Search Results

Search found 1236 results on 50 pages for 'nat ryall'.

Page 36/50 | < Previous Page | 32 33 34 35 36 37 38 39 40 41 42 43  | Next Page >

• Address VMWare Fusion Linux guest by hostname?

  - by amrox

  I have a Ubuntu Server 9.04 image set up in VMWare Fusion 3.0.0, using the NAT option for the guest's network connection. From the Mac host, I can ssh to the linux guest just fine using it's IP address, but I would like to be able to refer to it by hostname for connivence. ie: mac-host:~ ssh [email protected] I had a similar setup using Parallels a couple years ago, but I don't remember how it was set up. It may have "just worked". Any suggestion on how to make this work?

  Read the article

• Bound external Cisco CIGESM ports to a specific BladeServer

  - by Vinícius Ferrão

  We have an IBM BladeCenter with 14 blade servers and one external Cisco CIGESM for Ethernet connectivity. Since this hardware is a little old, we will use it for other services, and we want to run a pfSense instance on one of the blades. It's just an Firewall Appliance, but it needs two network interfaces: one for the WAN and the other one for LAN access. Our architecture works on top of static routes, we don't use NAT, so we got the WAN IP in one interface routing to the another one. The main problem is how to plug the WAN cable in one of the four external ports and make it exclusive to the blade server containing the firewall. And we also need an exit port that goes through a 3COM 4200G switch that makes the internal routing and VLAN separation. Thanks in advance

  Read the article

• virtualbox and nginx server_name

  - by Ivan

  I'm trying to configure gitlab running in an Ubuntu 12.04 guest with Windows7 host. I can ssh the guest using port-forwarding and access the nginx server using port redirection (8888 in host is 80 in guest, so localhost:8888 in host gets to the nginx server in the guest), but the server_name in nginx configuration file is giving me trouble. What is the correct listen and server_name that nginx would accept? The guest has the NAT interface at 10.0.2.15 and Host-Only interface at 192.168.56.101, static. Thanks!

  Read the article

• Network interface selection

  - by Antonino

  Hello. Suppose I have more than a network interfaces and I want to selectively use them per application. eth0 is the standard interface with the standard gateway in the main routing table eth1 is another interface with a different gateway. Suppose I launch an application as a user "user_eth1". I used the following set of rules for iptables / ip rules. IPTABLES: iptables -t mangle -A OUTPUT -m user --uid-owner user_eth1 -j MARK --set-mark 100 iptables -t nat -A POSTROUTING -m user -uid-owner -o eth1 user_eth1 -j SNAT --to-source <eth_ipaddress> IPRULE: ip rule add fwmark 100 lookup table100 and i build "table100" as follows (no doubts on that) ip route show table main | grep -Ev ^default | while read ROUTE; do ip route add table table100 $ROUTE; done ip route add default via <default_gateway> table table100 It doesn't work at all. What's wrong with this? Thank you in advance!

  Read the article

• RDP locks up login, doesn't unlock on Windows

  - by private_meta

  From time to time, my system, when I try to login TRHOUGH or AFTER a remote connection, locks up the login session. I can't login anymore, the screen turns black (the monitor is still active, the image is black). Especially in the recent case, the system did not come back from the lock-up, and I had to reset the computer. Any idea what might be the issue here? More information: Both Computers are Windows 7, The RDP Server has a wired connection, the Client has either Wireless or Wired. The network card involved on the server is a "Realtek RTL8168C(P)/8111C(P) Family PCI-E Gigabit Ethernet NIC (NDIS 6.20)" card built-in on an ASRock Mainboard. I'm using either local LAN or internet connection through NAT/Router.

  Read the article

• What about IPv4 class E?

  - by Luc

  IPv4's class E network (240.0.0.0/4) contains 268 million addresses. Despite the advertisements for IPv6, claiming we have ran out of address space, this block ironically still claims to be "Reserved for future use". Why hasn't this block been freed up yet? Of course, IPv6 should be promoted instead of freeing up more IPv4 addresses, but we've seen the address shortage coming for years. There has even been a time they weren't sure there was enough time to develop IPv6 before we would run out of addresses. Why didn't they free up this block already? And is there any chance these addresses will be used in the future, like when IPv6 is fairly widely implemented but we still need IPv4 for backwards compatibility? It will be phased out regardless, but then ISPs don't have to employ NAT for IPv4 compatibility.

  Read the article

• Remote desktop to my KVM virtual machine

  - by user6

  I've got a dedicated server running Debian 6. I've set up a windows 7 virtual machine using KVM. Now I'm trying to get Remote desktop working. I'm guessing i have to do some port forwarding. The virtual machine is in a NAT. Remote desktop is already set up on it (another virtual machine can connect). I've tried using the iptables and countless of virsh commands of which I'm not even sure what they did. Anyone knows how to get this working?

  Read the article

• How to setup dhcp3-server to advertise the DNS server the server itself has got from DHCP?

  - by Ivan

  The Ubuntu 10.04 server has eth0 Internet interface configured by means of an ISP's DHCP. At the same time the server has static eth0 LAN interface to which it provides masquerading (NAT) and LAN-internal DHCP service (dhcp3-server). As far as I've understood the manual, I had to hardcode DNS servers to advertise through LAN DHCP with option domain-name-servers in dhcpd.conf. But what if the ISP changes his DNS server IP silently (we use a SOHO-class ISP, so this won't surprise me much)? Can I configure dhcpd to advertise the DNS server the server uses itself, the one gotten by its DHCP client mechanism?

  Read the article

• Is it safe to use a single switch for multiple subnets?

  - by George Bailey

  For a moment, forget about whether the following is typical or easy to explain, is it safe and sound? Internet | ISP supplied router x.x.x.1 (public subnet) | switch-------------------------------------+ | (public subnet) | (public subnet) BVI router (switch with an access list) NAT router | (public subnet) | (private subnet 192.168.50.1) +--------------------------------switch----+ (both subnets) | | computer with IP 192.168.50.2 ------+ +----computer with IP x.x.x.2 I don't plan to implement this setup, but I am curious about it. The 50.2 computer may send a packet to the x.2 computer, but it will use 50.1 as the router, since 50.2 knows that the subnet is different. Would this result in the packet being received twice by the x.2 machine, first directly through the switch, second by way of the two routers? Do you see any problems with this aside from how confusing it is, and that it would put one switch doing the work of two subnets?

  Read the article

• How can i access windows XP remote desktop on private IP from internet?

  - by Jennie

  So the machine is behind a DSL router on a private IP so that it can not receive inbound requests. I want to know: Is there anyway to setup the router NAT (i highly doubt it supports one to one port mapping) without disturbing other users on the same router. I have another machine on internet which has public IP on it without any firewall. Can i use this machine as a relay server so that to initiate the connection, the XP machine send an outbound request and this relay server makes my connection through and then i can access my machine on pvt ip without any problem. Please tell??

  Read the article

• Apt Stalls When Using HTTP Sources

  - by UltraNurd

  I was getting some to me inexplicable behavior from apt-get/aptitude on an admittedly crusty old webserver. While it was otherwise running fine, as soon as I tried a package upgrade, after a downloading a few updates it would stall completely, then my SSH session hung (and I was unable to reconnect), thus requiring a hard restart. First, I switched to a different package source in /etc/apt/sources.list, but still got the same behavior. At this point I was assuming the NIC was dying in some weird way... but as soon as I changed the package source to use FTP instead of HTTP, everything worked fine, and I was able to upgrade. For now I'm not too concerned since I have an easy work around, but it implies that there's something very weird with my network setup, since it seems to be protocol (or port?) specific. I didn't think any of my NAT setup would affect outbound traffic, but I could be crazy. Any ideas what I should try to look for?

  Read the article

• Running a webserver behind a firewall, is it secure?

  - by i.am.intern

  Currently we have a Linux-based firewall which NAT-ing our public IP address to give internet access to our staff's PCs and a Windows Server 2003 for internal filesharing. I want to host Redmine/SVN (a bugtracker) internally behind this firewall using a Linux server. This webserver will be accessed by our clients externally so they can post bug reports. This means that I have to open port 80 & 22 at the firewall to give access to the webserver and me to SSH it from home. However, let's say I'm using password-based SSH for the webserver and somebody cracked it. Does that mean the cracker could ping and access other servers and PCs in the network?

  Read the article

• FreePBX: Asterisk in the Cloud (EC2) Audio Problems

  - by neezer

  Please pardon the newbie question, but I can't seem to figure this out. I followed the Voxilla's tut to the tee: http://voxilla.com/2009/10/15/voxill...p-by-step-1457 But in making calls, my softphones connect, yet no audio (in either direction). I know from poking around the forums that this is generally caused by two factors: NAT and audio codecs. I (being new to the arena), however, don't know which. I believe I have Asterisk and the clients restricted to just ulaw, and I also believe I have the correct ports open, and my externip set correctly (I think the Voxilla AMI does this automatically, since it's in the cloud). I'm a bit lost. I'd be happy to post whatever configuration files that might help, provided you tell me where they are on the filesystem. But like I said before, this is effectively a vanilla install of Voxilla's own FreePBX AMI. I'd appreciate any help or guidance here. Thanks!

  Read the article

• FreePBX: Asterisk in the Cloud (EC2) Audio Problems

  - by neezer

  Please pardon the newbie question, but I can't seem to figure this out. I followed the Voxilla's tut to the tee: http://voxilla.com/2009/10/15/voxill...p-by-step-1457 But in making calls, my softphones connect, yet no audio (in either direction). I know from poking around the forums that this is generally caused by two factors: NAT and audio codecs. I (being new to the arena), however, don't know which. I believe I have Asterisk and the clients restricted to just ulaw, and I also believe I have the correct ports open, and my externip set correctly (I think the Voxilla AMI does this automatically, since it's in the cloud). I'm a bit lost. I'd be happy to post whatever configuration files that might help, provided you tell me where they are on the filesystem. But like I said before, this is effectively a vanilla install of Voxilla's own FreePBX AMI. I'd appreciate any help or guidance here. Thanks!

  Read the article

• Problem connecting to Ubuntu Server in same local network.

  - by frbry

  I have my LAN set up as below: 192.168.2.1: ADSL Router (DHCP Range: 192.168.2.2-192.168.2.250) 192.168.2.254: Wireless Access Point 192.168.2.253: Ubuntu Server (Static IP) 192.168.2.2: My Laptop (Connects to Internet via the Wireless AP) NAT in router is active and set up to transfer requests made over port 80 to 192.168.2.253. Router's firewall is inactive. No IPs in DMZ. My friends get Apache's It Works page when they try to enter http://my_external_ip. But I get Router's configuration page instead of that. What should I check or do? Thanks.

  Read the article

• Cisco PIX firewall blocking inbound Exchange email

  - by sumsaricum

  [Cisco PIX, SBS2003] I can telnet server port 25 from inside but not outside, hence all inbound email is blocked. (as an aside, inbox on iPhones do not list/update emails, but calendar works a charm) I'm inexperienced in Cisco PIX and looking for some assistance before mails start bouncing :/ interface ethernet0 auto interface ethernet1 100full nameif ethernet0 outside security0 nameif ethernet1 inside security100 hostname pixfirewall domain-name ciscopix.com fixup protocol dns maximum-length 512 fixup protocol ftp 21 fixup protocol h323 h225 1720 fixup protocol h323 ras 1718-1719 fixup protocol http 80 fixup protocol rsh 514 fixup protocol rtsp 554 fixup protocol sip 5060 fixup protocol sip udp 5060 fixup protocol skinny 2000 no fixup protocol smtp 25 fixup protocol sqlnet 1521 fixup protocol tftp 69 names name 192.168.1.10 SERVER access-list inside_outbound_nat0_acl permit ip 192.168.1.0 255.255.255.0 192.168.1.96 255.255.255.240 access-list outside_cryptomap_dyn_20 permit ip any 192.168.1.96 255.255.255.240 access-list outside_acl permit tcp any host 213.xxx.xxx.xxx eq 3389 access-list outside_acl permit tcp any interface outside eq ftp access-list outside_acl permit tcp any host 213.xxx.xxx.xxx eq https access-list outside_acl permit tcp any host 213.xxx.xxx.xxx eq www access-list outside_acl permit tcp any interface outside eq 993 access-list outside_acl permit tcp any interface outside eq imap4 access-list outside_acl permit tcp any interface outside eq 465 access-list outside_acl permit tcp any host 213.xxx.xxx.xxx eq smtp access-list outside_cryptomap_dyn_40 permit ip any 192.168.1.96 255.255.255.240 access-list COMPANYVPN_splitTunnelAcl permit ip 192.168.1.0 255.255.255.0 any access-list COMPANY_splitTunnelAcl permit ip 192.168.1.0 255.255.255.0 any access-list outside_cryptomap_dyn_60 permit ip any 192.168.1.96 255.255.255.240 access-list COMPANY_VPN_splitTunnelAcl permit ip 192.168.1.0 255.255.255.0 any access-list outside_cryptomap_dyn_80 permit ip any 192.168.1.96 255.255.255.240 pager lines 24 icmp permit host 217.157.xxx.xxx outside mtu outside 1500 mtu inside 1500 ip address outside 213.xxx.xxx.xxx 255.255.255.128 ip address inside 192.168.1.1 255.255.255.0 ip audit info action alarm ip audit attack action alarm ip local pool VPN 192.168.1.100-192.168.1.110 pdm location 0.0.0.0 255.255.255.128 outside pdm location 0.0.0.0 255.255.255.0 inside pdm location 217.yyy.yyy.yyy 255.255.255.255 outside pdm location SERVER 255.255.255.255 inside pdm logging informational 100 pdm history enable arp timeout 14400 global (outside) 1 interface nat (inside) 0 access-list inside_outbound_nat0_acl nat (inside) 1 0.0.0.0 0.0.0.0 0 0 static (inside,outside) tcp 213.xxx.xxx.xxx 3389 SERVER 3389 netmask 255.255.255.255 0 0 static (inside,outside) tcp 213.xxx.xxx.xxx smtp SERVER smtp netmask 255.255.255.255 0 0 static (inside,outside) tcp 213.xxx.xxx.xxx https SERVER https netmask 255.255.255.255 0 0 static (inside,outside) tcp 213.xxx.xxx.xxx www SERVER www netmask 255.255.255.255 0 0 static (inside,outside) tcp interface imap4 SERVER imap4 netmask 255.255.255.255 0 0 static (inside,outside) tcp interface 993 SERVER 993 netmask 255.255.255.255 0 0 static (inside,outside) tcp interface 465 SERVER 465 netmask 255.255.255.255 0 0 static (inside,outside) tcp interface ftp SERVER ftp netmask 255.255.255.255 0 0 access-group outside_acl in interface outside route outside 0.0.0.0 0.0.0.0 213.zzz.zzz.zzz timeout xlate 0:05:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00 timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00 timeout sip-disconnect 0:02:00 sip-invite 0:03:00 timeout uauth 0:05:00 absolute aaa-server TACACS+ protocol tacacs+ aaa-server TACACS+ max-failed-attempts 3 aaa-server TACACS+ deadtime 10 aaa-server RADIUS protocol radius aaa-server RADIUS max-failed-attempts 3 aaa-server RADIUS deadtime 10 aaa-server RADIUS (inside) host SERVER *** timeout 10 aaa-server LOCAL protocol local http server enable http 217.yyy.yyy.yyy 255.255.255.255 outside http 192.168.1.0 255.255.255.0 inside no snmp-server location no snmp-server contact snmp-server community public no snmp-server enable traps floodguard enable sysopt connection permit-ipsec crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac crypto dynamic-map outside_dyn_map 20 match address outside_cryptomap_dyn_20 crypto dynamic-map outside_dyn_map 20 set transform-set ESP-3DES-MD5 crypto dynamic-map outside_dyn_map 40 match address outside_cryptomap_dyn_40 crypto dynamic-map outside_dyn_map 40 set transform-set ESP-3DES-MD5 crypto dynamic-map outside_dyn_map 60 match address outside_cryptomap_dyn_60 crypto dynamic-map outside_dyn_map 60 set transform-set ESP-3DES-MD5 crypto dynamic-map outside_dyn_map 80 match address outside_cryptomap_dyn_80 crypto dynamic-map outside_dyn_map 80 set transform-set ESP-3DES-MD5 crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map crypto map outside_map client authentication RADIUS LOCAL crypto map outside_map interface outside isakmp enable outside isakmp policy 20 authentication pre-share isakmp policy 20 encryption 3des isakmp policy 20 hash md5 isakmp policy 20 group 2 isakmp policy 20 lifetime 86400 telnet 217.yyy.yyy.yyy 255.255.255.255 outside telnet 0.0.0.0 0.0.0.0 inside telnet timeout 5 ssh 217.yyy.yyy.yyy 255.255.255.255 outside ssh 0.0.0.0 255.255.255.0 inside ssh timeout 5 management-access inside console timeout 0 dhcpd address 192.168.1.20-192.168.1.40 inside dhcpd dns SERVER 195.184.xxx.xxx dhcpd wins SERVER dhcpd lease 3600 dhcpd ping_timeout 750 dhcpd auto_config outside dhcpd enable inside : end I have Kiwi SysLog running but could use some pointers in that regard to narrow down the torrent of log messages, if that helps?!

  Read the article

• Remote Software Solution that Acts as a Client

  - by Richard

  I am looking for something that I am not sure exists. I have a remote computer that will not allow incoming traffic due to ISP blocking of ports(basically double NAT situation that I am unable to get around). I am wondering if I have a computer acting as a client, is there any solution out there that will allow remote access to the computer. I do have other servers on the net that have static IP's that the computer could initiate a connection with. I am thinking of using Debian Linux, However computer is not built yet so OS is not overly important at this point.

  Read the article

• Is there a way to define a rule on a bridge that will return reply for ARP request

  - by user1495181

  client (IP = 1.1.1.1) - bridge (brctl) - server (IP = 2.2.2.2) (all machine are Ubuntu). The client block arp request. (there are multiple clients ) I need to define a rule on the bridge machine that will return the client MAC when it get ARP request for IP 1.1.1.1. I see that in ebtables there is an arpreply option , but i didnt manage to find an example to define the arpreply by given arp request ip. ebtables -t nat -A PREROUTING -p arp -j arpreply --arpreply-mac 00:09:5B:91:56:08 Can you please adcive

  Read the article

• Understanding connection tracking in iptables

  - by Matt

  I'm after some clarification of the state/connection tracking in iptables. What is the difference between these rules? iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT Is connection tracking turned on when a packet is first matched containing -m state --state BLA , or is connection tracking always on? Can/Should connection state be used for fast matching like below? e.g. suppose this is some sort of router/firewall (no nat). # Default DROP policy iptables -P INPUT DROP iptables -P OUTPUT DROP iptables -P FORWARD DROP # Drop invalid iptables -A FORWARD -m state --state INVALID -j DROP # Accept established,related connections iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT # Allow ssh through, track connection iptables -A FORWARD -p tcp --syn --dport 22 -m state --state NEW -j ACCEPT

  Read the article

• How to Access an AWS Instance with RDC when behind a Private Subnet of a VPC

  - by dalej

  We are implementing a typical Amazon VPC with Public and Private Address - with all servers running the Windows platform. The MS SQL instances will be on the private subnet with all IIS/web servers on the public subnet. We have followed the detailed instructions at Scenario 2: VPC with Public and Private Subnets and everything works properly - until the point where you want to set up a Remote Desktop Connection into the SQL server(s) on the private subnet. At this point, the instructions assume you are accessing a server on the public subnet and it is not clear what is required to RDC to a server on a private subnet. It would make sense that some sort of port redirection is necessary - perhaps accessing the EIP of the Nat instance to hit a particular SQL server? Or perhaps use an Elastic Load Balancer (even though this is really for http protocols)? But it is not obvious what additional setup is required for such a Remote Desktop Connection?

  Read the article

• Forwarding broadcast traffic

  - by Dragos

  I have a host that receives broadcast queries on a UDP port. I would like to forward this broadcast traffic to another host from another network. Is it possible to port forwarding broadcast traffic using iptables? I have tried to specify package traffic as broadcast, but I didn't success. (-m pkttype --pkt-type broadcast). If I recive unicast traffic on that port, the forwarding succeeds. I try to forwarding using nat table.(-A POSTROUTING -j DNAT --to-destinatiox x.x.x.x) Thanks.

  Read the article

• Iptables remote port forwarding and dynamic remote ip

  - by lbwtz2

  Hello, I want to forward a port from my remote vps to my domestic server and I am quite a newbie with iptables. The problem is that I am using a dynamic dns service to reach my home server from the internet so I don't have a fixed ip and iptables doesn't like urls. The rules I am willing to use are these: -t nat -A PREROUTING -p tcp -i eth0 -d xxx.xxx.xxx.xxx --dport 8888 -j DNAT --to myhome.tld:80 -A FORWARD -p tcp -i eth0 -d myhome.tld --dport 80 -j ACCEPT Of course I recevie a Error BAD IP ADDRESS because of myhome.tld. What can I do?

  Read the article

• How can I send super large files directly to another computer in the Internet for free?

  - by Cruise

  I regulary need to transfer very large files (30 GB) to my friend - financial statistics. I don't have any problem with bandwidth: it is very broad here. I did some research in the area, so: 1. I would not use FTP, as it is very tricky to get it working behind a NAT. 2. I would not use Skype/MSN/ICQ, as it is not designed for file transfer and it underperforms on the huge files. 3. I would not use file-sharing services, as I need to pay for big files (30 GB is a problem here) and I don't like holding any piece of my data on the third-party server. So, I need some smart tool that will do what I need: sending files directly browser-to-browser and not browser-server-browser. Is it so complex? Is there some web application in the Internet that can do this?

  Read the article

• What is the best IP/Subnet set up strategy for a multi-server webhosting setup?

  - by Roy Andre

  Sorry for the mixed-up title, but let me try to explain better: We run a hosting solution, which until now has supported shared hosting and VPSes. Easy enough. We are now getting larger clients which require a more complex setup. We have more or less settled the server-setup itself, which will consist of: 1-2 Frontend Proxy/Load balancing servers 2+ Application servers 1 Database server 1 optional Memcached server The issue we are dealing with is to agree on a flexible and easy-to-maintain IP setup. So far we've been into VLAN'ing the internal servers in its own subnet, we've though of assigning an official IP to each server, and so on. What will be the best approach here? Any best practices? Using one official IP on the Frontend server, and then just set up an internal subnet for the servers behind that? We could then just NAT in any eventual sources required to access for instance the DB server directly over 3306.

  Read the article

• OpenVPN IPv6 over IPv4 tunnel

  - by user66779

  Today I installed OpenVPN 2.3rc2 on both my windows 7 client machine and centos 6 server. This new version of OpenVPN provides full compatibility for IPv6. The Problem: I am currently able to connect to the server (through the IPv4 tunnel) and ping the IPv6 address which is assigned to my client and I can also ping the tun0 interface on the server. However, I cannot browse to any IPv6 websites. My vps provider has given me this: 2607:f840:0044:0022:0000:0000:0000:0000/64 is routed to this server (2607:f840:0:3f:0:0:0:eda). This is ifconfig after setup with OpenVPN running: eth0 Link encap:Ethernet HWaddr 00:16:3E:12:77:54 inet addr:208.111.39.160 Bcast:208.111.39.255 Mask:255.255.255.0 inet6 addr: 2607:f740:0:3f::eda/64 Scope:Global inet6 addr: fe80::216:3eff:fe12:7754/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:2317253 errors:0 dropped:7263 overruns:0 frame:0 TX packets:1977414 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:1696120096 (1.5 GiB) TX bytes:1735352992 (1.6 GiB) Interrupt:29 lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:0 (0.0 b) TX bytes:0 (0.0 b) tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 inet addr:10.8.0.1 P-t-P:10.8.0.2 Mask:255.255.255.255 inet6 addr: 2607:f740:44:22::1/64 Scope:Global UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1 RX packets:739567 errors:0 dropped:0 overruns:0 frame:0 TX packets:1218240 errors:0 dropped:1542 overruns:0 carrier:0 collisions:0 txqueuelen:100 RX bytes:46512557 (44.3 MiB) TX bytes:1559930874 (1.4 GiB) So OpenVPN is sucessfully creating a tun0 interface and assigning clients IPv6 addresses using 2607:f840:44:22::/64. The first client to connect is getting 2607:f840:44:22::1000 and the second 2607:f840:44:22::1001, and so on... plus 1 each time. After connecting as the first client, I can ping from my windows client machine 2607:f740:44:22::1 and 2607:f740:44:22::1000. However, I have no access to IPv6 websites. I believe the problem is that the tun0 IPv6 addressees are not being forwarded to the eth0 interface. This is the firewall running on the server: #!/bin/sh # # iptables configuration script # # Flush all current rules from iptables # iptables -F iptables -t nat -F # # Allow SSH connections on tcp port 22 # iptables -A INPUT -i eth0 -p tcp --dport 22 -j ACCEPT iptables -A OUTPUT -o eth0 -p tcp --sport 22 -j ACCEPT # # Set access for localhost # iptables -A INPUT -i lo -j ACCEPT # # Accept connections on 1195 for vpn access from client # iptables -A INPUT -i eth0 -p udp --dport 1195 -m state --state NEW,ESTABLISHED -j ACCEPT iptables -A OUTPUT -o eth0 -p udp --sport 1195 -m state --state ESTABLISHED -j ACCEPT # # Apply forwarding for OpenVPN Tunneling # iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT iptables -A FORWARD -s 10.8.0.0/24 -j ACCEPT iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to 209.111.39.160 iptables -A FORWARD -j REJECT # # Enable forwarding # echo 1 > /proc/sys/net/ipv4/ip_forward # # Set default policies for INPUT, FORWARD and OUTPUT chains # iptables -P INPUT ACCEPT iptables -P FORWARD ACCEPT iptables -P OUTPUT ACCEPT # # IPv6 # IP6TABLES=/sbin/ip6tables $IP6TABLES -F INPUT $IP6TABLES -F FORWARD $IP6TABLES -F OUTPUT echo -n "1" >/proc/sys/net/ipv6/conf/all/forwarding echo -n "1" >/proc/sys/net/ipv6/conf/all/proxy_ndp echo -n "0" >/proc/sys/net/ipv6/conf/all/autoconf echo -n "0" >/proc/sys/net/ipv6/conf/all/accept_ra $IP6TABLES -A INPUT -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT $IP6TABLES -A INPUT -i eth0 -p tcp --dport 22 -j ACCEPT $IP6TABLES -A INPUT -i eth0 -p icmpv6 -j ACCEPT $IP6TABLES -P INPUT ACCEPT $IP6TABLES -P FORWARD ACCEPT $IP6TABLES -P OUTPUT ACCEPT Server.conf: server-ipv6 2607:f840:44:22::/64 server 10.8.0.0 255.255.255.0 port 1195 proto udp dev tun ca ca.crt cert server.crt key server.key dh dh2048.pem ifconfig-pool-persist ipp.txt push "redirect-gateway def1 bypass-dhcp" push "dhcp-option DNS 208.67.222.222" push "dhcp-option DNS 208.67.220.220" keepalive 10 60 tls-auth ta.key 0 cipher AES-256-CBC comp-lzo user nobody group nobody persist-key persist-tun status openvpn-status.log log-append openvpn.log verb 5 Client.conf: client dev tun nobind keepalive 10 60 hand-window 15 remote 209.111.39.160 1195 udp persist-key persist-tun ca ca.crt key client1.key cert client1.crt remote-cert-tls server tls-auth ta.key 1 comp-lzo verb 3 cipher AES-256-CBC I'm not sure where I am going wrong, it could be the firewall, or something missing from server or client.conf. This version of OpenVPN was only released yesterday, and there's little info on the internet about how to setup an IPv6 over IPv4 vpn tunnel. I've read the manual for this new version of OpenVPN (parts pertaining to IPv6) and it provides very little info too. Thanks for any help.

  Read the article

< Previous Page | 32 33 34 35 36 37 38 39 40 41 42 43  | Next Page >