- Visitors can check out the Forum FAQ by clicking this link. You have to register before you can post: click the REGISTER link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. View our Forum Privacy Policy.
- Want to receive the latest contracting news and advice straight to your inbox? Sign up to the ContractorUK newsletter here. Every sign up will also be entered into a draw to WIN £100 Amazon vouchers!
Reply to: Help with Linux Networking
Collapse
You are not logged in or you do not have permission to access this page. This could be due to one of several reasons:
- You are not logged in. If you are already registered, fill in the form below to log in, or follow the "Sign Up" link to register a new account.
- You may not have sufficient privileges to access this page. Are you trying to edit someone else's post, access administrative features or some other privileged system?
- If you are trying to post, the administrator may have disabled your account, or it may be awaiting activation.
Logging in...
Previously on "Help with Linux Networking"
Collapse
-
Does the Sky Router know about the network behind the virtual router? You may need to put a static route into the Sky Router, or enable some sort of routing protocol, OSPF, RIP or something.
-
Adding the default gw to the bridge as well as the bridged interface solves the dns problem from the host. I think to be fair once you bridge an interface, it then sends it's packets over the bridge, so essentially it's own default gateway becomes defunct. Kind of makes sense in my brain this way.
The DNS problem on the client remains, but I have a work around for now which is to use the NAT Router address for now. Dirty hack, but the IDS is promiscuous and picks up the DNS packets just the same so the end result is workable.
If anyone has anything to add (that's vaguely more helpful than the IT crowd's iconic suggestion ) then please pour forth your wisdom.
Leave a comment:
-
What version of Ubuntu are you using ? My experience of U12.04 was that dns is tuliped on this system.
Boo
Leave a comment:
-
Help with Linux Networking
OK this is a bit involved, but any Linux networking gurus out there that could cast an experience eye over my amateurish attempts to set up a Virtual Linux router would be greatly appreciated.
OK some some topology to set the scene :
I have a NAT router, provided by SKY. It's IP is 192.168.0.1 and is the default gateway for most interfaces on my LAN.
I have a linux box, running Centos 7, which has 2 nics. We'll call them eth01 and eth1 for the sake of argument.
eth0 has an IP address 192.168.0.50 netmask 255.255.255.0
eth1 has an IP address 192.168.100.50 netmask 255.255.255.0
I have then added two bridges, for my KVM virtual machine to use.
virbr1 (eth0) ipaddress 192.168.0.51 netmask 255.255.255.0
virbr2 (eth1) ipaddress 192.168.100.51 netmask 255.255.255.0
both bridges have spanning tree protocol enables.
In my virtual machine I also have 2 NICs, we'll call them veth0 and veth1 for the sake of argument.
veth0 has ipaddress 192.168.0.103 netmask 255.255.255.000
veth1 has ipaddress 192.168.100.102 netmask 255.255.255.000
I have enabled packet forwarding.
I have added some rules to iptables to enable this box as a virtual router.
Code:iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT iptables -A FORWARD -i eth0 -o eth1 -m state --state RELATED,ESTABLISHED -j ACC$ route add default gw 192.168.0.1
The results are as follows :
I can ping the gateway (192.168.0.1) from the virtual machine, and ping both network cards. I can ping beyond the gateway and can resolve dns names and surf the web.
I now have another machine on my LAN that I want use my virtual router as it's default gateway, and dns server. Then using snort I will monitor traffic on my network, as a kind of IDS. This is the plan.
The other machine on the network, we can call the client and say that it has only 1 nic and ipaddress 192.168.100.105 netmask 255.255.255.000 with a default gateway of 192.168.100.102 and a primary dns server of 192.168.100.102.
This machine can ping the gateway (192.168.100.102) and can ping the NAT router (192.168.0.1), so the virtual router is correctly forwarding and natting the packets.
However I have 2 problems I cannot solve, and would like some help with.
The first problem is that DNS from the client doesn't work.
Wireshark shows that the virtual router is blocking dns. That is to say I can see the DNS request come in from 105 > 102 and then 102 sends to 105 a desination port unreachable. This is strange as on the virtual router I have allowed port 53 (both TCP and UDP in) using ufw (the virtual router machine is running Ubuntu btw). I have also allowed port 53 (any) out.
the results of iptables -L INPUT give
Code:Chain INPUT (policy ACCEPT) target prot opt source destination ufw-before-logging-input all -- anywhere anywhere ufw-before-input all -- anywhere anywhere ufw-after-input all -- anywhere anywhere ufw-after-logging-input all -- anywhere anywhere ufw-reject-input all -- anywhere anywhere ufw-track-input all -- anywhere anywhere
The second problem is that my Linux host (the one hosting the virtual router ubuntu box) can no longer resolve dns queries. A wireshark trace shows the dns query come in on 192.168.0.50 but it then forwards it to 192.168.0.51 (the bridge) which then in turn sends it up to the gateway (192.168.0.1) but the response never reaches 192.168.0.50. How can I get 192.168.0.50 to use default gateway and not the bridge (192.168.0.51)?
Thanks for any help you can be as I've spend around 2 weeks of evening and weekend time on this and have now really run out of ideas.Last edited by suityou01; 2 January 2016, 11:29.Tags: None
- Home
- News & Features
- First Timers
- IR35 / S660 / BN66
- Employee Benefit Trusts
- Agency Workers Regulations
- MSC Legislation
- Limited Companies
- Dividends
- Umbrella Company
- VAT / Flat Rate VAT
- Job News & Guides
- Money News & Guides
- Guide to Contracts
- Successful Contracting
- Contracting Overseas
- Contractor Calculators
- MVL
- Contractor Expenses
Advertisers
Contractor Services
CUK News
- Streamline Your Retirement with iSIPP: A Solution for Contractor Pensions Sep 1 09:13
- Making the most of pension lump sums: overview for contractors Sep 1 08:36
- Umbrella company tribunal cases are opening up; are your wages subject to unlawful deductions, too? Aug 31 08:38
- Contractors, relabelling 'labour' as 'services' to appear 'fully contracted out' won't dupe IR35 inspectors Aug 31 08:30
- How often does HMRC check tax returns? Aug 30 08:27
- Work-life balance as an IT contractor: 5 top tips from a tech recruiter Aug 30 08:20
- Autumn Statement 2023 tipped to prioritise mental health, in a boost for UK workplaces Aug 29 08:33
- Final reminder for contractors to respond to the umbrella consultation (closing today) Aug 29 08:09
- Top 5 most in demand cyber security contract roles Aug 25 08:38
- Changes to the right to request flexible working are incoming, but how will contractors be affected? Aug 24 08:25
Leave a comment: