Access A Host From A Different Subnet In Linux

I am trying to set up a "Proxy Server" in Linux, without using Squid (Part of my project). However I have beginner's knowledge of iptables. I am using the following script from "http://www.aboutdebian.com/proxy.

#!/bin/sh
INTIF="eth1"
EXTIF="eth0"
EXTIP="`/sbin/ifconfig eth0 | grep 'inet addr' | awk '{print $2}' | sed -e 's/.*://'`"
/sbin/depmod -a
/sbin/modprobe ip_tables
/sbin/modprobe ip_conntrack
/sbin/modprobe ip_conntrack_ftp
/sbin/modprobe ip_conntrack_irc
/sbin/modprobe iptable_nat
/sbin/modprobe ip_nat_ftp
echo "1" > /proc/sys/net/ipv4/ip_forward
echo "1" > /proc/sys/net/ipv4/ip_dynaddr
iptables -P INPUT ACCEPT
iptables -F INPUT
iptables -P OUTPUT ACCEPT
iptables -F OUTPUT
iptables -P FORWARD DROP
iptables -F FORWARD
iptables -t nat -F
iptables -A FORWARD -i $EXTIF -o $INTIF -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -i $INTIF -o $EXTIF -j ACCEPT
iptables -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE

Question is there is no packet forwarding from eth1 to eth0 (verified from wireshark, a windows is using eth1's ip address as its default gateway)

Any help would be highly appreciated!

Hi,

I tried to configure my ethernet interface on a Debian Wheezy VM, but I've a problem. When I try to restart /etc/init.d/networking, I've no error message.
But my eth1 interface isn't up and when I try to up it with : ifup eth1, it return me :

Code:

root@debian-main:/# ifup eth1
RTNETLINK answers: File exists
Failed to bring up eth1

My /etc/network/interface file is :

Code:

auto eth0
allow-hotplug eth0
iface eth0 inet dhcp


iface eth1 inet static
        address 192.168.10.1
        netmask 255.255.255.0
        gateway 192.168.10.254

Eth0 is my internet interface and eth1 is a local interface. I want to install a DNS and a DHCP server on eth1 to be able to connect client with this VM and give them an ip adress.

Thanks guys

Hi

We are going to move some servers from one location to another. How to verify whether the cables are connected to the right interface port?

like one server has eth0 active and eth1 is down. now if the tech guys connect the cable on eth1 port then how to know that

Is it /sys/class/net/eth1 and look for carrier or there is a better way ?

thanks in advance

This is a copy of my /etc/sysconfig/iptables.conf (w/o comments):
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 21 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT

- Added the port 80/21 entries.
vsftpd does work.

"iptables-save | grep 80" returns nothing.

My web server works (internal and external).

"systemctl is-active iptables" shows "inactive"
I have "just" gotten firewalld up and running thanks to questions answered here.

iptables is truly a mystery to me.

Can someone explain why my web server/vsftpd are up and working w/o iptables being active? How can I get my network and security both up and working safely together?

If I enable/activate iptables, is this going to break my web server?

Is this the appropriate forum for this question?

As always, thank you for your time and patience,

Skip

Hello! I hope this post get's in the right place, cause I'm a newbie @ Linux

I'm trying to set up a Webserver, apache. And I'm confused which chain to set in IPTables. I hope'd someone could answer me a little more in detail, I've tryed googeling, but the answers were quite confusing for me, anyway here are the statement;

-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT

and

-A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT

A know that that -A INPUT is for incoming packaes, -p specifies protocol TCP. But I'm unsure what -m does? Cause in the first line it is just "-m tcp" and in the second it is "-m state --state". So if someone could explant the diffrence and which one to use, I would be grateful.

And another question while I'm at it; In the start of IPTables I have;
-A INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT

What happens if I get a packet destined for some service, that isn't a chain in IPTables? Take port 80 for example, will IPTables accept the packet, but drop it at the end because there isn't any hit? If you understand what I mean. If -A INPUT would be DENY istead of ACCEPT, would the packet never ever get examined further then the first line?

Almost and the bottom of IPTables ther is a line;
-A INPUT -j REJECT --reject-with icmp-host-prohibited

Is it the chain that will be matched if there is not hit prior to it? What would happen if this line wasn't there?

Thank you very much for your help, I'm just wanna be sure little how IPTables work.

Best Regards; Stefan

I have two servers, “ServerA” and “ServerB”. Using SLES SP3.

ServerA is the main server with LTSP running

I have used DD to image the drives from ServerA to ServerB. ServerB now boots and is identical to ServerA,and all is well. I want to use ServerB as a backup server, so if ServerA goes down I can bring server online. Obviously in order to put them both on the same network (to keep the user files updated on a daily basis) I need to change the IP address and the host name of serverB (currently is the same as ServerA).

I have done the following (copied from my notes):
Code:

  The following file, binds the ethernet MAC address to ETH0 or ETH1 etc..  We need to delete this file so that a new one is automatically created during reboot with the correct MAC address bound to ETH0
  Delete this file:
      /etc/udev/rules.d/70-persistent-net.rules

  make sure to change the static IP address in the following files
    /etc/dhcp.d
    /etc/hosts
    /etc/sysconfig/network/ifcfg-eth0
    /opt/ltsp/i386/etc/ltsp.conf

  give the system a different host name in:
    /etc/HOSTNAME

Reboot the system

When I change the HOSTNAME, the server will boot, bring me to a log in screen and then after I log in it will just sit there with the green background and a cursor. What files am I forgetting to change..

Hi all, I am working on configuring icehouse on centos 6.6 and I am facing following issues on compute node, I am unable to start services (openstack-nova-{compute,network,api,metadata-api}) as it says pid file exists but it is dead, on compute node I have two interfaces eth0 and eth1 where eth0 is management network and eth1 is external and IP is unplumbed on it, I am unable to get logs in /var/log/nova directory, can someone let me know what am I doing wrong.

Thanks

Java Application that we are currently using, read the IP information via using sigar library(sigar.getNetInterfaceConfig()

when we use the sigar.getNetInterfaceConfig(), it brings Primary Network Interface from the

server, and this is the problem for us.

we are using Centos server now and connected with 2 of network which are eth0, eth1.

we need to gather the IP from etho0, however in sigar, it brings the ip from eth1.

It seems that primary IP of current server set as eth1.

Therefore, we were looking for answer to modify primary IP at Centos, but could not find yet.

We really want to know how to modify or set up primary IP at Centos.

Thanks for reading such a long story from us.

Regards,

Kihong, Ko

ps. i used CentOS6

Hi Friends,

I have migrated from RHEL-5.9 to RHEL-6.5 on my server. But iptables rules are not working in RHEL-6.5 as it is working with RHEL-5.9 with the same rules. Please check my rules and details are below.

eth1 for incoming traffic
ppp0,ppp1,ppp2 and ppp3 are DSL connection and it using for outgoing traffic.

I am able to send the traffic through each line separately but could not load-balance with all ppp interfaces through iptables.

I am using iptable mangle rules to distribute the traffic.

/sbin/iptables -t mangle -A OUTPUT -p tcp -m statistic --mode nth --every 4 --packet 0 -m tcp --tcp-flags FIN,SYN,ACK SYN -j MARK --set-mark 1
/sbin/iptables -t mangle -A OUTPUT -p tcp -m statistic --mode nth --every 4 --packet 1 -m tcp --tcp-flags FIN,SYN,ACK SYN -j MARK --set-mark 2
/sbin/iptables -t mangle -A OUTPUT -p tcp -m statistic --mode nth --every 4 --packet 2 -m tcp --tcp-flags FIN,SYN,ACK SYN -j MARK --set-mark 3
/sbin/iptables -t mangle -A OUTPUT -p tcp -m statistic --mode nth --every 4 -m tcp --tcp-flags FIN,SYN,ACK SYN -j MARK --set-mark 4

/sbin/ip route add table ppp0 default dev ppp0
/sbin/ip route add table ppp1 default dev ppp1
/sbin/ip route add table ppp2 default dev ppp2
/sbin/ip route add table ppp3 default dev ppp3

/sbin/ip rule add fwmark 1 pref 200 table ppp1
/sbin/ip rule add fwmark 2 pref 200 table ppp2
/sbin/ip rule add fwmark 3 pref 200 table ppp3
/sbin/ip rule add fwmark 4 pref 200 table ppp0

/sbin/iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
/sbin/iptables -t nat -A POSTROUTING -o ppp1 -j MASQUERADE
/sbin/iptables -t nat -A POSTROUTING -o ppp2 -j MASQUERADE
/sbin/iptables -t nat -A POSTROUTING -o ppp3 -j MASQUERADE

/sbin/ip route app default equalize nexthop dev ppp0 nexthop dev ppp1 nexthop dev ppp2 nexthop dev ppp3

It was not working completely and after read some article to change the kernel parameter I am able to send the traffic but it is working only for some time and dropping connections without any errors.

"echo 2 > /proc/sys/net/ipv4/conf/default/rp_filter
"echo 2 > /proc/sys/net/ipv4/conf/all/rp_filter"
"net.ipv4.conf.default.rp_filter = 2"

The same rules were working perfectly in RHEL-5.9. Do i need to change any other kernel parameter get this done?

Please let me know what are the kernel parameters have to be changed to get this working as like RHEL-5.9 ?

Thanks,
Sekar

Hello, I have an expect script where I ssh to a remote host to determine the network configuration and get from the user the network interface card that should be used. From their response, I determine the subnet mask and save the information to a text file that is later transmitted back to my local host. This is all so that I can set up virtual IP aliasing and verify that the physical IP address of the local and remote host are on the same subnet prior to continuing with the setup. I am running the script on Linux, with expect version 5.45.

The code itelf works just fine, but I'm having some issues with how it displays on the screen. As you'll see below in the example, the default system prompt displays, as does the user input command that I'm sending to the shell from the expect script.

Is there a regular expression or something that I can write to prevent the prompt and command that I'm sending from printing to the screen? I know that it should be suppressed if I have an expect command following the Code:

send -s "\nread n_card?'Enter the network interface card number for this server (i.e. eth0):   '\r

command, but everything I have tried for strings and regular expressions to expect causes the netstat -rn output to not show up all of a sudden. I'm new to expect, so I'm not really sure why this is happening.

I would really appreciate any help/suggestions. Thanks for your time!

Part of the Script Code:
Code:

expect {
   -re $prompt {   ;# Send individual commands and get user input
        set timeout -1
        
        # Get partner hostname and put in vipsetup.txt file
        send -s "hostname > vipsetup.txt\r"  
        expect -re $prompt
        
        # Display the network routing info for the user and prompt for 
        # network interface card number
        send -s "print \"The network routing table for the $ptner server is displayed below:\n\" ; netstat -rn \r"
        
        expect -re "\r(.*):\r"
        send -s "\nread n_card?'Enter the network interface card number for this server (i.e. eth0):   '\r"
        interact "\r" return    ;# Wait for user input from read command
        send -- "\r"
        send -s "echo \$n_card >> vipsetup.txt\r"  
        
        # Obtain subnet mask information for partner based on network 
        # interface card number being used
        send -s "msk=\$(cat /etc/sysconfig/network-scripts/ifcfg-\$n_card | grep NETMASK)\r"
        send -s "msk=\$(echo \${msk#NETMASK=})\r"
        send -s "echo \$msk >> vipsetup.txt\r"
    }
    timeout {
        send_user "Connection to host $hostip timed out."
        exit 6 
    }
    eof {
        send_user "Connection to host $hostip failed."
        exit
    }
}

Script Output:
Code:

The network routing table for the PRIMARY server is displayed below:
 
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
10.105.65.0     0.0.0.0         255.255.255.0   U         0 0          0 eth0
0.0.0.0         10.105.65.1     0.0.0.0         UG        0 0          0 eth0
 [root@remotehost root]$
[root@remotehost root]$ ber for this server (i.e. eth0):   '              < 
Enter the network interface card number for this server (i.e. eth0):   eth0