Xserve routing en0 external and en1 internal network
Hi, sorry if this is a duplicate, but I've run into trouble trying to use the two NICs to route internet traffic.
I've got the Xserve seeing the internet and the internal network.
en0 (external facing) is 192.168.2.5, subnet 255.255.255.0, gateway 192.168.2.1 (which is the DSL router).
en1 (internal facing) is at 192.168.1.11, subnet 255.255.255.0, gateway ??? (what should this be? should it be en0/192.168.2.5?)
DHCP setup clients get 192.168.1.11 as default gateway.
So clients gateway to en1, en1 gateways to en0, en0 gateways to the router, router gateways to the internet?
thanks, jhb
>So if the Xserve is handing out DHCP and acting as Firewall, I thought all the traffic has to be routed through the server.
If it's acting as a DHCP server, no - it can serve DHCP to clients on en0 - just make sure you turn off the DHCP server in your router first, though.
If you want it to run as a firewall then yes - it can only filter traffic that passes through it. You're going to run into problems though if you want any incoming traffic to get to internal hosts - the double NAT setup (one NAT at the router, and other at the XServe) is going to make that trickier.
At the end of the day it's your call but most NAT routers perform adequate firewall functions for most people.
Similar Messages
-
RSRV - error - 0MATERIAL is in external and not internal forma
Hi,
When i do the RSRV for material in my system i get the following errors
1) Value 0100001808 for char. 0MATERIAL is in external and not internal format
2) Value in SID table 0109/ correct value 000000000000000109/ SID in SID table 57961
how to resolve the errors ? any idea
Regards,
BWerHello BWer,
If you cannot make the change in OMSL, you will have to convert the material numbers in a transformation when loading. As per note 555675, the settings in R/3 and BW must be identical.
If the source is an SAP system, it is expected that the material number will have the correct format and the conversion exit will not be called. If the settings are not the same as per note 555675, you will entounter problems.
Best Regards,
Vincent -
Two iPhoto '08 Libraries, One External and One Internal...
Hello,
I have Two iPhoto '08 Libraries, One External and One Internal. I moved my original iPhoto library to my external HD and all was good. Now about six months later I am noticing that I have two libraries, the external one is 15.8 gigs and the internal one is 17.66 gigs. Can I merge these and how or are one of these an older version of the library that I could delete? Any assistance would be great!
Thanks,
PetePete
Welcome to the Apple user discussion forums
are one of these an older version of the library that I could delete?
Sorry - these are user forums - not physic users forum
my best guess is that you never directed iPhoto to use the external library and that is is a back up of your old library and that your internal library is the complete library - but that is just a guess
To switch libraries and look at the launch iPhoto while depressing the option (alt) key and use the select library function - once you figure out what you have you can delete the old or or use iPhoto library manager - http://www.fatcatsoftware.com/iplm/ - to move photos between them
LN -
I bought a very good condition, used macbook pro 4.1. While attempting to transfer files from one of my external drives, some how I erased both the external drive and the internal drive. I didn'y get install disks with it either. I am in a huge panic as I am a 3D graphics designer and had over 5 years woth of work on the external. Can anyone help please? Hopefully something that won't cost anything as I am totally broke, and gonna be much worse if I can't retrieve my client's property
My computer is not working, is my personal data lost?
.Create a data recovery/undelete external boot drive
Erase, formatting, OS X installs on Mac's -
Using two hard drives - one external and one internal
As my macbook pro only has 100 gig HD I keep my most recent photos on that HD and edit the photos when I have the time on travel. I then have a 500gig external firewire drive with older photos. My question is two fold
1. Do I have to keep re-setting the preference for the startup library to switch between the two or can I see both at the same time?
2. At this point I can only see one library at the time, how then can I move my current images into the external drive, or asked another way, how can I merge the two libraries?
I receive version 2.0 today, but I can't think I am the only one with this issue, nevertheless, I can't find much about the topic.
Thanks for your helpThe biggest reason I wanted to do it was that for 2007 I took all my photos and put them in a project by month - so I have 12 project folders taking up all this space. Whereas, my older years, going back to 2002, they are in folders for each month in a project for the year. I did this when I bought aperture and moved my files over from Nikon View. All my other years where on my other library and my 2007 was on my library on the computer. So essentially I'd like to collapse the 2007 projects into one main area.
Make sense?
Thanks for al your help. What a great resource. -
My mid-2010 iMac (Snow Leopard) has been freezing with a spinning wheel within 10 minutes of startup for about a week. I can only force it to shut down by holding the power button - nothing else functions at that point.
I've been to the Genius Bar 3 times, with no findings. They did an overnight diagnostic, and found nothing wrong. They reinstalled Mac OS X, and before I even restored, it was still misbehaving. I can't recreate it at the Apple Store, but it does it without fail at home. At length, I believe I've narrowed it down to the Wifi/router combo unit and the iMac network card. When I turn off the router (entirely or just "turn off" the wifi), it oeprates normally. If I turn off the ethernet (BOTH en 0 and en 1 - if either of them is on, I have problems), it operates normally. If I have them both on, it will freeze. What on earth?
It doesn't matter whether the iMac is actually CONNECTED by wifi or ethernet. Merely having them both TURNED ON is enough to cause the freezing. Has anyone heard of this? I can't seem to find anything on it. My only recourse seems to be asking my DSL provider for a new router and seeing if that helps.
Any other suggestions? Thanks!I can't recreate it at the Apple Store, but it does it without fail at home.
That's because when troubleshooting no devices should be connected except for the keyboard.
You seem to have narrowed it down to your router. Suggest that you call the router manufacturer to find out what the problem is. If the router came from your ISP, call their tech support dept. -
WAP and VLANs (Minimal Network)
What is she using for her firewall? I did this for a client and used the awesome features in the WatchGuard firewall I sourced for them. It has multiple interfaces and allows for simple configuration for this feature. Because it happens at the firewall, you can use any WAP.
It also includes a captive portal, so users have to accept terms before connecting. You can add other features like a Web Proxy and Application Control to block certain types of sites and apps (like netflix, inappropriate content, etc.)OK, my client has a small network, just one HP switch. I think it's an 1820, but not sure.
Anyways, she wants a WAP that can dish out a "Guest" network which would only have Internet access, and an "Internal" network that would let users access onsite servers and still have Internet access.
If my WAP would let me hand out DHCP and the like, I could set guest to 172.168.10.x and make the def gw the outside IP address (since internally they run a 192.168.x.x scheme). And the Internal, I could just have the server serve up DHCP leases and everything would be good.
I think.
Anyone done this, and can recommend a WAP that could do this, if not most of it?
This topic first appeared in the Spiceworks Community -
Routing and Remote access - internal network not accessing internet through public network!
Hello,
Good Evening to all.
I got an issue in routing and remote access on windows 2003 server. This server is already configured as File server, domain server and Application server. Also configured as router (through routing & remote access) for connecting three different
network to each other. So This server has three NIC card installed and each NIC card represent separate network.
three different network are - 192.42.160.0/24 , 192.42.161.0/24, 192.42.162.0/24
Three NIC card installed on server as with following IP address -
NIC -1 = 192.42.160.220 , Sub- 255.255.255.0 , Gateway - NO
NIC -2 = 192.42.161.220 , Sub- 255.255.255.0 , Gateway - 192.161.220.112 (This ip for internet access so 4g router IP)
NIC -3 = 192.42.162.220, , Sub- 255.255.255.0 , Gateway - NO
Now the issue is I can reach to internet & (also pinging to router ip 192.42.161.112) from only one network that is - 192.42.161.0/24 , BUT when I trying to access internet from another two network (192.42.160.0/24 & 192.42.162.0/24) I cant access
it and moreover can't ping to internet router ip - 192.42.161.112...
So how I can access to internet from other two network also?
I was already configured static routing for all three network but still I was not success. really I don't know what exactly static routing it should be done in routing & remote access so that all three network can reach to internet?
Sorry if I am not able to explain properly. Please let me know if you need more explain on this...
Thanks to all.Dear Milos,
I am happy to hear from you....
1.- Actually the setup was done long before by another guy and right now I don't want to change it.
Nice to hear from you! Thank you so much. Actually this is first time I am using technet forum upon the suggestion from one of the my friend. So any your help from you will help me a great in this issue...
I ran the route print command and given follow are the results.
I have only added the default route as per the below routes. Please guide me know how to add other static routes for three network.
D:\Documents and Settings\Administrator>route print
IPv4 Route Table
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 30 05 ad 8f 5c ...... Broadcom NetXtreme Gigabit Ethernet - Teefer2 Mi
niport
0x3 ...00 0e 0c a7 c4 f8 ...... Intel(R) PRO/1000 GT Desktop Adapter - Teefer2 M
iniport
0x4 ...00 0e 0c a7 c5 85 ...... Intel(R) PRO/1000 GT Desktop Adapter #2 - Teefer
2 Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.42.161.112 192.42.161.220 1
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.42.160.0 255.255.255.0 192.42.160.220 192.42.160.220 20
192.42.160.220 255.255.255.255 127.0.0.1 127.0.0.1 20
192.42.160.255 255.255.255.255 192.42.160.220 192.42.160.220 20
192.42.161.0 255.255.255.0 192.42.161.220 192.42.161.220 20
192.42.161.220 255.255.255.255 127.0.0.1 127.0.0.1 20
192.42.161.255 255.255.255.255 192.42.161.220 192.42.161.220 20
192.42.162.0 255.255.255.0 192.42.162.220 192.42.162.220 20
192.42.162.220 255.255.255.255 127.0.0.1 127.0.0.1 20
192.42.162.255 255.255.255.255 192.42.162.220 192.42.162.220 20
224.0.0.0 240.0.0.0 192.42.160.220 192.42.160.220 20
224.0.0.0 240.0.0.0 192.42.161.220 192.42.161.220 20
224.0.0.0 240.0.0.0 192.42.162.220 192.42.162.220 20
255.255.255.255 255.255.255.255 192.42.160.220 192.42.160.220 1
255.255.255.255 255.255.255.255 192.42.161.220 192.42.161.220 1
255.255.255.255 255.255.255.255 192.42.162.220 192.42.162.220 1
Default Gateway: 192.42.161.112
===========================================================================
Persistent Routes:
None
Regards & Thanks
Mahesh -
Access to application when external and internal address of EP are differen
I have a problem with access to application in portal. I deployed the application (ear) and it is available by address http://noss.inside.bcc.com.pl:54100/forum/index.jsp in our intranet. External address of portal is https://portal.bcc.com.pl. My application is unavailable outside the company, because in url iView there is an address of internal network. I've tried to use relative address /forum/index.jsp, but it doesn't work. Is there any kind of iView, which can solve my problem?
Hi Julia,
have a look at this Topic: <a href="https://forums.sdn.sap.com/thread.jspa?threadID=65920">How does portal connect a user to internal web site</a>. Basically it is the same problem. Unfortunately Jeremy had not described the solution in detail.
Regards
Gregor -
WRV200 - Problems with VPN Client and Internal network access
I have a WRV200 router and want to access the internal (Private Network) connected on the inside. I have successfully conected to the router with the Linksys VPN Client, but it does not appear to allow access to the internal network.
How do I enable NAT Transversal or Passthru? I have already selected all of the PPTP, L2TP and IPSEC Pass Through.
Has anyone gotten this to work?I have actually gotten this to work. Issues surround this include the ability to get to the VPN if the main DNS is down (it does not fail over to the next DNS in the list).
If you unselect all of the boxes in the firewall General configuration, you can connect, but if you need to have all of this unchecked, what's the sense of having it?
Anyway, you can use the DoS Prevention, this is not interfering.
HTH. -
Cisco ASA 5505 Routing between internal networks
Hi,
I am new to Cisco ASA and have been configuring my new firewall but one thing have been bothering. I cannot get internal networks and routing between them to work as I would like to. Goal is to set four networks and control access with ACL:s between those.
1. Outside
2. DMZ
3. ServerNet1
4. Inside
ASA version is 9.1 and i have been reading on two different ways on handling IP routing with this. NAT Exempt and not configuring NAT at all and letting normal IP routing to handle internal networks. No matter how I configure, with or without NAT I cannot get access from inside network to DMZ or from ServerNet1 to DMZ. Strange thing is that I can access services from DMZ to Inside and ServerNet1 if access list allows it. For instance DNS server is on Inside network and DMZ works great using it.
Here is the running conf:
interface Ethernet0/0
switchport access vlan 20
interface Ethernet0/1
switchport access vlan 20
interface Ethernet0/2
switchport access vlan 19
interface Ethernet0/3
switchport access vlan 10
switchport trunk allowed vlan 10,19-20
switchport trunk native vlan 1
interface Ethernet0/4
switchport access vlan 10
interface Ethernet0/5
switchport access vlan 10
switchport trunk allowed vlan 10-11,19-20
switchport trunk native vlan 1
switchport mode trunk
interface Ethernet0/6
switchport access vlan 10
switchport trunk allowed vlan 10-11,19-20
switchport trunk native vlan 1
switchport mode trunk
interface Ethernet0/7
switchport access vlan 10
interface Vlan10
nameif inside
security-level 90
ip address 192.168.2.1 255.255.255.0
interface Vlan11
nameif ServerNet1
security-level 100
ip address 192.168.4.1 255.255.255.0
interface Vlan19
nameif DMZ
security-level 10
ip address 192.168.3.1 255.255.255.0
interface Vlan20
nameif outside
security-level 0
ip address dhcp setroute
ftp mode passive
clock timezone EEST 2
clock summer-time EEDT recurring last Sun Mar 3:00 last Sun Oct 4:00
object network obj_any
subnet 0.0.0.0 0.0.0.0
object network obj-192.168.2.0
subnet 192.168.2.0 255.255.255.0
object network obj-192.168.3.0
subnet 192.168.3.0 255.255.255.0
object network DNS
host 192.168.2.10
description DNS Liikenne
object network Srv2
host 192.168.2.10
description DC, DNS, DNCP
object network obj-192.168.4.0
subnet 192.168.4.0 255.255.255.0
object network ServerNet1
subnet 192.168.4.0 255.255.255.0
object-group protocol TCPUDP
protocol-object udp
protocol-object tcp
object-group network RFC1918
object-group network InternalNetworks
network-object 192.168.2.0 255.255.255.0
network-object 192.168.3.0 255.255.255.0
object-group service DM_INLINE_SERVICE_1
service-object tcp destination eq domain
service-object udp destination eq domain
service-object udp destination eq nameserver
service-object udp destination eq ntp
object-group service DM_INLINE_TCP_1 tcp
port-object eq www
port-object eq https
port-object eq ftp
port-object eq ftp-data
object-group service rdp tcp-udp
description Microsoft RDP
port-object eq 3389
object-group service DM_INLINE_TCP_2 tcp
port-object eq ftp
port-object eq ftp-data
port-object eq www
port-object eq https
object-group service DM_INLINE_SERVICE_2
service-object tcp destination eq domain
service-object udp destination eq domain
object-group network DM_INLINE_NETWORK_1
network-object object obj-192.168.2.0
network-object object obj-192.168.4.0
access-list dmz_access_in extended permit ip object obj-192.168.3.0 object obj_any
access-list dmz_access_in extended deny ip any object-group InternalNetworks
access-list DMZ_access_in extended permit object-group TCPUDP object obj-192.168.3.0 object DNS eq domain
access-list DMZ_access_in extended permit object-group TCPUDP object obj-192.168.3.0 object-group DM_INLINE_NETWORK_1 object-group rdp
access-list DMZ_access_in extended deny ip any object-group InternalNetworks
access-list DMZ_access_in extended permit tcp object obj-192.168.3.0 object obj_any object-group DM_INLINE_TCP_2
access-list inside_access_in extended permit ip object obj-192.168.2.0 object-group InternalNetworks
access-list inside_access_in extended permit object-group TCPUDP object obj-192.168.2.0 object obj_any object-group rdp
access-list inside_access_in extended permit tcp object obj-192.168.2.0 object obj_any object-group DM_INLINE_TCP_1
access-list inside_access_in extended permit object-group DM_INLINE_SERVICE_1 object Srv2 object obj_any
access-list inside_access_in extended permit object-group TCPUDP object obj-192.168.2.0 object obj-192.168.3.0 object-group rdp
access-list ServerNet1_access_in extended permit object-group DM_INLINE_SERVICE_2 any object DNS
access-list ServerNet1_access_in extended permit ip any any
pager lines 24
logging enable
logging asdm informational
mtu ServerNet1 1500
mtu inside 1500
mtu DMZ 1500
mtu outside 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-711-52.bin
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
nat (inside,DMZ) source static obj-192.168.2.0 obj-192.168.2.0 destination static obj-192.168.2.0 obj-192.168.2.0 no-proxy-arp
object network obj_any
nat (inside,outside) dynamic interface
nat (DMZ,outside) after-auto source dynamic obj_any interface destination static obj_any obj_any
nat (ServerNet1,outside) after-auto source dynamic obj-192.168.4.0 interface
access-group ServerNet1_access_in in interface ServerNet1
access-group inside_access_in in interface inside
access-group DMZ_access_in in interface DMZ
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
user-identity default-domain LOCAL
aaa authentication ssh console LOCAL
http server enable
http 192.168.2.0 255.255.255.0 inside
http 192.168.4.0 255.255.255.0 ServerNet1
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
crypto ipsec security-association pmtu-aging infinite
crypto ca trustpool policy
telnet timeout 5
ssh 192.168.4.0 255.255.255.0 ServerNet1
ssh 192.168.2.0 255.255.255.0 inside
ssh timeout 5
console timeout 0
dhcpd auto_config outside
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
inspect icmp
service-policy global_policy global
prompt hostname context
no call-home reporting anonymousHi Jouni,
Yep, Finnish would be good also =)
In front of ASA is DSL modem, on the trunk ports is Hyper-V host that uses the trunk ports so that every VM has their VLAN ID defined in the VM level. Everything is working good on that end. Also there is WLAN Access Pois on one of the ASA ports, on the WLAN AP there is the management portal address on DMZ that i have been testing agains (192.168.3.4)
If i configure Dynamic PAT from inside to the DMZ then the traffic starts to work from inside to all hosts on DMZ but thats not the right way to do it so no shortcuts =)
Here is the conf now, still doesnt work:
interface Ethernet0/0
switchport access vlan 20
interface Ethernet0/1
switchport access vlan 20
interface Ethernet0/2
switchport access vlan 19
interface Ethernet0/3
switchport access vlan 10
switchport trunk allowed vlan 10,19-20
switchport trunk native vlan 1
interface Ethernet0/4
switchport access vlan 10
interface Ethernet0/5
switchport access vlan 10
switchport trunk allowed vlan 10-11,19-20
switchport trunk native vlan 1
switchport mode trunk
interface Ethernet0/6
switchport access vlan 10
switchport trunk allowed vlan 10-11,19-20
switchport trunk native vlan 1
switchport mode trunk
interface Ethernet0/7
switchport access vlan 10
interface Vlan10
nameif inside
security-level 90
ip address 192.168.2.1 255.255.255.0
interface Vlan11
nameif ServerNet1
security-level 100
ip address 192.168.4.1 255.255.255.0
interface Vlan19
nameif DMZ
security-level 10
ip address 192.168.3.1 255.255.255.0
interface Vlan20
nameif outside
security-level 0
ip address dhcp setroute
ftp mode passive
clock timezone EEST 2
clock summer-time EEDT recurring last Sun Mar 3:00 last Sun Oct 4:00
object network obj_any
subnet 0.0.0.0 0.0.0.0
object network obj-192.168.2.0
subnet 192.168.2.0 255.255.255.0
object network obj-192.168.3.0
subnet 192.168.3.0 255.255.255.0
object network DNS
host 192.168.2.10
description DNS Liikenne
object network Srv2
host 192.168.2.10
description DC, DNS, DNCP
object network obj-192.168.4.0
subnet 192.168.4.0 255.255.255.0
object network ServerNet1
subnet 192.168.4.0 255.255.255.0
object-group protocol TCPUDP
protocol-object udp
protocol-object tcp
object-group network RFC1918
object-group network InternalNetworks
network-object 192.168.2.0 255.255.255.0
network-object 192.168.3.0 255.255.255.0
object-group service DM_INLINE_SERVICE_1
service-object tcp destination eq domain
service-object udp destination eq domain
service-object udp destination eq nameserver
service-object udp destination eq ntp
object-group service DM_INLINE_TCP_1 tcp
port-object eq www
port-object eq https
port-object eq ftp
port-object eq ftp-data
object-group service rdp tcp-udp
description Microsoft RDP
port-object eq 3389
object-group service DM_INLINE_TCP_2 tcp
port-object eq ftp
port-object eq ftp-data
port-object eq www
port-object eq https
object-group service DM_INLINE_SERVICE_2
service-object tcp destination eq domain
service-object udp destination eq domain
object-group network DM_INLINE_NETWORK_1
network-object object obj-192.168.2.0
network-object object obj-192.168.4.0
object-group network DEFAULT-PAT-SOURCE
description Default PAT source networks
network-object 192.168.2.0 255.255.255.0
network-object 192.168.3.0 255.255.255.0
network-object 192.168.4.0 255.255.255.0
access-list dmz_access_in extended permit ip object obj-192.168.3.0 object obj_any
access-list dmz_access_in extended deny ip any object-group InternalNetworks
access-list DMZ_access_in extended permit object-group TCPUDP object obj-192.168.3.0 object DNS eq domain
access-list DMZ_access_in extended permit object-group TCPUDP object obj-192.168.3.0 object-group DM_INLINE_NETWORK_1 object-group rdp
access-list DMZ_access_in extended deny ip any object-group InternalNetworks
access-list DMZ_access_in extended permit tcp object obj-192.168.3.0 object obj_any object-group DM_INLINE_TCP_2
access-list inside_access_in extended permit ip object obj-192.168.2.0 object-group InternalNetworks
access-list inside_access_in extended permit object-group TCPUDP object obj-192.168.2.0 object obj_any object-group rdp
access-list inside_access_in extended permit tcp object obj-192.168.2.0 object obj_any object-group DM_INLINE_TCP_1
access-list inside_access_in extended permit object-group DM_INLINE_SERVICE_1 object Srv2 object obj_any
access-list inside_access_in extended permit object-group TCPUDP object obj-192.168.2.0 object obj-192.168.3.0 object-group rdp
access-list ServerNet1_access_in extended permit object-group DM_INLINE_SERVICE_2 any object DNS
access-list ServerNet1_access_in extended permit ip any any
pager lines 24
logging enable
logging asdm informational
mtu ServerNet1 1500
mtu inside 1500
mtu DMZ 1500
mtu outside 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-711-52.bin
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
nat (any,outside) after-auto source dynamic DEFAULT-PAT-SOURCE interface
access-group ServerNet1_access_in in interface ServerNet1
access-group inside_access_in in interface inside
access-group DMZ_access_in in interface DMZ
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
user-identity default-domain LOCAL
aaa authentication ssh console LOCAL
http server enable
http 192.168.2.0 255.255.255.0 inside
http 192.168.4.0 255.255.255.0 ServerNet1
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
crypto ipsec security-association pmtu-aging infinite
crypto ca trustpool policy
telnet timeout 5
ssh 192.168.4.0 255.255.255.0 ServerNet1
ssh 192.168.2.0 255.255.255.0 inside
ssh timeout 5
console timeout 0
dhcpd auto_config outside
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
inspect icmp
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous -
Using DNS Services on an internal network and still using an outside DNS
I have just started using Mac OSX Server for the first time and I am trying to set up an internal DNS server so I can set up an LDAP Directory master and replica. However, I am running into some problems in setting up the DNS server on our network.
This is where it gets a little confusing to me here and i have to explain some things. We have a shared web hosting ISP, which means that our mail services and web hosting services are not hosted on site. To access our mail services using a FQDN I would point Outlook to mail.xxx-xxx.net. However, I want to use that domain, xxx-xxx.net, as our internal network as well because it is the name of our company.
I can get all of the DNS names to propogate to their assigned IP's on the internal network and can ping everything using fully qualified domain names, but whenever I go to use services such as mail., it cannot find the server which is hosting that service because it is obviously not on our internal network. This makes sense that I cannot ping it, but how do I set up the alias mail.xxx-xxx.net to point to the ip address of the mail servers hosted by our ISP instead of something hosted on our internal network?
Sorry I can't clarify better, I'll try some cliff's instead;
1) Trying to set up internal dns server so I can use LDAP Directory Master and Replica Services.
2) The domain, xxx-xxx.net is currently being used for web hosting and mail services not hosted at our site.
3) Want to use the domain xxx-xxx.net as our internal domain because it is the name of our company, and eventually we will be hosting our own content.
4) Can set up internal DNS server and get all IP's to propagate just fine, but services such as mail.xxx-xxx.net cannot be used because they are not hosted on the internal network.
5) How do I set up DNS to point certain services to point to an external DNS servers, or to the IP address of the server itself so I don't have to use the ip address i.e. mail.216.256.33.24?Ok I got it
Here's my walkthrough for all the other tormented souls, that might find this thread and require help:
Introduction:
Internet-card: ra0 192.168.16.64
Internet-gateway, nameserver 192.168.16.1
local-network-card eth1 192.168.15.1
[1] modprobe capabilty
-> /etc/rc.conf
[2] pacman -S
* dhcpd (DHCP daemon)
* bind (Berkeley Domain Name Server)
[3] vi /etc/dhcpd.conf
ddns-update-style ad-hoc;
option domain-name "example.org";
option domain-name-servers ns1.example.org, ns2.example.org;
default-lease-time 600;
max-lease-time 7200;
subnet 192.168.15.0 netmask 255.255.255.0
# --- default gateway
option routers 192.168.15.1;
option subnet-mask 255.255.255.0;
option broadcast-address 192.168.15.255;
option domain-name-servers 192.168.15.1;
range 192.168.15.2 192.168.15.254;
default-lease-time 21600;
max-lease-time 43200;
[4] vi /etc/named.conf
acl micro
192.168.15.0/24;
options {
directory "/var/named";
pid-file "/var/run/named/named.pid";
auth-nxdomain yes;
datasize default;
allow-query{ micro; };
allow-recursion { micro; };
[5]
/etc/rc.d/dhcpd start
/etc/rc.d/named start
-> rc.conf
[6] iptables
vi /etc/sysctl.conf
net.ipv4.ip_forward = 1
iptables -t nat -A POSTROUTING -o ra0 -j SNAT --to 192.168.16.64
iptables -A INPUT -j DROP -m state --state NEW,INVALID -i ippp0
iptables -A FORWARD -j DROP -m state --state NEW,INVALID -i ippp0
make it a script that is run in /etc/rc.local -
E7-00 and SIP over Internal Network (WiFi)
Hey all, maybe someone here knows something more about it.
I want to use an Sip account in our internal Network via WiFi. Our Telephone-Central (Panasonic TDE-100) supports connections to it via Sip (internal SIP-Server).
I can connect with my User-Account and it says connected.
I can make calls into the internal Telephone-Network
Now the Problem:
I cannot be called internal. The TDE is sending an INVITE to the E7 and the E7 declines it when a call is coming in.
I have also an external SIP Account with another Provider. That one works as it should.
Our Technical assistance for the TDE has no idea, neither the their technical guys from Panasonic.Welcome to the Apple Community.
I'm not sure whether an Apple TV can connect to a wifi hotspot, however even if it could you are going to experience extremely slow downloads and reach your devices data limits very quickly.
This is not a practical way to use an Apple TV. -
Router to Router VPN with Overlapping internal networks
Hello Experts,
One quick question. How do I configure a Router to Router VPN with overlapping internal networks???
Both of my internal networks have ip address of 192.168.10.0 and 192.168.10.0
Any link or config will be appreciated. I've been looking but no luck.
Thanks,
RandallRandall,
Please refer the below URL for configuration details:
Configuring an IPSec Tunnel Between Routers with Duplicate LAN Subnets
http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a00800b07ed.shtml
Let me know if it helps.
Regards,
Arul
** Please rate all helpful posts ** -
Internal Corporate wireless and guest wireless network
I need some technical information on hwo the wireless guest network is created on the Airport Extreme. We currently do not permit personal wireless devices to connect to our internal wireless network in order to protect out data. Several times users have presented us with justifiable business requests to have access to the wireless network from their own devices. We've been looking at using the Airport Extreme in order to do this, but we are bound by PCI (Payment Card Industry) requirements to keep our customer credit card data secure. PCI regulations do not consider VLAN a secure way of keeping the data isolated. Does anyone have any technical information on how the device creates the guest wireless network ?
Two or three of these on each floor would fit our need for such access and keep out customer data secure.
ThanksWelcome to the discussion area!
+PCI regulations do not consider VLAN a secure way of keeping the data isolated. Does anyone have any technical information on how the device creates the guest wireless network ?+
I spoke to Apple Support some time ago and was told that Apple uses VLAN to create the Guest network, and also that formal documentation was not available on this topic. I was referred to the AirPort Extreme Specifications for available information.
This was some time ago, so if you need more up to date info, you might want to try to contact Apple to see if they are willing to share more information about this feature. Although, since VLAN is used, your question may already be answered.
FWIW, to use the Guest Network feature in a home situation, the AirPort Extreme must be set up as the main router controlling DHCP and NAT on the network. If you were thinking of installing the AirPort Extreme behind another router, the Guest Network feature would not be available in this type of configuration.
Maybe you are looking for
-
How to get the folder name of selected subitem in tree structure?
Hi All, I created a tree structure like below. ->Folder1-- 1 2 3 ->Folder2-----1 2 3 i.e i have two
-
Best practise for creating an application that connects to a SQL Server database
I have created an application that connects to a SQL Server database and views information using a datagrid and performs several updates when a button is selected. I have created a SQLcontrol.vb using the following code: Imports System.Data.Sql Imp
-
Linking to a page in another pdf
Using ID, is it possible to create a pdf that will have a link to a specific page in another pdf?
-
Is there a method for adding a character to a string?
Hello, is there a String method to add a Char to a String given the character number on the string? EXAMPLE: String text = "hello world" I'd like to add a comma after the the 'o' (4th character) so I that text reads: "hello, world" is there something
-
E-MU USB 0404, what the hell is taking so long with Windows 7 drivers?
Windows 7 beta was out ages ago, the RC has been out for some time. WTF is taking so long? Someone want to tell the developers I have a $200 USB audio device that I can't use with my operating system and to get off their lazy asses and put at least a