I know that the MsNLB can be configured to user mulitcast with IGMP. However, if the switch does not support IGMP what are the options?
If you can find an old "dumb" hub, you can run the node NIC's through it, or if your switch is managable you can set the ports up so that they do not remember the MAC address to IP address mappings.
I will say that I have had horrible experience with WLBS (the 2003+ version of NLB) in regards to port flooding. We have an existing load balanced system where we have the load balanced NIC's going into a VLAN to keep the traffic separate and we've turned off the MAC address to IP mapping in order to reduce the problem. We are migrating the load balancing off of WLBS; however, due to the reliability of this configuration.
Related
I am following the security onion docs and am using vmware. I created the 2nd network adapter and set it to bridged for the monitor interface, ran the setup, selected evaluation mode, and setup the network interfaces.
My monitor interface does not see any traffic, I used wireshark to to test both interfaces and the management interface sees the traffic but the monitor interface does not. Has anyone else come across this issue?
Would be useful if you'll provide your Host OS, and versions of OS, VMWare and Security Onion- to be clear from the start and helpful for any future requests.
Out of assumption that you are using MAC-I may say it may be a known issue, see:
https://docs.vmware.com/en/VMware-Fusion/12/rn/VMware-Fusion-12-Release-Notes.html#knownissues
-here is short excerpt from it:
"Users are unable to capture transfer packets in the same subnet of a virtual network inside a virtual machine.
Virtual machine's virtual interface doesn't report packet exchanges between other virtual machines in the same subnet on Big Sur hosts.
Workaround: Use the virtual interface on the host to capture traffic information in the subnet. For example, use the interface bridge100 on macOS host to capture the traffic in the subnet"
It was reported as a known issue in Fusion 12.0, but it isn't listed in the Resolved Issues for 12.1, so it so safe to assume that it is known pending issue by now.
I am using an android app that streams real-time accelerometer data to the specified ip address of a server. I have written a "server" in C running on Linux which is running in VMware.
I am connected to the hotspot created by the Windows7(Host machine) running the VMware Workstation.
So my question is how do I connect the virtual-machine to same network as the hotspot so that I can get the phone and the "server" program on the same network and stream data to the server program?
I use VirtualBox, but I'm guessing the settings are very similar in VMWare Workstation.
You probably need to do one or both of these things:
1) Port Forwarding. If your app is hitting port 80 (or whatever port), you'll need to tell VMWare that any hits coming in to the host machine on that port get forwarded to the VM. Of course, your VM will have to be listening on that port. I'd suggest using a high port number (over 1024) to minimize conflicts, and avoid annoying root/admin issues using a low port number.
2) Hopefully that gets you there. If not, you may need to change the virtual adapter settings on the VM. NAT mode is a good first try. If not, there are other modes (bridged, internal, host-only) you can tinker with. (Not sure if VMWare uses different names)
That's probably all you need for the topology you describe -- Android device connected directly to the same subnet as the host machine. If not, perhaps your hotspot routes all client traffic to the gateway (i.e. out to the Internet), without allowing direct access to localhost. If so, maybe there are settings for that. If not, ngrok is your new best friend.
It is SUPER easy and allows you to tunnel traffic from anywhere on the Internet to a specific service running on your machine. This would sidestep some of the issues above.
If you want to take your Android device to another network (e.g. cell network), then ngrok is absolutely the way to go, particularly for development and prototyping. This lets you avoid issues with DNS, routing, firewalls, etc.
I need help with this and hoping someone can answer with a valid suggestion.
Background: I live under potential threats from nefarious entities and need some help with security.
My setup is this (similar)
Internet dropping into a WinXP VM by NAT from the Win7 host (call the first VM "VM1"). Connecting within VM1 to a VPN. This TAP adapter internet connection is then shared with a local network of VMs (VM2 and VM3) connected by a network adapter #2 on a Lan Segment I created.
The other VMs are private. I work from them.
I connect another VPN from within them, tunneling through the VM1 effectively nesting them.
However-
Recently some reasons for concern. I am very concerned now that someone with ill intent could be accessing my VM1 through either the host system internet connection, or directly into it from the first VPN, and could be traversing my little Lan Segment network and accessing the data on the lan segment VM2 or VM3 directly. Copying data off potentially into VM1 for removal, -or other threats.
I recently have had my USB wifi adapter disconnect from the host and connect itself mysteriously directly to my deep VMs, 2 and 3. It's happened several times- I now removed USB controller from both of those internal VMs as a precaution. Apparently they wanted to bypass all of my security and just cause the internal deep VMs to connect directly to my wifi and report back the info..
So..
what I need help on, is how to keep the lan segment truly private, with ONLY the VPN internet traffic capable of going through the segment to my upper VM1.
For consideration:
Are there windows services that should be stopped or removed from within VM2 or 3 Which in particular pose threats?
RDP off in the registry for example?
how to disable all communication between the deep VMs and VM1 except for the passing through of the internet connection and nested VPN?
Would I start in the TCP/IP stack? removing some of it? Do I need PFSense or another firewall VM inbetween the lan segment and VM1?
Please help me secure my operating VMs from which I work. Let's call me a journalist under an oppresive regime hypothetically and I am very concerned for my safety, but cannot abandon my moral obligations and work.
great question albeit a bit lengthy and panicked sounding. I can't know your 'situation' but I'll try to help. First, relax. Second, put PFSense in between your deep VMs and where your internet drops into your machine. Keep your internet dropping into your VM if possible through the use of Xen and PCIe passthrough. Just pass the network card along into your first upper VM, so any attackers would have to escape that and into the host in order to infect it. Try and keep a clean host. Second, image your upper VM where the internet hits and reload it fresh every day. Just copy it over from a USB or such. Prevent persistant threats-
Next, keep an isolated network between your VM1 (upper) and a PFsense VM. Then connect another adapter to PFSense and an isolated network with your "deep VMs". Delete them regularly. Keeping things fresh is one of the keys to avoiding threats and malwares etc.
Hope this helps, and best of luck wherever you may be.
**Use encryption in everything.
I'm setting up a linux server in a VM for my development.
Previously I've had PHP, MySQL etc etc all installed locally on my Mac. Apart from being a security risk, it's a drag to maintain and keep up to date, and there's a risk that an OS upgrade will wipe part of your setup out as the changes you make are fairly non-standard.
Having the entire server contained within a VM makes it easily upgradable and portable between machines. It means I can have the same configuration as the destination server and with shared folders even if the VM gets corrupted my work is safe on the host machine.
Previously with the local installation I was able to develop on convenient URLs like http://site.dev. I'd quite like to carry this over to the VM way of development but I'm struggling to figure out how, if it's possible at all.
Here's the problem:
In Bridged mode, the VM is part of the same network as the host. This is great but I can't choose a fixed IP address as I may be joining other networks and that address may be taken already. I'd like a consistent way of addressing my VM.
In NAT mode I can't directly address the VM without using port forwarding. I can use http://site.dev if I use the hosts file to forward that to localhost and then localhost:8080 forwards to the vm:80. The trouble is I have to access http://site.dev:8080 which is inconvenient for URL construction.
Does anyone know a way around this? I'm using ubuntu server and virtualbox.
Thanks!
The answer is to define a separate host-only network adapter and use that for host->guest communication.
You can do this by powering down the guest and adding the adapter in the VM settings. Once that's done you can boot the guest again and configure the new network interface however suits you best. I chose a fixed IP address in an unused range.
Our customers are typical broadband home users, with a DSL Modem/Router which offers DHCP.
We want our device which is connected to the home LAN and has an embedded HTTP Server to be addressable with a domain name (www.mydevice.ip or something). In particular, we want to avoid that the user has to get the IP address and type it into the address bar of his browser.
What solutions are available?
Has the typical DHCP Modem a DNS included - how do you use it?
Could other services offer help (eg. Bonjour)?
You can use mDNS/DNS-SD using "avahi" daemon -- this should work on mac + linux hosts, and maybe for windows.
For Windows, you can set up SAMBA to get WINS name resolution.
A "typical DHCP Modem" is no standard so there is no default answer.
What you want, is that the modem works as a DNS cache (which is pretty much the default) and additionally add your own, static DNS entries that point to the IP of the entry.
How you achieve that depends on the router...