Routing: How can I put a WiFi client and an Ethernet client in the same group?

I have the wl0 wireless interface and the eth0, eth1, eth2, eth3 ethernet interfaces, all on the same br0 bridge. Now I have to put one of the Wi-Fi clients and an Ethernet client in the same group so that they can communicate with each other and other clients (both Wi-Fi and Ethernet) cannot communicate with these clients. I am a beginner in networks. Can I use VLAN interfaces to achieve this? How can I make this work? Any help is appreciated.

Windows 10. Routing between two networks with the same ip range

I have a strange problem in Windows 10. I have a first local corporate network with an IP range 192.168.1.X. I also connect to the second open vpn corporate network, additionally, using Cisco VPN. The second network also has 192.168.1.X ip range.

I need to use both networks, because I have few LAN resources and few support resources. When I'm trying to do that, routing malformations can only reach one network and the other becomes unreachable. For example:
– turn off openvpn – you can use openvpn resources, you cannot use local resources
– activate openvpn – you cannot use openvpn resources, you can use local resources

Can I do a routing or some configuration to solve that?

EX4200 for routing purposes? [split]

Quote Originally Posted by ttgt
See publication
Hi,

sorry to blow up the old thread,
it seems to me that many people recommend EX4200 for routing purposes,
Is it still releasable now?

Y EX4200 has many differences,
How can I confirm which support series
routing?

It depends on your expectations. It will work well to operate the default gateways for connected servers as an upper rack switch. I wouldn't want to use it for much more than that if I could avoid it.

The EX4200-48T model is what I recommend. The EX4200-48P model supports 48 poe ports (instead of 8), but uses something like 50w more power, whether you use POE or not.

A good thing, EX4200 switches are very cheap. Therefore, if you do not meet your requirements, you will not lose much money.

networks: LACP and VLAN routing, correct network configuration

I am trying to understand the correct way to do LCAP with a VLAN and make all routing correct.

Hardware

OS:FreeNAS-11.2-U7
Server:(2) Intel(R) Xeon(R) CPU E5-2660 v3 @ 2.60GHz  
        128GB of ECC RAM
        Intel X540T2 network card
        (2) CAT 7 cables 
Router/Firewall: Ubiquiti EdgeRouter 6P
Switch: Netgear GS752TP 52 port switch

My current settings

Router

What I did was enter the router and add a VLAN Interface and configure the VLAN ID to be 45 with an IP range of 172.16.213.1/24. Then I went to Services and configure a new DHCP service with a subnet of 172.16.213.0/24. Then I configured a firewall rule to accept local traffic
enter the description of the image here
enter the description of the image here

Change

In exchange, I went to Switching and so LAGand configure LACP on ports 45 and 47. Then I went to VLAN and created VLAN 45. Then he went to VLAN Membership and assigned LAG CH1 to Trunk and port 2 to Trunk (port 2 is the port back to the router on the switch)
enter the description of the image here
enter the description of the image here
enter the description of the image here

FreeNAS Box

I created a Link Aggregation interface using the 2 ports on the card called lagg0. And it did not assign any static IP or DHCP request to that interface. Then I created a VLAN interface called vlan45 using the ID of 45 and the NIC interface as the lagg0 interface created earlier. Then configure a static IP of 172.16.213.100/24 โ€‹โ€‹for the vlan45 interface.
enter the description of the image here
enter the description of the image here
enter the description of the image here

I want to say that I have this configuration currently running, but I don't think it's the right way or I'm missing a step somewhere. This is because when I try to type the IP address of the server, it takes me exactly 1 min 33 seconds (timed several times) to load the Windows authentication pop-up window where the user can enter his login information to access the file server. If the user has logged in before it appears almost immediately.

If I assign the lagg0 interface to use DHCP and configure the global name server in 10.0.0.1, it will acquire an IP in our main network and then, if the user tries to log in to the file server, Windows authentication will appear almost immediately .
enter the description of the image here

I am very confused about how to configure this to use only vlan45 and make Windows authentication appear immediately. I hope to be close and it is a step that I am missing. I've been searching for a while and it seems I can't make anything work as I would like. I've been playing static routes on the firewall and switch, but so far nothing seems to help. Thank you for your time and your help in solving this problem.

postfix – outgoing mail routing server

I want to configure the intermediate mail relay server to relay mails from multiple mail IDs from a single domain (example.com) to the external mail server.

My office has 25 employees with each email id, set up in the Outlook mail client and send emails to the same domain and external domains as Gmail. The mail server is managed by a third party (external). We are given access to cPanel to create and manage mailboxes.

  1. Relay outgoing emails from different mail identifiers in the same domain
  2. Acceleration per user based on the maximum size of a single mail / message (outgoing)

Thanks in advance.

Sqlite db design for pdu routing

I have no experience in SQL at all, and I would like to map the power distribution wiring for monitoring and management purposes using sqlite.

A managed PDU (power distribution unit) can turn on or off any of its plugs.
The modern server chassis often resembles blades: several nodes are connected to the same ports (or outputs) pdu, but often a "thick" node will have several ports for itself.

As a simple example, suppose that in rack03 I have 4 PDUs (24 ports in each) and 6 nodes.

nodes 1-4 share a single chassis and connect to 2 pdu ports (pdu3-1-1, pdu3-2-1) where pduX-Y-Z refers to X - rack number, Y - pdu id in the rack, Z - port number in that pdu.
nodes 5-6 have 4 pdu ports each, so for node 5 the assignment is pdu3-1-2, pdu3-2-2, pdu3-3-2, pdu3-4-2.

At first I created a very simple scheme: a single table has the entire cluster with columns: rackID,nodename1,nodename2,nodename3,nodename4,nodelocation,pduport

Where nodelocation is the physical location of the node in the rack (rack height in units u) in the form r03u12-p01 (rack 03, at height u12, first port in that location),
Y pduport it is the port that connects to that location in the manner mentioned above pdu3-1-2.

Obviously, this leaves many "holes" in the table: any row with a fat node will only have the name of node1 full, with no values โ€‹โ€‹for the other nodes.

Reading a bit about SQL makes me believe that this is not standardized and probably not a good design.

Can you help provide a better design (considering that this will be in sqlite) that allows 3 types of queries:
1. Providing a node name, returns all its pdu ports
2. By providing a pdu port (including rackID and pduID), return all nodes that are powered from this port.
3. Providing a node name returns the location of that node (or probably more common: providing a product port, the location of the other end of the cable).

Any help would be appreciated, even telling me that I am using the wrong solution and pointing me in a better direction.

routing: IP forwarding does not work in VirtualBox VM

I am trying to set up a network testbed locally using VirtualBox. I have two virtual machines. A VM (A) has two interfaces, eth0 and eth1, and the other machine (B) has only one, eth0. They are configured as follows.

eth0 on A is connected to NAT network: 172.31.0.0/16 and has IP 172.31.0.2
eth1 on A is connected to NAT network: 10.0.0.0/8 and has IP 10.0.0.2

eth0 on B is connected to NAT network: 172.31.0.0/16 and has IP 172.31.0.3

The routing table in A looks like this:

default via 10.0.0.1 dev eth1 proto static
172.31.0.0/16 dev eth0 proto kernel scope link src 172.31.0.2
10.0.0.0/8 dev eth1 proto kernel scope link src 10.0.0.2

I can send traffic directly from B to A through the 172.31.0.0/16 network.

I wish I can forward packets from eth0 to eth1 in A. I add the following route in B:

ip route add 10.0.0.0/8 via 172.31.0.2

In A, I configure the following parameters using sysctl:

net.ipv4.ip_forward=1
net.conf.ipv4.all.rp_filter=0

So I try to ping 10.0.0.1 (the gateway for the 10/8 network) from B. The package arrives at A, which I can confirm with tcpdump, however, after that, it seems to disappear. It is not forwarded through the other interface, and it doesn't even seem to hit any string in iptables (I tried to register them all).

I have recreated a similar configuration in AWS and it works as expected. Can anyone suggest what might be happening or how I could diagnose this problem?

linux: routing between 7 (seven!) subnets, 2 of them have dynamically assigned IPs

I am using RaspberryPi (Raspbian operating system) in an extremely complex routing scheme, which I was able to manage until the number of subnets was five ๐Ÿ™‚

Currently, I have the following interfaces, as shown in ifconfig:

eth0: flags=4163  mtu 1500
    inet 192.168.1.251  netmask 255.255.255.0  broadcast 192.168.1.255
eth0:1: flags=4163  mtu 1500
    inet 192.168.44.1  netmask 255.255.255.0  broadcast 192.168.44.255
    ether b8:27:eb:b9:ca:47  txqueuelen 1000  (Ethernet)
eth0:2: flags=4163  mtu 1500
    inet 192.168.45.1  netmask 255.255.255.0  broadcast 192.168.45.255
    ether b8:27:eb:b9:ca:47  txqueuelen 1000  (Ethernet)
tun0: flags=4305  mtu 1500
    inet 10.35.0.74  netmask 255.255.255.255  destination 10.35.0.73
tun1: flags=4305  mtu 1500
    inet 10.35.0.18  netmask 255.255.255.255  destination 10.35.0.17
wlan0: flags=4163  mtu 1500
    inet 192.168.42.1  netmask 255.255.255.0  broadcast 192.168.42.255
wlan1: flags=4099  mtu 1500
    inet 192.168.46.1  netmask 255.255.255.0  broadcast 192.168.46.255

eth0 provides internet access to the outside world (fixed IP)

tun0 Y tun1 they are the VPN interfaces for different VPN servers, they obtain dynamically assigned IP addresses from their respective servers (is seems to be the central problem)

wlan0 Y wlan1 they are Wi-Fi networks (which function as access points) that should be routed everybody of your traffic through tun0 Y tun1respectively

eth0: 1 Y eth0: 2 are the interfaces that share the hardware with eth0 (only one Ethernet port on RaspberryPi) and must provide the same functionality as wlan0 Y wlan1, but to connected customers.

The DHCP server runs on RaspberryPi to ensure that wlan0 Y wlan1 Give addresses in their respective classes to your wireless clients. DHCP is not provided on the shared cable, of course, I configure each client device to route your traffic through 192.168.44.1 or 192.168.45.1, depending on which VPN (or non-VPN) I want them to be connected to.

If it's not crystal clear, here are all the networks I have to deal with:

eth0, 192.168.1.1/24 (ascending internet)

eth0: 1, 192.168.44.1/24 (subsequent wired clients that pass through tun0)

eth0: 2, 192.168.45.1/24 (cable-connected clients that pass through tun1)

tun0, 10.35.0.74/32 (first ascending VPN)

tun1, 10.35.0.18/32 (first ascending VPN)

wlan0, 192.168.42.1/24 (subsequent wireless clients that pass through tun0)

wlan0, 192.168.46.1/24 (subsequent wireless clients that pass through tun1)

Keep in mind that this is Current Configuration with bold IP provided by VPN servers.

The problem is denoted in bold font – IPs, provided by the VPN server, change dynamically after each reconnection (even if they do not, they could do so). For me, it is quite easy to discover even that multidirectional routing if all addresses are fixed. With a VPN, a wireless and eth0: 1 is also easy, since the VPN server push the default route when it connects and the rest is easy. In any case, I know how to configure a NAT so that a Wi-Fi is routed to a VPN

sudo iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE

as shown here:

https://pimylifeup.com/raspberry-pi-vpn-access-point/

However have two VPN connections I have to prevent the server from getting into my routing, of course I can do it with:

pull-filter ignore redirect-gateway

in the configuration files of the VPN client.

After doing this, I am lost. Obviously, traffic is not directed to tun0 or tun1. The difference between the VPN server and I is that the server can push the exact route as know the exact ip of the VPN interface (the server determines it), and I don't know!

I tried to configure routing using the iptables, based exclusively on names of network devices, but so far I have not been successful. Can anyone suggest the correct route (sic) that I can take to configure this route?

amazon web services: prevent SoftEther from routing all traffic through the VPN

I successfully configured SoftEther on my AWS free level machine and put a small instance of apache2 there. I can access the website through VPN from Windows, Mac and Linux.

BUT: when the vpn client is activated, ALL traffic goes through the VPN. This is not what I intended, it is probably not safe and will cost me (data throughput in AWS).

I have activated SecureNAT, but I don't understand how to configure it. If I disable NAT (basic), I cannot access the web server.

AWS basic machines have
eth0: flags = 4419 mtu 1500
inet 172.31.9.151 netmask 255.255.240.0 broadcast 172.31.15.255

and the SecureNat and SoftEther settings do not change.

I think the problem is that the DNS gateway (as shown below secureNAT) allows access not only to the web server, but also to EVERYTHING else on the web …

SEE the SecureNat standard configuration
However, if I delete this, then I do not have the knowledge to add additional routing to ONLY allow access to the web server.

The solution has being on the server side, not on the client (since clients could alter their configuration, and it will still be difficult to make them use something other than just an UFO link). However, the SecureNat dialog box has client routing rules that it can push (- which I could not configure correctly. :-()

Did anyone shed any light on this please?