Questions tagged as ['linux-networking']

Linux Networking refers to any networking function performed by a server running Linux. A Linux server operating as a router or firewall are the most common applications.
Score: 0
passing nic to guest in qemu using iommu & vfio
gb flag

I bought a 4-port network adapter PCIe card (Intel E1G44HT 10/100/1000Mbps PCI-Express 2.0 Server Adapter I340-T4)

I am trying to install it in my hpZ600 workstation and pass it through to my guest VM

I am running Artix Linux but am mostly following directions for Arch Linux.

The issue is I am unable to pass the card to my VM.

Here is what I've done so far:

First I update my default/grub

$ sudo - ...
Score: 0
Ray Foss avatar
Promote external IPv6 to static?
cn flag

What's the command for promoting an externally accessible IPv6 range to static within the VPC subnet?

My VM is accessible at 64bit wide IPv6 range, within a 96bit IPv6 subnet. But I'm afraid these may change without warning... this command seems like it should work:

gcloud compute addresses create myvm-6     --addresses "2600:abcd:abcd:abcd:0:0:0:0"     --region us-west2     --subnet neo-ipv6

ERROR: (gc ...
Score: 0
How to send/broadcast ipv6-mac maping cache update request for IPv6 IP
cn flag

We can update IPv4 neighbors by using arping command. I have used arping -A -I -c <interface_name> <IP_address_of_interface> with success.

what is the command to update mapping of IPv6 address and mac on router/gateway/nodes. we have observed when IPv6 address is removed from one node N1(RHEL-7.9 Node) and assigned to other node N2(RHEL-7.9 Node), mac address on router(Extreme Networks VD ...

Score: 0
GTP95 avatar
Log arptables dropped frames
bh flag

I have a gateway in the form of a Ubuntu Server VM. To prevent unauthorized devices to connect to the gateway, there is an Access Control List (ACL) on the gateway which is based on arptables: basically to let a device communicate with the gateway the device's MAC address has to be added to the ACL via a script that generates the relevant arptables rules, all traffic from unknown MAC addresses is blocke ...

Score: 0
iptables: modify output flow
cn flag

When i trace some raw output packets from a specific application, i get the following output where a packets destination address is magically changed from to Is there any way of bypassing this by getting the raw packet "as is" to the output?

trace id fd9543bc ip raw OUTPUT packet: oif "br0" ip saddr ip daddr ip dscp cs0 ip ecn not-ect ip ttl 64 ip id 2 ...
Score: 0
Stunnel outgoing packets strangely modified
es flag

I have a box with two nics setup as bridge. Ebtables redirects http traffic to iptables. The br0 ip address is Stunnel is setup with transparent = source. It accepts connections on and always connects to the same ip address ( on port 80.

I have the following iptables rules in place:

iptables -t nat -I PREROUTING -p tcp --dport 80 -i ens192 -j DNAT --to-destinati ...
Score: 2
roelvanmeer avatar
Linux: What causes static ARP entries to flush on link down
ie flag

This is a question about a difference in networking behavior between Debian Buster (kernel 4.19.0-18) and Debian Bullseye (kernel 5.10.0-9). On Buster, proxy arp entries survive if the link on the interface goes down. On Bullseye they don't.

Situation: create a static proxy ARP entry on a specific interface:

ip neigh add proxy dev eth0

I can verify that the entry exists:

ip neigh show proxy
Score: 0
fraxool avatar
Lots of suspicious GET requests that overload my CPU
gb flag

I have a DigitalOcean droplet that hosts a small website with pretty much no traffic. Yesterday, I received an alert that my CPU was over 95%. Normally it runs between 1% to 5%. In the "bandwidth" chart on my DigitalOcean dashboard, the outbound traffic suddenly increased by a lot as seen in this screenshot :

Outbound Traffic

Outbound traffic means that it's my server that is sending the requests  ...

Score: 1
finding irqs of gVNIC rx queues
cn flag

I run n2d-standard-16 server on GCE with ubuntu 21.10 and gVnic driver enabled. I have a hard time understanding what interrupts are responsible for rx queues and how many Rx queues it has.

On the one hand:

>ls /sys/class/net/ens4/device/msi_irqs/
30  31  32  33  34  35  36  37  38  39  40  41  42  43  44  45  46

so it's 16.

On another hand:

ls /sys/class/net/ens4/queues/
rx-0  rx-1  rx-2  rx-3   ...
Score: 1
How to properly implement DHCPv6-PD to downstream router with Linux?
sa flag

I am trying to configure a DIY Linux based IPv6 router / firewall to do the following:

  • Obtain a /56 prefix from the ISP on interface "wan0"
  • Provide /64 addresses to hosts on "lan1"
  • Provide /60 subnet to a downstream router on "lan2"

My initial choice of software to do this was systemd-networkd, with which the first two items were easy, but the third one is not supported (apparently, please correct  ...

Score: 1
Alma Linux - Not able to ping out
id flag

So I have my first VM in Proxmox and I know the network works as I have used CT in the past without any issues, however I have set up a VM and now I am having network issues.

Seems while it says the network is connected, I can't ping out to

I am wondering how do I know if the network connection is valid in Alma Linux.

basically these are the settings I need.

Net ...
Score: 0
Mani Varma Indukuri avatar
Unable to reach WAN from LAN host on IPv6
ru flag

In my router, I have 2 interfaces enp1s0 (assumed as WAN) and enp4s0(assumed as LAN). I connected a LAN host and a WAN host. I can ping from LAN host to WAN port of the router but not to the gateway of WAN. The setting is as follows :

  • LAN host IP : 8888::5/64
  • LAN gateway IP (router's enp4s0) : 8888::1/64
  • WAN port IP (router's enp1s0) : 2401:fb00:0:1ff::1fd/64
  • WAN gateway IP : 2401:fb00:0:1ff::1fc/64
Score: 0
lost network interface to systemd-networkd. What is going on?
sd flag

I have a systemd host with 4 ethernet ports.

one port is reserved for isolated containers. It is set as:

# /etc/systemd/network/

I also set aliases for the ports, each on its link file, e.g.

# /etc/systemd/network/

I would later use the unmanaged interface in a systemd- ...

Score: 0
Evyatar Saias avatar
iptables rules confusion, nat PREROUTING
ma flag

Im struggling to understand exactly what these set of iptables rules do.

Does port 22 get the packet AND port 2222 gets a copy of it as well? Or does the packet get redirected to port 2222 skipping port 22? Can someone please explain to me what these set of rules do in detail? thanks in advance!

echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -A INPUT -p tcp --dport 2222  ...
Score: 0
Julio avatar
Routing all traffic from an external machine to a proxy to a proxy
de flag

May be there is a duplicated question but it seems no one do this scenario.

I have several machines in my network which are not using proxy to outbound.

I want to redirect all traffic, using route tables, to an appliance so that appliance ingests that clean traffic and send it to a proxy, or at least to a proxy socks.

I've seen that apparently it could be made using RedSocks, or maybe not. I'm not able ...

Score: 0
Marat Gainutdinov avatar
Bridging on Linux using TAP devices (Virtuallbox)
cz flag

Bridging on Linux using TAP devices

Hello, I have got the following schema:

enter image description here In order to be able to ping the remote hosts, separatehost1 in my case, I bring up bridge device br0 which combine tap0 + eth2 on server and be to bridge local network ( with remote openvpn client(vpn2) but still no luck, could you please suggest what I am doing wrong

I can ping: vpn1 -> vpn2 vpn2 -> ...

Score: 1
NK-cell avatar
Iptables -C (--check) doesn't work
in flag

I have the following Iptables version:

sh# iptables --version
iptables v1.4.21

The help page contains this line:

--check   -C chain      Check for the existence of a rule

I have such a rule in iptables-save:

-A PREROUTING -p udp -m udp --dport 5060 -j CT --helper sip

But when I'm trying to check (-C) it I see such output:

sh# iptables -C PREROUTING -p udp -m udp --dport 5060 -j CT --helper sip
ip ...
Score: 2
mosquetero avatar
Can I change the default sysctl values in grub?
it flag

When using kernels older than 5.1, if a user creates a network namespace, it starts with the default sysctl values. Even if the root namespaces changed those values with sysctl, the new network namespaces will still use the default values.For example, proc/sys/net/ipv6/conf/all/forwarding is always 0 because that's the default value.

If I understand correctly, those are default values set by the kernel  ...

Score: 0
DJ B avatar
UPDATES not working on LINUX Maschine after changing iptables
xk flag

I am currently programming a web server. I have an FTP and an HTTP server running on that. Of course I am configuring iptables to optimize the Maschine, currently, I have the following rules.

iptables -P INPUT DROP
iptables -P FORWARD DROP
sudo iptables -A INPUT -m state –state ESTABLISHED,RELATED -j ACCEPT
sudo iptables -A INPUT -p tcp –dport 22 -j ACCEPT 
sudo iptables -A INPUT -p tcp –dpor ...
Score: 1
user2979044 avatar
ksoftirqd maxing out for network interfaces
ru flag

We have a Debian server with one link to the internal VLAN, and one to the external - both connect directly to the same switch.

On both links, we're intermittently seeing an unusually high amount of bad receive events, as well as high latency.

Kernel  Interface  table
Iface   MTU        Met    RX-OK       RX-ERR  RX-DRP     RX-OVR     TX-OK       TX-ERR  TX-DRP  TX-OVR  Flg
ethA    1500       0      8 ...
Score: 0
Debian 11 server not able to delete default gateway
cn flag

I am not able to delete the default gateway from my debian 11 server:-

peter@discovery:~$ sudo route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface         UG    0      0        0 enp6s0f0         U     1002   0        0 enp8s0         255 ...
Score: 1
Creating a custom filter for fail2ban
cn flag

I'm trying to create a custom jail and filter in fail2ban for motion stream http authentication. The log directory is /var/log/motion/motion.log and a failed login attempt generates:

[0:ml1] [ALR] [STR] [Nov 02 16:47:57] handle_basic_auth: motion-stream - failed auth attempt from

My custom jail in /etc/failban/jail.local looks like this:


enabled = true
port     = 8010
filt ...
Score: 0
Richard avatar
forward packets with iptables
ug flag

I would like to port forward all that enter to to

how can I do this with iptables in

I tried this, but didnt work:

iptables -A PREROUTING -t nat -i ens33 -p tcp --dport -j DNAT --to

iptables -A FORWARD -p tcp -d --dport 80 -j ACCEPT

Score: 0
How to configure new (DHCP configured) interface with non system default route using systemd/networkd?
jp flag

I am trying to configure Linux system, so during boot/adding new modem (visible as usb0 interface ) any software binding to modem interface (usb0) IP# will use offered by modem GW/routing instead of system default routing/GW. I am trying to use systemd/networkd, but as far without success :( below what I try:

Having /etc/systemd/network/ [1] which should configure interface with DHCP, se ...

Score: 0
jshen28 avatar
why adjusting socket buffer boosts PPS?
pw flag

I am using iperf3 to benchmark NIC (82599ES) performance (single port).

  • Ubuntu 18.04 with a self compiled 5.14.14 (from upstream stable git repo)
  • iperf3 3.1.3
  • 82599ES and jumbo frame enabled on switch
  • kernel parameters are more or less default

The command I am running is

# iperf3 -c <IP> -u -l 8000 -t 600 -i 1 -b 10G
[ ID] Interval           Transfer     Bandwidth       Total Datagrams
[  ...
Score: 2
Kruspe avatar
ifup eth0 - /etc/network/if-pre-up.d/iptables exec format error
cn flag

I am currently unable to bring eth0 up again at my Debian 10 vServer after my hosting provider was fixing some issues and restarted my container.

sudo service networking status will output:

ifup[378]: run-parts: failed to exec /etc/network/if-pre-up.d/iptables: Exec format error
ifup[378]: run-parts: /etc/network/if-pre-up.d/iptables exited with return code 1
ifup[378]: ifup: pre-up script failed
Score: 0
Setting static IP manually works - Using ansible gives me issues
my flag

so I have a couple raspberry pi's I'm trying to use as a cluster and I'm learning ansible to try and manage them easier. I'm running into an issue though. I can manually set the IP static using netctl but when I try to do it with ansible using the same exact commands I have issues. Also a weird note, the version that doesnt work, doesnt work on raspberry pi 4's but will work on raspberry pi b's.

Score: 0
jkjkjk avatar
ssh with WAN IP timeout
ru flag

I have trouble setting up ssh clone for gitea. I use port 2222:22 for the docker, and port forwarding is set up on my router. I could ssh git@localhost -p 2222, but could not ssh git@<public_ip> -p 2222 with error Connection timed out

I have checked the port forwarding work by launching a http server by python3 -m http.server 2222 and open http://<public_ip>:2222 and it works.

I am running ...

Score: 0
IP Tables forwarding issue
in flag

Thank you in advance for the assistance.

I have tried reading on here and searching but I can't seem to get it to work.

Computer A: Computer B:

I am trying to send a UDP message from .2 to .3 and changing the port. .2 will send a message on 1003 and i want .3 to accept it on 1004.

The code below is placed on the .3 computer

iptables -t nat -A PREROUTING -p udp -i eth0 -d 192.1 ...
Score: 0
networking default gateway, default route
ua flag

in ipv4 cidr notation you can have an ip address like

it's expanded to

network  :
first ip :
last ip  :
netmask  :

That means I have a usable ip range from on this subnet.

would be the default gateway for this subnet?