Solved

linux adding network ranges

Posted on 2008-10-26
7
432 Views
Last Modified: 2010-03-18
i have ISA, internal interface is 192.168.10.1
i can add 192.168.20.0/24
192.168.30.0/24 to ISA configuration, and i can create policy for users to have internet at those ranges

how can i add different ranges to a linux firewall?
0
Comment
Question by:ammadeyy2020
  • 4
  • 3
7 Comments
 
LVL 23

Expert Comment

by:Mysidia
ID: 22807973
Are you asking how to create iptables rules that will allow ranges of addresses access from inside?
Normally typing "iptables-save"   will show your current ruleset.

What do your rules look like right now?


Your Linux firewall will need an IP alias configured for each ip range you want to use on the inside.  Which is normally done by ethernet aliasing, i.e.

If say on a Redhat firewall,  eth1  is your internal private network interface
vi /etc/sysconfig/network-scripts/ifcfg-eth1:0
DEVICE=eth1:0
IPADDR=(second range's ip address)
NETMASK=(second internal mask)


normally one might add a range to be allowed with something like
iptables -A FORWARD -i eth1 -s 192.168.20.0/24 -j ACCEPT

But more changes might be needed, depending on how the NAT tables are setup..

A common practice would be to have

-t nat -A POSTROUTING  -j MASQUERADE

Essentially;  rules that allow the NAT, so long as forwarding is permitted.
Which may in fact sometimes be done with something like

iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT
iptables -A FORWARD -i eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT

(In that case, the firewall only needs to have a gateway IP for each IP range that you want to add)

But most actual firewall appliances will likely have a stricter configuration.

And adding more ranges is a matter of editing that config in a way appropriate to the config you have already built.



0
 

Author Comment

by:ammadeyy2020
ID: 22810091
i want to give internet to the following ip ranges
192.168.10.0/24
192.168.20.0/24
192.168.30.0/24
192.168.40.0/24
192.168.50.0/24
192.168.60.0/24
192.168.70.0/24
192.168.80.0/24

im using clarkconnect as a firewall, which is running on redhat 3.4
0
 
LVL 23

Expert Comment

by:Mysidia
ID: 22810230
In the clarkconnect webconfig add a virtual IP  on each network you want to connect from the LAN
See here
http://www.clarkconnect.com/docs/Network_Settings_-_IP_Settings#Virtual_IPs

So you might add these virtual IPs as the LAN role
192.168.10.1   netmask=255.255.255.0
192.168.20.1   netmask=255.255.255.0
192.168.30.1   netmask=255.255.255.0
192.168.40.1   netmask=255.255.255.0
192.168.50.1   netmask=255.255.255.0
192.168.60.1   netmask=255.255.255.0
192.168.70.1   netmask=255.255.255.0
192.168.80.1   netmask=255.255.255.0





0
Master Your Team's Linux and Cloud Stack!

The average business loses $13.5M per year to ineffective training (per 1,000 employees). Keep ahead of the competition and combine in-person quality with online cost and flexibility by training with Linux Academy.

 

Author Comment

by:ammadeyy2020
ID: 22811021
i tried that
im able to get internet from 192.168.10.0/24
because by 10 range address is assigned to NIC

virtual IP networks im unable to browse internet

i have done this setup in ISA 2006, im thinkin how to do it on linux
0
 
LVL 23

Expert Comment

by:Mysidia
ID: 22811840
Ok, add the virtual IPs.. make sure they're in a LAN role.

Login to the clarkconnect server using SSH
make sure you can ping its own virtual IPs from the box itself.
If not, then the virtual ips are probably not actually operational.


Run the  "iptables-save"    command  to display  the list of iptables rules
and paste the results,  so we can see what clarkconnect is doing...
0
 

Author Comment

by:ammadeyy2020
ID: 22812066
i can ping from firewall to 192.168.50.80
but from other pc's i cant ping
here is iptables-save

-A OUTPUT -o pptp+ -j ACCEPT
-A OUTPUT -o tun+ -j ACCEPT
-A OUTPUT -o eth1 -j ACCEPT
-A OUTPUT -o eth2 -j ACCEPT
-A OUTPUT -o eth0 -p icmp -j ACCEPT
-A OUTPUT -o eth0 -p udp -m udp --sport 68 --dport 67 -j ACCEPT
-A OUTPUT -o eth0 -p tcp -m tcp --sport 68 --dport 67 -j ACCEPT
-A OUTPUT -s xxx.xxx.xxx.xxx -o eth0 -p tcp -m tcp --sport 110 -j ACCEPT
-A OUTPUT -s xxx.xxx.xxx.xxx -o eth0 -p tcp -m tcp --sport 25 -j ACCEPT
-A OUTPUT -s xxx.xxx.xxx.xxx -o eth0 -p tcp -m tcp --sport 22 -j ACCEPT
-A OUTPUT -s xxx.xxx.xxx.xxx -o eth0 -p tcp -m tcp --sport 1875 -j ACCEPT
-A OUTPUT -s xxx.xxx.xxx.xxx -o eth0 -p gre -j ACCEPT
-A OUTPUT -s xxx.xxx.xxx.xxx -o eth0 -p tcp -m tcp --sport 1723 -j ACCEPT
-A OUTPUT -s xxx.xxx.xxx.xxx -o eth0 -p udp -m udp --sport 500 --dport 500 -j ACCEPT
-A OUTPUT -s xxx.xxx.xxx.xxx -o eth0 -p ipv6-crypt -j ACCEPT
-A OUTPUT -s xxx.xxx.xxx.xxx -o eth0 -p ipv6-auth -j ACCEPT
-A OUTPUT -o eth0 -j ACCEPT
-A OUTPUT -o eth0 -j DROP
-A drop-lan -j DROP
COMMIT
# Completed on Mon Oct 27 17:50:35 2008
[root@gateway ~]#
[root@gateway ~]# clear
[root@gateway ~]# iptables-save
# Generated by iptables-save v1.3.5 on Mon Oct 27 17:53:20 2008
*nat
:PREROUTING ACCEPT [61245:3738980]
:POSTROUTING ACCEPT [1979:170280]
:OUTPUT ACCEPT [12805:785058]
-A PREROUTING -s ! 127.0.0.1 -p tcp -m tcp --dport 3128 -j REDIRECT --to-ports 82
-A PREROUTING -s 192.168.50.80 -d xxx.xxx.xxx.xxx -j DNAT --to-destination 192.168.10.10
-A PREROUTING -s 192.160.50.200 -d xxx.xxx.xxx.xxx -j DNAT --to-destination xxx.xxx.xxx.xx1
-A PREROUTING -d xxx.xxx.xxx.xxx -p tcp -m tcp --dport 110 -j DNAT --to-destination 192.168.0.2:110
-A PREROUTING -d xxx.xxx.xxx.xxx -p tcp -m tcp --dport 25 -j DNAT --to-destination 192.168.0.2:25
-A PREROUTING -d xxx.xxx.xxx.xxx -p tcp -m tcp --dport 3000 -j DNAT --to-destination 192.168.0.2:3000
-A PREROUTING -d xxx.xxx.xxx.xxx -p tcp -m tcp --dport 80 -j DNAT --to-destination xxx.xxx.xxx.xx1:80
-A PREROUTING -d 192.168.10.10 -p tcp -m tcp --dport 80 -j ACCEPT
-A PREROUTING -d 172.30.143.100 -p tcp -m tcp --dport 80 -j ACCEPT
-A PREROUTING -d xxx.xxx.xxx.xxx -p tcp -m tcp --dport 80 -j ACCEPT
-A PREROUTING -i eth1 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 8080
-A PREROUTING -i eth2 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 8080
-A POSTROUTING -s 192.168.10.0/255.255.255.0 -d 192.168.10.10 -j SNAT --to-source 192.168.10.10
-A POSTROUTING -s 172.30.143.0/255.255.255.0 -d 192.168.10.10 -j SNAT --to-source 172.30.143.100
-A POSTROUTING -s 192.168.10.0/255.255.255.0 -d xxx.xxx.xxx.xx1 -j SNAT --to-source 192.168.10.10
-A POSTROUTING -s 172.30.143.0/255.255.255.0 -d xxx.xxx.xxx.xx1 -j SNAT --to-source 172.30.143.100
-A POSTROUTING -o eth0 -p ipv6-crypt -j ACCEPT
-A POSTROUTING -o eth0 -p ipv6-auth -j ACCEPT
-A POSTROUTING -o tun+ -j ACCEPT
-A POSTROUTING -s 192.168.10.0/255.255.255.0 -d 192.168.0.2 -p tcp -m tcp --dport 110 -j SNAT --to-source 192.168.10.10
-A POSTROUTING -s 172.30.143.0/255.255.255.0 -d 192.168.0.2 -p tcp -m tcp --dport 110 -j SNAT --to-source 172.30.143.100
-A POSTROUTING -s 192.168.10.0/255.255.255.0 -d 192.168.0.2 -p tcp -m tcp --dport 25 -j SNAT --to-source 192.168.10.10
-A POSTROUTING -s 172.30.143.0/255.255.255.0 -d 192.168.0.2 -p tcp -m tcp --dport 25 -j SNAT --to-source 172.30.143.100
-A POSTROUTING -s 192.168.10.0/255.255.255.0 -d 192.168.0.2 -p tcp -m tcp --dport 3000 -j SNAT --to-source 192.168.10.10
-A POSTROUTING -s 172.30.143.0/255.255.255.0 -d 192.168.0.2 -p tcp -m tcp --dport 3000 -j SNAT --to-source 172.30.143.100
-A POSTROUTING -s 192.168.10.0/255.255.255.0 -d xxx.xxx.xxx.xx1 -p tcp -m tcp --dport 80 -j SNAT --to-source 192.168.10.10
-A POSTROUTING -s 172.30.143.0/255.255.255.0 -d xxx.xxx.xxx.xx1 -p tcp -m tcp --dport 80 -j SNAT --to-source 172.30.143.100
-A POSTROUTING -o eth0 -j MASQUERADE
-A POSTROUTING -o eth0 -j MASQUERADE
COMMIT
# Completed on Mon Oct 27 17:53:20 2008
# Generated by iptables-save v1.3.5 on Mon Oct 27 17:53:20 2008
*mangle
:PREROUTING ACCEPT [421429:89398775]
:INPUT ACCEPT [260482:71643795]
:FORWARD ACCEPT [160586:17704114]
:OUTPUT ACCEPT [216907:62479666]
:POSTROUTING ACCEPT [378010:80308526]
-A PREROUTING -p ipv6-crypt -j MARK --set-mark 0x64
-A PREROUTING -p tcp -m mark ! --mark 0x0 -j ACCEPT
-A PREROUTING -p tcp -j CONNMARK --restore-mark
COMMIT
# Completed on Mon Oct 27 17:53:20 2008
# Generated by iptables-save v1.3.5 on Mon Oct 27 17:53:20 2008
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT DROP [0:0]
:drop-lan - [0:0]
-A INPUT -s 64.39.104.38 -i eth0 -j DROP
-A INPUT -s 202.232.235.70 -i eth0 -j DROP
-A INPUT -s 221.239.1.58 -i eth0 -j DROP
-A INPUT -s 190.2.32.27 -i eth0 -j DROP
-A INPUT -s 219.136.252.243 -i eth0 -j DROP
-A INPUT -s 69.60.111.193 -i eth0 -j DROP
-A INPUT -s 211.244.224.3 -i eth0 -j DROP
-A INPUT -s 221.130.183.185 -i eth0 -j DROP
-A INPUT -s 218.23.37.51 -i eth0 -j DROP
-A INPUT -s 221.224.161.102 -i eth0 -j DROP
-A INPUT -s 218.22.88.59 -i eth0 -j DROP
-A INPUT -s 202.99.11.99 -i eth0 -j DROP
-A INPUT -s 193.227.116.16 -i eth0 -j DROP
-A INPUT -s 129.111.112.98 -i eth0 -j DROP
-A INPUT -s 203.142.195.92 -i eth0 -j DROP
-A INPUT -s 200.7.198.162 -i eth0 -j DROP
-A INPUT -s 218.53.97.7 -i eth0 -j DROP
-A INPUT -s 218.22.229.124 -i eth0 -j DROP
-A INPUT -s 218.22.244.45 -i eth0 -j DROP
-A INPUT -s 192.168.0.140 -i eth1 -p tcp -m tcp --dport 25 -j ACCEPT
-A INPUT -s 167.216.252.1 -i eth0 -j ACCEPT
-A INPUT -m state --state INVALID -j DROP
-A INPUT -p tcp -m tcp --tcp-flags SYN,ACK SYN,ACK -m state --state NEW -j REJECT --reject-with tcp-reset
-A INPUT -p tcp -m tcp ! --tcp-flags FIN,SYN,RST,ACK SYN -m state --state NEW -j DROP
-A INPUT -s 127.0.0.0/255.0.0.0 -i eth0 -j DROP
-A INPUT -s 169.254.0.0/255.255.0.0 -i eth0 -j DROP
-A INPUT -i lo -j ACCEPT
-A INPUT -i pptp+ -j ACCEPT
-A INPUT -i tun+ -j ACCEPT
-A INPUT -i eth1 -j ACCEPT
-A INPUT -i eth2 -j ACCEPT
-A INPUT -i eth0 -p icmp -m icmp --icmp-type 0 -j ACCEPT
-A INPUT -i eth0 -p icmp -m icmp --icmp-type 3 -j ACCEPT
-A INPUT -i eth0 -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A INPUT -i eth0 -p icmp -m icmp --icmp-type 11 -j ACCEPT
-A INPUT -i eth0 -p udp -m udp --sport 67 --dport 68 -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --sport 67 --dport 68 -j ACCEPT
-A INPUT -d xxx.xxx.xxx.xxx -p tcp -m tcp --dport 110 -j ACCEPT
-A INPUT -d xxx.xxx.xxx.xxx -p tcp -m tcp --dport 25 -j ACCEPT
-A INPUT -d xxx.xxx.xxx.xxx -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -d xxx.xxx.xxx.xxx -p tcp -m tcp --dport 1875 -j ACCEPT
-A INPUT -d xxx.xxx.xxx.xxx -p gre -j ACCEPT
-A INPUT -d xxx.xxx.xxx.xxx -p tcp -m tcp --dport 1723 -j ACCEPT
-A INPUT -d xxx.xxx.xxx.xxx -p udp -m udp --sport 500 --dport 500 -j ACCEPT
-A INPUT -d xxx.xxx.xxx.xxx -p ipv6-crypt -j ACCEPT
-A INPUT -d xxx.xxx.xxx.xxx -p ipv6-auth -j ACCEPT
-A INPUT -d xxx.xxx.xxx.xxx -m mark --mark 0x64 -j ACCEPT
-A INPUT -d 192.168.10.10 -m mark --mark 0x64 -j ACCEPT
-A INPUT -d 172.30.143.100 -m mark --mark 0x64 -j ACCEPT
-A INPUT -d xxx.xxx.xxx.xxx -i eth0 -p udp -m udp --dport 1024:65535 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -d xxx.xxx.xxx.xxx -i eth0 -p tcp -m tcp --dport 1024:65535 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i eth0 -j DROP
-A FORWARD -s 64.39.104.38 -i eth0 -j DROP
-A FORWARD -s 202.232.235.70 -i eth0 -j DROP
-A FORWARD -s 221.239.1.58 -i eth0 -j DROP
-A FORWARD -s 190.2.32.27 -i eth0 -j DROP
-A FORWARD -s 219.136.252.243 -i eth0 -j DROP
-A FORWARD -s 69.60.111.193 -i eth0 -j DROP
-A FORWARD -s 211.244.224.3 -i eth0 -j DROP
-A FORWARD -s 221.130.183.185 -i eth0 -j DROP
-A FORWARD -s 218.23.37.51 -i eth0 -j DROP
-A FORWARD -s 221.224.161.102 -i eth0 -j DROP
-A FORWARD -s 218.22.88.59 -i eth0 -j DROP
-A FORWARD -s 202.99.11.99 -i eth0 -j DROP
-A FORWARD -s 193.227.116.16 -i eth0 -j DROP
-A FORWARD -s 129.111.112.98 -i eth0 -j DROP
-A FORWARD -s 203.142.195.92 -i eth0 -j DROP
-A FORWARD -s 200.7.198.162 -i eth0 -j DROP
-A FORWARD -s 218.53.97.7 -i eth0 -j DROP
-A FORWARD -s 218.22.229.124 -i eth0 -j DROP
-A FORWARD -s 218.22.244.45 -i eth0 -j DROP
-A FORWARD -s 192.168.0.73 -j DROP
-A FORWARD -s 192.168.50.80 -d 192.168.10.10 -o eth1 -j ACCEPT
-A FORWARD -s 192.168.50.80 -d 192.168.10.10 -o eth2 -j ACCEPT
-A FORWARD -s 192.160.50.200 -d xxx.xxx.xxx.xx1 -o eth1 -j ACCEPT
-A FORWARD -s 192.160.50.200 -d xxx.xxx.xxx.xx1 -o eth2 -j ACCEPT
-A FORWARD -m ipp2p --kazaa --apple --winmx -j DROP
-A FORWARD -m mark --mark 0x64 -j ACCEPT
-A FORWARD -d 192.168.0.2 -o eth1 -p tcp -m tcp --dport 110 -j ACCEPT
-A FORWARD -d 192.168.0.2 -o eth2 -p tcp -m tcp --dport 110 -j ACCEPT
-A FORWARD -d 192.168.0.2 -o eth1 -p tcp -m tcp --dport 25 -j ACCEPT
-A FORWARD -d 192.168.0.2 -o eth2 -p tcp -m tcp --dport 25 -j ACCEPT
-A FORWARD -d 192.168.0.2 -o eth1 -p tcp -m tcp --dport 3000 -j ACCEPT
-A FORWARD -d 192.168.0.2 -o eth2 -p tcp -m tcp --dport 3000 -j ACCEPT
-A FORWARD -d xxx.xxx.xxx.xx1 -o eth1 -p tcp -m tcp --dport 80 -j ACCEPT
-A FORWARD -d xxx.xxx.xxx.xx1 -o eth2 -p tcp -m tcp --dport 80 -j ACCEPT
-A FORWARD -s 192.168.10.0/255.255.255.0 -d 192.168.0.10 -j DROP
-A FORWARD -s 172.30.143.0/255.255.255.0 -d 192.168.0.10 -j DROP
-A FORWARD -s 192.168.10.0/255.255.255.0 -d 192.168.0.4 -j DROP
-A FORWARD -s 172.30.143.0/255.255.255.0 -d 192.168.0.4 -j DROP
-A FORWARD -s 192.168.10.0/255.255.255.0 -p tcp -m tcp --dport 1863 -j DROP
-A FORWARD -s 172.30.143.0/255.255.255.0 -p tcp -m tcp --dport 1863 -j DROP
-A FORWARD -s 192.168.10.0/255.255.255.0 -d 192.168.0.178 -j DROP
-A FORWARD -s 172.30.143.0/255.255.255.0 -d 192.168.0.178 -j DROP
-A FORWARD -s 192.168.10.0/255.255.255.0 -d 192.168.0.195 -j DROP
-A FORWARD -s 172.30.143.0/255.255.255.0 -d 192.168.0.195 -j DROP
-A FORWARD -s 192.168.10.0/255.255.255.0 -d 192.168.0.199 -j DROP
-A FORWARD -s 172.30.143.0/255.255.255.0 -d 192.168.0.199 -j DROP
-A FORWARD -s 192.168.10.0/255.255.255.0 -d 192.168.0.73 -j DROP
-A FORWARD -s 172.30.143.0/255.255.255.0 -d 192.168.0.73 -j DROP
-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i eth1 -j ACCEPT
-A FORWARD -i eth2 -j ACCEPT
-A FORWARD -i pptp+ -j ACCEPT
-A FORWARD -i tun+ -j ACCEPT
-A FORWARD -j DROP
-A OUTPUT -d 167.216.252.1 -o eth0 -j ACCEPT
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -o pptp+ -j ACCEPT
-A OUTPUT -o tun+ -j ACCEPT
-A OUTPUT -o eth1 -j ACCEPT
-A OUTPUT -o eth2 -j ACCEPT
-A OUTPUT -o eth0 -p icmp -j ACCEPT
-A OUTPUT -o eth0 -p udp -m udp --sport 68 --dport 67 -j ACCEPT
-A OUTPUT -o eth0 -p tcp -m tcp --sport 68 --dport 67 -j ACCEPT
-A OUTPUT -s xxx.xxx.xxx.xxx -o eth0 -p tcp -m tcp --sport 110 -j ACCEPT
-A OUTPUT -s xxx.xxx.xxx.xxx -o eth0 -p tcp -m tcp --sport 25 -j ACCEPT
-A OUTPUT -s xxx.xxx.xxx.xxx -o eth0 -p tcp -m tcp --sport 22 -j ACCEPT
-A OUTPUT -s xxx.xxx.xxx.xxx -o eth0 -p tcp -m tcp --sport 1875 -j ACCEPT
-A OUTPUT -s xxx.xxx.xxx.xxx -o eth0 -p gre -j ACCEPT
-A OUTPUT -s xxx.xxx.xxx.xxx -o eth0 -p tcp -m tcp --sport 1723 -j ACCEPT
-A OUTPUT -s xxx.xxx.xxx.xxx -o eth0 -p udp -m udp --sport 500 --dport 500 -j ACCEPT
-A OUTPUT -s xxx.xxx.xxx.xxx -o eth0 -p ipv6-crypt -j ACCEPT
-A OUTPUT -s xxx.xxx.xxx.xxx -o eth0 -p ipv6-auth -j ACCEPT
-A OUTPUT -o eth0 -j ACCEPT
-A OUTPUT -o eth0 -j DROP
-A drop-lan -j DROP
COMMIT
# Completed on Mon Oct 27 17:53:20 2008
[root@gateway ~]#
0
 
LVL 23

Accepted Solution

by:
Mysidia earned 500 total points
ID: 22818992
Well, this is a long and complicated ruleset. It's not trivial to find which entry is breaking internet access, short of analyzing every single table entry.    I suggest   on your own starting with zero counters, and using  iptables-save in a manner that checks counters, i.e.  iptables-save -c
The counters of the rule that is executed when attempting to create a connection should increase, which may give you a hint....hrm


I see the right entries in there for multiple ranges to work,  but I think some of these rules that appear to be intended to firewall traffic are interfering
and denying what would otherwise work.




Ok.. I take it  eth1  and eth2  are your LAN interfaces?
I see in the filter table...
-A FORWARD -i eth1 -j ACCEPT
-A FORWARD -i eth2 -j ACCEPT
As the applicable match..

But in your  NAT prerouting table there is:

-A PREROUTING -i eth1 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 8080
-A PREROUTING -i eth2 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 8080

This redirects traffic from  port 80  on other hosts  to port 8080 on the local host.
I.e.  diverts internet traffic
You need a service running on port 8080 and forward + input  table rules to accept the traffic you are redirecting.


It seems likely that this transparent redirection of HTTP is partly a culprit.

You now have potentially, not only your iptables  ruleset  that can cause problems, but  whatever service is running on port 8080  to handle and forward the HTTP requests.



0

Featured Post

Master Your Team's Linux and Cloud Stack!

The average business loses $13.5M per year to ineffective training (per 1,000 employees). Keep ahead of the competition and combine in-person quality with online cost and flexibility by training with Linux Academy.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Google Drive is extremely cheap offsite storage, and it's even possible to get extra storage for free for two years.  You can use the free account 15GB, and if you have an Android device..when you install Google Drive for the first time it will give…
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

813 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now