IP needed on Linux bridge between 2 TAP interfaces? [closed] - linux

Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 7 years ago.
Improve this question
I am trying to setup openvpn on a server so that I have 2 different tap interfaces (tap0 and tap1) and then a bridge connecting those interfaces. The idea is that a client on tap0 will be able to talk to a client on tap1 and vice-versa.
There is no physical NIC involved in the bridge and the Bridge interface is setup with no ip/netmask/broadcast.
I am able to ping between the 2 when they are both connected however I see no traffic when trying to tcpdump the bridge interface.
I am a bit confused on some things:
Do I need to have an ip configured on the bridge interface at all? I don't quite see the reason for it as all it will do is to make to virtual interfaces talk to each other
Is the fact that the bridge interface does not have an assigned ip/netmask/broadcast the reason I am not able to see the ping traffic on the bridge interface when tcpdumping that interface?
If the answer to number 2 is Yes, I assume that it is not either possible to use iptables to block/allow traffic on that interface, correct? If so is there any other way to accomplish what one would do with iptables on an interface like that?

I guess this wasn't the proper place to put this question but I thought I'd put an update anyway to close the issue.
Turns out that you do not need an assigned ip address on the bridge and it is possible to tcpdump. I happened to be working in containers which made the traffic go outside the vpn when pinging.

Related

HoloLens 1 stopped connecting to PC over Wi-Fi [closed]

Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 1 year ago.
Improve this question
I would really appreciate some help :)
Worked from home, connected normally for months.
Went back to work, same HoloLens, same laptop, different Wi-Fi.
Won't connect now - cannot access the device portal (https://192.168.1.110/).
Can normally acces over USB (http://127.0.0.1:10080/).
Tried:
2 networks - office and tethering over mobile
3 browsers
reseting both the HL and the laptop multiple times
I'm using Windows 10.
Any ideas? Thanks :)
As discussed in the comments, the problem was that the IP address had changed: the IP address will be assigned by the network's DHCP server, and is generally persistent once assigned in helpful networks, but when you switch to a different network or different DHCP server the IP address is likely to change.
In home networks or small office networks the DHCP server is probably built into your router. It would be possible to set up an address reservation for the HoloLens in your router's configuration, if you wanted to preserve or change the address, provided both routers use the same IP address range for attached devices.

Can a hacker spoof any IP address of his choice? [closed]

Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 2 years ago.
Improve this question
For example.
Lets say we have the following linux server:
host-server: 54.215.128.59
This servers will only accept connections from the following ip : 159.65.32.123
If a hacker only knows this information.
Could he be able to trick the host-server that the conection is coming from 159.65.32.123?
This way he would be jumping any firewall established.
It isn't very likely. Nothing is stopping you from defining you own IP address to whatever you want. In linux you can do it with (assuming you network interface is eth0):
sudo ifconfig eth0 159.65.32.123/24
If you are behind a NAT then you'll have to change its address and not yours. However, ISPs should have anti-spoofing measures in place that block packets with an IP address they didn't assign you.
There is also the problem of the return path. When the server will want to send something to this address, the packet will be routed according to the routing rules of all the nodes in the way, which are unlikely to point to the hacker's ISP.
If you are on a LAN with the server then it should be more possible, though you will likely need to handle the collision of IP addresses, and the problem of spoofing IP addresses on a different subnet. One option is to use ARP poisoning and do a MitM between the server and the router.

Iptables setup on VPN client having LAN [closed]

Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 5 years ago.
Improve this question
I am struggling with some problem, probably because there is simply not enough information on the web regarding some specifics I am trying to setup.
I have bought OpenVPN service via tun (routing).
I connect to the OpenVPN server through Raspberry PI (serving me as router), which has two interfaces - eth0 for handling Internet connection and wlan0 for my internal LAN.
My goal is to setup firewall in such way, that I can filter tun-ned income traffic and be able to reach web from LAN behind wlan0. Also - everything should go via VPN.
From the architectural point of view I think it should look like this:
INPUT, FORWARD - dropped,
OUTPUT - allowed,
eth0 allows to flow only packets via default OpenVPN service port,
tun adapter should have all INPUT-related policies applied and should be NAT-ted.
What you think - is this correct thinking? I have managed so far to be able to ping from SSH-ed Raspberry PI into web, but yet no DNS - do I understand correctly that I should have own DNS forwarder? DHCP server is set on Raspberry PI.
Thanks!
I have already solved the issue. For those which are interested - incoming packets from LAN are processed by openvpn client (tun/tap), then passed over internet-facing interface. So it was a mater of setting correct forwarding between interfaces. /etc/resolv.conf just had to been overwritten with global (like Google) DNSes to solve ping-related problem.

How to send requests via virtual interface [closed]

Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 9 years ago.
Improve this question
I have created a virtual interface using
ifconfig eth0:1 192.168.50.10 netmask 255.255.255.0 up
Now I'm sending a request to a server via the virtual interface using curl:
curl --interface 192.168.50.10 http://192.168.50.1:8080/myhostedapp
This works fine and my app shows the source ip as 192.168.50.10, but if the server is on a different subnet, and reachable from the physical interface (eth0), the connection times out.
So this works (via the physical interface):
curl http://10.10.50.1:8080/myhostedapp.
But this fails:
curl --interface 192.168.50.10 http://10.10.50.1:8080/myhostedapp.
For 10.10.50.1 to reach 192.168.50.10, I added it to the route table.
What do I need to configure so that 10.10.50.1 is reachable from 192.168.50.10?
You have to set iptunnel you can see this link it would make it more clear, one more thing when you added route you added the route with a gateway.
https://unix.stackexchange.com/questions/44065/linux-networking-routing-to-virtual-ip-addresses-from-a-different-subnet
Thanks & Regards,
Alok Thaker
First off, you shouldn't use ifconfig anymore. It is unmaintained since 10 years or so and known to have some issues, esp. regarding "virtual interfaces".
Better use ip from the iproute2 package.
See also this articles about ifconfig vs. ip and what the replacement commands look like:
Deprecated Linux networking commands and their replacements
iproute2: Life after ifconfig
ifconfig sucks
Now regarding your issue: what does your routing table look like? Please provide the output of ip address show eth0 and ip route show. I suspect your routing table to be the culprit.

Configuration for a network lab [closed]

Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 9 years ago.
Improve this question
Hello all, this is the configuration I am trying to produce. Disregarding the VMNET8 I want to set up the static network for VMNET2 with the network 10.0.2.0/24.
Starting with the Linux server and VMNET2 I calculated the Inet address: 10.0.2.2, subnet masK: 255.255.255.0, Default Gateway: 10.0.2.1.
What I am confused about is; what is the default route? Is it the default gateway which then is 10.0.2.1?
A default route is the destination for traffic that a specific route is not known for.
Specifically in your example:
some device inside 10.x.x.x will not know how to reach 192.x.x.x it will only be aware of 10.x.x.x - you cannot move traffic outside of this range without routing.
If a default route exists, all traffic where the destination is unknown, will be forwarded to that address in the hope of reaching a destination
So... if your linux box is the default gateway, devices inside the LAN will configure a default route to the linux box, so they can reach off-lan networks.
Specifically in your example, the linux box doesn't need the default route- it is aware of both the 10.x.x.x and 192.x.x.x networks, as it has interfaces in both. Your devices that are completely isolated inside each LAN will require a default route to find other LAN's.
A device completely inside 192.x.x.x would have a default route pointing to the linux box's 192.x.x.x interface, the linux box is now acting as the default gateway.
A device completely inside 10.x.x.x would have a default route pointing to the linux box's 10.x.x.x interface, the linux box is now acting as the default gatway on the other side too.

Resources