Search Results

Search found 2692 results on 108 pages for 'ts gateway'.

Page 37/108 | < Previous Page | 33 34 35 36 37 38 39 40 41 42 43 44 | Next Page >

How to get rid of NAT in a LAN?

- by Alberto

Currently the LAN I manage is organized as follows: internal network (192.168.1.0) which uses a Linux server as a gateway (internal address on interface br0 192.168.1.1, external address on interface br1 10.0.0.2) through NAT; then the 10.0.0.0 network has another gateway (10.0.0.1) which through another NAT connects the whole thing to the internet. What I would like to achieve is to configure the Linux server so that the first layer of NAT is no more necessary, so that for example a computer in the 10.0.0.0 network can ping every computer in the 192.168.1.0 network. I deleted this iptables rule: iptables -t nat -A POSTROUTING -o br1 -j SNAT --to-source 10.0.0.2, but of course now computers on 192.168.1.0 cannot reach the internet; ip forwarding is of course enabled. What's missing here? Thanks

Read the article
Ubuntu VPN Server (PPTPD) Configuration - Pass Traffic to Internet

- by SnAzBaZ

I am trying to configure PPTPD on my Ubuntu box to pass all VPN traffic through to it's internet connection, so I essentially want it to work like a Proxy. I think the problem is that no default gateway is being assigned to my PPTP client (Windows 7). I can connect to the VPN fine, I get an IP address and DNS servers but no default gateway. Do I need to configure a specific option to tell the VPN server to forward all traffic it receives down it's eth0 port and out to the internet. Thanks!

Read the article
pinx 501 with print server - 10 licenses

- by ra170

I have pix 501 with only 10 licenses. I'm already approaching this limit, running 2 computers at home, 2 laptops, PS3, iphones, 2 web cams..not everthing is on all the time, but it's possible as I'm looking into adding a print server, so that I can print from anywhere in the house. So my question is, will the print server count as a connection towards the license? I think it will need default gateway, which in this case will be my pix 501. I've seen somewhere on some othee board saying, don't set default gateway in the print server to pix 501, but then how would that work? is there a work around? I don't need to print from VPN or from outside, just inside..

Read the article
What's required to enable communication between two IP ranges located behind one switch?

- by Eric3

Within our co-located networking closet, we have control over two ranges of 254 addresses, e.g. 64.123.45.0/24 and 65.234.56.0/24. The problem is, if a host has only one IP address, or a block of addresses in only one range, it can't contact any of the addresses in the other subnet. All of our hosts use our hosting provider's respective gateway, e.g. 64.123.45.1 or 65.234.56.1 A host on the 64.123.45.0/24 range can contact the 65.234.56.1 gateway and vice-versa Everything in our closet is connected to an HP ProCurve 2810 (a Layer 2-only switch), which connects through a Juniper NetScreen-25 firewall to the outside world What can I do to enable communication between the two ranges? Is there some settings I can change, or do I need better networking equipment?

Read the article
No Internet access while being connected to VPN using Cisco VPN Client 5.

- by szeldon

Hi, I have an access to corporate VPN using Cisco VPN Client 5.0.00:0340, but when I'm connected to it, I don't have an Internet access. I'm using Windows XP SP3. As it was suggested here http://forums.speedguide.net/showthread.php?t=209167 , I tried to enable "Allow local LAN Access" but it doesn't work. I also tried a second solution - deleting entry using "route" command, but it didn't help. I used "route delete 192.168.100.222". It's a third day of my attempts to solve this issue and I don't have an idea what else to do. I'm not very experienced in VPN stuff, but I know something about networking. Basing on my knowledge, I think that it's theoretically possible to achieve Internet access using my local network and only corporate stuff to be routed using VPN connection. I think that theoretically this should look like this: every IP being inside by corporation - VPN interface IP every other IP - my ethernet interface I've tried many possibilities of how to change those routes, but neither of them work. I'd really appreciate any help. My route configuration before connecting to VPN: =========================================================================== Interface List 0x1 ........................... MS TCP Loopback interface 0x2 ...00 c0 a8 de 79 01 ...... Atheros AR5006EG Wireless Network Adapter - Teefer2 Miniport 0x10005 ...02 00 4c 4f 4f 50 ...... Microsoft Loopback Card 0x160003 ...00 17 42 31 0e 16 ...... Marvell Yukon 88E8055 PCI-E Gigabit Ethernet Controller - Teefer2 Miniport =========================================================================== =========================================================================== Active routes: Network Destination Netmask Gateway Interface Metrics 0.0.0.0 0.0.0.0 192.168.101.254 192.168.100.222 10 10.0.0.0 255.255.255.0 10.0.0.10 10.0.0.10 30 10.0.0.10 255.255.255.255 127.0.0.1 127.0.0.1 30 10.255.255.255 255.255.255.255 10.0.0.10 10.0.0.10 30 127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1 192.168.100.0 255.255.254.0 192.168.100.222 192.168.100.222 1 192.168.100.222 255.255.255.255 127.0.0.1 127.0.0.1 1 192.168.100.255 255.255.255.255 192.168.100.222 192.168.100.222 1 224.0.0.0 240.0.0.0 10.0.0.10 10.0.0.10 3 224.0.0.0 240.0.0.0 192.168.100.222 192.168.100.222 1 255.255.255.255 255.255.255.255 10.0.0.10 10.0.0.10 1 255.255.255.255 255.255.255.255 192.168.100.222 192.168.100.222 1 255.255.255.255 255.255.255.255 192.168.100.222 2 1 Default gateway: 192.168.101.254. =========================================================================== My route configuration after connection to VPN: =========================================================================== Interface List 0x1 ........................... MS TCP Loopback interface 0x2 ...00 c0 a8 de 79 01 ...... Atheros AR5006EG Wireless Network Adapter - Teefer2 Miniport 0x10005 ...02 00 4c 4f 4f 50 ...... Microsoft Loopback Card 0x160003 ...00 17 42 31 0e 16 ...... Marvell Yukon 88E8055 PCI-E Gigabit Ethernet Controller - Teefer2 Miniport 0x170006 ...00 05 9a 3c 78 00 ...... Cisco Systems VPN Adapter - Teefer2 Miniport =========================================================================== =========================================================================== Active routes: Network Destination Netmask Gateway Interface Metrics 0.0.0.0 0.0.0.0 10.251.6.1 10.251.6.51 1 10.0.0.0 255.255.255.0 10.0.0.10 10.0.0.10 30 10.0.0.0 255.255.255.0 10.251.6.1 10.251.6.51 10 10.0.0.10 255.255.255.255 127.0.0.1 127.0.0.1 30 10.1.150.10 255.255.255.255 192.168.101.254 192.168.100.222 1 10.251.6.0 255.255.255.0 10.251.6.51 10.251.6.51 20 10.251.6.51 255.255.255.255 127.0.0.1 127.0.0.1 20 10.255.255.255 255.255.255.255 10.0.0.10 10.0.0.10 30 10.255.255.255 255.255.255.255 10.251.6.51 10.251.6.51 20 127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1 192.168.100.0 255.255.254.0 192.168.100.222 192.168.100.222 10 192.168.100.0 255.255.254.0 10.251.6.1 10.251.6.51 10 192.168.100.222 255.255.255.255 127.0.0.1 127.0.0.1 10 192.168.100.255 255.255.255.255 192.168.100.222 192.168.100.222 10 213.158.197.124 255.255.255.255 192.168.101.254 192.168.100.222 1 224.0.0.0 240.0.0.0 10.0.0.10 10.0.0.10 30 224.0.0.0 240.0.0.0 10.251.6.51 10.251.6.51 20 224.0.0.0 240.0.0.0 192.168.100.222 192.168.100.222 10 255.255.255.255 255.255.255.255 10.0.0.10 10.0.0.10 1 255.255.255.255 255.255.255.255 10.251.6.51 10.251.6.51 1 255.255.255.255 255.255.255.255 192.168.100.222 192.168.100.222 1 255.255.255.255 255.255.255.255 192.168.100.222 2 1 Default gateway: 10.251.6.1. ===========================================================================

Read the article
Does Cisco anyconnect replace original network connection session?

- by Stan

When using Cisco anyconnect VPN, it seems the existing network connection is still going through old connection session (Is there any way to find out)? The reason is because when using Cisco VPN client connect to gateway, usually the Messenger Live, Skype will be disconnected and requires to reconnect. But using anyconnect doesn't need to reconnect. So I am guessing if those old sessions still go through original network connection. Which means, both connection is existing at the same time. Take my case for example: connection 1: wireless NIC - cable modem - my cable ISP - internet connection 2: anyconnect - wireless NIC - cable modem - my cable ISP - VPN gateway - internet Am I correct? Is there any way to check this? Thanks.

Read the article
Issue Connecting two home networks

- by Alex

Hi, I have a home networking question. I have two DLINK wireless/wired routers in my house, connected to the Internet ISP. There are a 2 computers on each of the two networks. Network1: has 192.168.0.0 (gateway) Valid IP'S range - 192.168.0.1 - 192.168.0.10, with COMP1 having a fixed IP of 162.168.0.1 Network2: has 192.168.0.100 (gateway) Valid IP'S range - 192.168.0.101 - 192.168.0.110 with COMP2 having a static IP of 162.168.0.101, a WIRELESS printer on 192.168.0.102 Both routers have a netmask of 255.255.255.0 My need is to connect the two routers, so that I can Remote desktop for COMP1 to COMP2 and viceversa, and COMP1 to connect to the wireless printer on Network2. can anyone help to set this up so that the both networks can talk to each other. Any help is appreciated. -Alex

Read the article
Where do vendors publish internal transfer rates of HDDs?

- by red888

So I've started to dig into storage fundamentals and found that in order to calculate the IOPS of a HDD you need to know the internal transfer rate of the drive (time it takes data to move from the platters to internal disk's cache). I went on newegg and even a few vendor sites and could not find this info published for any HDDs. Is it sometimes called something else? Take this link to a seagate HDD for instance. Nowhere do I see "internal transfer rate", but I do see something called "Sustained Data Rate OD"- is that the same thing? Just so you know where I'm getting this info (Book: "Information Storage and Management Storing, Managing..."): Consider an example with the following specifications provided for a disk: The average seek time is 5 ms in a random I/O environment; therefore, T = 5 ms. Disk rotation speed of 15,000 revolutions per minute or 250 revolutions per second — from which rotational latency (L) can be determined, which is one-half of the time taken for a full rotation or L = (0.5/250 rps expressed in ms). 40 MB/s internal data transfer rate, from which the internal transfer time (X) is derived based on the block size of the I/O — for example, an I/O with a block size of 32 KB; therefore X = 32 KB/40 MB. Consequently, the time taken by the I/O controller to serve an I/O of block size 32 KB is (TS) = 5 ms + (0.5/250) + 32 KB/40 MB = 7.8 ms. Therefore, the maximum number of I/Os serviced per second or IOPS is (1/TS) = 1/(7.8 × 10^-3) = 128 IOPS.

Read the article
Network interface selection

- by Antonino

Hello. Suppose I have more than a network interfaces and I want to selectively use them per application. eth0 is the standard interface with the standard gateway in the main routing table eth1 is another interface with a different gateway. Suppose I launch an application as a user "user_eth1". I used the following set of rules for iptables / ip rules. IPTABLES: iptables -t mangle -A OUTPUT -m user --uid-owner user_eth1 -j MARK --set-mark 100 iptables -t nat -A POSTROUTING -m user -uid-owner -o eth1 user_eth1 -j SNAT --to-source <eth_ipaddress> IPRULE: ip rule add fwmark 100 lookup table100 and i build "table100" as follows (no doubts on that) ip route show table main | grep -Ev ^default | while read ROUTE; do ip route add table table100 $ROUTE; done ip route add default via <default_gateway> table table100 It doesn't work at all. What's wrong with this? Thank you in advance!

Read the article
OpenVPN route missing

- by dajuric

I can connect to an OpenVPN server from Windows without any problems. But when I try to connect from Ubuntu 12.04 (start OpenVPN) I receive the following: OpenVPN needs a gateway parameter for a --route option and no default was specified by either --route-gateway or --ifconfig options SERVER IP: 161.53.X.X internal network: 10.0.0.0 / 8 What I need to do ? client configuration: client dev tap proto udp remote 161.53.X.X 1194 resolv-retry infinite nobind ca ca.crt cert client.crt key client.key ns-cert-type server comp-lzo verb 3 server conf: local 161.53.X.X port 1194 proto udp dev tap dev-node OpenVPN ca ca.crt cert server.crt key server.key # This file should be kept secret dh dh1024.pem # DHCP leases addresses to clients server-bridge # Push routes to the client to allow it # to reach other private subnets behind # the server. Remember that these # private subnets will also need # to know to route the OpenVPN client # address pool (10.8.0.0/255.255.255.0) # back to the OpenVPN server. push "route 10.0.0.1 255.255.0.0" client-to-client duplicate-cn keepalive 10 120 comp-lzo verb 6

Read the article
How to Configure Source NAT (Private IP => Public IP Outbound)

- by DavidScherer

I'm running VMWare ESXi Free and have Zentyal SBS 3.2 running as a Gateway. I have 5 Public IPS (CIDR/29, let's call them 69.1.1.1 - 69.1.1.5) and currently Zentyal is bound to 69.1.1.1 as the Gateway, with the other 4 Public IPs set as Virtual Interfaces in Zentyal (wan2-wan5) I have machines sitting on the Private Network (10.34.251.x) that, when going Outbound (to Google for instance) should be seen by the Internet as an IP other than the Gateway (69.1.1.1), this is because our machines need to be able to communicate with 3rd party APIs that expect these requests to come from a specific IP. From what I could find, SNAT (Source NAT) in Zentyal is used to achieve this, but I'm not sure how to configure it and cannot find a specific piece of Documentation for it at Zentyal. I've tried setting this up a couple different ways, with no results and at this point I have no idea if I'm going about this completely wrong, or my lack of experience with networking and the associated terminology is preventing me from placing the correct values in the correct fields. I get the following form to set up "SNAT" rules in Zentyal: Perhaps someone can offer some guidance and definitions for the fields above? SNAT Address Is this the Public IP I want to masquerade? Outgoing Interface Should this by my External NIC (one connected to Public 'Net), or is it the "Private" interface? It sounds as though this should be the External interface as I want the traffic from the internal network sent Out over this Interface (using a different IP than normal, anyway) Source Is the the Source on the internal network (one of the private IPs?), a public IP I want to masquerade as, or something else entirely? Destination Is this a place on the Internet (eg, "Only do this for the Site Google.com"/IP) or am I allowing myself to become confused again? Service I'm assuming this allows me to restrict which services this rule will apply to, but is it for a service on the internal network or a service being accessed on the external network? If I can offer any further details or information to make what I'm trying to do more clear, I will happily do so. Honestly any kind of help here would be very appreciated. I'm not a NetOps or anything even close, I spend most of my day writing code and my entire "team" at this company consists of "me, myself, and I" so while I try to broaden my KB at every possible opportunity, I can only learn so much, so fast and I feel like with networking especially there's just so much, coupled with a learning curve for each solution that likes to (from my limited perspective) use slightly different terminology that what I'm used to (and I don't exactly have the necessary experience to cross reference this stuff with the stuff I already know in context).

Read the article
Remote Desktop Services create LAN and WAN user groups

- by PHLiGHT

I'm setting up one server with the gateway, server host and web access roles on it. I know that isn't ideal but I don't expect to have many simulatenous users. I want users to access remote desktop web access and connect to the server host via the gateway as outlined here which avoids opening 3389 to the internet. Users will be connecting from the LAN and the WAN. What I'm looking to do is to allow some users LAN access but not WAN access and added plus would be if security settings (such as no clipboard) would be different when accessing via the WAN. Is this possible? It seems all users can logon to remote desktop web access by default. They can't run the remoteapps once logged in though without the proper permissions. Can I prevent them from even logging into remote web access? Since they renamed it from terminal services to remote desktop services it has made my Googling a bit harder. Thanks!

Read the article
Problems with MGCP proxy creation

- by Popof

Hi, I'm trying to bypass my ISP router with my FreeBSD server (I've an optical connection so I've a RJ45 used to connect the box to WAN) Internet and TV are working fine (Using igmpproxy to forward TV stream) but I've a problem with phone. ISP's box is connected to the server which gives it a LAN address. The problem is that when the box builds MGCP packets (and especially SDP ones) it uses its LAN address. So I've think of writing an UDP proxy to handle MGCP and SDP packets in order to replace LAN address with server WAN address and then forward packet to WAN. Before starting coding I've captured stream packets using my server as a bridge between WAN connection and the ISP's box. And, in order to see if my solution is viable, I've tried to send those packets to the box using nemesis. I tried to send a packet (found in capture) containing an endpoint audit: AUEP 1447 aaln/[email protected] MGCP 1.0 F: A In the wireshark capture the box replied: 200 1447 OK A: a:PCMU;PCMA;G726-16;G726-24;G726-32;G726-40;G.723.1-5.3;G.723.1-6.3;G729;TELEPHONE-EVENT, fmtp:"TELEPHONE-EVENT 0-15,144,149,159", p:10-30, b:4-40, e:on, t:00, s:on, v:L;M;G;D, m:sendonly;recvonly;sendrecv;inactive;confrnce;replcate;netwtest;netwloop, dq-gi But when I use nemesis, I got an ICMP error: Port unreachable (Type 3, Code 3). To build this packet, WAN source address of the capture is replaced with my server LAN address, using the mgcp-callagent port (2727) and the packet is sent to the LAN address of the box at mgcp-gateway port (2427). The command I use is nemesis udp -S 192.168.2.1 -D 192.168.2.2 -x 2727 -y 2427 -P packet_to_send. I also tried an UDP scan to the box on callagent and gateway port: PORT STATE SERVICE 2727/udp open|filtered unknown 2427/udp closed unknown I found those results a little bit strange because it should be the 2427 port opened, as it was in capture. Internet Protocol, Src: <ISP MGCP Server>, Dst: <My WAN Address> User Datagram Protocol, Src Port: mgcp-callagent (2727), Dst Port: mgcp-gateway (2427) Does someone has any idea about how having my box responding to my requests ? Thanks in advance and sorry for my english.

Read the article
Routing between two VLANs on Single Dell 6200 Switch

- by jenglee

I want to be able to route between two vlans that I have created and I am not sure how to go about it. So I have created, VLAN 5 with IP Address 192.168.5.1/24 and VLAN 10 with IP Address 192.168.0.1/24 //main IP addresses that I use. How would I be able to get (for example) the IP Address 192.168.0.144 to see any ip addresses in 192.168.5.1/24? Also do you have to set a default gateway for each VLAN or do you set the default gateway for the switch.

Read the article
VGA resolution with Sony Bravia TV

- by prestomation

I just bought Sony Bravia KDL40S5100 tv. The VGA input is acting weird. I have a Gateway desktop with Windows 7 and Intel 945 graphics. I also have a laptop running Ubuntu 9.04. The TV will not display the gateway when the resolution is over 1360x768, I have to wait for it to time out and bring me back. The Intel driver even urges me to switch to the "recommended" 1920x1080. I just installed Win7 using this tv as the monitor. When the orginial welcome screen started after setup, it started me at 1080. I had to start in safemode to set a res that would work! When I plug my laptop into the TV, 1920x1080 works just fine. Any ideas? This laptop also has Win7, which I am going to try, but I haven't gotten a chance yet.

Read the article
Remotedesktop to windows 2008 server with 2 nics

- by The_Mo

Hi I have 2 NICs on a Windows 2008 R2 Server. nic1 with ip address 192.168.2.1 with gatewaty 192.168.2.254 and nic2 with ip address 10.96.6.253 with no gateway. The windows 2008 server is connected to a router which is connnected to another router so if I want to connect to the windows 2008 server I use 192.168.0.31 because it is forwarded. If I use remote desktop to connect to that machine I use 192.168.0.31 and that works well, but the server has a seccond nic and I want to be able to connect with a remotedesktop to nic2. Any help appreciated! [server windows 2008 r2 192.168.2.1] -- [router 192.168.2.254/192.168.0.31] -- [my computer 192.168.0.13 gateway 192.168.0.254]

Read the article
Routing using Linux with 2 NIC cards

- by Kevin Parker

Configured Clear OS to be in Gateway mode on a machine with two NIC cards. eth0:192.168.2.0/24 with ip 192.168.2.27 which is connected to a modem and thus have internet connectivity. eth1:192.168.122.0/24 with ip 192.168.122.10 which is connected to other machines in LAN through switch. LAN machines with network 192.168.122.0 is not getting internet.How can they get internet Through Clear OS gateway.I have enabled packet forwarding in clear os using "ip_forward=1" What am i missing?.Can you please help me in this. Following are the static routing i have added: on LAN machine1 with ip address 192.168.122.11 ip route add 192.168.2.0/24 via 192.168.122.10 dev eth0 ip route show 192.168.2.0/24 via 192.168.122.10 dev eth0 192.168.122.0/24 dev eth0 proto kernel scope link src 192.168.122.11 But still 192.168.2.0/24 network is not reachable.Where can be the problem??

Read the article
How can I join two simple home networks together using an ethernet cable?

- by Ilia Jerebtsov

I want to join two different home networks together like so: PC A1 PC A2 PC B1 PC B2 \ / \ / Gateway A <----- ethr. cable -----> Gateway B | | ADSL modem A ADSL modem B Both networks are of the basic residential type with identical configuration, with all PCs running Vista/7. The point is to temporarily join two apartments in a building for gaming and file sharing, and the holy grail would be: PCs on network A can access PCs on network B and vice-versa (file shares and gaming). Each network uses its own internet connection. Data between networks shouldn't take a trip through the internet (broadband upload speeds are severely capped) A network's internet access should continue working if the joining cable is disconnected with minimal configuration changes. How closely can this be achieved?

Read the article
Set Valid IP On Vmware Vm's Help Please

- by Shahin At

I Have a VPS.And i on my vps installed vmware workstation version 9.now i have 3 valid ip's: XXX.152.193.66 XXX.152.193.101 XXX.152.193.103 Gateway: XXX.152.193.65 now tow ip's set in host and i want to 1 ip set on vm. network vm is bridge and set ip on vm but this ip from out of internal network not ping and in vm not ping to gateway. What can I do to solve this problem? my ip is unassigned and only set on vm and use bridge network mode.and gw,mask,dns is set.but not ping. i set this ip on host and without problems is worked, But I do not know why on vm not worked. my host OS Is Windows Server 2003 and firewall is off and RRAs(routing and remote access) For VPN service is Enable. Do not host or virtual machines to create a IP route?

Read the article
Unidentified network: How to configure TCP/IPv4 for Win7?

- by Zolomon

When I try to connect to internet I keep getting the error "Unidentified network". I've tried numerous attempts at restoring access without success. IP release, flushing DNS cache, reinstalling NIC, reactivating NIC, resetting router and so on... I've read several times that it's my default gateway that's wrong. Currently I've had automatic IP/DNS configuration set without any problems, and then it stopped working for some reason. Anyone know how I specify the IP? My subnetmask is 255.255.255.0, default gateway is 192.168.0.1 but I have no idea how to determine what IP I should set. I use a D-Link DIR-655 and other computers on the network have IPs like 192.168.0.194, next is 192.168.0.197. (I'm completely lost and am trying to cool down after two weekends of debugging filled with despair.)

Read the article
Server resolve issues not consistent

- by bobthemac

I am having some weird issues with my web server. It has a public ip address and is set-up on an openVZ virtual machine. Accessing in to the site works fine every time but when trying to access out from the server I can't always connect out. Sometimes I can connect out and resolve addresses, sometimes I can't. The issue is visible in both ssh when trying to do a wget command on Google; sometimes it works and I get the index.html page and sometimes I get nothing. The issue is more visible in wordpress where you can't view themes but after a few presses of the try again button you can then view them. I have searched google and found nothing about this issue. Does anyone here have any ideas what could be causing this strange behaviour? Ports 80 and 2222 are open for web and ssh. Failed 17:26:33.398412 IP 86.148.184.124.38445 > 176.9.36.252.http: Flags [.], ack 98383, win 632, options [nop,nop,TS val 3070086 ecr 323106946], length 0 [email protected]..|. $..-.P..,.e......x....... .....B8. Passed 17:30:00.179630 IP 146.90.206.241.50091 > 176.9.36.252.http: Flags [F.], seq 1, ack 1, win 115, options [nop,nop,TS val 13740559 ecr 323308537], length 0 [email protected]... $....P.w...x.....s(K..... .....EK. Thanks in advance

Read the article
Port forwarding with DNAT and SNAT without touching other packets

- by w00t

I have a Linux gateway with iptables which does routing and port forwarding. I want the port forwarding to happen independent of the routing. To port forward, I add this to the nat table: iptables -t nat -A "$PRE" -p tcp -d $GW --dport $fromPort -j DNAT --to-destination $toHost:$toPort iptables -t nat -A "$POST" -p tcp -d $toHost --dport $toPort -j SNAT --to $SRC $PRE and POST are actually destination-specific chains that I jump to from the PREROUTING and POSTROUTING chains respectively so I can keep the iptables clean. $SRC is the IP address I'm SNATing to which is different from the gateway IP $GW. The problem with this setup is that regular routed packets that were not DNATed but happen to go to the same $toHost:$toPort combo will also be SNATed. I wish to avoid this. Any clever things I can do?

Read the article
cisco vpn client randomly disconnects with pfSense

- by Andre

My network has two gateways, one is a pfSense box that everyone uses. The other one is a TP-Link firewall essentially for tests. Some machines inside my network need to access a VPN through the Cisco VPN client. If one of those machines is using the pfSense box as the gateway, I experience random connection drops on the VPN. If I am using the TP-Link gateway that doesn't happen. I've tried changing the MTU in the pfSense box and that improved things a little bit but didn't really solve the problem. I also followed the guidelines for traffic shaping in pfSense and the connections still drop quite often. Ideas?

Read the article
Is this iptables NAT exploitable from the external side?

- by Karma Fusebox

Could you please have a short look on this simple iptables/NAT-Setup, I believe it has a fairly serious security issue (due to being too simple). On this network there is one internet-connected machine (running Debian Squeeze/2.6.32-5 with iptables 1.4.8) acting as NAT/Gateway for the handful of clients in 192.168/24. The machine has two NICs: eth0: internet-faced eth1: LAN-faced, 192.168.0.1, the default GW for 192.168/24 Routing table is two-NICs-default without manual changes: Destination Gateway Genmask Flags Metric Ref Use Iface 192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1 (externalNet) 0.0.0.0 255.255.252.0 U 0 0 0 eth0 0.0.0.0 (externalGW) 0.0.0.0 UG 0 0 0 eth0 The NAT is then enabled only and merely by these actions, there are no more iptables rules: echo 1 > /proc/sys/net/ipv4/ip_forward /sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE # (all iptables policies are ACCEPT) This does the job, but I miss several things here which I believe could be a security issue: there is no restriction about allowed source interfaces or source networks at all there is no firewalling part such as: (set policies to DROP) /sbin/iptables -A FORWARD -i eth0 -o eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT /sbin/iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT And thus, the questions of my sleepless nights are: Is this NAT-service available to anyone in the world who sets this machine as his default gateway? I'd say yes it is, because there is nothing indicating that an incoming external connection (via eth0) should be handled any different than an incoming internal connection (via eth1) as long as the output-interface is eth0 - and routing-wise that holds true for both external und internal clients that want to access the internet. So if I am right, anyone could use this machine as open proxy by having his packets NATted here. So please tell me if that's right or why it is not. As a "hotfix" I have added a "-s 192.168.0.0/24" option to the NAT-starting command. I would like to know if not using this option was indeed a security issue or just irrelevant thanks to some mechanism I am not aware of. As the policies are all ACCEPT, there is currently no restriction on forwarding eth1 to eth0 (internal to external). But what are the effective implications of currently NOT having the restriction that only RELATED and ESTABLISHED states are forwarded from eth0 to eth1 (external to internal)? In other words, should I rather change the policies to DROP and apply the two "firewalling" rules I mentioned above or is the lack of them not affecting security? Thanks for clarification!

Read the article
Should a MobiTex service with a highly resilient website offer content over WAP?

- by makerofthings7

I'm trying to offer services over the MobiTex network (also see wiki) and want to reduce double-work. I'm trying to understand if it is a good idea to WAP enable my website. Given that WAP usage is increasing (since MMS is a hybrid of SMS + WAP), and the FCC has required every operator in the 700Mhz range to implement it I'd like to fully understand if there are benefits to the technology for certain critical applications. For example, if GPRS allows SMS traffic, voice, and Data, presumably they are handled by different Gateways. If there is another gateway for WAP traffic I would think that it would act as a backup if the data gateway was overloaded. Are there resiliency benefits to using WAP on a critical website? i.e. Content delivery (push or pull)

Read the article

< Previous Page | 33 34 35 36 37 38 39 40 41 42 43 44 | Next Page >