Questions tagged as ['networking']

Networking refers to the technologies and techniques that enable the interconnection of devices and applications allowing them to communicate electronically.
Score: 0
woosley. xu avatar
Port numbers reused after Reset
mx flag

Recently in our production Kubernetes cluster, we saw a lot of outbound reset connection, after some troubleshooting, we have below network flow captured.

Network Capture

we are really confused by this flow. in this flow.

  1. from localport 33890, a new connection is created and sync packet is send out
  2. for whatever reason, remote reset this connection.

then here comes the confusing part, all sync packs s ...

Score: 0
Setting tcp option to packet header
my flag

I'm trying to debug some networking issues and I'd like to add the "router alert" flag to some SYN packets that are being sent from my server. Is there a way to do that using iptables?

I'm looking at the mangle table but I couldn't find anything on adding arbitrary tcp header options to the packets. I imagine it would be something like iptables -t mangle -I OUTPUT -p tcp --dport 22 --tcp-flags SYN SY ...

Score: 1
Gompu avatar
Can't ping internal network namespace
ky flag

I have created two network namespaces, i.e., red and blue on centos machine as follows:

[root@ip-xxx-xxx-xxx-xxx ~]# ip netns add red
[root@ip-xxx-xxx-xxx-xxx ~]# ip netns add blue

[root@ip-xxx-xxx-xxx-xxx ~]# ip netns
blue
red

I have created the virtual cable 'veth-red' and 'veth-blue' and then connected them using the following command:

[root@ip-xxx-xxx-xxx-xxx ~]# ip link add veth-red type ve ...
Score: 0
PabPabPab avatar
Route traffic from tun0 to eth0 on certain ports
us flag

I'm having quite a headache on this one. It used to work but I just realized it does not work anymore. Possibly because after some update.

I have OpenVPN running with this config:

client
dev tun
proto udp
remote 45.152.181.35 1194
resolv-retry infinite
remote-random
nobind
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
persist-key
persist-tun
ping 15
ping-restart 0
ping-timer-rem
reneg-sec 0
comp-lzo no

 ...
Score: 0
Security issues with configuring default IP address(0.0.0.0) to ethernet interface
ca flag

In our linux embedded application we would like to keep available ports up and running and assigning with 0.0.0.0 IP address. In short we will be executing all ports with ifconfig ethX 0.0.0.0, and setting all IP address to virtual interfaces ethX:100 20.20.20.20 is there any security issues with configuring ethX to 0.0.0.0? Is there any other issue can be faced if we configure all IP address on virtual  ...

Score: 0
Norman Pellet avatar
netplan + libvirt - Should I set up virbr0 virtual bridge?
us flag

As far as I understand, the interfaces virbr0 and virbr0-nic are created and managed by libvirt.


● 4: virbr0
       Link File: /lib/systemd/network/99-default.link
    Network File: n/a
            Type: ether
           State: no-carrier (unmanaged)
          Driver: bridge
      HW Address: 52:54:00:0f:26:e6
         Address: 192.168.122.1

● 5: virbr0-nic
       Link File: /lib/systemd/netw ...
Score: -1
t09 avatar
KVM nat command line
wf flag
t09

What is the correct way to setup NAT networking between KVM vm and host?

KVM vm:

No firewall Installed

$ sudo arp-scan -r 5 -t 1000 --interface=eth0 --localnet

10.0.2.2     52:55:0a:00:02:02    locally administered
10.0.2.3     52:55:0a:00:02:03    locally administered

$ ip r

default via 10.0.2.2 dev eth0 proto dhcp metric 100
10.0.2.0/24 dev eth0 proto kernel scope link src 10.0.2.15 metric 100
Score: 1
Makoa avatar
Reverse proxy forwarding
sa flag

Could you help me?

sudo echo "1" > /proc/sys/net/ipv4/ip_forward
sudo iptables -t nat -A PREROUTING -p tcp --dport 443 -j DNAT --to-destination 1.1.1.1
sudo iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to-destination 2.2.2.2
sudo iptables -t nat -A POSTROUTING -j MASQUERADE

I am using these iptables rules to create loadbalancing servers. I am just distributing .mp4 and .mp3 contents, b ...

Score: 0
ke xu avatar
SSH forwarding works on local but fails for the remote
au flag

I made a port SSH local forwarding on a remote machine:

ssh -N -L 127.0.0.1:3388:127.0.0.1:22 localhost

it works on the remote machine itself:

telnet localhost 3388

returns

Trying 127.0.0.1...
Connected to 127.0.0.1.
Escape character is '^]'.
SSH-2.0-OpenSSH_7.4

However, when I use this forwarding from the local machine:

telnet remote.ip 3388

it fails:

Trying remote.ip...
telnet: Unable to conne ...
Score: 0
iptables doesn't redirect 443 to 8443 on local machine
cn flag

I want to redirect all the traffic from my computer from port 443 to port 8443. All the traffic is on the same machine. A proxy server is listening to port 8443 and i tried to add the following Rule:

sudo iptables -t nat -A PREROUTING -i wlp3s0 -p tcp --dport 443 -j REDIRECT --to-port 8443

But my proxy didn't get any package. wlp3s0 is my wifi adapter according to ifconfig. What did i wrong?

Score: 1
10gig link transfer speed slow between dell chassis m1000e blades
in flag

I have a dell chassis m1000e. All blades are connected internally with Dellm8024 10gbit switch.

I've SSD on blades. However, when i am testing the speed between the blades the maximum speed size is 120 MBp/s. I even cant get near 10 Gbit speed. I tried to configure manually MTU but had no luck.

What would be the possible reason for this low speed? Any ideas for troubleshooting?

Regards, Qasim Azam

 ...
Score: 0
jusschwa avatar
Transparently proxying to nodeport in kubernetes
in flag

I have a kubernetes set up with a pod containing the following containers:

  1. Squid container
  2. transocks (like redsocks); a transparent SOCKS proxy

I am running this in k3s locally on a linux PC and want to transparently proxy all outgoing traffic from the PC through this transparent proxy. So outgoing host traffic forced to the transocks port on the kubernetes pod. Right now it is not working, the co ...

Score: 0
CentOS 8: two external network adapters, two ISPs - routing problems
pr flag

Given: a CentOS 8-powered computer with three network adapters.

eth0, eth2: external, connected to two different ISPs
eth1: faces home network (intranet)

The task: allow accessing certain internal services from either ISP. There are several services, I only mention SSH below.

In the configs below:
IP1: external IP at first ISP (ISP1), assigned to eth0
Gateway1: IP of gateway provided by ISP1
Network1,N ...

Score: 0
moazanjum avatar
Stretch ISP links to virtual NGAF appliance hosted within HCI Cluster
in flag

Our existing network has two ISP links, connected to CISCO ISR4351 router

ISP1: (total 6 usable Live IPs) IP: 192.168.201.212 Subnet: 255.255.255.248 Gateway: 192.168.201.209

ISP2: IP: 172.20.28.236 Subnet: 255.255.255.248 Gateway: 172.20.28.233

Two ports GbE 1/0/1 & GbE 1/0/3 of cisco 9200 series switch (nick name: internet switch) are present in “Internet vLAN eg: vlan70” each port connected  ...

Score: 2
Dainii avatar
Conntrack, failed to NAT its own TCP packets from another VRF
us flag

I came across a tricky problem with source NAT when using multiple VRF on a Debian based router. It's a bit complex to explain, so I will try to be clear, but it will not be short, sorry for that. The problem should be easy to reproduce though.

To isolate the "management" part of the router (ssh and other services) from its router job (routing and NATing packets), I tried to set up the "mgmt" VRF ...

Score: 0
Chandan Hegde avatar
Does Throughput calculated adds up using multiple (all active) physical adaptor
pk flag

I had a network adaptor of speed 20Gbps. By stressing this adaptor using one of benchmarking tools (netperf is the tool which I used), I was able to get ~18Gbps which is well accepted.

Now, after installing one more adaptor of the same speed i.e. 20Gbps, and stressing both adaptors using the benchmarking tool, I was expecting ~36 to ~38Gbps. But still able to get the same ~18Gbps.

Does this mean, th ...

Score: 1
Vipin Menon avatar
How to properly clone packets with tee?
gy flag

Trying to understand the TEE module of iptables. Intend is trying to clone and send the same packet to 2 IPs

Tried the following

iptables -A INPUT -P tcp --dport 2003 -j TEE --gateway IP1
iptables -A INPUT -P tcp --dport 2003 -j TEE --gateway IP2

Does this tee the traffic to both gateways or only the 1st rule? running the command iptables -L -v shows the rules and packets getting counted against ...

Score: -2
trapp avatar
How to configure two addresses to access other frontends/port
cn flag

How do I configure two addresses to access other frontends / different ports, for example:

Address Mapping to
www.mysite.com/config (nodejs) localhost:3000
www.mysite.com/client (django) localhost:7000
Score: 0
xen bridge down following reconnect
in flag

My xen bridge was working fine before a USB/SATA cable got moved. None of my xen clients can ping the www.

root@NewInspiron15:/etc/xen# xl list
Name                                        ID   Mem VCPUs      State   Time(s)
Domain-0                                     0 32145     8     r-----     403.3
hvm-debian01.tradercoin                     2  8024     1     ------       7.5

root@NewInspiron1 ...
Score: 0
Gibran Sansadewa Asshadiqi avatar
Cannot access secondary router network (child network) from primary router network and internet
rs flag

The primary router is a Huawei F670 acquired from the ISP and the secondary router is in a NSA Sonicwall firewall.
Yes, I've read this post and this post yet I didn't understand a thing.

This is my simplified network architecture

I've already configured a Nat policy in the NSA that goes from the primary router(192.168.1.1, 123.11.123.11) to the server (10.1.0.125) on port xxxx and the reverse policy.
 ...

Score: 0
lowercase00 avatar
How do I define multiple routes in OpenVPN?
cn flag

I'm trying to set up a server to act as a gateway - basically it will deal with connections coming from a k8s cluster to the external world (mainly databases behind VPNs).

So I have the following setup: OpenVPN with specific routes, and HAProxy that act as gateway.

In my .opvn config file, I have something like this:

dev tun
persist-tun
persist-key
cipher AES-256-CBC
ncp-ciphers AES-256-GCM:AES-128-GCM
a ...
Score: 1
George G. avatar
Internal website over SSL VPN (F5 Network) session issue
us flag

We have F5 Networks SSL VPN setup and added some internal websites in F5 portal. One website works good, but the other one has session problem.

When I sign in to F5 portal, from there I go to internal website (which F5 redirects) [see the image here]1, then I can sign in into that website with X user, but then when I want to sign in with other user, it stills signs me in with X user not matter what user you write. Eve ...

Score: 0
Error in changing traffic classification of CAKE in OpenWrt
za flag

I am currently using OpenWrt (version: 19.07.7) on Virtual Box (version: 6.1).
As also having a Linux machine that I use, in order, to ssh into OpenWrt and route synthetic traffic to it.
And trying to change the traffic classification of the CAKE algorithm on OpenWrt using tc filter replace scripts.
Specifically, I have a loop of 10 iterations and, in each iteration, and commit a different mappin ...

Score: 0
comctimert avatar
How to create TCP proxy that supports multiple hosts?
jp flag

I would like to create a TCP proxy that supports multiple hosts. The example I saw was where a DNS server was used to point a specific host to a TCP proxy which had the host hardcoded in it. The TCP proxy can not handle multiple hosts because if all hosts were routed to the TCP proxy, the proxy would not know where to send the data to. Are there any ways to get around this issue?

Score: 1
rdowell avatar
USB networking setup between Android and embedded Linux
lk flag

I'm working on a project right now where we have an embedded Linux system running some sensor/motor control functionality, and we're creating a GUI application to allow the user to control the system. In the future we may run both applications on a single system, but for the time being, we want to be able to install this as an upgrade to existing machines, and the existing controller boards don't have  ...

Score: 0
Joe Lu avatar
Linux does not send arp reply
cn flag

I have an interface keeping receiving arp request but never respond. Can anyone help?

My interface ip is 192.168.40.2. enter image description here

enter image description here

The routing table looks good.

enter image description here

enter image description here

Score: 2
narotello avatar
Is there a way to obtain CPS and Thruoghput metrics in Linux?
aq flag

I want to analyze my Debian 9 server's network workload to detect some possible network overloads.

The main metrics I need to analyze are:

  • CPS (connections per second)
  • Throughput

Is there a way to obtain these metrics from within Linux?
I thought that CPS metric could be somehow obtained through conntrack NEW connections events but not sure that this would be the most proper way..

Sorry if obviou ...

Score: 0
Jazzy avatar
Not seeing a packet sent from a client to the server in Wireshark
cn flag

I am new to socket programming and have a couple of questions.

For the context, I have a server and client with each having a socket opened: the socket on the server is bounded to INADDR_ANY which from my understanding listens to connection requests from any network interface, and the socket on the client-side is connected to a loopback interface for the time being.

  1. With this config, client is con ...

Score: 1
Server isn't responding to pings routed via vpn
in flag

I've server and virtual machine on it. I'm hosting OpenVPN on this server. The virtual machine has two interfaces: ens18 - for public IP, ens19 - for an internal network. I'm trying to ping 10.2.0.3 (virtual machine ip on ens19) via VPN, but it's not responding. When I run tcpdump -i ens19 icmp on the virtual machine, its returning this:

tcpdump: verbose output suppressed, use -v or -vv for full protocol  ...
Score: 0
maar avatar
PfSense FreeBSD on OVH Public Instance - no internet connection
gb flag

I have no internet connectivity in freshly installed PfSense system.
Steps:

  1. I've created OVH instance with Ubuntu and I mounted mfsbsd image.
  2. After booting to mfsbsd there was also internet problem. Couldn't download anything or ping at all.
  3. I copied PfSense image through SSH using local network.
  4. I installed PfSense with UFS BIOS option.
  5. Using OVH console I can see that PfSense booted properly after r ...