How do I secure my shared folder

I have some problems:

  1. I use VMware Workstation 12 Player, I log on to the PC using domain admin, then I created some local users. With my domain admin, I have installed some applications, however, I try to log on to that PC using local user and I cannot see those applications. How do I configure in order local user can get those applications?
  2. I created a shared folder from guest OS to the host OS in order to gather information from guest OS to the host OS. however, it can easy for user to move data from host OS to the guest OS. How do I protect that shared folder in order to be more secured (data cannot be moved from host OS to the guest OS)?
  3. I use VMware Workstation 12 Player with 2 MAC addresses which are from guest OS and host OS. I use 2 port security (switchport port-security maximum 2) I can get internet connection with my domain admin, but I did not get internet connectivity (cannot reach IP gateway) with domain user. Further, when I changed maximum value of port security to be 7. My domain user can get the internet connection. Since security issue, I have to use maximum value of port security is 2. What do I have to do to get internet connection with 2 port security.
    For your information, I use Windows 7.

I look forward for any response or suggestion. Any suggestion would be appreciated. Thanks.

Related:

One of the slaves in RHEL bond doesn’t work

I have a red-hat enterprise Linux 6.3 vm (VMware vsphere).

I created a bond from two interfaces and it works but only when eth0 is active. When I use ifdown eth0 or echo -eth0 > /sys/class/net/bond0/bonding/slaves I lose network connectivity to the bond.

I could see on cat /proc/net/bond0 that the two interfaces are in the bond and when eth1 is active it does not work.

If I add eth0 back again it still doesn’t work because eth1 is the active one. Only if I remove and readd eth1 to the bond it works (making eth0 the active)

The bond is of course in a fault tolerance mode.

The strange part is if I remove eth1 from the bond and define it as a simple interface it works just fine!

I tried reboot (many times), and could not find any help on the web. I even tried removing the interface (from VMware side) and adding a new one but that didn’t help. anyone got an idea?

Some of the commands might not be accurate because I write this from my phone using my memory but I think you know what I meant, just don’t suggest that a typo or syntax error was the problem.

Thanks in advance

Related:

How to force linux interface to work with specific network card

It’s my first time expercience with multiples networks cards.
I have two networks cards on my debian server.

  • card 1: on on a public network,
  • card 2 : on private network

I have edit my /etc/network/interface file with :

  • eth0 : use dhcp (public network)
  • eth1 : use static IP (private network)
    my interface are up using allow-hotplug

But in fact, eth0 is automaticly attached to the card2 and eth1 to the card1.

I have changed my interface file ( invert eth0 and eth1 conf) but it’s not work, i think the cards are randomly attached to interfaces.

How can i configure my cards/interface to force eth0 use only card1 and eth1 use only card2 ?

Thanks for your help.

Sorry for my lack of english.

Related:

Which Ports need to be accessible on a Domain Controller for Clients to logon? continued

With reference to one of the questions asked “Which Ports need to be accessible on a Domain Controller for Clients to logon?” I have a aligned issue being faced. Please see the following ports which are opened for client computers before as reference.

TCP: 53 88 135 139 389 80 445 464 636 3268 3269 1024 to 65535

UDP: 88 123 137 138 500 4500 464 389

As we opened these ports, the issue we facing is DNS lookup from client does not work. Eg. we restricted Domain controller only allowed above ports. Then do nslookup from client computer, we cannot get result for some website address like: www.bing.com, www.google.com, www.badiu.com …etc. that means cannot resolve external web addresses.

Let me know if you have other questions.

Related:

GRE tunnel TTL number

Here is the setting on server A:

iface serverA_gre0 inet tunnel
        address 172.24.0.85
        mode gre
        endpoint x.x.x.x
        dstaddr 172.24.0.86
        netmask 255.255.255.252
        ttl 255

Setting on server B:

iface serverB_gre0 inet tunnel
        address 172.24.0.86
        mode gre
        endpoint x.x.x.x
        dstaddr 172.24.0.85
        netmask 255.255.255.252
        ttl 255

Without “ttl 255”:

traceroute to 172.24.0.86 (172.24.0.86), 30 hops max, 60 byte packets
 1  * * *
 2  * * *
 3  * * *
 4  * * *
 5  * * *
 6  172.24.0.86  54.507 ms  62.888 ms  51.369 ms

With “ttl 255”:

traceroute to 172.24.0.86 (172.24.0.86), 30 hops max, 60 byte packets
 1  172.24.0.86  51.123 ms  51.733 ms  51.943 ms

What exactly cause those “*” issue when TTL 255 isn’t exists?

Related:

What is this network device? [migrated]

Context:

In a quest to convert my home from 100Mbps to gigabit, I encountered this device.
Cables from the wall are coming in, Ethernet cable going out.
As far as I understand, this device converts the interface for the signal, not the signal itself.

Photo:
enter image description here

  • Connection: My computer is connected to it, and from it straight to the router.
  • Router: Netgear VEGN2610 supports gigabit
  • Motherboard: Gigabyte h97-hd3 supports gigabit

In windows, my speed & duplex settings are “1.0 Gbps Full Duplex”, however, the connection speed says: “100 Mbps”

Questions:

  • What is the name of this device? I want to research online, but I don’t know what device I am researching
  • Can it be the bottleneck? If not, why even though all of my network is 1 gigabit, it still uses 100Mbps?

Related:

Public IP on vmware esxi ( Softlayer )

We have dedicated private ESXi server in Softlayer.The server on start had one private IP assigned to vmnic0 vmotion and 4 interfaces total.

Interfaces are teamed ( vmnic0 and vmin2 – privat / vmnic1 and 3 public.
The provider has also assigned us a
/29 public block for future use ( 1 for host rest for additional host) and
/26 pivate block for future use.

We bought additionaly /29 block of IP adresses to use for setting vm public network. This additional /29 block is called portable static IP and its już 8 IP adressess without broadcast and Gateway instead they are routed to IP of host .

They have told us that the default gateway of the IPs from this block should be set to the IP of the ESXi server. As the traffic is routed to e esxi public IPs. The problem is that there is no option to set this IP with that gateway from other subnet. I mean i can add the host ip as default gateway but its not working i cant even ping gateway.

Our vswitch configuration is moreover like this ( i attached screen ) :

1) vswitch0 ( attached to vmnic0) – management network ( privat adress ) + vmnetwork private
2) vswitch1 (attached to vmnic3) – vmkernel (public adress ) + vmnetwork Public

They told Us that we need to make steps from this link to make it work, and now we have public access to VMware and still no internet conection from vms
http://knowledgelayer.softlayer.com/procedure/enabling-public-access-vmware-esxi-55

Im trying to contact Softlayer for 4 days for assist how to configure it and first line support always try to do this and then they point me to make a ticcket and after making that ticket i get info with some links how to configure network, how to access host from public network or how to set up network on VM. None of them shows how to deal with my configuration. I dont know if its so obvius or what. Please help me i hope You will be able to figure out something from my description.

Related:

OpenVPN for certain IPs, eth0 for everything else

Summary: I’d like to connect to my VPN and have access to certain servers, but for all other traffic I’d like to use my regular networking.

I’ve setup an OpenVPN server on my VPS, my server.conf file looks like so:

port 1194
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key  # This file should be kept secret
dh dh2048.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
keepalive 10 120
comp-lzo
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
log         /var/log/openvpn.log
verb 4
push "route 10.132.0.0 255.255.0.0"

I use the following .ovpn file to setup the VPN Connection:

client
dev tun
proto udp
remote <my.vpn.server.com> 1194
nobind
user nobody
group nogroup
persist-key
persist-tun
remote-cert-tls server
comp-lzo
verb 3
<ca>....</ca>
<cert>...</cert>
<key>...</key>

Finally, in the Network Manager for the VPN Connection, under IPv4 Settings I have made sure to set the “Method” to “Automatic (VPN) addresses only”.

VPN connects fine, I can access all the internal servers I need (10.132.x.x), however I cannot access anything else (like google.com). I’d like my eth0 settings to be used for everything except for the 10.132.x.x IPs which I would like routed through the VPN.

P.S. based on other articles I’ve tried using no-pull in the .ovpn file and adding in my route settings there but to no avail.

EDIT 1:

Results of running ip a and traceroute while connected to VPN:

$ ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 08:00:27:dc:a6:ef brd ff:ff:ff:ff:ff:ff
    inet 10.0.2.15/24 brd 10.0.2.255 scope global dynamic eth0
       valid_lft 86320sec preferred_lft 86320sec
    inet6 fe80::f3d1:6eb3:e13e:d61b/64 scope link 
       valid_lft forever preferred_lft forever
15: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN group default qlen 100
    link/none 
    inet 10.8.0.6 peer 10.8.0.5/32 brd 10.8.0.6 scope global tun0
       valid_lft forever preferred_lft forever

$ traceroute google.com
google.com: Temporary failure in name resolution
Cannot handle "host" cmdline arg `google.com' on position 1 (argc 1)

EDIT 2: results of ip r

$ ip r
default via 10.8.0.5 dev tun0  proto static  metric 50 
default via 10.0.2.2 dev eth0  proto static  metric 100 
10.0.2.0/24 dev eth0  proto kernel  scope link  src 10.0.2.15  metric 100 
10.8.0.1 via 10.8.0.5 dev tun0  proto static  metric 50 
10.8.0.5 dev tun0  proto kernel  scope link  src 10.8.0.6  metric 50 
10.132.0.0/16 via 10.8.0.5 dev tun0  proto static  metric 50 
104.236.239.153 via 10.0.2.2 dev eth0  proto static  metric 100 
169.254.0.0/16 dev eth0  scope link  metric 1000 

Related:

SQL PaaS Network Security Configuration

We have a bastion host on which we have configured network security groups. The purpose is to connect with SQL PaaS using management studio. For the NSG tied to the bastion host we have defined two outbound rules:
1000 SQLConnect Any Internet 1433 Allow
4000 DefaultOutb Any Internet All ports Deny

I am not able to connect to SQL PaaS from the bastion host. When i delete the 4000 rule i can connect. As NSG is stateless, I am trying to figure out why this is not working. Any help I really appreciate.

Related: