Allow lan segments to ping each other on multihomed router - networking

I have a box running OpenSuse with two local network segments:
192.168.2.0/24 (lan0)
192.168.33.0/24 (vlan0)
and 3rd connection,
DHCP (wan), used for Internet access.
and I'd like to be able to route everything (tcp, udp, icmp, whatever) in lan0 and vlan0 segments.
I have enabled ip forwarding and ip masquarading using YaST. I also added both 192.168.xx.0/24 to trusted networks in SuSEfirewall2 and set up explicit routing in FW_ROUTE setting. rp_filter is off for both.
I have internet access on both segments and i am able to ping in both directions (router - pc on the segment) but cannot ping from lan0's machine to vlan0's one. I get 'destination host unreachable' error whenever I try to ping from lan0 to vlan0.
My understanding is i am missing some major settings which would let router route packets from lan0 to vlan0 instead of masquarading them and sending to the Internet. Windows boxes at lan0/vlan0 do not see each other too :(
Any help would be greatly appreciated.

In case someone runs into same problem - it appeared that pings do not work for Windows 10 boxes only. Android phone pings fine so the root cause is not OpenSuse box at all.

Related

How to determine source of mysterious server name on my network

Over the last few days I have noticed a mysterious (unknown to me) server hostname that shows up on both Ubuntu's Nautilus Network section as well as Windows File Manager network group. The hostname does not show in the list of clients on my router. If I double click the hostname icon to try to connect to it I get a connection refused error. The hostname's appearance is random.
I have non-factory admin and wireless passwords set on my router as well as MAC filtering. Router firewall is on and no unneeded service ports are opened (NFS, etc.).
How can I determine the source of this unknown hostname and how can I close down my network in case this is really someone that has managed to break into my network? Also, if I have explicitly listed the MAC addresses of all my devices how could a non-listed device be able to connect?
Thank you for any comments you can provide.
Resolved; see previous comment on NetBios over TCP/IP.

How to Find My Proper Ip Address to Connect to Another Computer Remotely

My friend wanted to connect to my computer using Remote Desktop Connection. But the problem is I am confused what my Ip address is.
My computer is connected to the internet via router via broadband internet network. My ip address is dynamic.
Here, my main purpose is not only the remote connection but also learning how dynamic ip connect to another pc.
I searched for ip address on Google. They show me an ip address. But I think it is not mine, it's related with the router or broadband network. I also find a WAN ip (it is different from that i found on google) on router settings. It did't work.
I used Team Viewer. It worked perfectly. But I want to do that manually because I am going to make a multiplayer game on GM8.
It will helpful if someone explain about ip and port forwarding.
Teamviewer is a great tool, but uses different techniques than what you plan to do. Teamviewer always uses an outgoing connection and use a mediator on the Internet to connect you and the other PC.
You should ask your Internet provider if he technically enables you to be reachable from the outside Internet. Often this is not possible at all, even if you configure your router the correct way.
When you ask this you can ask him if you have a static IP.
It seems you are not aware of basics of IP networking, so I'd strongly advise against trying this on your router as wrong settings would render it useless. But here's for your information how port forwarding and IP Address and dynamic DNS can be used to solve your problem.
Basically your ISP is likely to give you a router having an IP address. If this IP address is a global IP address, it is possible to connect to this IP from outside. How do you find out whether your IP address is global? Look for your WAN IP address setting. If it is in 10.x.x.x or 192.168.x.x range, it's unlikely to be global and in that case it might not be possible to connect to your computer from outside - without help of a third server (some kind of a registration server, where you connect and register your application). The Registration server would determine your globally visible IP address and then convey it to another Application who is interested in connecting to it. This is somewhat complicated to make it work (but if you intend to make a game - this is something you'd have to do regardless). This is mostly how software like TeamViewer would work.
If you have a global IP address - it means it can technically be reached from anywhere in the world. In that case you could use port forwarding to make things work for you. Port forwarding works basically as follows - You expose a certain port (on TCP) to external world - say 8000 and then you make a setting like following on your router.
<TCP>-<RouterIP>-8000 --> <TCP>-<Your LAN IP><Your application Port>
(You can find you lan ip using ipconfig on windows or ifconfig on Linux).
Now all connections coming to port 8000 would be directed to your application. You might want to do it on UDP as well and the protocol above would change. That is how you 'open' a few ports to be accessible from outside, configure them on your router and then run corresponding applications on your network.
There's another thing called dynamic DNS, where the IP address you use if it is dynamic (and global) can be registered with a Dynamic DNS server so that you don't have to know and remember the current WAN IP Address. But that can be for later.
Hope that helps.

HttpListener working on local network, but not externally

I am attempting to spin up an application that listens on a port and responds to HTTP requests. I am on a Windows 8 machine connecting through a Netgear router that provides port forwarding. I have:
modified my DNS zone file of one of my domains to point to the IP address that is assigned to my cable modem
Added a port-forwarding rule to my router that sends requests to port 8080 to port 8081 on my computer
Opened port 8081 on my Windows Firewall
Executed netsh http add urlact http://+:8081/ user=Everyone listen=yes as administrator
Started up my app which uses the simple webserver solution found at http://codehosting.net/blog/BlogEngine/post/Simple-C-Web-Server.aspx which uses an HttpListener object with a prefix of http://+:8081/.
From any machine on my local network, I can browse to http://home.example.com:8080/blah/blah and everything works great. Whenever I attempt the same URL from a machine connected elsewhere on the Internet, the connection times out. I have tried using the IP address instead the domain name, and have tried disabling my Windows Firewall (temporarily), still with no luck.
I'm sure this is more of a network setup issue than a code issue, but I thought I would ask anyway to see if there is anything I can do. Sorry for the spaces in the urls above. This is my first post to SO, and I apparently don't have enough of a reputation to post more than a single link.
By "elsewhere on the Internet", I am assuming you are attempting to access it from a different ISP.
The thing about some ISPs is that unless you are paying for a "business class" connection, they will do all sorts of tricks to ensure that you remain a "consumer". What you need is an unNATed static IP address.
By this I mean that the IP address that you may have at your home may not be accessible to the outside world because the ISP is actually NATing (or other) that address to you. This is a fairly common practice because of limited IP4 addresses. If you really want a service accessible via the WWW, I would suggest moving your product to a VPN, or at least a commodity hosting provider.
Edit: Try a VPN service like Hamachi

Connecting Veency on Iphone from another network

I installed Veency Server on my old Iphone 3GS. I can connect to it from my other devices in local network, using its 192.168.2.xxx adress, but i cant connect from another network. I know that my router uses NAT so i tried port forwarding for ports 5500,5900 and 5800, then i tried to forward all ports in range 0:7000 but none of them seemed to work. What can i do ?
Thanks a million in advance.
Shouldn't be too complicated.
Set a DHCP reservation in your router for the device.
Forward the VNC port (Usually 5900) to the IP you set.
If you don't have a static external IP, get something like No-IP or DynDNS so you can have an unchanging URL to connect to.
That's about it, it's no different than making any other service external.
You should know that this will not be secure, and very easy for a man in the middle attack to happen.

Windows 7 does not accept broadcasts from ip address 0.0.0.1

we have little network devices which are shipped with IP address 0.0.0.1 to ensure that they never collide with any other device in their new environment (thus none of the 10.x.x.x, 172.16.x.x or 192.168.x.x ranges) until configuration. DHCP is no solution since there might be no DHCP server in the field.
The devices would listen to UDP broadcasts and answer with broadcasts until they are given their new IP address this way.
This worked fine with Windows XP - but sucks with Windows 7: the config program does not receive the answer packets from the devices which still have 0.0.0.1. Wireshark sees the packets, then they are dumped by the system.
Question: Is there any reason (RFC?) that actually prohibits using this address in a local environment? Or is it just MS that was overcautious? Where can I read why they treat this address "invalid"? Which ranges are really "invalid" now, too?
Any idea of a workaround on the PC side (Win 7)?
I know that it is not recommended to use 0.xxx addresses for work places, but for this very reason - having a not-used address - it works perfectly.
Edit: there is a device out there called "Netburner" which might have faced the similar issue, according to their forum. See: http://forum.embeddedethernet.com/viewtopic.php?f=5&t=612&p=2198 Does - by coincidence - anybody know some background information?
It sounds as if your configuration application is listening for broadcast packets on all network interfaces and expecting to receive packets from foreign subnets.
That should not work - the OS should only pass-on broadcast packets from the subnets each network interface is on, not from all subnets on the same physical (e.g. Ethernet) segment. I am reasonably certain that doing otherwise is broken behaviour WRT the IP protocol.
The are two ways to deal with this:
Make sure that your network interface has an IP address in the target subnet. You can have more than one IP addresses for each network card, so that should not interfere with normal network operations.
Configure or modify you application to use raw sockets, like Wireshark. Keep in mind, however, that this overrides all normal checks and balances and should be avoided, since it can cause behaviour that is almost impossible to diagnose - which is why it is frowned upon by meny network administrators.
Can you you add new routing table entries to Windows machines easily? Windows has to know which interface to use when routing a broadcast packet to the 0.0.0.x network.
The Unix machines I'm familiar with have a routing table that maps network/netmask entries to either gateways or interfaces (if the network is a local network). The local network (192.168.0.0/16 for my home network) gets sent to interface eth0. Everything else 0.0.0.0/0 gets sent to a specific gateway machine 192.168.0.1.
If my machine sent a UDP broadcast message to network 0.0.0.0/24 (in other words, UDP broadcast sent to 0.0.0.255, then my machine would forward the packet to the gateway machine (which it can look up via arp). The switches in the middle wouldn't propagate the packet to other network devices, because the MAC address is set.
If my machine had another routing entry for 0.0.0.0/24 to the local interface, then my machine would send the packet on the wire using an ethernet broadcast group, and the switches would forward the packet to all connections. (Yay! Just like hubs in the 90s! :)
So I figure you need to add a routing entry for 0.0.0.0/24 to your client machines, so that they can properly address the broadcast packet.

Resources