Questions tagged as ['linux-networking']
I bought a 4-port network adapter PCIe card (Intel E1G44HT 10/100/1000Mbps PCI-Express 2.0 Server Adapter I340-T4)
I am trying to install it in my hpZ600 workstation and pass it through to my guest VM
I am running Artix Linux but am mostly following directions for Arch Linux.
The issue is I am unable to pass the card to my VM.
Here is what I've done so far:
First I update my default/grub
$ sudo - ...
What's the command for promoting an externally accessible IPv6 range to static within the VPC subnet?
My VM is accessible at 64bit wide IPv6 range, within a 96bit IPv6 subnet. But I'm afraid these may change without warning... this command seems like it should work:
gcloud compute addresses create myvm-6 --addresses "2600:abcd:abcd:abcd:0:0:0:0" --region us-west2 --subnet neo-ipv6
ERROR: (gc ...We can update IPv4 neighbors by using arping command. I have used arping -A -I -c <interface_name> <IP_address_of_interface> with success.
what is the command to update mapping of IPv6 address and mac on router/gateway/nodes. we have observed when IPv6 address is removed from one node N1(RHEL-7.9 Node) and assigned to other node N2(RHEL-7.9 Node), mac address on router(Extreme Networks VD ...
I have a gateway in the form of a Ubuntu Server VM. To prevent unauthorized devices to connect to the gateway, there is an Access Control List (ACL) on the gateway which is based on arptables: basically to let a device communicate with the gateway the device's MAC address has to be added to the ACL via a script that generates the relevant arptables rules, all traffic from unknown MAC addresses is blocke ...
When i trace some raw output packets from a specific application, i get the following output where a packets destination address is magically changed from 10.10.20.20 to 127.1.1.1. Is there any way of bypassing this by getting the raw packet "as is" to the output?
trace id fd9543bc ip raw OUTPUT packet: oif "br0" ip saddr 10.10.10.10 ip daddr 10.10.20.20 ip dscp cs0 ip ecn not-ect ip ttl 64 ip id 2 ...
I have a box with two nics setup as bridge. Ebtables redirects http traffic to iptables. The br0 ip address is 10.10.10.10. Stunnel is setup with transparent = source. It accepts connections on 127.1.1.1:8080 and always connects to the same ip address (10.10.20.20) on port 80.
I have the following iptables rules in place:
iptables -t nat -I PREROUTING -p tcp --dport 80 -i ens192 -j DNAT --to-destinati ...
This is a question about a difference in networking behavior between Debian Buster (kernel 4.19.0-18) and Debian Bullseye (kernel 5.10.0-9). On Buster, proxy arp entries survive if the link on the interface goes down. On Bullseye they don't.
Situation: create a static proxy ARP entry on a specific interface:
ip neigh add proxy 1.2.3.5 dev eth0
I can verify that the entry exists:
ip neigh show proxy
...
I have a DigitalOcean droplet that hosts a small website with pretty much no traffic. Yesterday, I received an alert that my CPU was over 95%. Normally it runs between 1% to 5%. In the "bandwidth" chart on my DigitalOcean dashboard, the outbound traffic suddenly increased by a lot as seen in this screenshot :
Outbound traffic means that it's my server that is sending the requests ...
I run n2d-standard-16 server on GCE with ubuntu 21.10 and gVnic driver enabled. I have a hard time understanding what interrupts are responsible for rx queues and how many Rx queues it has.
On the one hand:
>ls /sys/class/net/ens4/device/msi_irqs/
30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46
so it's 16.
On another hand:
ls /sys/class/net/ens4/queues/
rx-0 rx-1 rx-2 rx-3 ...
I am trying to configure a DIY Linux based IPv6 router / firewall to do the following:
- Obtain a /56 prefix from the ISP on interface "wan0"
- Provide /64 addresses to hosts on "lan1"
- Provide /60 subnet to a downstream router on "lan2"
My initial choice of software to do this was systemd-networkd, with which the first two items were easy, but the third one is not supported (apparently, please correct ...
So I have my first VM in Proxmox and I know the network works as I have used CT in the past without any issues, however I have set up a VM and now I am having network issues.
Seems while it says the network is connected, I can't ping out to 8.8.8.8
I am wondering how do I know if the network connection is valid in Alma Linux.
basically these are the settings I need.
Address: 124.150.139.3/29
Net ...
In my router, I have 2 interfaces enp1s0 (assumed as WAN) and enp4s0(assumed as LAN). I connected a LAN host and a WAN host. I can ping from LAN host to WAN port of the router but not to the gateway of WAN. The setting is as follows :
- LAN host IP : 8888::5/64
- LAN gateway IP (router's enp4s0) : 8888::1/64
- WAN port IP (router's enp1s0) : 2401:fb00:0:1ff::1fd/64
- WAN gateway IP : 2401:fb00:0:1ff::1fc/64
I have a systemd host with 4 ethernet ports.
one port is reserved for isolated containers. It is set as:
# /etc/systemd/network/20-eth3-reserved.network
[Match]
Name=eth3
[Link]
Unmanaged=yes
I also set aliases for the ports, each on its link file, e.g.
# /etc/systemd/network/12-alias-eth3.link
[Match]
MACAddress=42:42:42:42:42:03
[Link]
Name=eth3
I would later use the unmanaged interface in a systemd- ...
Im struggling to understand exactly what these set of iptables rules do.
Does port 22 get the packet AND port 2222 gets a copy of it as well? Or does the packet get redirected to port 2222 skipping port 22? Can someone please explain to me what these set of rules do in detail? thanks in advance!
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -P FORWARD ACCEPT
iptables -A INPUT -p tcp --dport 2222 ...
May be there is a duplicated question but it seems no one do this scenario.
I have several machines in my network which are not using proxy to outbound.
I want to redirect all traffic, using route tables, to an appliance so that appliance ingests that clean traffic and send it to a proxy, or at least to a proxy socks.
I've seen that apparently it could be made using RedSocks, or maybe not. I'm not able ...
Bridging on Linux using TAP devices
Hello, I have got the following schema:
In order to be able to ping the remote hosts, separatehost1 in my case, I bring up bridge device br0 which combine tap0 + eth2 on server and be to bridge local network (192.168.111.0/24) with remote openvpn client(vpn2) but still no luck, could you please suggest what I am doing wrong
I can ping: vpn1 -> vpn2 vpn2 -> ...
I have the following Iptables version:
sh# iptables --version
iptables v1.4.21
The help page contains this line:
--check -C chain Check for the existence of a rule
I have such a rule in iptables-save:
-A PREROUTING -p udp -m udp --dport 5060 -j CT --helper sip
But when I'm trying to check (-C) it I see such output:
sh# iptables -C PREROUTING -p udp -m udp --dport 5060 -j CT --helper sip
ip ...
When using kernels older than 5.1, if a user creates a network namespace, it starts with the default sysctl values. Even if the root namespaces changed those values with sysctl, the new network namespaces will still use the default values.For example, proc/sys/net/ipv6/conf/all/forwarding is always 0 because that's the default value.
If I understand correctly, those are default values set by the kernel ...
I am currently programming a web server. I have an FTP and an HTTP server running on that. Of course I am configuring iptables to optimize the Maschine, currently, I have the following rules.
iptables -P INPUT DROP
iptables -P FORWARD DROP
sudo iptables -A INPUT -m state –state ESTABLISHED,RELATED -j ACCEPT
sudo iptables -A INPUT -p tcp –dport 22 -j ACCEPT
sudo iptables -A INPUT -p tcp –dpor ...
We have a Debian server with one link to the internal VLAN, and one to the external - both connect directly to the same switch.
On both links, we're intermittently seeing an unusually high amount of bad receive events, as well as high latency.
Kernel Interface table
Iface MTU Met RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flg
ethA 1500 0 8 ...I am not able to delete the default gateway from my debian 11 server:-
peter@discovery:~$ sudo route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.1.13 0.0.0.0 UG 0 0 0 enp6s0f0
0.0.0.0 0.0.0.0 0.0.0.0 U 1002 0 0 enp8s0
91.187.223.128 0.0.0.0 255 ...I'm trying to create a custom jail and filter in fail2ban for motion stream http authentication. The log directory is /var/log/motion/motion.log and a failed login attempt generates:
[0:ml1] [ALR] [STR] [Nov 02 16:47:57] handle_basic_auth: motion-stream - failed auth attempt from 192.168.0.65
My custom jail in /etc/failban/jail.local looks like this:
[motion-auth]
enabled = true
port = 8010
filt ...
I would like to port forward all that enter to 10.32.43.75:80 to 10.48.5.66:80
how can I do this with iptables in 10.32.43.75?
I tried this, but didnt work:
iptables -A PREROUTING -t nat -i ens33 -p tcp --dport -j DNAT --to 10.48.5.66:80
iptables -A FORWARD -p tcp -d 10.48.5.66 --dport 80 -j ACCEPT
I am trying to configure Linux system, so during boot/adding new modem (visible as usb0 interface ) any software binding to modem interface (usb0) IP# will use offered by modem GW/routing instead of system default routing/GW. I am trying to use systemd/networkd, but as far without success :( below what I try:
Having /etc/systemd/network/usb0.network [1] which should configure interface with DHCP, se ...
I am using iperf3 to benchmark NIC (82599ES) performance (single port).
- Ubuntu 18.04 with a self compiled 5.14.14 (from upstream stable git repo)
- iperf3 3.1.3
- 82599ES and jumbo frame enabled on switch
- kernel parameters are more or less default
The command I am running is
# iperf3 -c <IP> -u -l 8000 -t 600 -i 1 -b 10G
[ ID] Interval Transfer Bandwidth Total Datagrams
[ ...
I am currently unable to bring eth0 up again at my Debian 10 vServer after my hosting provider was fixing some issues and restarted my container.
sudo service networking status will output:
ifup[378]: run-parts: failed to exec /etc/network/if-pre-up.d/iptables: Exec format error
ifup[378]: run-parts: /etc/network/if-pre-up.d/iptables exited with return code 1
ifup[378]: ifup: pre-up script failed
so I have a couple raspberry pi's I'm trying to use as a cluster and I'm learning ansible to try and manage them easier. I'm running into an issue though. I can manually set the IP static using netctl but when I try to do it with ansible using the same exact commands I have issues. Also a weird note, the version that doesnt work, doesnt work on raspberry pi 4's but will work on raspberry pi b's.
...
I have trouble setting up ssh clone for gitea.
I use port 2222:22 for the docker, and port forwarding is set up on my router.
I could ssh git@localhost -p 2222, but could not ssh git@<public_ip> -p 2222 with error Connection timed out
I have checked the port forwarding work by launching a http server by python3 -m http.server 2222 and open http://<public_ip>:2222 and it works.
I am running ...
Thank you in advance for the assistance.
I have tried reading on here and searching but I can't seem to get it to work.
Computer A: 192.168.1.2 Computer B: 192.168.1.3
I am trying to send a UDP message from .2 to .3 and changing the port. .2 will send a message on 1003 and i want .3 to accept it on 1004.
The code below is placed on the .3 computer
iptables -t nat -A PREROUTING -p udp -i eth0 -d 192.1 ...
in ipv4 cidr notation you can have an ip address like 10.10.20.0/24
it's expanded to
network : 10.10.20.0
first ip : 10.10.20.1
last ip : 10.10.20.254
broadcast: 10.10.20.255
netmask : 255.255.255.0
That means I have a usable ip range from 10.10.20.1-.254 on this subnet.
would 10.10.20.0 be the default gateway for this subnet?