2013 12:12:51 GMT

Hi all,
I am using iptables for my project but facing some problem as follow.

1.in iptables 1.4.7

Quote:

iptables -A INPUT -s 10.0.4.247 -m time --datestart 2013-5-16T12 --datestop 2013-5-16T16 -j DROP

or

Quote:

iptables -A INPUT -s 10.0.4.247 -m time --localtz --datestart 2013-5-16T12 --datestop 2013-5-16T16 -j DROP

output of date command

Thu May 16 15:52:11 IST 2013

both the commands above is not working. As i can able to ping form 10.0.4.247 to the machine.

why this is not working as default it should be --localtz.(man page of iptables v 1.4.7)

2.in iptables v 1.4.12

Quote:

iptables -A INPUT -s 10.0.4.247 -m time --kerneltz --datestart 2013-5-16T12 --datestop 2013-5-16T16 -j DROP

This is working as I am not able to ping from the ip 10.0.4.247

Quote:

iptables -A INPUT -s 10.0.4.247 -m time --datestart 2013-5-16T12 --datestop 2013-5-16T16 -j DROP

This rule by default set to follow UTC timezone but in man page it showing,the default is --kerneltz.[man of iptables v1.4.12]

can any one tell me what is problem with the iptables ,I need to block some ip/port for a specified time duration,but unable find what to do.

what is actually meaning of --kerneltz and is it safe to use this.

kindly tell some answer

Thanks

Newbie

nivborsuk — Thu, 16 May 2013 10:38:38 GMT

Hello guyz...

Niv Borsuk

The Ashton Lewis Group! Hello

solling — Wed, 15 May 2013 01:55:58 GMT

The Ashton Lewis Group, im new to this site

regards
The Ashton Lewis Group

greetings from jose miguel coletta

masamakah — Tue, 14 May 2013 09:17:41 GMT

I found this great

community forum while searching over the Internet. This is really a nice forum hope i would

have a nice stay

here...

regards,
jose miguel coletta

http://www.josemiguelcoletta.com/wp-...-1-300x172.jpg

Greetings from theashtonlewisgroup.com

bakkong — Thu, 09 May 2013 02:09:36 GMT

hello guyz another newbie to the forum.

regards,
theashtonlewisgroup.com

Application reconnect problem with multiple uplink routing

lingeek — Wed, 08 May 2013 12:08:41 GMT

Hi,
I converted a Fedora 13 system as multiple uplink router using the steps mentioned at lartc.org with 1 LAN (eth0) and load balance with two WAN(eth1, eth2).
Now the problem is,
we have an application which is connecting to its server on internet at every 5 minutes. so when application first connected to the server it connected through eth1 which can be seen from ip route show cache command.
As kernel automatically flushes the routing cache after some time, when the application tried to connect, it went through eth2 as load balance is ON. When the application goes through eth2 it is not able to connect to the server.
What could be the possible reasons for this behavior? and what will be the solution for it?
Thanks in advance.
lingeek

Alan zavacky New member

Allanb — Sat, 27 Apr 2013 13:57:04 GMT

I am Alan Zavacky hello everyone...
I am looking for Dofollow blogs can anyone help me thanks...

All thanks:
Alan Zavacky

number of users which can work on rhel 6 simultaneously ???

grvnagpal — Thu, 25 Apr 2013 13:48:30 GMT

please tell the answer

Steve borsuk newbie

emanueltim — Mon, 08 Apr 2013 04:07:45 GMT

Hello everyone i am Steve Borsuk,
I am planning to promote my blog through blog commenting.Is it a good idea?
Could anyone provide me a list of blogs in health,phramacy and medical education niche.
I do also need the blog list in university education niche.

Regards:
Steve Borsuk
http://www.steveborsuk.com/wp-conten...eborsuk111.jpg

Network Configuration Manager

JackNaples — Fri, 05 Apr 2013 13:46:19 GMT

Hello,

I could use an open source tool to save the configuration of the devices of various vendors, and possibly make a diff between the various configurations saved for each device. I do not care to have a graphical interface, I'm interested in is open source.

Do you know any tool?

jose miguel coletta! Greetings!

great — Wed, 27 Mar 2013 15:51:22 GMT

Newbie here! I just want to introduce myself first!
I am Jose miguel coletta! Hope to enjoy being part of this
community forum! hope to learn and share my experince here!

Regards,
jose miguelcoletta

Supervisor Compliance! New Here!

supervisorman — Tue, 26 Mar 2013 02:05:49 GMT

Hello Guys! Newbie from Supervisor Compliance Training Department Here! Happy to be part of this community!

Regards to all,
Supervisor Compliance
Training Department

Glen Gubbay! Brief Introduction! From Dubai! Greetings!

colet — Mon, 25 Mar 2013 07:31:14 GMT

Brief Inroduction! Philippe Gubbay Fractal Dimension!

survivorman — Mon, 18 Mar 2013 13:23:04 GMT

Im Philippe Gubbay! I am new to this community site, hope to get new information and learn something new in this forum!

Best Regards,
Phillippe Gubbay
Fractal Dimension

Brady Bunte Dirty "Newbie"

ragna — Fri, 15 Mar 2013 11:31:29 GMT

Hello everybody...nice to be here at your site..

Thanks:
Brady Bunte Dirty

Alan Zavacky Community

jhonzpi — Mon, 11 Mar 2013 00:22:26 GMT

Controlling traffic to a VPN

ukoda — Sun, 10 Mar 2013 16:26:00 GMT

Hi,
I'm living in China which means while I have 10Mbs fibre connection to my apartment it is useless for http and httpd traffic. I pay for a VPN service that solves the problem by restoring the ability to access censored web sites such as Google. The problem is I don't want to send all my Internet traffic thru the VPN for several reasons. I run a CentOS 6 server as my gateway. On it I have:
eth0 - An Internet facing fibre with a static IP address.
eth1 - An internal facing LAN connecton on the traditional private range 192.168.1.x with the server at 192.168.1.3.
ppp0 - The PPTP VPN connection on the Internet with a different static IP address.

What I want is for all port 53, 80 and 443 traffic to go out to the Internet via the ppp0 interface and everything else via eth0. With Linux's powerful networking features you would think this would be easy, but after months of trying it is seeming increasingly difficult to the point I wondering if I should be looking at other OSes.

In order of increasing complexity (I like the KISS principle of problem solving):
1. I looked iptables but there is no rule, I could find, that say for destination port use a specific gateway or interface.

2. I looked at Squid on the gateway server but Squid can not be bound to a specific interface for external traffic.

3. Now it get complicated. I shutdown the ppp0 interface and squid on the gateway server. I built a second CentOS 6 server as a proxy server on the LAN at 192.168.1.5 with the ppp0 VPN on it as it's default gateway. It has the gateway server as it's route only to the VPN end point. On this second server I run Squid. This set up works well with Firefox and Chrome when they are manually set up to use it and it handles the http and httpd traffic well. However other apps, such as package managers etc still use the non-VPN'd interface. Also setting up proxies on older mobile devices is a pain.

4. To support all devices I attempted to set up transparent proxy on the gateway with the iptable rules:
-A PREROUTING -i eth1 -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.1.5:3128
-A PREROUTING -i eth1 -p tcp -m tcp --dport 443 -j DNAT --to-destination 192.168.1.5:3128
-A POSTROUTING -j MASQUERADE
This works well for http traffic but not https which fails.

5. To simplify the https proxing (since I really only want routing) I installed tinyproxy on the proxy server at port 3130 and changes the gateway server iptable rules to:
-A PREROUTING -i eth1 -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.1.5:3128
-A PREROUTING -i eth1 -p tcp -m tcp --dport 443 -j DNAT --to-destination 192.168.1.5:3130
-A POSTROUTING -j MASQUERADE
Again this works fine for manually configured browsers, but the https traffic fails, with a different error of 'ssl_error_rx_record_too_long'.

This post is already quite long so I wont fill it will config files now, but can post them as requested where someone has a suggestion of what path to try next. I really can't believe this should be this difficult but I find I am running out of ideas and would welcome some suggestions of what to try.

Thanks
David

Problem with subnets.

stimburg — Fri, 08 Mar 2013 02:50:02 GMT

I have a linux router that has 3 adapters, 2 wired one wireless. The wired adapter is connected to a few machines on the network through a switch and works fine. All those machine can access the webserver running on the gateway and can ssh into and ping the gateway using the external ip address. All of the wireless devices can access the internet and ping anything in the outside world just fine. The only thing anything connected to wlan0 can't do is access any service like ssh, apache, or ping the gateway using the external adapter.

I'm thinking it's probably something I need to turn on or allow in iptables to let wlan0 talk to eth0 (the adapter plugged into the modem that has the external ip address). Anything connected to wlan0 can ping the internal ip address and be pinged from anything on the network, it just can't talk to eth0. I just don't know what to do because I rarely mess with iptables.

I've posted some info below.

Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 75.137.104.1 0.0.0.0 UG 203 0 0 eth0 75.137.104.0 0.0.0.0 255.255.248.0 U 203 0 0 eth0 127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1 192.168.10.0 0.0.0.0 255.255.255.0 U 0 0 0 wlan0

eth0: flags=4163 mtu 576 inet xx.xxx.xxx.xxx netmask 255.255.248.0 broadcast 255.255.255.255 ether 00:04:4b:05:71:76 txqueuelen 1000 (Ethernet) RX packets 3239621 bytes 1751454322 (1.6 GiB) RX errors 2002 dropped 0 overruns 2001 frame 1 TX packets 870903 bytes 102968145 (98.1 MiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 eth1: flags=4163 mtu 1500 inet 192.168.1.1 netmask 255.255.255.0 broadcast 192.168.1.255 inet6 fe80::204:4bff:fe05:7177 prefixlen 64 scopeid 0x20 ether 00:04:4b:05:71:77 txqueuelen 1000 (Ethernet) RX packets 48670106 bytes 3406025407 (3.1 GiB) RX errors 0 dropped 10 overruns 0 frame 0 TX packets 40039645 bytes 248158180873 (231.1 GiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 lo: flags=73 mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 inet6 ::1 prefixlen 128 scopeid 0x10 loop txqueuelen 0 (Local Loopback) RX packets 8061 bytes 1018138 (994.2 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 8061 bytes 1018138 (994.2 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 wlan0: flags=4163 mtu 1500 inet 192.168.10.1 netmask 255.255.255.0 broadcast 192.168.10.255 inet6 fe80::92f6:52ff:fee5:780a prefixlen 64 scopeid 0x20 ether 90:f6:52:e5:78:0a txqueuelen 1000 (Ethernet) RX packets 373525 bytes 50509081 (48.1 MiB) RX errors 0 dropped 6 overruns 0 frame 0 TX packets 521972 bytes 603511606 (575.5 MiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

Stuart Yeomans NewBie

dakakmet — Fri, 08 Mar 2013 00:49:18 GMT

Wazzup Guys! Stephen Djaja!

betterme — Thu, 07 Mar 2013 01:23:33 GMT

Niv Borsuk " NEWBIE"

lonelyboy — Sat, 02 Mar 2013 02:33:36 GMT

First of all i would like to say " hi " to all new members like me here..

Thanks:
NIv Borsuk

IP fragmentation problem

arichard — Tue, 19 Feb 2013 16:03:51 GMT

Hello all, I am experiencing a problem with IP fragmentation.
I am receiving an udp packet that is larger than the MTU and it is fragmented along the network.
I am receiving the two fragments but they are not being reassembled correclty.

The MTU of the system is 1500 and I cannot increase it, because I am getting this error: SIOCSIFMTU: Numerical result out of range.
Is it necessary to build the kernel with support for jumbo frames?

There's any option that should be enabled on the kernel (2.6.34.8) to support this feature? Shouldn't this be a default feature?

Any hint that may assist in debugging this issue is welcome.

The first packet it is considered (bad) as a complete packet and I am getting an error at the app level.
https://picasaweb.google.com/1053854...94371327482338

The second packet is the last part of the fragment which should be ignored completely:
https://picasaweb.google.com/1053854...94366260648562

As reference I am sending the same packet to my laptop which is implementing correctly the fragmentation re-assembly:
https://picasaweb.google.com/1053854...94364006259698

Networking with cisco in a linux PC

clownix — Mon, 11 Feb 2013 23:52:25 GMT

http://clownix.net[/url]

Melissa Rosario Immigration Orlando...

orlandomelissa — Sun, 10 Feb 2013 01:25:21 GMT

Help with RANCID & ViewVC

implode — Thu, 07 Feb 2013 15:55:04 GMT

Hey folks...

Setting up RANCID with ViewVC on Fedora 18 to grab Juniper configs. RANCID was a piece of cake to set up using the step-by-step from LHN. ViewVC was a little more work... but got there using this tutorial: http://linuxfedora15lovelock.blogspo...nd-viewvc.html

Everything is up and running except all the images on ViewVC are broken. :confused:

Any tips on tracking this down?

thanks,
-Luke

How to establish site to site vpn - Linux machine and cisco asa?

ashokoffice — Sat, 02 Feb 2013 16:17:32 GMT

Hi,

I am trying to establish vpn between my linux server and cisco asa at client side.

I installed openswan on my cent os.

Linux Server

Code:

eth0 - 182.2.29.10 [ I have public IP]
Gateway - 182.2.29.1 [ and gw]
eth1 - 192.9.200.75 [ Internal Lan i/f]

I have simple IPtables Like
WAN="eth0"
LAN="eth1"
iptables -t nat -A POSTROUTING -o $WAN -j SNAT --to 182.2.29.10
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -i $LAN -j ACCEPT
iptables -A INPUT -i $WAN -j ACCEPT

iptables -A FORWARD -i lo -j ACCEPT
iptables -A FORWARD -i $LAN -j ACCEPT
iptables -A FORWARD -i $LAN -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -i $WAN -m state --state ESTABLISHED,RELATED -j ACCEPT

iptables -A FORWARD -s 192.9.200.0/255.255.255.0 -j ACCEPT
iptables -A FORWARD -d 192.9.200.0/255.255.255.0 -j ACCEPT

iptables -A OUTPUT -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT

-------------------------------
Client side Cisco ASA - Device
Provided details :

BD gateway ip is 212.2.7.15 [ Public IP]
Source IP :- 192.168.91.224
ESP-3DES-SHA1
Lifetime is 86400 seconds (Phase-1) & 3600 seconds (Phase-2)
Authentication is pre-shared

I need advise on configuring ipsec.conf and ipsec.secrets and what IP tables rules I need to add / modify.

Thanks

Best
Ashok

Build a professional website

rejoce — Tue, 22 Jan 2013 14:37:07 GMT