Please help with this!
ISP gives me 16 ethernet link with 16 public IPs.
How to manage to put firewall in front of the other IPs?
The IP it's the gateway: 100.100.100.161
So, we have: 100.100.100.162 until 100.100.100.174 to use
100.100.100.162, it's on firewall FreeBSD (rl0)
rl1 of FreeBSD is local network: 192.168.0.2
===================================
[ISP]
100.100.100.161/255.255.255.240
===================================
===================================
[FIREWALL_FREEBSD]
rl0=100.100.100.162/255.255.255.240
rl1=192.168.0.2/255.255.255.0
gateway=100.100.100.161
===================================
===================================
[SERVER THAT SHOULD STAY BEHIND THE FIREWALL]
rl0=192.168.0.20/255.255.255.0
gateway=192.168.0.2
===================================
Well, I resolved the task breaking the 16 IPs into 2 blocks and asking ISP to route packets for second block to my own firewall.
So on block-1 (same net of ISP) it's located my firewall
And on block-2 (separated from ISP's segment, reachable only through my firewall) I can put my servers.
ISP route: 100.100.100.168/29 ==> 100.100.100.169
[ISP list of my IP addresses]
100.100.100.160/255.255.255.248 = begin of block 1
100.100.100.161/255.255.255.248 = ISP gateway
100.100.100.162/255.255.255.248 = my firewall FreeBSD (rl0)
100.100.100.163/255.255.255.248
100.100.100.164/255.255.255.248
100.100.100.165/255.255.255.248
100.100.100.166/255.255.255.248
100.100.100.167/255.255.255.248 = end of block 1
-------------------------------
100.100.100.168/255.255.255.248 = begin of block 2
100.100.100.169/255.255.255.248 = my firewall (rl2)
100.100.100.170/255.255.255.248
100.100.100.171/255.255.255.248
100.100.100.172/255.255.255.248
100.100.100.173/255.255.255.248
100.100.100.174/255.255.255.248
100.100.100.175/255.255.255.248 = end of block 2
[FIREWALL_FREEBSD]
rl0=100.100.100.162/255.255.255.248 (on same net of block1)
rl1=192.168.0.2/255.255.255.0 = (local network)
rl2=100.100.100.169/255.255.255.248 = (gateway for my servers)
rl2=100.100.100.170/255.255.255.248 = my server 1
rl2=100.100.100.171/255.255.255.248 = my server 2
rl2=100.100.100.172/255.255.255.248 = my server 3
)
[SERVER BEHIND THE FIREWALL]
rl0=100.100.100.170/255.255.255.248
gateway=100.100.100.169 (my firewall)
Related
When I analyze a file using Cuckoo
These error I have.
File "c:\python27\lib\site-packages\cuckoo\auxiliary\sniffer.py", line 157, in stop
(out, err, faq("permission-denied-for-tcpdump"))
CuckooOperationalError: Error running tcpdump to sniff the network traffic during the analysis; stdout = '' and stderr = 'tcpdump.exe: listening on VirtualBox Host-Only Ethernet Adapter\r\ntcpdump.exe: Error opening adapter: \xbd\xc3\xbd\xba\xc5\xdb\xc0\xcc \xc1\xf6\xc1\xa4\xb5\xc8 \xc0\xe5\xc4\xa1\xb8\xa6 \xc3\xa3\xc0\xbb \xbc\xf6 \xbe\xf8\xbd\xc0\xb4\xcf\xb4\xd9. (20)\r\n'. Did you enable the extra capabilities to allow running tcpdump as non-root user and disable AppArmor properly (the latter only applies to Ubuntu-based distributions with AppArmor, see also https://cuckoo.sh/docs/faq/index.html#permission-denied-for-tcpdump)?
My Virtualbox network(guest) name is VirtualBox Host-Only Ethernet Adapter
and my Windows10(host) is installed Windump(renamed as tcpdump.exe), Path is C:\tools\tcpdump.exe
also I set auxiliary.conf file.
# Specify the path to your local installation of tcpdump. Make sure this
# path is correct.
tcpdump = C:/tools/tcpdump.exe
My question is that why I'm getting an error like listening on VirtualBox Host-Only Ethernet Adapter\r\ntcpdump.exe: even though setting a tcpdump.exe path currectly.
I found the answer.
Confugured this line in sniffer.py.
From
err_whitelist_start = (
"tcpdump: listening on ",
"C:/tools/tcpdump.exe: listening on",
)
To
err_whitelist_start = (
"tcpdump: listening on ",
"C:\\tools\\tcpdump.exe: listening on",
)
And my virtualbox interface is wrong. So changed this
virtualbox.conf
From
interface = virtualBox Host-Only Ethernet Adapter
To
interface= \Device\NPF_{ED29CFE9-25EB-4AD9-B2EA-C09A93D465BF}
I'm trying to debug a new server I ordered at OVH.com and they insist everything is working properly even though it times out when doing a curl request towards for an example github.com (times out 9 in around 10 tries)
curl -L -v https://github.com
I get
* Rebuilt URL to: https://github.com/
* Trying 140.82.118.4...
* connect to 140.82.118.4 port 443 failed: Connection timed out
* Failed to connect to github.com port 443: Connection timed out
* Closing connection 0
curl: (7) Failed to connect to github.com port 443: Connection timed out
Even when I set up NGINX sever, site timeouts almost every second request
So I thought perhaps DHCP server can be an issue so I checked it and I see this from (var/lib/dhcp..)
lease {
interface "ens4";
fixed-address 10.0.X.XX;
option subnet-mask 255.255.255.0;
option routers 10.0.X.X;
option dhcp-lease-time 86400;
option dhcp-message-type 5;
option dhcp-server-identifier 10.0.X.X;
option domain-name-servers 10.0.X.X;
renew 6 2020/03/28 02:16:19;
rebind 6 2020/03/28 13:47:57;
expire 6 2020/03/28 16:47:57;
}
lease {
interface "ens4";
fixed-address 10.0.X.XX;
option subnet-mask 255.255.255.0;
option routers 10.0.X.X;
option dhcp-lease-time 86400;
option dhcp-message-type 5;
option dhcp-server-identifier 10.0.X.X;
option domain-name-servers 10.0.X.X;
renew 5 2020/03/27 16:51:54;
rebind 5 2020/03/27 16:51:54;
expire 5 2020/03/27 16:51:54;
}
I tried getting a new one by doing this command but nothing changes, still the same as above
sudo dhclient -r
Am I looking at the DHCP wrong or does it look normal? For the record my public IP on this dedicated starts with 5 not 1 and it is run on Ubuntu 16.04 LTS
What is the offer you have at OVH ? They usually don't give private IP to dedicated server or virtual private server, so that's quite odd.
You may want to collect some trace to check what is going wrong with tools like :
tcptraceroute to check if the path to a domain on port 80 or 443
looks strange
ping to be able to see if there packet loss
tcpdump to capture raw network packet while a timeout is occuring to see what's going on
That's a good start and may also help you go back to OVH Support and prove them there's something wrong.
I have a problem with a very basic usage of Scapy on Windows 7 (Python 3.6, Scapy 2.4.0). I'm also running Npcap 0.99r7 and Wireshark 2.6.2 on this sytem. The system does only have one wireless network interface plus the Npcap loopback interface.
I set up this very classic TCP server... :
import socket
host = '127.0.0.1'
port = 8089
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.bind((host, port))
s.listen(1)
connection, address = s.accept()
while 1:
try :
data = connection.recv(1024)
except ConnectionAbortedError:
break
if data:
print('Received: %s' % (data.decode ('utf-8')))
connection.sendall('Data received'.encode())
connection.close()
s.close()
...and I set up this very classic TCP client:
import socket
host = '127.0.0.1'
port = 8089
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect((host, port))
s.send('Hello, world!'.encode())
data = s.recv(1024)
print('Received: %s' % (data.decode('utf-8')))
s.close()
Both works fine. Wireshark does report the whole TCP traffic on the loopback interface.
Now, I'm running the server, and I try to run that piece of code that would just send a SYN to the server with Scapy :
from scapy.layers.inet import IP
from scapy.layers.inet import TCP
from scapy.sendrecv import *
dstHost='127.0.0.1'
dstPort = 8089
packet = IP(src='127.0.0.1', dst=dstHost)/TCP(dport=dstPort, flags='S')
response=sr1(packet, timeout=10)
response.display()
Python reports :
Begin emission:
..Finished sending 1 packets.
......Traceback (most recent call last):
File "R:/Documents/Projets/python/hacking/scan.py", line 46, in <module>
response.display()
AttributeError: 'NoneType' object has no attribute 'display'
Received 8 packets, got 0 answers, remaining 1 packets
Moreover, Wireshark does not see anything on the loopback interface. May somebody give an hint ?
Update 1
As suggested, I tried a more explicit code using sendp() and not send(), since we are talking layer 2 here:
route_add_loopback()
packet = Loopback()/IP(src='127.0.0.1', dst='127.0.0.1')/TCP(dport=8089, flags='S')
sendp(packet,iface='Npcap Loopback Adapter')
Unfortunately, Wireshark does not sniff the packet on either interfaces (the 'Intel(R) Centrino(R) Advanced-N 6235' and the 'Npcap Loopback Adapter').
Note that the call to route_add_loopback() is required, or show_interfaces() won't report the 'Npcap Loopback Adapter', which means that sendp() will fail. It is possible to restore the Scapy routing table by calling conf.route.resync () after route_add_loopback(), but the result is the same : Wireshark does not sniff the packet on either interface.
Should somebody find some Python piece of code running on Windows 7 that succesfully sends a simple TCP packet on the 'Npcap Loopback Adapter', he would be welcome...
The loopback interface is not a "regular" interface; this is particularly true for Windows.
You can check the route used by Scapy to send the packet by running: packet.route().
If the route displayed does not use the loopback interface, you can try to run (that's windows specific) route_add_loopback() and try again.
Another option would be to use srp1() instead of sr1(), and specify the loopback interface as iface= parameter.
Am trying send email to my server to gmail account with postfix with mail command
echo "check" | mail -s "check" aryan.kingrockzz#gmail.com
and email not comming and error is
Sep 1 05:05:24 ns1 postfix/pickup[23268]: 5EC10A2494: uid=0 from=<root#ns1.sloc.in>
Sep 1 05:05:24 ns1 postfix/cleanup[23345]: 5EC10A2494: message-id=<20160901120524.5EC10A2494#sloc.in>
Sep 1 05:05:24 ns1 postfix/qmgr[23269]: 5EC10A2494: from=<root#ns1.sloc.in>, size=326, nrcpt=1 (queue active)
Sep 1 05:05:24 ns1 postfix/error[23338]: 5EC10A2494: to=<aryan.kingrockzz#gmail.com>, relay=none, delay=0.01, delays=0.01/0/0/0, dsn=4.4.1, status=deferred (delivery temporarily suspended: connect to alt2.gmail-smtp-in.l.google.com[173.194.219.26]:25: No route to host)
Outgoing traffic on Port 25 might be blocked by your ISP. Quite commonplace.
As the error message says: Your machine cannot reach the target system on port 25.
Try manually:
telnet alt2.gmail-smtp-in.l.google.com 25
You need to check your internet connection first.
Then find out the interface that internet connection is on. lets assume its eth0
ip route list
if you don't have a default route on that interface, you need to add one.
sudo ip route add default dev eth0
and then postqueue -f to retry the deferred email or try sending a new one.
if you are using a vpn connection to connect your server to the internet your interface probably is ppp0 , you can check that via ip a command.
I have the network configuration as follows
I have tried to ping 192.168.1.100 to 192.168.1.101 and it succeeds.
I have tried to ping 192.168.50.100 to 192.168.50.101 which is on vlan 50 and it fails.
The simulation diagram showed arp is not being forwarded from switch1 to switch2.
I have configured both the sides of switch to trunk.
I am just learning on vlans and trunking.
Can anybody please explains what is the configuration I am missing?
If i remove switch1 and connect switch0 to switch2 everything works fine.
EDIT
Switch0 vlan configuration.
Switch1 vlan configuration.
Switch2 vlan configuration
You have to add at switch0 and switch2 in the assigned ports, in my case:
Switch0(config-if)#int fastEthernet0/2
Switch0(config-if)#switchport access vlan 50
Switch0(config-if)#switchport mode access
Switch2(config-if)#int fastEthernet0/3
Switch2(config-if)#switchport access vlan 50
Switch2(config-if)#switchport mode access
You can also add vlan 50 to switch1 (I don't know how you have it).
Switch1(config)#vlan 50
Switch1(config-vlan)#name VLAN0050
Switch1(config-vlan)#exit
Switch1(config)#
where the Ethernet cable connects from the PC to the switch.
As you can see PC0 goes to PC2 successfully and PC1 goes to PC3 successfully.
Write This Command on Switch 0 & 2 :
Switch#configure terminal
Switch(config)#vlan 50
Switch(config-vlan)#name test
Switch(config-vlan)#exit
Switch(config)#interface fastEthernet 0/2
Switch(config-if)#switchport mode access
Switch(config-if)#switchport access vlan 50
Switch(config-if)#exit
Switch(config)#interface fastEthernet 0/3
Switch(config-if)#switchport mode trunk
Switch(config-if)#exit
Switch(config)#exit
Switch#write memory
Switch 1 :
in Switch 1 You Must Define Vlan's or You Can Delete This Switch and Connect Switch 0 & 2 Direct With Trunk or You Have Anoter Option Like VTP mode .
Whatever This Command Write On Switch 1 :
Switch(config)#interface fastEthernet 0/1
Switch(config-if)#switchport mode trunk
Switch(config-if)#exit
Switch(config)#interface fastEthernet 0/2
Switch(config-if)#switchport mode trunk
Switch(config-if)#exit
Switch(config)#vlan 50
Switch(config-vlan)#name test
Switch(config-vlan)#exit
Switch(config)#exit
Switch#write memory