Questions tagged as ['routing']
I have following setup:
What do I need to do to make 192.168.0.3 connectable from machine 10.8.0.3? I tried openvpn guide but I guess I'm missing something.
vpn server config /etc/openvpn/server.conf
dev tun
server 10.8.0.0 255.255.255.0
ca /etc/openvpn/ca.crt
cert /etc/openvpn/server.crt
key /etc/openvpn/server.key
crl-verify /etc/openvpn/crl.pem
dh /etc/openvpn/dh2048.pem
client-to-client
daemon
if ...
I have two physical devices, a router and an access point, both installed with OpenWRT.
The router has two interfaces, one for LAN (192.168.1.1/24), the other for WAN. The AP also has two interfaces, one for LAN (192.168.1.2/24), the other for for WiFi (192.168.2.1/24). The two LAN interfaces are connected with a wire.
On the router, a route for WiFi is set up:
ip route add 192.168.2.0/24 via 192.168.1.1 ...
root@kolla02:~/dev-env# ip r s
default via 192.168.1.101 dev eno1
10.0.0.0/16 dev eno2 proto kernel scope link src 10.0.0.1
10.1.0.0/16 dev virbr2 proto kernel scope link src 10.1.0.1
10.230.0.0/16 dev virbr3 proto kernel scope link src 10.230.0.1
192.168.0.0/16 dev eno1 proto kernel scope link src 192.168.20.11
192.168.1.101 dev eno1 proto dhcp scope link src 192.168.20.11 metric 100
192.168.121.0/ ...
I hope you can help me with my problem. I am building a network for personal use and I found some issues, I don't have experience in networks. I will explain using the attached image:
Network Infrastructure Diagram
Problem: I cannot reach devices on a local network using Wireguard and a Raspberry-based VPN router, that includes services within the local network (cameras, personal web server, database ...
Pfsense is installed on top of five dedicated servers, NAT rules are already defined and everything works fine. Now, I want to have one of the external IP addresses to be ignored by pfsense gateway. In other words, for that IP, there is no Pfsense installed, no address translation is done, no internal IP exists, etc.
Is/how it possible.
Thanks
I'm using Unbound DNS server as a resolver for my home LAN. It runs as a Docker container on the default bridge network and in general it works as I'd expect it to, except when trying to use it as a resolver for the other Docker containers hosted on the same machine.
I tried setting the nameserver in the containers' /etc/resolv.conf to the Docker host's LAN address, but this is clearly not the ri ...
I have a server S, client A and client B. All are Ubuntu boxes and all are in different cities (Seattle, Albuquerque and Boston).
S has wireguard installed and both A and B establish connection to wireguard and end up in the same VPN. A and B see each other and can ping each other.
I was able to get all internet traffic from A being routed through S. So A's IP is shown as Seattle.
I now want to r ...
Given the following network:
+-- endpoint 1
|
internet -- server --+-- endpoint 2
|
+-- endpoint 3
where the endpoints are on subnet 192.168.1.0/24 and they route their traffic through the server.
For this, we require a NAT rule on the server for the interface connected to the internet:
iptables -t nat -A POSTROUT ...
On AWS, when you create a NLB, you have the possibility to specify the instance ID instead of the instance IP address. This causes the NLB to preserve the client IP.
However, if I configure the NLB to target instances in a private subnet where the route table includes a default route to a NAT gateway, how can the response be routed back via the NLB interface and not the NAT gateway?
Consider the fol ...
I have an openstack deployment using kolla ansible. I am unable to configure neutron for floating IPs, Where do I start? I have a router which forwards say, 40 different public IPs onto a single high speed port using openflow. This is connected to my openstack controller, which houses neutron too.
Where do I go from here? How do I make the IPs availvable to openstack so it can forward the packets ...
Introduction and Background
The local ISPs in my company's neighbourhood only offer 125Mbps maximum upload per WAN connection because fibre has not yet been implmented. We have more than 1TiB of essential data to push to an off site location- preferably within a one day period. Our off-site location has approximately 300Mbps download speed.
We have two WAN connections, one for WiFi, one for the server n ...
I have a Macbook Big Sur 11.5.2 and I’ve spent now quite some on this particular issue but I cannot figure it out. I need some help from people that are more expert than me on the matter.
Background information
Where I’m currently living right now in a apartment complex there is a central internet network that I do not have access to these devices(Ubiquity). Lately I’ve been working a lot from ho ...
I have several programs that interact with a rest api, each one with a different call rate. My goal is to run all of them on the same vps using supervisord. But if I do it without any control mechanism the remote api gives me lots of rate violation errors. I'm running an Amazon Linux 2 instance with two interfaces and two elastic IPs attached.
What I'm struggling to do is routing the calls from so ...
I'm running a server on Ubuntu 21.04 using 4 ethernet ports, I'm working with 2 internet boxes and I'm using Speedify to bond these two connexions (eno1 and eno2) to prevent streaming faults and improve bandwidth (we're a school and streaming several courses online at the same time).
Here is a simple scheme of my server :
eno1 : ====|
|===> bonded connection using Speedify
eno2 : ...
In our research project, we needed to deploy a server "Molly" at another company. They made us set up a IPSec tunnel to their firewall/gateway and from there, the comms are forwarded to our server. I configured StrongSwan on our gateway machine "Dolly" and this works pretty ok. Dolly has a public address, say 1.1.1.1, and a virtual address 10.10.1.1, needed for site2site tunnel attached to the same netw ...
I have a pfSense firewall/router that is exposing some services to my public ip.
This is working fine, as long as the service is on the primary LAN subnet (192.168.1.0/24), let's call it LAN-A.
E.g. this works:
public_ip:443 -> pfSense (NAT) -> 192.168.1.20:5443 (reverse proxy)
I additionally have a second LAN 192.168.88.0/24, let's call it LAN-B, that is behind a Mikrotik router on 192.168.1 ...
As an example, I have 2 IP addresses on my NIC:
enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 9000 qdisc mq state UP group default qlen 1000
link/ether 02:00:17:06:ac:05 brd ff:ff:ff:ff:ff:ff
inet 10.0.0.25/24 brd 10.0.0.255 scope global enp0s3
valid_lft forever preferred_lft forever
inet 192.XXX.1.25/24 brd 192.168.1.255 scope global enp0s3
valid_lft forever preferred_lft forever
inet ...
I'm setting up a split tunnel for my work VPN connection, since I can limit the needed routes to just two blocks. Issue is, every time I restart my laptop and connect to the VPN, the last byte of the adapter IP address changes, and all routing I've set up is moot.
Is there a way to assign a static address to the adapter?
I bumped to (as it now seem to me) routing issue. I can no longer access one of my worker nodes (server) from my master node (server). AFAIK, it has nothing to do with Kubernetes, it leads to pure Linux networking issue. As the issue is with only one IP, I was troubleshooting iptables, enabled TRACE and realised that packet actualy comes accross master (eth0), gets to iptables (passes: raw > mangle & ...
I'm forwarding port 80 of a web server to the public interface of the firewall, which is then mapped to a domain name so that the server can be accessible from that domain name.
I did this process too many times but this time I'm in a different country and connected to the internet using a different kind of firewall.
Conditions:
- When I try to access the website from any other networks, it shows " ...
I hope the is the right place to ask this question. I'm just looking for the correct name of the type of network routing I'm attempting to implement so I can learn and implement it.
I'm using linux (Raspberry Pi3) that has the ethernet port and a USB Wi-Fi dongle to support an ad-hoc mesh (+babel) IPv6 network over WiFi, this works fine, and the Pi's communicate.
I want to route the ethernet traffic ( ...
I am setting up gre over isec and I have a cisco configuration. I am trying to move this cisco configuration to ubuntu and do not understand how the tunnel is setup
interface local
ip address x1
interface tun
ip address x2
ip pim sparse-mode
tunnel source x1
tunnel destination x4
interface fa0/0
ip address x8
ip pim sparse-mode
interface fa0/1
ip address publicip
ip route x6 255.255. ...
I have a virtual machine running Debian 11, and it needs to connect to two VLANs. From within the building on the local network, I can access it fine through both IPs, but when I'm outside the network using either the router's VPN or the 1:1 NAT on the router, I can only connect to the first network listed in /etc/network/interfaces (from the VPN I can't even ping the second one). Not sure if this is ...
I have a server on AWS with a floating (secondary) IP. During integrations with a partner I provide my secondary IP to be whitelisted and define a POSTROUTING rule to SNAT my IP to the secondary IP to reach to destination such as
sudo iptables -t nat -A POSTROUTING -d partnersip/32 -s myprivateip -j SNAT --to-source secondaryip
But now I've come to a scenario where my partner is also using NAT and I ...
I have a Wireguard VPN setup that basically looks like this:
P1 ---- S ---- P ---- LAN
Px -----|
- S (ip 192.168.60.1) is a WG server running on Ubuntu 20.04 with ufw enabled, with a public IP (using wg0 interface).
- P (ip 192.168.60.2) is a WG peer running behind CGNAT, without a public IP, connected to its own LAN.
- P1..Px are other WG peers (ip 192.168.60.1x).
Ufw has the following configuratio ...
I created A lookup that when someone types the url it resolves to an IP Address(e.g. 18.1.5.9). Now I would like to put a routing that when the above IP address comes route via another IP(10.1.2.2) address. So the idea is when the (18.1.5.9) IP address comes route it via (10.1.2.2). I am using windows server 2012. Can someone please point me to the right direction.
I have a docker instance of Centos 7.8 that is connected to 5 networks via 5 macvlan's configured on the host. Everything is working perfectly except that I cant figure out how to define a default gateway inside this Centos docker. Normally I would expect to be able to configure '/etc/sysconfig/network' and|or '/etc/sysconfig/network-scripts/' but neither the 'network' file nor 'network-scripts' folde ...
I have a Pritunl VPN Server running on an Azure VM (ubuntu).
For testing purposes, I used the default configuration which routes all traffic through the VPN tunnel. My clients (some desktop pc's and some VPN travel routers) all connect successfully, can talk to each other, and have internet access.
I now want to stop routing client internet traffic through the VPN, but continue to route local traffic ...
I have the following topology
.───────────────.
┌──────────────────┐ _.─' `──.
│ │ ...I am trying to create a policy/routing on the virtual machine. My host physical machine with Hyper V is connected with three NIC (One for internal, external switch1 (for internet and port 80), external switch 2(connected to a router with AutoVPN enabled). I want to make a policy or routing that when someone types a https://example.com it takes the, internal IP address as a source and use port 443 an ...