i have worked on freebsd for a while.I installed ipfw configuration firewall and setup it. I want to filter based on Mac Adress.How can i do?I wrote that but it didn't work.
ipfw add 4 allow ip from any to any layer 2 mac-type arp
ipfw add 5 deny ip from any to any MAC any 1A:BF:48:9F:71:3B in recv $em0
ipfw add 6 deny ip from any to any MAC any 1A:BF:48:9F:71:3B any in recv $em1
Thank you for your answer
ipfw add 4 allow ip from any to any layer 2 mac type-arp
ipfw add 5 deny ip from any to any MAC any 10:BF:48:9F:74:6C in recv em1
ipfw add 6 deny ip from any to any MAC 10:BF:48:9F:74:6C any out xmit em0
ipfw add 7 allow ip from any to any MAC any any
Related
We are using FortiClient to connect to one of our client's VPN. Unfortunately, FortiClient is routing all the traffic over VPN as default.
We have found a way around it, for Linux. After connecting with VPN we run:
sudo route del default ppp0
sudo route add -net 172.20.0.0 netmask 255.255.0.0 dev ppp0
And now, only the addresses starting with 172.20.x.x are resolved over VPN connection.
Now, I am using FortiClient 5.4 on Mac OS X 10.11.6 and I am trying to remake the above to work on Mac OS X. Basically I have problems even with the first step. I have tried:
sudo route delete -net default -ifp ppp0
But the routing still does not work expected. Easily to test, because there is no Internet connection behind the VPN - I can not browse/ping any website :-).
What am I doing wrong? Thanks for help!
I used this question to help me out and it turned out I needed one extra command.
Basically the working solution for Mac OS X 10.11.6 goes as follows:
sudo route delete -net default -interface ppp0
sudo route add -net 0.0.0.0 -interface en0
sudo route add -net 172.20.0.0 -netmask 255.255.0.0 -interface ppp0
Which basically means:
Delete default route on interface ppp0 which was set by FortiClient
Add default route for every IP on your default interface (for me en0)
Route the specific IP range through ppp0 (FortiClient) interface.
Linux equivalent, as mentioned in the question, is:
sudo route del default ppp0
sudo route add -net 172.20.0.0 netmask 255.255.0.0 dev ppp0
So you actually skip the step #2.
Not that hard in the end.
I have setup a Debian guest and I am messing around with it to learn more about VirtualBox, Debian, and later after that is done I'll be messing around with a NodeJS server on it.
After a while I noticed I couldn't do some things with it when I had a Bridged adapter setup for the VM. NPM would not install packages because it timed out. I tried running "w3m google.com" and even looked up google.com's ip to check for a DNS issue.
No matter what, I cannot connect to any form of internet. But I can ping anything just fine. I can ping google, npmjs.org, etc.
Thanks for the assistance.
Update: I have been working on this more today, Newer router, asus, I read that people were having issues with belkin routers with bridged adapters so I switched, the asus is new anyways.
The host is connected via ethernet wire.
The VM shows up on the router just fine, And I connect to that device with the IP given by the router just fine. but I still cannot connect to google.com or anything.
This is too long to explain in a comment. Below is how the bridged adapter works.
Yet, if you can ping from the guest debian that means some form of DHCP happened and you must have and IP (which is a different IP from the host machine). I'd check router configuration to see if you're not allowing/disallowing specific MACs and/or IPs from the usage of TCP/UDP protocols (that is a measure some people use on their routers).
Bridged adapter
A bridged adapter on VirtualBox simulates as if there was a bridge (well it is easier to think of this as a hub) on the cable connection to your (host) actual machine. Even if the connection is over wireless the simulation is similar.
For (almost) all purposes the guest (debian) and the router the host machine is connected to are connected directly. Have separate MAC, separate IP, they even give separate ARP requests.
router <---> host machine running VirtualBox
^
|
+-----> guest machine running Debian
This is done by sending packets with a different hardware address (you can configure the hardware address in the adapter).
You need to configure the guest system (Debian) to connect to the network as if it was a separate machine. For example, if you use a WPA connection from the host machine you need to configure WPA (including the username and password) in the guest machine.
I am not an expert, but after some research I could solve a similar problem. I have a Mac hosting a Debian server. I used Bridged Adapter on interface en0 in my Mac.
1) My Mac is running on 192.168.10.101. I know that because I run the command:
ifconfig -a
and the interface en0 shows that IP
en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
ether 6c:40:08:98:72:4c
inet6 fe80::6e40:8ff:fe98:724c%en0 prefixlen 64 scopeid 0x4
inet 192.168.10.101 netmask 0xffffff00 broadcast 192.168.10.255
2) Running netstat command at my Mac:
netstat -nr
Internet:
Destination Gateway Flags Refs Use Netif Expire
default 192.168.10.1 UGSc 296 142 en0
I see that the Mac Gateway is on 192.168.10.1
3) Mac and Debian must be in the same segment as the Gateway, I mean 192.168.10.xxx. So I decided that my Debian must run on the static IP 192.168.10.115.
I edited /etc/network/interfaces file at my Debian server to look this way:
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
source /etc/network/interfaces.d/*
# The loopback network interface
auto lo
iface lo inet loopback
# The primary network interface
allow-hotplug eth0
iface eth0 inet static
address 192.168.10.115
netmask 255.255.255.0
gateway 192.168.10.1
dns-nameservers 8.8.8.8 192.168.10.1
Then I did ping from my Mac and ping from my Debian and they answered Ok. I also have access to internet from Debian, because I have the same Default Gateway as my Mac.
root#debian64:/home/myuser# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default TEW-711BR 0.0.0.0 UG 0 0 0 eth0
link-local * 255.255.0.0 U 1000 0 0 eth0
I hope it helps and if anybody have better explanations I would like to learn.
I have an application where it sends some multicast request to the multicast group ,
If I test my Client and Server application on two separate PC which are in same subnet it works fine .
Since I can not run always on two PCs during testing of my application, I thought of using the virtualbox to run the another OS to run my server application .
My Host is ubuntu , I installed the vitrtualbox to run the another guest os linux , and since my traffic only has to be with in the HOST and Guest , I have selected a "host only network type" .
My guest OS get the IP address but when I run my server application, It fails to join to the multicast group says
"No Such Device" .
Can someone help me to set up a network between the Guest and HOST OS ..
My main goal is to send a multicast request and it should reach the guest OS.
In VM:
ls /sys/class/net - get net devices. (lo, eth0, eth1...). You should have one lo and two eth devices.
sudo nano /etc/network/interfaces. At eth0 there is a NAT connection. Lo is a localhost. We should set the Host-Only connection. Add the following:
# The host-only network interface
auto eth1
iface eth1 inet static
address 192.168.56.101
netmask 255.255.255.0
network 192.168.56.0
broadcast 192.168.56.255
(Address is taken from ipconfig/ifconfig output in host system. Instead eth1 you can have another connection name, taken from the step 4.b.i)
For checking the edited file, run:
sudo service network-manager restart
Check if you have all three connections running. Check Host-Only addresses.
ifconfig
Reboot
sudo reboot
I am creating GRE Tunnel between two Linux (CentOS6) servers using below steps.
On the master server:
chkconfig iptables off
service iptables stop
sysctl -w net.ipv4.conf.default.rp_filter=0
modprobe ip_gre
ip tunnel add tun1 mode gre remote 98.123.87.97 local 106.61.58.98 ttl 255
ip addr add 10.0.1.0/24 dev tun1
ip link set dev tun1 up
ip addr add 98.123.87.95/27 dev eth0
On the slave server:
chkconfig iptables off
service iptables stop
sysctl -w net.ipv4.ip_forward=1
sysctl -w net.ipv4.conf.all.forwarding=1
sysctl -w net.ipv4.conf.proxy_arp=1
sysctl -w net.ipv4.conf.all.proxy_arp=1
sysctl -w net.ipv4.conf.eth0.rp_filter=0
sysctl -w net.ipv4.conf.default.rp_filter=0
modprobe ip_gre
ip tunnel add tunx mode gre remote 106.61.58.98 local 98.123.87.97 ttl 255
ip addr add 10.0.2.0/24 dev tun0
ip link set tunx up
ip route add 98.123.87.95/27 dev tun0
I need to add slave server's IP into the on my master server, I am getting the ping response form tunnelled IPs (Slave Server's IP) and when I am trying to SSH the tunnelled IP (Slave IP) I am reaching to Masters(this is what I want).
Problem is when I am trying to send outgoing traffic like DNS query by Tunnelled IP(Slave IP) I am getting time out request.
I guess this is routing issue of one of my server. Any idea what should i do to get through my outgoing traffic by tunnelled IPs?
Thanks,
Are you really adding 10.0.1.0/24 address? This is a network address, looks like mistake.
Also, you shuold add default route(or route to dns servers or whatever you want) on client machine through your tunnel with gateway=another_end_of_tunnel.
Don't forget to add static route to your machine if you don't want to loose connection, before adding default route!
How can I access a site configured in IIS 7 on the host machine from a guest OS in VMWare (Fedora 10). I have configured the VM to use "NAT"
Depends on your network configuration of vmware product you are using (player, server, workstation). If it is set for a bridged mode, then you can do it as any other machine - by host machine's IP. If it is a "host only" or NAT mode - check what is the gateway IP for the guest (/sbin/route), and try using it:
# /sbin/route
Destination Gateway Genmask Flags Metric Ref Use Iface
default 10.x.y.z 0.0.0.0 UG 0 0 0 eth0
In this case, 10.x.y.z is the ip of the host machine.
Pretty easy...
Step 1 Configure IIS on the host OS to include a binding, if you would like to use a "url". for example mySite.com
Step 2. In the Guest open up the hosts file c:\windows\system32\drivers\etc\hosts.
Add the entry
[hostip address] [host iis bining url]
Example
192.168.0.1 mySite.com
restart your browser in the guest, and you should be good to go.