I have the wl0 wireless interface and the eth0, eth1, eth2, eth3 ethernet interfaces, all on the same br0 bridge. Now I have to put one of the Wi-Fi clients and an Ethernet client in the same group so that they can communicate with each other and other clients (both Wi-Fi and Ethernet) cannot communicate with these clients. I am a beginner in networks. Can I use VLAN interfaces to achieve this? How can I make this work? Any help is appreciated.
I have a strange problem in Windows 10. I have a first local corporate network with an IP range 192.168.1.X. I also connect to the second open vpn corporate network, additionally, using Cisco VPN. The second network also has 192.168.1.X ip range.
I need to use both networks, because I have few LAN resources and few support resources. When I'm trying to do that, routing malformations can only reach one network and the other becomes unreachable. For example:
– turn off openvpn – you can use openvpn resources, you cannot use local resources
– activate openvpn – you cannot use openvpn resources, you can use local resources
Can I do a routing or some configuration to solve that?
It depends on your expectations. It will work well to operate the default gateways for connected servers as an upper rack switch. I wouldn't want to use it for much more than that if I could avoid it.
The EX4200-48T model is what I recommend. The EX4200-48P model supports 48 poe ports (instead of 8), but uses something like 50w more power, whether you use POE or not.
A good thing, EX4200 switches are very cheap. Therefore, if you do not meet your requirements, you will not lose much money.
I am trying to understand the correct way to do LCAP with a VLAN and make all routing correct.
OS:FreeNAS-11.2-U7 Server:(2) Intel(R) Xeon(R) CPU E5-2660 v3 @ 2.60GHz 128GB of ECC RAM Intel X540T2 network card (2) CAT 7 cables Router/Firewall: Ubiquiti EdgeRouter 6P Switch: Netgear GS752TP 52 port switch
My current settings
What I did was enter the router and add a
VLAN Interface and configure the VLAN ID to be
45 with an IP range of 172.16.213.1/24. Then I went to
Services and configure a new DHCP service with a subnet of 172.16.213.0/24. Then I configured a firewall rule to accept local traffic
In exchange, I went to
Switching and so
LAGand configure LACP on ports 45 and 47. Then I went to
VLAN and created VLAN 45. Then he went to
VLAN Membership and assigned LAG CH1 to Trunk and port 2 to Trunk (port 2 is the port back to the router on the switch)
I created a
Link Aggregation interface using the 2 ports on the card called lagg0. And it did not assign any static IP or DHCP request to that interface. Then I created a VLAN interface called vlan45 using the ID of 45 and the NIC interface as the lagg0 interface created earlier. Then configure a static IP of 172.16.213.100/24 for the vlan45 interface.
I want to say that I have this configuration currently running, but I don't think it's the right way or I'm missing a step somewhere. This is because when I try to type the IP address of the server, it takes me exactly 1 min 33 seconds (timed several times) to load the Windows authentication pop-up window where the user can enter his login information to access the file server. If the user has logged in before it appears almost immediately.
If I assign the lagg0 interface to use DHCP and configure the global name server in 10.0.0.1, it will acquire an IP in our main network and then, if the user tries to log in to the file server, Windows authentication will appear almost immediately .
I am very confused about how to configure this to use only vlan45 and make Windows authentication appear immediately. I hope to be close and it is a step that I am missing. I've been searching for a while and it seems I can't make anything work as I would like. I've been playing static routes on the firewall and switch, but so far nothing seems to help. Thank you for your time and your help in solving this problem.
I want to configure the intermediate mail relay server to relay mails from multiple mail IDs from a single domain (example.com) to the external mail server.
My office has 25 employees with each email id, set up in the Outlook mail client and send emails to the same domain and external domains as Gmail. The mail server is managed by a third party (external). We are given access to cPanel to create and manage mailboxes.
- Relay outgoing emails from different mail identifiers in the same domain
- Acceleration per user based on the maximum size of a single mail / message (outgoing)
Thanks in advance.
Suppose I have the following content in a host's / etc / network / interfaces file and there are no other routing entries or iptables rules:
auto lo iface lo inet loopback iface ens3 inet manual auto vmbr0 iface vmbr0 inet static address 22.214.171.124 netmask 255.255.255.0 gateway 126.96.36.199 bridge_ports ens3 bridge_stp off bridge_fd 0 auto vmbr1 iface vmbr1 inet static address 10.10.10.1 netmask 255.255.255.0 network 10.10.10.0 broadcast 10.10.10.255 bridge_ports none bridge_stp off bridge_fd 0 post-up echo 1 > /proc/sys/net/ipv4/ip_forward post-up iptables -t nat -A POSTROUTING -s '10.10.10.0/24' -o vmbr0 -j MASQUERADE post-down iptables -t nat -D POSTROUTING -s '10.10.10.0/24' -o vmbr0 -j MASQUERADE post-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 25 -j DNAT --to 10.10.10.101:25 post-down iptables -t nat -D PREROUTING -i vmbr0 -p tcp --dport 25 -j DNAT --to 10.10.10.101:25
I also have two guest systems that run as LXC containers on the host:
- guest 1 uses the private IP address 10.10.10.101
- guest 2 uses the private IP address 10.10.10.102
A service is running on guest 1 under port 25.
Now I want guest 2 to contact guest service 1. For this I could use 10.10.10.101:25, which also works without problems.
However, I want the call to be directed to the host and the host to decide which guest the request will be forwarded to. But a call through the public IP address with 188.8.131.52:25 does not work as expected. The host is reached with the IP address, but apparently the request is not forwarded to guest 1. As there is no service on port 25 on the host system, the response is "Connection refused."
I have no experience in SQL at all, and I would like to map the power distribution wiring for monitoring and management purposes using sqlite.
A managed PDU (power distribution unit) can turn on or off any of its plugs.
The modern server chassis often resembles blades: several nodes are connected to the same ports (or outputs) pdu, but often a "thick" node will have several ports for itself.
As a simple example, suppose that in rack03 I have 4 PDUs (24 ports in each) and 6 nodes.
nodes 1-4 share a single chassis and connect to 2 pdu ports (
pdu3-1-1, pdu3-2-1) where
pduX-Y-Z refers to
X - rack number,
Y - pdu id in the rack,
Z - port number in that pdu.
nodes 5-6 have 4 pdu ports each, so for node 5 the assignment is
pdu3-1-2, pdu3-2-2, pdu3-3-2, pdu3-4-2.
At first I created a very simple scheme: a single table has the entire cluster with columns:
nodelocation is the physical location of the node in the rack (rack height in units u) in the form
r03u12-p01 (rack 03, at height u12, first port in that location),
pduport it is the port that connects to that location in the manner mentioned above
Obviously, this leaves many "holes" in the table: any row with a fat node will only have the name of node1 full, with no values for the other nodes.
Reading a bit about SQL makes me believe that this is not standardized and probably not a good design.
Can you help provide a better design (considering that this will be in sqlite) that allows 3 types of queries:
1. Providing a node name, returns all its pdu ports
2. By providing a pdu port (including rackID and pduID), return all nodes that are powered from this port.
3. Providing a node name returns the location of that node (or probably more common: providing a product port, the location of the other end of the cable).
Any help would be appreciated, even telling me that I am using the wrong solution and pointing me in a better direction.
I am trying to set up a network testbed locally using VirtualBox. I have two virtual machines. A VM (A) has two interfaces, eth0 and eth1, and the other machine (B) has only one, eth0. They are configured as follows.
eth0 on A is connected to NAT network: 172.31.0.0/16 and has IP 172.31.0.2 eth1 on A is connected to NAT network: 10.0.0.0/8 and has IP 10.0.0.2 eth0 on B is connected to NAT network: 172.31.0.0/16 and has IP 172.31.0.3
The routing table in A looks like this:
default via 10.0.0.1 dev eth1 proto static 172.31.0.0/16 dev eth0 proto kernel scope link src 172.31.0.2 10.0.0.0/8 dev eth1 proto kernel scope link src 10.0.0.2
I can send traffic directly from B to A through the 172.31.0.0/16 network.
I wish I can forward packets from eth0 to eth1 in A. I add the following route in B:
ip route add 10.0.0.0/8 via 172.31.0.2
In A, I configure the following parameters using sysctl:
So I try to ping 10.0.0.1 (the gateway for the 10/8 network) from B. The package arrives at A, which I can confirm with tcpdump, however, after that, it seems to disappear. It is not forwarded through the other interface, and it doesn't even seem to hit any string in iptables (I tried to register them all).
I have recreated a similar configuration in AWS and it works as expected. Can anyone suggest what might be happening or how I could diagnose this problem?
I am using RaspberryPi (Raspbian operating system) in an extremely complex routing scheme, which I was able to manage until the number of subnets was five 🙂
Currently, I have the following interfaces, as shown in ifconfig:
mtu 1500 inet 192.168.1.251 netmask 255.255.255.0 broadcast 192.168.1.255 eth0:1: flags=4163 mtu 1500 inet 192.168.44.1 netmask 255.255.255.0 broadcast 192.168.44.255 ether b8:27:eb:b9:ca:47 txqueuelen 1000 (Ethernet) eth0:2: flags=4163 mtu 1500 inet 192.168.45.1 netmask 255.255.255.0 broadcast 192.168.45.255 ether b8:27:eb:b9:ca:47 txqueuelen 1000 (Ethernet) tun0: flags=4305 mtu 1500 inet 10.35.0.74 netmask 255.255.255.255 destination 10.35.0.73 tun1: flags=4305 mtu 1500 inet 10.35.0.18 netmask 255.255.255.255 destination 10.35.0.17 wlan0: flags=4163 mtu 1500 inet 192.168.42.1 netmask 255.255.255.0 broadcast 192.168.42.255 wlan1: flags=4099 mtu 1500 inet 192.168.46.1 netmask 255.255.255.0 broadcast 192.168.46.255
eth0 provides internet access to the outside world (fixed IP)
tun0 Y tun1 they are the VPN interfaces for different VPN servers, they obtain dynamically assigned IP addresses from their respective servers (is seems to be the central problem)
wlan0 Y wlan1 they are Wi-Fi networks (which function as access points) that should be routed everybody of your traffic through tun0 Y tun1respectively
eth0: 1 Y eth0: 2 are the interfaces that share the hardware with eth0 (only one Ethernet port on RaspberryPi) and must provide the same functionality as wlan0 Y wlan1, but to connected customers.
The DHCP server runs on RaspberryPi to ensure that wlan0 Y wlan1 Give addresses in their respective classes to your wireless clients. DHCP is not provided on the shared cable, of course, I configure each client device to route your traffic through 192.168.44.1 or 192.168.45.1, depending on which VPN (or non-VPN) I want them to be connected to.
If it's not crystal clear, here are all the networks I have to deal with:
eth0, 192.168.1.1/24 (ascending internet)
eth0: 1, 192.168.44.1/24 (subsequent wired clients that pass through tun0)
eth0: 2, 192.168.45.1/24 (cable-connected clients that pass through tun1)
tun0, 10.35.0.74/32 (first ascending VPN)
tun1, 10.35.0.18/32 (first ascending VPN)
wlan0, 192.168.42.1/24 (subsequent wireless clients that pass through tun0)
wlan0, 192.168.46.1/24 (subsequent wireless clients that pass through tun1)
Keep in mind that this is Current Configuration with bold IP provided by VPN servers.
The problem is denoted in bold font – IPs, provided by the VPN server, change dynamically after each reconnection (even if they do not, they could do so). For me, it is quite easy to discover even that multidirectional routing if all addresses are fixed. With a VPN, a wireless and eth0: 1 is also easy, since the VPN server push the default route when it connects and the rest is easy. In any case, I know how to configure a NAT so that a Wi-Fi is routed to a VPN
sudo iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE
as shown here:
However have two VPN connections I have to prevent the server from getting into my routing, of course I can do it with:
pull-filter ignore redirect-gateway
in the configuration files of the VPN client.
After doing this, I am lost. Obviously, traffic is not directed to tun0 or tun1. The difference between the VPN server and I is that the server can push the exact route as know the exact ip of the VPN interface (the server determines it), and I don't know!
I tried to configure routing using the iptables, based exclusively on names of network devices, but so far I have not been successful. Can anyone suggest the correct route (sic) that I can take to configure this route?
I successfully configured SoftEther on my AWS free level machine and put a small instance of apache2 there. I can access the website through VPN from Windows, Mac and Linux.
BUT: when the vpn client is activated, ALL traffic goes through the VPN. This is not what I intended, it is probably not safe and will cost me (data throughput in AWS).
I have activated SecureNAT, but I don't understand how to configure it. If I disable NAT (basic), I cannot access the web server.
AWS basic machines have
eth0: flags = 4419 mtu 1500
inet 172.31.9.151 netmask 255.255.240.0 broadcast 172.31.15.255
and the SecureNat and SoftEther settings do not change.
I think the problem is that the DNS gateway (as shown below secureNAT) allows access not only to the web server, but also to EVERYTHING else on the web …
SEE the SecureNat standard configuration
However, if I delete this, then I do not have the knowledge to add additional routing to ONLY allow access to the web server.
The solution has being on the server side, not on the client (since clients could alter their configuration, and it will still be difficult to make them use something other than just an UFO link). However, the SecureNat dialog box has client routing rules that it can push (- which I could not configure correctly. :-()
Did anyone shed any light on this please?