I hope this isn't too basic a question. The title kind of asks it all. :-)
The ping command will allow strict source routing so you can specify the default gateway to use on the way out. (This assumes your interfaces have distinct gateways i.e. are on different networks)
ping -k 192.169.1.1 microsoft.com
^ default gateway for desired interface
Using WMI Win32_PingStatus you can do the same thing where you specify SourceRoute and SourceRouteType (This is essentially the same as using ping -k)
Alternatively:
If your network interfaces are on the same network, like a LAN card and a wireless adapater
you can add a custom ROUTE to your machine, which can send all traffic through a specific interface.
From ROUTE HELP:
route ADD 207.46.0.0 MASK 255.255.0.0 192.168.1.1 METRIC 3 IF 2
destination^ ^mask ^gateway metric^ ^
Interface^
ping also has an option in Windows:
-S srcaddr Source address to use.
So you can do something like
ping 10.10.10.1 -l 0 -S 192.168.1.1
where 10.10.10.1 is the destination address and 192.168.1.1 is the address of the source adapter
Related
I have an RB750 with the follow setup:
- Interface 1 = WAN static IP
- Interface 2 = Static IP from a LAN network (LAN provided by another FW)
- MK as a IPSec/L2TP working well providing to clients the subnet x.x.x.x
I would like to redirect all traffic from VPN clients to the LAN network provided in Interface 2.
I mean; User setup in his computer the VPN with success, when connected they need to access the server z.z.z.z located inside the network provided in Interface 2.
Any ideas how to configure it?
You provide not much information, but if im not wrong
you can try NAT for example
/ip firewall nat add chain=srcnat action=masquerade out-interface="your Interface 2" src-address="your l2tp subnet x.x.x.x"
I have a macbook, connected with ethernet, and wifi.
A site (lets call it facebook) is blocked on one of the interface (ethernet)
but is open on the other (wifi), on the other hand eth is better (fastest and more reliable than the wifi) so I use eth as a priority interface (on top of network preferences), but in this way there is no access to the blocked site.
I would know if there is a way to say to the operating system or browser or other
software components that it must use the connection of wifi if and only if a connection on :80 over eth fail. this would be perfect...or any other means to solve the problem..
It's a matter of configuring a proper proxy?
Thanks in advance.
You could modify routing table to pass traffic to given host or network through chosen gateway.
List your routing table:
$ netstat -rn
Routing tables
Internet:
Destination Gateway Flags Refs Use Netif Expire
default 10.0.0.1 UGSc 15 0 en0
default 192.168.0.1 UGScI 1 0 en1
[...]
In this case en1 is wifi. So to use wifi connection to a host x.x.x.x, route traffic to this host through 192.168.0.1 gateway:
sudo route add -host x.x.x.x 192.168.0.1
Or better add routing to entire network used by given service:
sudo route add -net x.x 192.168.0.1
The downside is that it may be difficult to determine an ultimate list of IPs, networks used by the service.
See man route.
Newbie alert with no TCP/IP knowledge... I am trying to set up a production test rig for testing an embedded 6-way ethernet switch by populating an XP PC with 6 NIC cards. I've started with two NICs just to prove the point, both on the same subnet, manual IP addresses of 172.16.0.1 / 172.16.0.2. The routing table (route print) shows (I believe) two loopback entries :
=====================================================
172.16.0.0 255.255.255.0 172.16.0.1 172.16.0.1
172.16.0.0 255.255.255.0 172.16.0.2 172.16.0.2
172.16.0.1 255.255.255.255 127.0.0.1 127.0.0.1
172.16.0.2 255.255.255.255 127.0.0.1 127.0.0.1
172.16.255.255 255.255.255.255 172.16.0.1 172.16.0.1
172.16.255.255 255.255.255.255 172.16.0.2 172.16.0.2
=====================================================
I would like to remove the loopback entries and replace them with "always external" routing entries.. i.e. if you ping 172.16.0.1 the packets use adapter 172.16.0.2, and are routed by the switch back to 172.16.0.1 and if you ping 172.16.0.2 the packets leave 172.16.0.1, and get routed by the switch back to 172.16.0.2, thereby doing a rudimentary connectivity test of the cables, the switch IC, magnetics etc.
A command of :
route add 172.16.0.1 mask 255.255.255.255 172.16.0.2 (which seems to me to be uniquely specifying the use of 172.16.0.2 to send packets to a destination 172.16.0.1) fails with "The route addition failed: The route parameter is incorrect"
While : route add 172.16.0.2 mask 255.255.255.255 172.16.0.1 is accepted but I can't then ping 172.16.0.2
I did find some really good explanations in your old posts of meanings of each line in the table, but I'm obviously not quite understanding what is going on. I'm slightly concerned that the auto-generate route table has specified two adapters as gateways, but I don't know enough to understand the implications.
Ultimately, with 6 NICs in the box, I'd like to be able to make a table that will enable me to exercise every port on the switch.
many thanks
David
You can use ping to do this. First setup the NICs to have static IP addresses. I'll give you an example with 2 NICs. NIC1 is set to 192.168.0.2 and NIC2 is 192.168.0.1. Then run the command:
ping 192.168.0.2 –s 192.168.0.1 –t
I think you'll find that if you unplug the external loopback cable the test will fail and if you plug it back in again, it will pass. For more help on ping, type ping -?
You may have to disable Windows Firewall to let the ping traffic through.
the question says it all.
Can someone please tell me if that is possible and how?
I already have the IP Addresses and the MAC Addresses of the devices I want the bonjour name from...
Assuming you're looking for machines in the .local domain and your mDNS server listens on the default reserved IP of 224.0.0.251, port 5353 you can perform a reverse lookup with dig in the same way you'd refer to a unicast hostname:
dig -x 192.168.1.12 #224.0.0.251 -p 5353
Where 192.168.1.12 is the IP you want to check out.
I am working on a project related to networking/compression. One of the machines is Windows Vista, which already has IPv6 configured.
When I try ipconfig, I see an address in the following format: fe80::9dc8:72fa:aacd:76e2%10
But when I try to ping this machine from another with ping fe80::9dc8:72fa:aacd:76e2%10, I get the following error:
Ping request could not find host fe80::9dc8:72fa:e327:76e2%10.
Please check the name and try again.
Any ideas/comments are very helpful.
The %10 after the address is called the scope zone. When you use link-local IPv6 addresses, the scope zone is required so that the system knows which interface to send the packet out on.
On Windows, if you issue the netsh interface ipv6 show addresses command, you'll see the addresses assigned to the system complete with their zone IDs. Notice that the zone IDs match the interface index. For example:
Interface 22: VirtualBox Host-Only Network
Addr Type DAD State Valid Life Pref. Life Address
--------- ----------- ---------- ---------- ------------------------
Other Preferred infinite infinite fe80::15c3:6bea:aaac:a015%22
This address is scoped %22 because it is on an interface whose index is 22. Similarly, on Linux, you might see a link-local address like fe80::15c3:6bea:aaac:a016%eth0. The format of the zone ID is unique to each individual machine running IPv6, which is why it might be different if you try the ping from the other system.
For example, if you have:
System A (Windows): fe80::15c3:6bea:aaac:a015%22
System B (Linux): fe80::15c3:6bea:aaac:a016%eth0
... and you want to ping the Linux box from the Windows box, you cannot do ping fe80::15c3:6bea:aaac:a016%eth0. But you can do ping fe80::15c3:6bea:aaac:a016%22. This is the problem. Link-local addresses can be tricky in this way.
Try specifying the correct zone ID. That is, when you do your ping fe80::9dc8:72fa:aacd:76e2%10, first do netsh interface ipv6 show addresses on the machine you are pinging from, and change the %10 to the interface index for whichever interface you want to use on the source system.
If the machine you are pinging from is Linux, you will have to do ping6 -I eth0 fe80::9dc8:72fa:aacd:76e2 (assuming the other system is on eth0), because the Linux command-line utility does not support the % way of specifying the zone (the last time I checked, anyway).
Ideally you should set up an IPv6-capable router on your network to do router advertisements, so that you can use stateless address auto-configuration (SLAAC) and get global unicast addresses. Then this will not be an issue.
you cannot ping ipv6 addresses with the classic ping utility, only ipv4 addresses. linux has a commandline tool called ping6 to ping ipv6 addresses, windows probably has something similar. a little research told me that windows uses ping -6 for pinging ipv6 addresses.
The number after % is the interface name. if you open the status->detail of your network interface, you will see the ipv6 link-local address, with the %xx at the end of the address, which is the index of the interface, in case you want to find the index for some application. The System Information or ipconfig might just give you different index numbers, at least on my Windows 7 Pro, which is very confusing. The description you get from the OS could also be wrong.