Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 5 years ago.
Improve this question
I am struggling with some problem, probably because there is simply not enough information on the web regarding some specifics I am trying to setup.
I have bought OpenVPN service via tun (routing).
I connect to the OpenVPN server through Raspberry PI (serving me as router), which has two interfaces - eth0 for handling Internet connection and wlan0 for my internal LAN.
My goal is to setup firewall in such way, that I can filter tun-ned income traffic and be able to reach web from LAN behind wlan0. Also - everything should go via VPN.
From the architectural point of view I think it should look like this:
INPUT, FORWARD - dropped,
OUTPUT - allowed,
eth0 allows to flow only packets via default OpenVPN service port,
tun adapter should have all INPUT-related policies applied and should be NAT-ted.
What you think - is this correct thinking? I have managed so far to be able to ping from SSH-ed Raspberry PI into web, but yet no DNS - do I understand correctly that I should have own DNS forwarder? DHCP server is set on Raspberry PI.
Thanks!
I have already solved the issue. For those which are interested - incoming packets from LAN are processed by openvpn client (tun/tap), then passed over internet-facing interface. So it was a mater of setting correct forwarding between interfaces. /etc/resolv.conf just had to been overwritten with global (like Google) DNSes to solve ping-related problem.
Related
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 2 years ago.
Improve this question
For example.
Lets say we have the following linux server:
host-server: 54.215.128.59
This servers will only accept connections from the following ip : 159.65.32.123
If a hacker only knows this information.
Could he be able to trick the host-server that the conection is coming from 159.65.32.123?
This way he would be jumping any firewall established.
It isn't very likely. Nothing is stopping you from defining you own IP address to whatever you want. In linux you can do it with (assuming you network interface is eth0):
sudo ifconfig eth0 159.65.32.123/24
If you are behind a NAT then you'll have to change its address and not yours. However, ISPs should have anti-spoofing measures in place that block packets with an IP address they didn't assign you.
There is also the problem of the return path. When the server will want to send something to this address, the packet will be routed according to the routing rules of all the nodes in the way, which are unlikely to point to the hacker's ISP.
If you are on a LAN with the server then it should be more possible, though you will likely need to handle the collision of IP addresses, and the problem of spoofing IP addresses on a different subnet. One option is to use ARP poisoning and do a MitM between the server and the router.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 6 years ago.
Improve this question
I am currently living at the student homes to my university. I want to set up a NAS / server to run backups, VM and some other small task. This is also something I want to set up to learn more about Linux and networking. I am currently planning how to set it up and what hardware to buy, but I want to run arch Linux on it with RAID 1. A problem I'm thinking about is that I don't have access to the router and therefore I can't set up port forwarding to connect to the server. Is there a way to get remote access to it without adjusting the settings in the router?
At my University we have the ability to connect to a vpn so we can access services only available through a specific University IP.
I haven't tested this method but I believe it could work.
Set up your services like normal and configure them to use port 80 if they need any data from the outside.
Make a script, probably available somewhere, to send you your internally ip address on e.g. mail.
That way you can use your schools VPN service to connect to the lan and from there you can access an internal ip address(your server).
This all depends on this VPN service and if you are connected to the same network.
#iporSircor commented on a method you can use. It's basically the same as what I wrote, but instead of connecting to schools VPN you will connect to your own VPN(server).
Test it out and let us know what method you used, what worked, what didn't.
And also you should talk to your school to find out if using Tor or even setting up a server on their network is allowed.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 6 years ago.
Improve this question
I am working in a windows 7 corporate environment with a proxy and I need to run a application which uses ping to check a connection.
www.google.com is accessible from the browser but when I try to run ping www.google.com from the command prompt I get host unreachable.
PS: I tried telnet www.google.es 80/443 and it doesn't work, I already tried attacking the IP but it doesn't work (timeout).
Unfortunately this is not possible, web proxies understand specific set of protocols HTTP, HTTPS, TCP , some streaming protocols, whatever they support would be either TCP or UDP based. But ping is ICMP. You can't pipe ICMP through a web proxy.
However, you have some alternatives:
1- Ask your IT team to open ICMP for you from firewall, assume routing exist.
2- Recode the application to test connectivity using HTTP requests instead of ping.
3- Add whatever host the application is testing the connectivity with to the windows hosts file and map it to 127.0.0.1:
127.0.0.1 www.somehost.com
This will make the application thinking connectivity exist.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 7 years ago.
Improve this question
I have this routing table:
I used SSH to be able to use my Raspberry Pi on my laptop screen. Everything was fine until I opened my browser and wanted to ping Google in the terminal. I can't, though.
When I try to ping 8.8.8.8 (Google's nameserver), I get the message below the routing table in the image above. But the strange thing is, when I run SSH with PuTTY on a different laptop, the Internet connection is fine. So probably the problem is on my laptop.
How can I fix this issue?
Seems like you are using 192.168.1.1 as a gateway, yet you have configured 192.168.137.0/24 as the network.
You should either try to configure the default gateway to - perhaps - 192.168.137.1 or your IP address to 192.168.1.x.
An ifconfig output would be handy.
Edit:
Add default gateway:
route add default gw 192.168.137.1
You might also need to remove current default gateway(s).
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 7 years ago.
Improve this question
I am trying to setup openvpn on a server so that I have 2 different tap interfaces (tap0 and tap1) and then a bridge connecting those interfaces. The idea is that a client on tap0 will be able to talk to a client on tap1 and vice-versa.
There is no physical NIC involved in the bridge and the Bridge interface is setup with no ip/netmask/broadcast.
I am able to ping between the 2 when they are both connected however I see no traffic when trying to tcpdump the bridge interface.
I am a bit confused on some things:
Do I need to have an ip configured on the bridge interface at all? I don't quite see the reason for it as all it will do is to make to virtual interfaces talk to each other
Is the fact that the bridge interface does not have an assigned ip/netmask/broadcast the reason I am not able to see the ping traffic on the bridge interface when tcpdumping that interface?
If the answer to number 2 is Yes, I assume that it is not either possible to use iptables to block/allow traffic on that interface, correct? If so is there any other way to accomplish what one would do with iptables on an interface like that?
I guess this wasn't the proper place to put this question but I thought I'd put an update anyway to close the issue.
Turns out that you do not need an assigned ip address on the bridge and it is possible to tcpdump. I happened to be working in containers which made the traffic go outside the vpn when pinging.