Good afternoon to all! I ran into a problem when setting up my network. The essence of the problem is that I can't ping the address google.com , but I can ping Google DNS 8.8.8.8 I can't do it on a Cisco IOSv router that is connected to the internet using NAT and also on other devices behind it I can't do it. But to check, I connected a PC and was able to ping google.com . Of course, I tried to set up NAT on the router, prescribed NAT INSIDE and NAT OUTSIDE, but it didn't help. I will also attach all the screenshots to make it clear. Most likely I just missed something.
My network:
enter image description here
NAT settings: enter image description here
Ping to 8.8.8.8 and google.com on PC1 and R1: enter image description here
R1 ip route:
Router#show ip route
Gateway of last resort is 192.168.45.2 to network 0.0.0.0
S* 0.0.0.0/0 [1/0] via 192.168.45.2
10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 10.1.1.0/24 is directly connected, GigabitEthernet0/1
L 10.1.1.1/32 is directly connected, GigabitEthernet0/1
192.168.45.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.45.0/24 is directly connected, GigabitEthernet0/0
L 192.168.45.100/32 is directly connected, GigabitEthernet0/0
PC1 config:
PC1> show ip
NAME : PC1[1]
IP/MASK : 192.168.45.129/24
GATEWAY : 192.168.45.2
DNS : 192.168.45.2
DHCP SERVER : 192.168.45.254
DHCP LEASE : 1797, 1800/900/1575
DOMAIN NAME : localdomain
MAC : 00:50:79:66:68:00
LPORT : 10003
RHOST:PORT : 127.0.0.1:10004
MTU: : 1500
R1 config:
Router#show startup-config
version 15.6
hostname Router
no ip domain lookup
ip cef
no ipv6 cef
multilink bundle-name authenticated
redundancy
!
interface GigabitEthernet0/0
ip address 192.168.45.100 255.255.255.0
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
media-type rj45
!
interface GigabitEthernet0/1
ip address 10.1.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
media-type rj45
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
ip nat inside source list 100 interface GigabitEthernet0/0 overload
ip route 0.0.0.0 0.0.0.0 192.168.45.2
!
!
access-list 100 permit ip any any
!
control-plane
!
I was given an answer from GNS3 Forum (from Ean Towne
GNS3 Moderator). Here 's what he wrote:
"You have disabled the ability for the router (R1) to DNS lookups, and also have not specified the IP address(es) of the DNS to use"
R1(config)# ip name-server 8.8.8.8 1.1.1.1
R1(config)# ip domain lookup
"People often add the "no ip domain lookup" by default in order to remove failed lookups when making typos. However they do not necessarily think about the effect of the same"
https://www.gns3.com/community/support/i-cant-ping-google-com-in-gns3
Related
So I know that a socket address is the combination of an IP address and a port number, but which IP address is used for the socket address? Is it the private or the public IP address, or can it be both but you have to choose one?
A connected socket can have any IP which is local on the machine - but only one at a time. A socket which is not connected (i.e. listening socket in case of TCP) can instead also be bound the catch-all IP (0.0.0.0 for IPv4, :: for IPv6) and thus receive data on all local IP.
Running socket.gethostbyname(socket.gethostname()) will give you the IP address it is using.
I'm trying to configure an OVS router. I want to achieve that, by adding flows on the OVS router, the devices connected with switch ports (port 2-5) can access to the internet, if the internet cable is inserted into the WAN port (port 1).
My VLAN configuration in file /etc/config/network of the OVS router is:
eth1.1: 0t, 2
eth1.2: 0t, 3
eth1.3: 0t, 4
eth1.4: 0t, 5
eth1.5: 1, 6
The output of ovs-vsctl show is:
root#OpenWrt:~# ovs-vsctl show
84d9ab2f-a3e6-46e3-874f-156ef975d673
Bridge "br0"
Controller "tcp:<an IP address>"
is_connected: true
fail_mode: standalone
Port "eth1.4"
Interface "eth1.4"
Port "eth1.2"
Interface "eth1.2"
Port "eth1.1"
Interface "eth1.1"
Port "br0"
Interface "br0"
type: internal
Port "eth1.3"
Interface "eth1.3"
The truncated output of ifconfig is:
br0: 192.168.3.1
eth0: 192.168.0.105 (There is another home router)
eth1, eth1.1-1.4
As the subnet provides IP prefix of 192.168.3.* and the router itself is assigned IP of 192.168.0., I wonder if it's helpful to add a flow to forward packets from 192.168.3. to 192.168.0.104.
So is it correct if I suppose, a machine with IP 192.168.3.10, for example, it wants to make query to google, the path should be 192.168.3.10->192.168.0.105->192.168.0.1(home router)->outside?
This is to build a flow based on Layer3. But I'm wondering if I can build flows between VLANs? According to my configuration, WAN port is port1, belongs to VLAN 5. Do you think is viable to add flows bidirectionally from VLAN 1 (machine connected) to VLAN 5 and from VLAN 5 to VLAN 1? If so, is there any examples I can flow please?
Another detail. The output of ifconfig shows eth0 interface was assigned IP 192.168.0.105, which means it's connected with my home router (192.168.0.1). So do I need to forward packets between these to IP addresses?
I really appreciate any help.
The following commands add two rules to send packet from VLAN 5 and port 5 to port 1 with VLAN 1 and vice versa:
ovs-ofctl add-flow br0 in_port=5,dl_vlan=5,actions=mod_vlan_vid:1,output:1
ovs-ofctl add-flow br0 in_port=1,dl_vlan=1,actions=mod_vlan_vid:5,output:5
I have solved this problem. Following is the solution.
The main idea is to build a linux bridge connected with OVS bridge, when I need the VLANs to be able talking with outside internet. I can use brctl to operate linux bridge. Firstly I tried:
brctl addbr br-lan
brctl addif br-lan br0
Then all the machine can access to the internet. But unfortunately, only for couple minutes. After that, the router collapsed. I could not access to the OVS router anymore unless I reset it. That could be caused by the incorrect bridge configuration. I tried many ways and finally this one works:
brctl addbr br-lan
ifconfig br-lan 192.168.3.1
brctl addif br-lan br0
ifconfig br0 0.0.0.0
I considered linux bridge br-lan should be originally connected with eth0 (wan). And as I know, br0 could means 'local', with IP address 192.168.3.1. All VLANs talk with this IP address. If I move 'local' to linux bridge which connected with wan port, it should work.
Thanks for everybody who viewed and tried to help me!
I was trying to run a game that uses UDP socket on LAN , but could not see the other computer in my network, so i tried somethings to see what can give rise to this issue. The running OS's are:
PC1: Linux Ubuntu
PC2: Windows 10
The issue is that when PC2 is listening , the PC1 can send and receive packets:
$PC2> ncat -ul 8888
$PC1> ncat -u PC2 8888
OK
Send and receive works OK, However when client/server is switched, the packets are lost.
$PC1> ncat -ul 8888
$PC2> ncat -u PC1 8888
On a side note, on PC2 when trying to send the packet with Pythons socket.sendto function the return value is not -1 and is the size of the packet.
Also turning of firewall on PC2 doesn't help.
This is weird problem since one-way works fine but switching the client/server the packets are loss.
One of the hosts (PC1) might be behind a NAT, while the other (PC2) is in a public network. It should be clear if it is the case, if you provide ip addresses of the hosts. Presence of NAT would explain why switching client and server breaks.
When a packet is sent from PC1 to PC2, NAT would add an ip translation record of the form
(PC1 internal ip address, port1) -- (PC1 public ip address, port2),
and translate internal address to public and vice versa whenever needed.
When PC1 becomes a server, there is no way to reach it from PC2 through the NAT. Unless you configure port forwarding of the NAT or use some third-party NAT discovery services.
NAT port forwarding works in the following manner. If a port forward rule
(PC1 public ip address, port2) -- (PC1 internal ip address, port1) is specified, all packets send to (PC1 public ip address, port2) are forwarded to (PC1 internal ip address, port1).
What i require is that, I will open an UDP server listening in X port(local machine) and a machine(public IP) can send UDP packet to me. My machine doesn't have a public IP. Basically I need stun.
I am testing stuntman server/client project. I run stuntman-server in a server(public ip). Run client in my system (local ip). I asked for mapped ip/port for 9999 port.
./stunclient --mode full --protocol udp --localport 9999 stun.server.ip
Stun server returns an IP and port. What i did then, open an UDP server (using java) in my local system and start listening in 9999 port and send an UDP message from other machine (which has public IP) to mapped IP/port returned by stun server. But i can't receive any data. You can assume that my server/client code (written in java) is working fine in local network.
Flow:
My machine ->>>>>stun request for 9999 port and my ip ------> stun server
My machine <<<<<<<<<<<<<<<<<<mapped ip/port <<<<<<<<<<<<<<< stun server
My machine : Run JAVA udp server socket in 9999 port
My machine <<<<<<<<<<<<<<<<<<<UDP message to mapped ip/port<<<<<< other public machine
xxxxxxxxxxxxxxxxxxxNot workingxxxxxxxxxxxxxxxxxxxxxxxx
You didn't publish the results of your stunclient run, but I imagine it looked something like the following:
$ stunclient --mode full --localport 9999 stunserver.stunprotocol.org
Binding test: success
Local address: 192.168.1.8:9999
Mapped address: 1.2.3.4:9999
Behavior test: success
Nat behavior: Endpoint Independent Mapping
Filtering test: success
Nat filtering: Address and Port Dependent Filtering
I'm going to guess that your Behavior Test is "Endpoint Independent" and the Filtering test was "Address and Port Dependent" as those are the most common in the home and mostly matches with what you described above. (aka as "port restricted NAT").
In any case, this means you have created a port mapping between yourself and the STUN server. In the example above, my public IP address is 1.2.3.4. And is common, but not always the case, my local port (9999) is the same as the public port.
Internally, your NAT keeps a logical table such as the following:
------------------------------------------------------------------------------------
|| LOCAL IP | LOCAL PORT || EXT PORT || REMOTE IP | REMOTE PORT ||
||================================================================================||
|| 192.168.1.8 | 9999 || 9999 || 107.23.150.92 | 3478 ||
------------------------------------------------------------------------------------
Because you sent out a packet from port 9999 to the stun server (107.23.150.92), the NAT creates a port mapping entry in it's table for several minutes. When a packet arrives on the NAT/router from the Internet, it consults the table. When the response came back from the STUN server's IP:port, the NAT was able to forward it to your computer behind the NAT based on the "remote" fields in the table above.
But there is no port mapping between you and the "other public machine" that you are hoping to receive data from. Let's assume that the IP address of that other machine is 2.4.6.8 and it is attempting to send from it's local port 8888. The NAT still doesn't have anything in the table to map traffic from 2.4.6.8:8888 to a host behind the NAT. So when traffic arrive at a NAT from an a host not in the table, the NAT only knows to drop the packet on the floor. There is a NAT classification known as "Cone NAT" where this would work, but those aren't as common.
In your case, there is an easy workaround. After obtaining a port mapping from the STUN server, send another datagram from your same local port (9999) to the remote host (and remote port) that you want to receive data from. The remote host can simply ignore this datagram, but it effectively creates another port mapping entry on your NAT
------------------------------------------------------------------------------------
|| LOCAL IP | LOCAL PORT || EXT PORT || REMOTE IP | REMOTE PORT ||
||================================================================================||
|| 192.168.1.8 | 9999 || 9999 || 107.23.150.92 | 3478 ||
|| 192.168.1.8 | 9999 || 9999 || 2.4.6.8 | 8888 ||
------------------------------------------------------------------------------------
That simple 1-byte data packet to 2.4.6.8:8888 allows the NAT to forward traffic back from that address to your host behind the NAT.
In other words, using your own network flow nomenclature:
My machine:9999 ---->[STUN BINDING REQUEST]--->stun server:3478
My machine:9999 <----[STUN BINDING RESPONSE mapped IP:port]<--- stun server:3478
My machine:9999 [Open socket on port 9999]
My machine:9999 ---->[1 byte datagram] -------> 'other:8888'
My machine:9999 <---- [UDP to public IP:port obtained in step 2]<----'other:8888'
Typically, in a normal P2P flow, both endpoints work with a STUN server to discover their port mapping. And then use another service on to exchange IP:port information between each other. From what you describe, you are manually exchanging these values between your programs, which is fine for testing.
If the other machine is on the public internet, you technically do not need STUN. The first machine (behind a NAT) can just send directly to the remote IP and port to say, "send me some data". The remote side just inspects the peer address and port of this message to decide where to send back to. The port mapping has already been created. Some RTSP clients assume the server is public
My answer on the basics of socket NAT traversal is here.
I happen to know the developer of STUNTMAN. He's a reasonably nice guy, good looking, and very smart. They also say him and I look alike and have near identical spelling with our names. You can always mail him directly if you have questions about STUN and NAT traversal.
I installed Bitnami owncloud virtual appliance stack on Virtual box and within no time, I was able to sync files to and from this box. However, the main problem with Virtual Box is that the IP address keeps changing when the owncloud instance is powered off and then turned back on - which makes sense. Is there any way to keep the server IP static so that we don't need to configure the clients everytime the IP is changed.
You could change the config (from auto to static) in the following way
sudo vi /etc/network/interfaces (“vi” or “nano”)
iface eth0 inet static
address 192.168.0.100
# your own IP
netmask 255.255.255.0
# network mask
gateway 192.168.0.1
# standard gateway (router)
dns-nameservers 192.168.0.1 8.8.8.8
# DNS (optional)
/etc/init.d/networking restart (restart network)
ifconfig
for the IP addresses check or you “shutdown –h now” (reboot)). Please, keep in mind that multiple copies need multiple IP's. In Virtual Box remember to switch between NAT and Bridge - if required.