Search Results

Search found 12705 results on 509 pages for 'ip routing'.

Page 73/509 | < Previous Page | 69 70 71 72 73 74 75 76 77 78 79 80  | Next Page >

  • VPN iptables Forwarding: Net-to-net

    - by Mike Holler
    I've tried to look elsewhere on this site but I couldn't find anything matching this problem. Right now I have an ipsec tunnel open between our local network and a remote network. Currently, the local box running Openswan ipsec with the tunnel open can ping the remote ipsec box and any of the other computers in the remote network. When logged into on of the remote computers, I can ping any box in our local network. That's what works, this is what doesn't: I can't ping any of the remote computers via a local machine that is not the ipsec box. Here's a diagram of our network: [local ipsec box] ----------\ \ [arbitrary local computer] --[local gateway/router] -- [internet] -- [remote ipsec box] -- [arbitrary remote computer] The local ipsec box and the arbitrary local computer have no direct contact, instead they communicate through the gateway/router. The router has been set up to forward requests from local computers for the remote subnet to the ipsec box. This works. The problem is the ipsec box doesn't forward anything. Whenever an arbitrary local computer pings something on the remote subnet, this is the response: [user@localhost ~]# ping 172.16.53.12 PING 172.16.53.12 (172.16.53.12) 56(84) bytes of data. From 10.31.14.16 icmp_seq=1 Destination Host Prohibited From 10.31.14.16 icmp_seq=2 Destination Host Prohibited From 10.31.14.16 icmp_seq=3 Destination Host Prohibited Here's the traceroute: [root@localhost ~]# traceroute 172.16.53.12 traceroute to 172.16.53.12 (172.16.53.12), 30 hops max, 60 byte packets 1 router.address.net (10.31.14.1) 0.374 ms 0.566 ms 0.651 ms 2 10.31.14.16 (10.31.14.16) 2.068 ms 2.081 ms 2.100 ms 3 10.31.14.16 (10.31.14.16) 2.132 ms !X 2.272 ms !X 2.312 ms !X That's the IP for our ipsec box it's reaching, but it's not being forwarded. On the IPSec box I have enabled IP Forwarding in /etc/sysctl.conf net.ipv4.ip_forward = 1 And I have tried to set up IPTables to forward: *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [759:71213] -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -p icmp -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 25 -j ACCEPT -A INPUT -p udp -m state --state NEW -m udp --dport 500 -j ACCEPT -A INPUT -p udp -m state --state NEW -m udp --dport 4500 -j ACCEPT -A INPUT -m policy --dir in --pol ipsec -j ACCEPT -A INPUT -p esp -j ACCEPT -A INPUT -j REJECT --reject-with icmp-host-prohibited -A FORWARD -s 10.31.14.0/24 -d 172.16.53.0/24 -j ACCEPT -A FORWARD -m policy --dir in --pol ipsec -j ACCEPT -A FORWARD -j REJECT --reject-with icmp-host-prohibited COMMIT Am I missing a rule in IPTables? Is there something I forgot? NOTE: All the machines are running CentOS 6.x Edit: Note 2: eth1 is the only network interface on the local ipsec box.

    Read the article

  • Resetting TCP/IP Settings on Windows 8

    - by cpx
    Apparently, there's a command: netsh int ip reset which is known to reset TCP/IP settings for Windows XP/Vista/7 and I'm not sure how it works correctly on Windows 8. When I typed the command under command prompt (Admin) I got two errors as pointed out in the screenshot: Resetting , failed. Access is denied. At the end it said Resetting , OK! So, how do I confirm if it worked or not?

    Read the article

  • Routing all Traffic through OpenVPN Tunnel

    - by Filip Ekberg
    I have installed OpenVPN server on Archlinux and am now using OpenVPN GUI on Windows 7, I can talk to other computers connected through the VPN but I have not yet figured out how to route all traffic through the tunnel. How do I do this? I figured I need to do it with route ( cmd command ) but I think i need some pointers here. I've followed the OpenVPN HowTo on the matter but that doesn't work, it simply doesn't push the "force the client to go through this gateway"-option. And changing from OpenVPN to a PPTP / IPSec alternative is not an option at the moment.

    Read the article

  • What is the equivalent of Cisco's 'ip virtual-reassembly' for a Juniper ISG 2000

    - by 2xyo
    I tested my dns servers with the oarc test and my size limit is at least 1403 bytes. I performed the same test before my Juniper ISG 2000 and the result is 2047 bytes. According to the chapter IP "Fragments Filtered" and this article, I think I have a fragmentation problem. This article talks about ip virtual-reassembly for cisco but I can't find the equivalent for Juniper. I prefer to find the good option in JunOS before I talk about this with my net admin :-) Thanks

    Read the article

  • Ping "replies" from same computer with 'Destination host unreachable' (no route to other computer)

    - by Srekel
    I've got two computers in a LAN behind a wireless router. One has XP with ip 192.168.1.2 This one has W7 with ip 192.168.1.7 If I try to ping the other one from this computer, I get this: C:\Users\Srekel>ping 192.168.1.2 Pinging 192.168.1.2 with 32 bytes of data: Reply from 192.168.1.7: Destination host unreachable. Reply from 192.168.1.7: Destination host unreachable. Reply from 192.168.1.7: Destination host unreachable. Reply from 192.168.1.7: Destination host unreachable. Ping statistics for 192.168.1.2: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Tracert gives the same result: C:\Users\Srekel>tracert 192.168.1.2 Tracing route to 192.168.1.2 over a maximum of 30 hops 1 Kakburken4 [192.168.1.7] reports: Destination host unreachable. Trace complete. Although I can ping and tracert the router without any problems. I have disabled the firewalls on both computers. The router is set to use DHCP (if that matters). Here is the output from "route". C:\Users\Srekel>route print =========================================================================== Interface List 13...00 25 86 df c6 89 ......TP-LINK Wireless N Adapter 12...e0 cb 4e 26 b9 84 ......Realtek PCIe GBE Family Controller #2 11...e0 cb 4e 26 be 94 ......Realtek PCIe GBE Family Controller 1...........................Software Loopback Interface 1 16...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2 14...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface =========================================================================== IPv4 Route Table =========================================================================== Active Routes: Network Destination Netmask Gateway Interface Metric 0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.7 20 127.0.0.0 255.0.0.0 On-link 127.0.0.1 306 127.0.0.1 255.255.255.255 On-link 127.0.0.1 306 127.255.255.255 255.255.255.255 On-link 127.0.0.1 306 192.168.1.0 255.255.255.0 On-link 192.168.1.7 276 192.168.1.7 255.255.255.255 On-link 192.168.1.7 276 192.168.1.255 255.255.255.255 On-link 192.168.1.7 276 224.0.0.0 240.0.0.0 On-link 127.0.0.1 306 224.0.0.0 240.0.0.0 On-link 192.168.1.7 276 255.255.255.255 255.255.255.255 On-link 127.0.0.1 306 255.255.255.255 255.255.255.255 On-link 192.168.1.7 276 =========================================================================== Persistent Routes: None IPv6 Route Table =========================================================================== Active Routes: If Metric Network Destination Gateway 14 58 ::/0 On-link 1 306 ::1/128 On-link 14 58 2001::/32 On-link 14 306 2001:0:5ef5:73ba:881:20c1:3f57:fef8/128 On-link 14 306 fe80::/64 On-link 14 306 fe80::881:20c1:3f57:fef8/128 On-link 1 306 ff00::/8 On-link 14 306 ff00::/8 On-link =========================================================================== Persistent Routes: None I've set up and debugged a few networks in my life but I'm not really an advanced network user, so I'm not sure what might be wrong. Any ideas? Oh, and pinging this computer from the other computer doesn't work either.

    Read the article

  • Setting up Windows 2008 with VPN and NAT

    - by Benson
    I have a Windows 2008 box set up with VPN, and that works quite well. NPS is used to validate the VPN clients, who are able to access the private address of the server, once connected. I can't for the life of me get NAT working for the VPN clients, though. I've added NAT as a routing protocol, and set the one on in the VPN address pool as private, and the other as public - but it still won't NAT connections when I add a route through the VPN server's IP on the client side (route add SomeInternetIp IpOfPrivateInterfaceOnServer). I know I can reach the server's private interface (which happens to be 10.2.2.1) with remote desktop client, so I can't think of any issues with the VPN.

    Read the article

  • Routing PC-speaker sounds to the sound card

    - by bobobobo
    Well, my computer didn't come with a stock PC speaker I noticed also that laptops tend to not have PC speakers either, but they make bios/beep sounds through their normal speakers. How can I configure my desktop machine to behave that way? I have a SB-XFI card

    Read the article

  • How to config DLink DSL-2640T to allow access from DynDNS route to specific port on my PC?

    - by Greendog
    Hi, everyone. I think you can help me out from this little problem. I am trying to setup an Apache web server on my PC and let the other remotes to this machine via DynDNS.com. I found that DLink DSL-2640T make me confuse about how to configure the routing from http://myhostname.dyndns.org:80 to 192.168.1.13:80. At the moment when I browse the URL http://myhostname.dyndns.org, it will lead me to router's admin control panel. Could you help me out by giving your guideline or suggestion?

    Read the article

  • Routing Apache TracEnv

    - by fampinheiro
    Hello, i have a situation with many trac instances. They all have the same structure in the filesystem. PATH/trac1 PATH/trac2 PATH/trac3 i have this configuration <Location /trac/trac1> SetHandler mod_python PythonInterpreter main_interpreter PythonHandler trac.web.modpython_frontend PythonOption TracEnv PATH/trac1 PythonOption TracUriRoot /trac/trac1 PythonOption PYTHON_EGG_CACHE PATH/eggs/ </Location> <Location /trac/trac2> SetHandler mod_python PythonInterpreter main_interpreter PythonHandler trac.web.modpython_frontend PythonOption TracEnv PATH/trac2 PythonOption TracUriRoot /trac/trac2 PythonOption PYTHON_EGG_CACHE PATH/eggs/ </Location> <Location /trac/trac3> SetHandler mod_python PythonInterpreter main_interpreter PythonHandler trac.web.modpython_frontend PythonOption TracEnv PATH/trac3 PythonOption TracUriRoot /trac/trac3 PythonOption PYTHON_EGG_CACHE PATH/eggs/ </Location> i wonder if it's possible to do something like (TracEnvParentDir is not an option) <Location /trac/{ENV}> SetHandler mod_python PythonInterpreter main_interpreter PythonHandler trac.web.modpython_frontend PythonOption TracEnv PATH/{ENV} PythonOption TracUriRoot /trac/{ENV} PythonOption PYTHON_EGG_CACHE PATH/eggs/ </Location> Thank you for your time. EDIT: TracEnvParentDir is not an option because my structure is the following +---projs +---trac1 ¦ +---public [instance] ¦ +---t1 ¦ ¦ +---common [instance] ¦ ¦ +---g1 [instance] ¦ ¦ +---g2 [instance] ¦ ¦ +---g3 [instance] ¦ ¦ +---g4 [instance] ¦ ¦ +---g5 [instance] ¦ +---t2 ¦ ¦ +---common [instance] ¦ ¦ +---g1 [instance] ¦ ¦ +---g2 [instance] ¦ ¦ +---g3 [instance] ¦ ¦ +---g4 [instance] ¦ ¦ +---g5 [instance] ¦ +---t3 ¦ +---common [instance] ¦ +---g1 [instance] ¦ +---g2 [instance] ¦ +---g3 [instance] ¦ +---g4 [instance] ¦ +---g5 [instance] ¦ +---trac2 +---public [instance] +---t1 ¦ +---common [instance] ¦ +---g1 [instance] ¦ +---g2 [instance] ¦ +---g3 [instance] ¦ +---g4 [instance] ¦ +---g5 [instance] +---t2 ¦ +---common [instance] ¦ +---g1 [instance] ¦ +---g2 [instance] ¦ +---g3 [instance] ¦ +---g4 [instance] ¦ +---g5 [instance] +---t3 +---common [instance] +---g1 [instance] +---g2 [instance] +---g3 [instance] +---g4 [instance] +---g5 [instance] I use the TracEnvParentDir on t1, t2 and t3 and TracEnv on trac1/public and trac2/public I wonder if it's possible to define a part of the url variable.

    Read the article

  • subdomain on another ip address

    - by pixeline
    hello, my main domain (domain.com) sits on a server with ip address 1. I need to have a subdomain (forum.domain.com) point to a server with ip address 2. Both servers are hosted at iWeb, so i have a cPanel interface to manage them, but i can't find the right way to do that. I tried a .htaccess redirection, which works, but the visible address in the browser changes too. Any help on how to do that would be appreciated. Thank you

    Read the article

  • Passing IP address with mod_proxy

    - by Konrad Garus
    I have Apache with mod_proxy passing requests to Tomcat. The trouble is, when I get client IP address associated with a request in web app hosted on Tomcat, it always returns 127.0.0.1. Is it possible to have Apache pass the original IP address to Tomcat?

    Read the article

  • Routing internet through ethernet to a computer without a Wireless adapter

    - by Decency
    I'm setting up a small home network. I have a laptop which connects to internet wirelessly- that works fine. I have a desktop connected to this laptop by an ethernet cable which I'd like to access the internet with. In the past, I have used a different laptop to do this and had no problems doing so. Both computers run Windows 7. I have tried setting up a homegroup and disabling Windows firewall, as well as restarting both computers. I can share data but my internet connection can not be accessed through the desktop. (I understand USB network adapters are cheap, I have one on the way but that doesn't solve this issue.) Any help or live chat support if you'd prefer would be appreciated. Thanks!

    Read the article

  • Dynamips and Tap Devices, To and From the same machine

    - by Kyle Brandt
    I am setting up a dynamips/dynagen lab and am wondering if there is any way to get traffic to route out one tap devices, go into the lab, and come back to a tap device on the same machine. I have tried host specific routes as well as removing the route created when I give the tun device an ip via ifconfig. With both of these, traffic always preferes the attached devices and won't go through my lab. Any way to make this work without a separate machine or vm?

    Read the article

  • Routing traffic to another internal network

    - by Jason
    OK, so here is the scenario. I have 4 Locations connected with an MPLS. I have installed an ASA at the primary location which is 10.20.1.0. Traffic is fine internally and to the world, however... I can't route traffic over the MPLS to another network. It is being blocked by an implicit deny rule even though there is a rule to allow any to any less secure interface (it should be using the same interface in/out, right?). I have a static route for the network in and the ASA can ping it - Just not traffic on the internal network of the ASA. -Jason

    Read the article

  • No External Network Access Through Ubuntu VPN

    - by trobrock
    I have setup pptpd as my VPN server on Ubuntu Server 9.04, I am able to connect to the VPN from the client and can access the server's local network, but I am unable to connect to the external network via the VPN. If I login to the server via SSH: $ ping google.com PING google.com (74.125.67.100) 56(84) bytes of data. 64 bytes from gw-in-f100.google.com (74.125.67.100): icmp_seq=1 ttl=49 time=65.9 ms 64 bytes from gw-in-f100.google.com (74.125.67.100): icmp_seq=2 ttl=49 time=63.2 ms 64 bytes from gw-in-f100.google.com (74.125.67.100): icmp_seq=3 ttl=49 time=63.9 ms 64 bytes from gw-in-f100.google.com (74.125.67.100): icmp_seq=4 ttl=49 time=66.0 ms If I connect to the VPN and ping locally: $ ping google.com ping: cannot resolve google.com: Unknown host I have a feeling it is some routing issue on the server but I am unsure.

    Read the article

  • Mod_rewrite (CakePHP routing functionality) forbidden after Snow Leopard upgrade

    - by Ryan Ballantyne
    Hello ServerFault, I am using the standard Apple-provided installations of PHP 5.3 and Apache 2 to do web development on a Mac Pro that I just upgraded to Mac OS X 10.6 (Snow Leopard). The upgrade went well enough, if I ignore the fact that it destroyed my ability to get work done. ;) After the update, the CakePHP application I was developing started giving me 403 Forbidden errors when accessed. Based on the errors in the log file, I've determined that Apache is choking on the mod_rewrite rules in Cake's .htaccess file. Here's the file, in its entirety: <IfModule mod_rewrite.c> RewriteEngine on RewriteRule ^$ app/webroot/ [L] RewriteRule (.*) app/webroot/$1 [L] </IfModule> It's not that the rules themselves are wrong, but that Apache is forbidding the use of mod_rewrite altogether. All other pages on the machine work fine, and the 403 errors go away if I comment out the .htaccess file (but nothing works, of course). In my httpd.conf file, I've tried changing this: <Directory /> Options FollowSymLinks AllowOverride None Order deny,allow Deny from all </Directory> To this: <Directory /> Options FollowSymLinks AllowOverride All Order deny,allow Allow from all </Directory> ...which has no effect. I don't know much about Apache configuration files, and I'm quite stuck on this. In fact, I know little enough that I'm not sure which information about my setup is needed to enable people to provide useful answers. I'm just using the vanilla OS X setup, nothing fancy. Googling has yielded no fruits for me this time, so I'm turning to you. Any ideas?

    Read the article

  • Linux: multiple network connections - 3G/4G / Wifi / LAN / etc; how can i set a preferred network connection to use?

    - by Alex
    I've been looking at how I can setup a laptop that has multiple network interfaces, but a problem exists if all the connections are active, i.e. 3G, WiFi and LAN are all connected, I would like it to default to LAN. I would like to set "weights" or "priority" to each connection, so that if the LAN is unplugged, it'll default to WiFi - if its in range and working, otherwise, it'll switch and use the 3G dongle; I've been looking around and I can see that the "metric" counter for route isn't being used for recent kernels. I thought that would be able to set the preferred gateway / connections - but according to the man page: man route: OUTPUT Metric The 'distance' to the target (usually counted in hops). It is not used by recent kernels, but may be needed by routing daemons. So I'm confused, are there any scripts / apps / anything that can detect active network connections, and by way of configuration, send my default gateway network traffic through that interface if its active / alive?

    Read the article

  • Block IP Address including ICMP using UFW

    - by dr jimbob
    I prefer ufw to iptables for configuring my software firewall. After reading about this vulnerability also on askubuntu, I decided to block the fixed IP of the control server: 212.7.208.65. I don't think I'm vulnerable to this particular worm (and understand the IP could easily change), but wanted to answer this particular comment about how you would configure a firewall to block it. I planned on using: # sudo ufw deny to 212.7.208.65 # sudo ufw deny from 212.7.208.65 However as a test that the rules were working, I tried pinging after I setup the rules and saw that my default ufw settings let ICMP through even from an IP address set to REJECT or DENY. # ping 212.7.208.65 PING 212.7.208.65 (212.7.208.65) 56(84) bytes of data. 64 bytes from 212.7.208.65: icmp_seq=1 ttl=52 time=79.6 ms ^C --- 212.7.208.65 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 79.630/79.630/79.630/0.000 ms Now, I'm worried that my ICMP settings are too generous (conceivably this or a future worm could setup an ICMP tunnel to bypass my firewall rules). I believe this is the relevant part of my iptables rules is given below (and even though grep doesn't show it; the rules are associated with the chains shown): # sudo iptables -L -n | grep -E '(INPUT|user-input|before-input|icmp |212.7.208.65)' Chain INPUT (policy DROP) ufw-before-input all -- 0.0.0.0/0 0.0.0.0/0 Chain ufw-before-input (1 references) ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 3 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 4 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 11 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 12 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 8 ufw-user-input all -- 0.0.0.0/0 0.0.0.0/0 Chain ufw-user-input (1 references) DROP all -- 0.0.0.0/0 212.7.208.65 DROP all -- 212.7.208.65 0.0.0.0/0 How should I go about making it so ufw blocks ICMP when I specifically attempt to block an IP address? My /etc/ufw/before.rules has in part: # ok icmp codes -A ufw-before-input -p icmp --icmp-type destination-unreachable -j ACCEPT -A ufw-before-input -p icmp --icmp-type source-quench -j ACCEPT -A ufw-before-input -p icmp --icmp-type time-exceeded -j ACCEPT -A ufw-before-input -p icmp --icmp-type parameter-problem -j ACCEPT -A ufw-before-input -p icmp --icmp-type echo-request -j ACCEPT I'm tried changing ACCEPT above to ufw-user-input: # ok icmp codes -A ufw-before-input -p icmp --icmp-type destination-unreachable -j ufw-user-input -A ufw-before-input -p icmp --icmp-type source-quench -j ufw-user-input -A ufw-before-input -p icmp --icmp-type time-exceeded -j ufw-user-input -A ufw-before-input -p icmp --icmp-type parameter-problem -j ufw-user-input -A ufw-before-input -p icmp --icmp-type echo-request -j ufw-user-input But ufw wouldn't restart after that. I'm not sure why (still troubleshooting) and also not sure if this is sensible? Will there be any negative effects (besides forcing the software firewall to force ICMP through a few more rules)?

    Read the article

  • Transparent Squid : Logging client ip problem

    - by llazzaro
    Hello, I am using the following rules in iptables in my network to use a transparent proxy * iptables -t nat -A PREROUTING -i eth0 -s ! squid-box -p tcp --dport 80 -j DNAT --to squid-box:3128 * iptables -t nat -A POSTROUTING -o eth0 -s local-network -d squid-box -j SNAT --to iptables-box * iptables -A FORWARD -s local-network -d squid-box -i eth0 -o eth0 -p tcp --dport 3128 -j ACCEPT But my squid log, always logs gateway IP (172.16.0.1) Do you know an alternative to not lose client IP? (of course avoid saing manual proxy setup!)

    Read the article

  • Possible to direct naked domain to external IP

    - by Luke
    So I found this post: configure Bind to have a custom domain on tumblr and I was trying to ask a related question: Would it be possible to set up an A record pointing traffic to domain.com to Tumblr and feed.domain.com to the IP address of my choice? In other words, by setting up a naked domain A record to Tumblr's IP, will I inherently lose traffic to feed.domain.com? Can I write another A record for the specific subdomains I want to point to my server? I hope this makes sense.

    Read the article

  • Connect two subnets without router

    - by Shcheklein
    I got two Comcast routers with two different subnets on each. Every subnet contains 5 static IPs. Two questions: Are there any problems if both routers and machines from both subnets are connected into one switch? Security issues doesn't matter there. I need to know if there are some performance or other problems. Is it possible to make machines from different subnets to see each other if they all are connected into one switch? Some static routing, add ARP records or somethig else ... I just want to avoid configuring second ethernet adaptors, third router or something. And I need to connect these subnets vai high-speed local network.

    Read the article

< Previous Page | 69 70 71 72 73 74 75 76 77 78 79 80  | Next Page >