View previous topic :: View next topic |
Author |
Message |
szatox Advocate
Joined: 27 Aug 2013 Posts: 3134
|
Posted: Sun Feb 21, 2016 6:14 pm Post subject: |
|
|
Quote: | So in case of ransomeware gets in, it can encrypting all database! Even if it is not root... | Dude, such a thing is just a computer program. All programs do exactly the same thing: they read data, they process it, and they write it back. There is no way to say what the result of this processing is. At least, there is no way for another program to say it: you must be intelligent to predict the outcome. Computers are not intelligent.
There is a good news for you though: databases tend to use their data files, and they do that by keeping them open. You can run a test on a separate instance and check if the files are locked. On windows all programs by default set full locks on any files they open. On linux it's different, but it's still possible to prevent other programs from writing to a file you're using.
Quote: | You can set Linux to execute email attachments ... but why would you?
Where this option is exist - I mean, how to check if it is not active... | Have you deliberately configured it in a way that allows executing attachments directly from emails? If no, then it's not active
Setting no-exec for all user-writable locations is a bonus that would protect you from any running other programs that were not installed there by root. |
|
Back to top |
|
|
pmam Veteran
Joined: 30 Dec 2013 Posts: 1145
|
Posted: Sun Feb 21, 2016 7:24 pm Post subject: |
|
|
Quote: | Dude, such a thing is just a computer program. |
I see - no way to distinguish encrypting... I thought it is an operator or algorithm that can be identified - So I thought...
noexec will be consider positively...
BTW: Is rsnapshot a useful backup application? I saw it in this wiki: https://wiki.gentoo.org/wiki/Backup
Thanks _________________ “You can take our property, our sweet homes, even our cloths...
But don't touch the streets, Ah, That's NO, NO, NO!
The streets are our @world's compilable kernel ...” |
|
Back to top |
|
|
gordonb3 Apprentice
Joined: 01 Jul 2015 Posts: 185
|
Posted: Sun Feb 21, 2016 7:43 pm Post subject: |
|
|
NeddySeagoon wrote: |
The definition of having a backup is that you have a spare copy. With exactly two copes, that's your working copy and one spare.
When your working copy is destroyed, you have only one copy, so you no longer have a backup.
|
That is assuming the backup is a direct working copy. Normally you would use a backup to restore files to the original system or create a starter set for a newly built system in case the old one somehow became unrecoverable. I suppose you are referring to a redundancy cluster? In that case you are correct that a second backup should exist.
pmam wrote: | BTW: Is rsnapshot a useful backup application? |
Absolutely. It is essentially a wrapper for rsync that allows for easy creation of rotation scheme's. Which may in fact pose to be a limit if you want to set up something a bit more complicated. |
|
Back to top |
|
|
NeddySeagoon Administrator
Joined: 05 Jul 2003 Posts: 54234 Location: 56N 3W
|
Posted: Sun Feb 21, 2016 8:02 pm Post subject: |
|
|
gordonb3,
Its more the on site backup and off site backup concept.
When at any time, for whatever reason, you are down to a single copy, you no longer have a backup. _________________ Regards,
NeddySeagoon
Computer users fall into two groups:-
those that do backups
those that have never had a hard drive fail. |
|
Back to top |
|
|
gordonb3 Apprentice
Joined: 01 Jul 2015 Posts: 185
|
Posted: Sun Feb 21, 2016 9:04 pm Post subject: |
|
|
I understand what you are saying, but again: you are assuming a situation where the backup data can be used as a working set. Particularly when databases are concerned the backup may not be in any running format or the backup machine not capable of serving the database. In many many cases the backup can only be used to restore something, if even a completely new machine. Meaning the backup will still be the backup rather than the new running environment, as would be the case in a redundancy cluster. Which by definition is not a backup at all. |
|
Back to top |
|
|
paul_chany Tux's lil' helper
Joined: 01 Aug 2010 Posts: 82 Location: Europe, Serbia
|
Posted: Sat Mar 12, 2016 9:18 am Post subject: How to access website through LAN and security issues? |
|
|
I red this topic and want to set my home server too to be reachable from the Internet.
I'm connected to my ISP through a cable modem.
Code: | ISP
|
- Cable modem
|-- headless server Bubba2, Gentoo linux ( firewall, router, webserver - nginx )
|-- plug & play Switch
|-- desktop machine, Gentoo linux
|-- raspberry pi 2 RasPi, Gentoo linux ( webserver- nginx ) |
I shall remove webserver from Bubba2 and run webserver only on the RasPi.
I already setup DNAT on Bubba2 to the RasPi webserver - nginx.
I can reach RasPi webserver from the LAN.
I have a registered FQDN so I want to use it on RasPi's webserver.
What must I do more to can the RasPi's webserver reach from the Internet too? _________________ Best, Pali |
|
Back to top |
|
|
NeddySeagoon Administrator
Joined: 05 Jul 2003 Posts: 54234 Location: 56N 3W
|
Posted: Sat Mar 12, 2016 10:25 am Post subject: |
|
|
paul_chany,
A few choices
You need to Destination Network Address Translation (DNAT) port 80 from your public IP to RasPi, so that Web traffic from the internet arrives at RasPi. You may also need to DNAT port 443. That's for https.
You may also choose to forward (no DNAT) packets on port 80/443 RasPi, in which case your webserver needs to listen on your public IP.
That's only useful if you have a static public IP.
If you have a dynamic public IP, you need to sign up to a service like no-ip. They will give you a no-ip. URL that points to your IP, whatever it happens to be at the time.
If your public IP is static, you update the authorative nameservers for your FQDN to point to your static public IP.
Now it gets messy. You should not need to do any of this, but you need to be aware of it.
Some ISPs block some incoming ports. This is to stop you running your own servers.
The work around is to use non-standard ports. This will prevent most users reaching your servers.
In the UK, a lot of cable subscribers don't even have a public IP, Their ISP keeps them behind NAT. Then its game over. You cannot be reached from the internet. _________________ Regards,
NeddySeagoon
Computer users fall into two groups:-
those that do backups
those that have never had a hard drive fail. |
|
Back to top |
|
|
paul_chany Tux's lil' helper
Joined: 01 Aug 2010 Posts: 82 Location: Europe, Serbia
|
Posted: Sat Mar 12, 2016 5:00 pm Post subject: |
|
|
NeddySeagoon wrote: | paul_chany,
A few choices
You need to Destination Network Address Translation (DNAT) port 80 from your public IP to RasPi, so that Web traffic from the internet arrives at RasPi. You may also need to DNAT port 443. That's for https.
If you have a dynamic public IP, you need to sign up to a service like no-ip. They will give you a no-ip. URL that points to your IP, whatever it happens to be at the time.
Now it gets messy. You should not need to do any of this, but you need to be aware of it.
Some ISPs block some incoming ports. This is to stop you running your own servers. |
I have already set up DNAT for HTTP:
Code: | Web(DNAT) net loc:192.168.50.200 |
I have a dynamic public IP and I managed this already on my Bubba2 headless server with a bash shall script.
RasPi has a LAN IP address 192.168.50.200 - it is get this IP address always, this is already managed by dnsmaqs on Bubba2.
How to set up that that RasPi get a public IP address as Bubba2 does? _________________ Best, Pali |
|
Back to top |
|
|
NeddySeagoon Administrator
Joined: 05 Jul 2003 Posts: 54234 Location: 56N 3W
|
Posted: Sat Mar 12, 2016 5:29 pm Post subject: |
|
|
paul_chany,
You don't need a public IP on RasPi. You have DNAT.
If you forward port 80, without DNAT, packets with <Public_IP>:80 appear on your LAN.
RasPi can deal with them. However, it now needs to deal with a dynamic IP address too.
DNAT is a better solution.
When a packet arrives at <Public_IP>:80, its NATted to 192.168.50.200:80
Your router saves this information, so that replies get sent back to original requester. _________________ Regards,
NeddySeagoon
Computer users fall into two groups:-
those that do backups
those that have never had a hard drive fail. |
|
Back to top |
|
|
paul_chany Tux's lil' helper
Joined: 01 Aug 2010 Posts: 82 Location: Europe, Serbia
|
Posted: Sat Mar 12, 2016 5:52 pm Post subject: |
|
|
NeddySeagoon wrote: | paul_chany,
You don't need a public IP on RasPi. You have DNAT.
If you forward port 80, without DNAT, packets with <Public_IP>:80 appear on your LAN.
RasPi can deal with them. However, it now needs to deal with a dynamic IP address too.
DNAT is a better solution.
When a packet arrives at <Public_IP>:80, its NATted to 192.168.50.200:80
Your router saves this information, so that replies get sent back to original requester. |
I already use DNAT on Bubba2 for the RasPi.
Then why can't reach my FQDN http://www.cspl.hu from the Internet? _________________ Best, Pali |
|
Back to top |
|
|
NeddySeagoon Administrator
Joined: 05 Jul 2003 Posts: 54234 Location: 56N 3W
|
Posted: Sat Mar 12, 2016 6:16 pm Post subject: |
|
|
paul_chany,
First, can you browse RasPi from your own LAN.
should return a web page?
Lets check your webserver is working.
If that works, can you browse from outside your network?
This will test the internet to RasPi. If this step fails, either port 80 is blocked or there is something wrong with your network configuration at your end.
Doing gets me Code: | $ ping cspl.hu
PING cspl.hu (192.184.88.81) 56(84) bytes of data.
64 bytes from redirect.webenlet.hu (192.184.88.81): icmp_seq=1 ttl=54 time=160 ms |
From the "redirect.webenlet.hu", it appears that you have not set up your FQDN to point to your public IP address and your registrar is pointing it to redirect until you change it. You need an least an A record.
Now the hard bit. This has to be updated every time your public IP changes.
Until you can browse by IP address, browsing by name won't work either. _________________ Regards,
NeddySeagoon
Computer users fall into two groups:-
those that do backups
those that have never had a hard drive fail. |
|
Back to top |
|
|
paul_chany Tux's lil' helper
Joined: 01 Aug 2010 Posts: 82 Location: Europe, Serbia
|
Posted: Sat Mar 12, 2016 7:06 pm Post subject: |
|
|
NeddySeagoon wrote: | paul_chany,
First, can you browse RasPi from your own LAN.
should return a web page?
Lets check your webserver is working.
If that works, can you browse from outside your network?
This will test the internet to RasPi. If this step fails, either port 80 is blocked or there is something wrong with your network configuration at your end.
Doing gets me Code: | $ ping cspl.hu
PING cspl.hu (192.184.88.81) 56(84) bytes of data.
64 bytes from redirect.webenlet.hu (192.184.88.81): icmp_seq=1 ttl=54 time=160 ms |
From the "redirect.webenlet.hu", it appears that you have not set up your FQDN to point to your public IP address and your registrar is pointing it to redirect until you change it. You need an least an A record.
Now the hard bit. This has to be updated every time your public IP changes.
Until you can browse by IP address, browsing by name won't work either. |
I can browse RasPi from my LAN.
I can't browse http://cspl.hu from my LAN.
I can't browse it from outside mine LAN because I'm at home now.
Can you browse it?
Port 80 is not blocked neither on Bubba2 nor on RasPi.
I'm using Shorewall firewall.
rules on Bubba2 are:
Code: | Web(ACCEPT) net $FW
Web(ACCEPT) loc $FW
Web(DNAT) net loc:192.168.50.200 |
Bubba2 has two interfacws: eth0 for WAN and eth1 for LAN.
and on RasPi:
Code: | Web(ACCEPT) net $FW |
On dns.webenlet.hu there can one add an A record that as default redirect my cspl.hu domain to http://www.cspl.hu URL as default.
One can't add different A record at all.
However, this setup works when my webserver was on Bubba2. _________________ Best, Pali |
|
Back to top |
|
|
NeddySeagoon Administrator
Joined: 05 Jul 2003 Posts: 54234 Location: 56N 3W
|
Posted: Sat Mar 12, 2016 8:39 pm Post subject: |
|
|
paul_chany,
I can both ping cspl.hu and browse http://www.cspl.hu/.
It says Kistechnikusok távképzése and links to the Free Software Foundation.
I thought I recognised shorewall.
The firewall is its own zone in Shorewall, so you have three zones called net, fw and loc.
My rule to do DNAT for my webserver is
Code: | #ACTION SOURCE DEST PROTO DEST
DNAT net dmz:$Web tcp http |
net, dmz, $Web are resolved using the shorewall file fragments below.
/etc/shorewall/params: |
# Local IP of Webserver
Web=192.168.10.123 | so I can write $Web in the rules file.
/etc/shorewall/zones: | ZONE TYPE OPTIONS IN OUT
# OPTIONS OPTIONS
fw firewall
green ipv4
dmz ipv4
blue ipv4
net ipv4 |
/etc/shorewall/interfaces : | #ZONE INTERFACE BROADCAST OPTIONS
net ppp0 -
dmz eth0 - logmartians=1,nosmurfs,routefilter |
http is resolved by consulting /etc/services and tcp is resolved from /etc/protocols. Shorewall does this for free.
If you want me to browse to your webserver, you need to PM me your current public IP. _________________ Regards,
NeddySeagoon
Computer users fall into two groups:-
those that do backups
those that have never had a hard drive fail. |
|
Back to top |
|
|
paul_chany Tux's lil' helper
Joined: 01 Aug 2010 Posts: 82 Location: Europe, Serbia
|
Posted: Sat Mar 12, 2016 8:47 pm Post subject: |
|
|
NeddySeagoon wrote: | paul_chany,
I can both ping cspl.hu and browse http://www.cspl.hu/.
It says Kistechnikusok távképzése and links to the Free Software Foundation.
I thought I recognised shorewall.
The firewall is its own zone in Shorewall, so you have three zones called net, fw and loc.
My rule to do DNAT for my webserver is
Code: | #ACTION SOURCE DEST PROTO DEST
DNAT net dmz:$Web tcp http |
net, dmz, $Web are resolved using the shorewall file fragments below.
/etc/shorewall/params: |
# Local IP of Webserver
Web=192.168.10.123 | so I can write $Web in the rules file.
/etc/shorewall/zones: | ZONE TYPE OPTIONS IN OUT
# OPTIONS OPTIONS
fw firewall
green ipv4
dmz ipv4
blue ipv4
net ipv4 |
http is resolved by consulting /etc/services and tcp is resolved from /etc/protocols
/etc/shorewall/interfaces : | #ZONE INTERFACE BROADCAST OPTIONS
net ppp0 -
dmz eth0 - logmartians=1,nosmurfs,routefilter |
|
All right!
That is mine home page so far: Kistechnikusok távképzése and links to the Free Software Foundation.
Then I can't open the http://cspl.hu only from my LAN.
Can't open it too when using it's IP address, which is at this moment ( remember, it is a dynamic IP ) 95.85.141.171.
However, I can to open it when browse http://192.168.50.200
When my webserver did run on Bubba2 then I was able to open http://cspl.hu from LAN.
Now, when my webserver run on RasPi I can't open neither http://cspl.hu nor http://95.85.141.171 from my LAN.
How can I solve this problem? _________________ Best, Pali |
|
Back to top |
|
|
NeddySeagoon Administrator
Joined: 05 Jul 2003 Posts: 54234 Location: 56N 3W
|
Posted: Sat Mar 12, 2016 8:58 pm Post subject: |
|
|
paul_chany,
Works because 192.168.50.200 is a private IP address on your LAN.
When I browse 95.85.141.171, I get the same page as above. Kistechnikusok távképzése and FSF link.
I think your shorewall rule is incorrect.
Code: | DNAT net loc:192.168.50.200 tcp http |
Fix your rule then restart shorewall.
-- edit --
Code: | $ ping 95.85.141.171
PING 95.85.141.171 (95.85.141.171) 56(84) bytes of data.
^C
--- 95.85.141.171 ping statistics ---
8 packets transmitted, 0 received, 100% packet loss, time 6999ms |
Ping fails too. _________________ Regards,
NeddySeagoon
Computer users fall into two groups:-
those that do backups
those that have never had a hard drive fail. |
|
Back to top |
|
|
paul_chany Tux's lil' helper
Joined: 01 Aug 2010 Posts: 82 Location: Europe, Serbia
|
Posted: Sat Mar 12, 2016 9:16 pm Post subject: |
|
|
NeddySeagoon wrote: | paul_chany,
I think your shorewall rule is incorrect.
Code: | DNAT net loc:192.168.50.200 tcp http |
Fix your rule then restart shorewall. |
I found the rule I'm using from here:
http://www.shorewall.net/two-interface.htm#DNAT
Code: | Web(DNAT) net loc:192.168.50.200 |
I think this is the same rule as
Code: | DNAT net loc:192.168.50.200 tcp http |
However, I tried booth without success.
Still can't reach http://cspl.hu from my LAN. _________________ Best, Pali |
|
Back to top |
|
|
NeddySeagoon Administrator
Joined: 05 Jul 2003 Posts: 54234 Location: 56N 3W
|
Posted: Sat Mar 12, 2016 9:50 pm Post subject: |
|
|
paul_chany,
From your link, the two rules look to be the same.
You can't reach http://cspl.hu from your LAN as even when its working, it will resolve to your public IP.
That needs another DNAT rule
Code: | #ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL
DNAT loc 192.168.50.200 tcp 80 - $Public |
This says that when you are trying to browse to your public IP, redirect the packets to 192.168.50.200 instead.
$Public is a placeholder for your public IP.
You need to update this and restart shorewall every time it changes.
Notice too that Code: | # ping cspl.hu
PING cspl.hu (192.184.88.81) 56(84) bytes of data.
64 bytes from redirect.webenlet.hu (192.184.88.81): icmp_seq=1 ttl=55 time=159 ms | your FQDN points to 192.184.88.81, not to 95.85.141.171, which you said was your public IP. _________________ Regards,
NeddySeagoon
Computer users fall into two groups:-
those that do backups
those that have never had a hard drive fail. |
|
Back to top |
|
|
paul_chany Tux's lil' helper
Joined: 01 Aug 2010 Posts: 82 Location: Europe, Serbia
|
Posted: Sun Mar 13, 2016 8:03 am Post subject: |
|
|
Hi Neddy,
NeddySeagoon wrote: | paul_chany,
From your link, the two rules look to be the same.
You can't reach http://cspl.hu from your LAN as even when its working, it will resolve to your public IP.
That needs another DNAT rule
Code: | #ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL
DNAT loc 192.168.50.200 tcp 80 - $Public |
This says that when you are trying to browse to your public IP, redirect the packets to 192.168.50.200 instead.
$Public is a placeholder for your public IP.
You need to update this and restart shorewall every time it changes.
Notice too that Code: | # ping cspl.hu
PING cspl.hu (192.184.88.81) 56(84) bytes of data.
64 bytes from redirect.webenlet.hu (192.184.88.81): icmp_seq=1 ttl=55 time=159 ms | your FQDN points to 192.184.88.81, not to 95.85.141.171, which you said was your public IP. |
I tried the above shown rule but Shorewall says:
ERROR: Missing destination zone /etc/shorewall/rules
So I edit the line and try out this:
Code: |
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL
# PORT PORT(S) DEST
DNAT loc loc:192.168.50.200 tcp 80 - 192.184.88.81
|
But this doesn't work neither. _________________ Best, Pali |
|
Back to top |
|
|
NeddySeagoon Administrator
Joined: 05 Jul 2003 Posts: 54234 Location: 56N 3W
|
Posted: Sun Mar 13, 2016 11:00 am Post subject: |
|
|
paul_chany,
It won't work until http://cspl.hu points to your public IP.
When I wrote last http://cspl.hu pointed to 192.184.88.81 and your public IP was 95.85.141.171
If you write the rule as Code: | #ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL
DNAT loc 192.168.50.200 tcp 80 - net:$Public | it may help.
That will allow browsing to http://95.85.141.171 (your public IP) to work.
It will not fix http://cspl.hu not pointing to you dynamic public IP.
Hmm ... I get Kistechnikusok távképzése and the FSF link from both http://cspl.hu and http://95.85.141.171 now but 95.85.141.171 does not respond to ping requests. _________________ Regards,
NeddySeagoon
Computer users fall into two groups:-
those that do backups
those that have never had a hard drive fail. |
|
Back to top |
|
|
paul_chany Tux's lil' helper
Joined: 01 Aug 2010 Posts: 82 Location: Europe, Serbia
|
Posted: Sun Mar 13, 2016 11:41 am Post subject: |
|
|
Hi Neddy,
NeddySeagoon wrote: | paul_chany,
It won't work until http://cspl.hu points to your public IP.
When I wrote last http://cspl.hu pointed to 192.184.88.81 and your public IP was 95.85.141.171
If you write the rule as Code: | #ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL
DNAT loc 192.168.50.200 tcp 80 - net:$Public | it may help.
That will allow browsing to http://95.85.141.171 (your public IP) to work.
It will not fix http://cspl.hu not pointing to you dynamic public IP.
Hmm ... I get Kistechnikusok távképzése and the FSF link from both http://cspl.hu and http://95.85.141.171 now but 95.85.141.171 does not respond to ping requests. |
No one can ping my public IP address because of this rule:
The rule above
Code: | DNAT<-->loc<---><------>loc:192.168.50.200<----><------>tcp<--->80<---->-<----->net:95.85.141.171 |
is invalid for Shorewall, according to Shorewall's message:
Quote: | ERROR: Unknown Interface (net) /etc/shorewall/rules |
So I replace it with rule:
Code: | DNAT<-->loc<---><------>loc:192.168.50.200<----><------>tcp<--->80<---->-<----->95.85.141.171 |
But when I try to open http://95.85.141.171/ from my LAN, I can't. _________________ Best, Pali |
|
Back to top |
|
|
NeddySeagoon Administrator
Joined: 05 Jul 2003 Posts: 54234 Location: 56N 3W
|
Posted: Sun Mar 13, 2016 12:03 pm Post subject: |
|
|
paul_chany,
As you have this rule, Code: | Web(DNAT) net loc:192.168.50.200 | I was expecting your shorewall to understand net.
Please post the routing table from Bubba2.
That's the output of _________________ Regards,
NeddySeagoon
Computer users fall into two groups:-
those that do backups
those that have never had a hard drive fail. |
|
Back to top |
|
|
paul_chany Tux's lil' helper
Joined: 01 Aug 2010 Posts: 82 Location: Europe, Serbia
|
Posted: Sun Mar 13, 2016 12:07 pm Post subject: |
|
|
Neddy,
NeddySeagoon wrote: | paul_chany,
As you have this rule, Code: | Web(DNAT) net loc:192.168.50.200 | I was expecting your shorewall to understand net.
Please post the routing table from Bubba2.
That's the output of |
Code: | #route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 95.85.143.254 0.0.0.0 UG 2 0 0 eth0
95.85.140.0 0.0.0.0 255.255.252.0 U 2 0 0 eth0
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
192.168.50.0 0.0.0.0 255.255.255.0 U 0 0 0 br0 |
In meantime I find this link, which describes the same situation as mine:
http://shorewall.net/FAQ.htm#Connections _________________ Best, Pali |
|
Back to top |
|
|
NeddySeagoon Administrator
Joined: 05 Jul 2003 Posts: 54234 Location: 56N 3W
|
Posted: Sun Mar 13, 2016 7:32 pm Post subject: |
|
|
paul_chany,
I thought I understood your network topology, now its clear that I don't.
Code: | Destination Gateway Genmask Flags Metric Ref Use Iface
95.85.140.0 0.0.0.0 255.255.252.0 U 2 0 0 eth0 |
This line suggests that you have a 95.85.140.0/22 subnet, or 1024 IP addresses.
I'm aware that cable companies do add things.
It may be that you are an the same cable subnet as 1023 other users. I hope you all have good firewalls.
Code: | Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.50.0 0.0.0.0 255.255.255.0 U 0 0 0 br0 |
Why do you have a bridge?
What interfaces are bridged?
I was expecting two normal interfaces. _________________ Regards,
NeddySeagoon
Computer users fall into two groups:-
those that do backups
those that have never had a hard drive fail. |
|
Back to top |
|
|
paul_chany Tux's lil' helper
Joined: 01 Aug 2010 Posts: 82 Location: Europe, Serbia
|
Posted: Sun Mar 13, 2016 7:45 pm Post subject: |
|
|
NeddySeagoon wrote: | paul_chany,
I thought I understood your network topology, now its clear that I don't.
Code: | Destination Gateway Genmask Flags Metric Ref Use Iface
95.85.140.0 0.0.0.0 255.255.252.0 U 2 0 0 eth0 |
This line suggests that you have a 95.85.140.0/22 subnet, or 1024 IP addresses.
I'm aware that cable companies do add things.
It may be that you are an the same cable subnet as 1023 other users. I hope you all have good firewalls.
Code: | Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.50.0 0.0.0.0 255.255.255.0 U 0 0 0 br0 |
Why do you have a bridge?
What interfaces are bridged?
I was expecting two normal interfaces. |
I set up my network with help of my friend.
She knows why do I have a bridge. I can just guess, why.
I think because I have an USB WiFi adapter and we ( she and me ) must to set up that that users on WLAN could use Internet too.
bridge_br0="eth1" _________________ Best, Pali |
|
Back to top |
|
|
NeddySeagoon Administrator
Joined: 05 Jul 2003 Posts: 54234 Location: 56N 3W
|
Posted: Sun Mar 13, 2016 8:28 pm Post subject: |
|
|
paul_chany,
A network bridge always has two or more interfaces. It connects the subnets on all the member networks together.
Its just like a road bridge. To be useful, it needs two (or more) ends.
Its the software equivalent of a hardware network hub, all packets go everywhere.
Would you try to cross a road bridge that had only one end?
More seriously, is it possible that you intended to add more devices later and later never arrived? _________________ Regards,
NeddySeagoon
Computer users fall into two groups:-
those that do backups
those that have never had a hard drive fail. |
|
Back to top |
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
|