Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 9 years ago.
Improve this question
Hello all, this is the configuration I am trying to produce. Disregarding the VMNET8 I want to set up the static network for VMNET2 with the network 10.0.2.0/24.
Starting with the Linux server and VMNET2 I calculated the Inet address: 10.0.2.2, subnet masK: 255.255.255.0, Default Gateway: 10.0.2.1.
What I am confused about is; what is the default route? Is it the default gateway which then is 10.0.2.1?
A default route is the destination for traffic that a specific route is not known for.
Specifically in your example:
some device inside 10.x.x.x will not know how to reach 192.x.x.x it will only be aware of 10.x.x.x - you cannot move traffic outside of this range without routing.
If a default route exists, all traffic where the destination is unknown, will be forwarded to that address in the hope of reaching a destination
So... if your linux box is the default gateway, devices inside the LAN will configure a default route to the linux box, so they can reach off-lan networks.
Specifically in your example, the linux box doesn't need the default route- it is aware of both the 10.x.x.x and 192.x.x.x networks, as it has interfaces in both. Your devices that are completely isolated inside each LAN will require a default route to find other LAN's.
A device completely inside 192.x.x.x would have a default route pointing to the linux box's 192.x.x.x interface, the linux box is now acting as the default gateway.
A device completely inside 10.x.x.x would have a default route pointing to the linux box's 10.x.x.x interface, the linux box is now acting as the default gatway on the other side too.
Related
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 4 years ago.
Improve this question
I'd like to configure a debian box with multiple ip addresses (in the same subnet) on the same physical NIC in debian, while every address should use it's own network route.
I think it won't be able using ip addr add, but is it possible using pseudo interfaces like eth0:0 ? Or does the linux TCP stack prevent this? And if it's possible, how do I bind multiple default routes to their (pseudo-)interface or ip address? will it be able using iptables roules and with which?
Aliases are not required to do this You can do this with iproute2
ip addr add <ip> dev eth0
you then add routing to a ip specific route table
ip route add subnet dev eth0 table <tableid>
ip route add default via <GATEWAY> table <tableid>
Then add a rule to match the ip so that it uses the specific table
ip rule add from any to <ip> lookup <tableid>
ip route add from <ip> to any lookup <tableid>
This can get pretty confusing because the routing is now multiple routing tables
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 6 years ago.
Improve this question
I have an OpenVPN server running on my Linux box and it's working fine. The server has a lot of IP addresses but it only uses one for all the clients (of course).
Is it possible to use multiple IP addresses (public) on the same server?
If you post this question on ServerFault, this post will get more eyeballs.
OpenVPN can listen on multiple IP addresses. The directive local sets the IP address(s) it listens on. Here is an excerpt from OpenVPN man page.
--local host
Local host name or IP address for bind. If specified, OpenVPN will bind to this address only. If unspecified, OpenVPN will bind to all interfaces.
Watch out if you have multiple public IP addresses on multiple interfaces. You may have to resort to some sort of port forwarding. Probably you should make OpenVPN listen on a single interface, preferably local interface and port forward traffic coming from various public IP's to this Interface.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 5 years ago.
Improve this question
I am struggling with some problem, probably because there is simply not enough information on the web regarding some specifics I am trying to setup.
I have bought OpenVPN service via tun (routing).
I connect to the OpenVPN server through Raspberry PI (serving me as router), which has two interfaces - eth0 for handling Internet connection and wlan0 for my internal LAN.
My goal is to setup firewall in such way, that I can filter tun-ned income traffic and be able to reach web from LAN behind wlan0. Also - everything should go via VPN.
From the architectural point of view I think it should look like this:
INPUT, FORWARD - dropped,
OUTPUT - allowed,
eth0 allows to flow only packets via default OpenVPN service port,
tun adapter should have all INPUT-related policies applied and should be NAT-ted.
What you think - is this correct thinking? I have managed so far to be able to ping from SSH-ed Raspberry PI into web, but yet no DNS - do I understand correctly that I should have own DNS forwarder? DHCP server is set on Raspberry PI.
Thanks!
I have already solved the issue. For those which are interested - incoming packets from LAN are processed by openvpn client (tun/tap), then passed over internet-facing interface. So it was a mater of setting correct forwarding between interfaces. /etc/resolv.conf just had to been overwritten with global (like Google) DNSes to solve ping-related problem.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 7 years ago.
Improve this question
I am trying to setup openvpn on a server so that I have 2 different tap interfaces (tap0 and tap1) and then a bridge connecting those interfaces. The idea is that a client on tap0 will be able to talk to a client on tap1 and vice-versa.
There is no physical NIC involved in the bridge and the Bridge interface is setup with no ip/netmask/broadcast.
I am able to ping between the 2 when they are both connected however I see no traffic when trying to tcpdump the bridge interface.
I am a bit confused on some things:
Do I need to have an ip configured on the bridge interface at all? I don't quite see the reason for it as all it will do is to make to virtual interfaces talk to each other
Is the fact that the bridge interface does not have an assigned ip/netmask/broadcast the reason I am not able to see the ping traffic on the bridge interface when tcpdumping that interface?
If the answer to number 2 is Yes, I assume that it is not either possible to use iptables to block/allow traffic on that interface, correct? If so is there any other way to accomplish what one would do with iptables on an interface like that?
I guess this wasn't the proper place to put this question but I thought I'd put an update anyway to close the issue.
Turns out that you do not need an assigned ip address on the bridge and it is possible to tcpdump. I happened to be working in containers which made the traffic go outside the vpn when pinging.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 8 years ago.
Improve this question
I would like to know how to make my Linux Server accesible for anyone around the world. I currectly can access it via 192.168.1.22 locally on my network. I would like it to be accesible through and IP or a domain name.
If you are wanting all ports to be accessible then you can make the box a DMZ on your router and set a static IP, then you are done. If you want it to be accessible through SSH which is what I am going to assume, then you need to set a static IP for the box forward the internal IP address and port in your router and then optionally set up DDNS settings if available. At that point you will be able to access the box from any public network. If you need help let me know.
Either get a static IP address from your Internet Service Provider, or use Dynamic DNS to map a domain name to a dynamic IP address.
One well known Dynamic DNS provider is NoIP
http://www.noip.com/free/
In any case, you probably have a NAT "firewall" that blocks all incoming traffic, so you'll need to configure the firewall to allow ports through that you want to server. Typical Linksys / Netgear NAT firewalls / Wifi routers allow you to port forward to a single private IP address.
Finally, you should make sure your ISP allows running a server. Though most of them dont mind, because the upload speed is throttled by design, you still want to check the terms of service.