Questions tagged as ['networking']
Recently in our production Kubernetes cluster, we saw a lot of outbound reset connection, after some troubleshooting, we have below network flow captured.
we are really confused by this flow. in this flow.
- from localport 33890, a new connection is created and sync packet is send out
- for whatever reason, remote reset this connection.
then here comes the confusing part, all sync packs s ...
I'm trying to debug some networking issues and I'd like to add the "router alert" flag to some SYN packets that are being sent from my server. Is there a way to do that using iptables?
I'm looking at the mangle table but I couldn't find anything on adding arbitrary tcp header options to the packets. I imagine it would be something like
iptables -t mangle -I OUTPUT -p tcp --dport 22 --tcp-flags SYN SY ...
I have created two network namespaces, i.e., red and blue on centos machine as follows:
[root@ip-xxx-xxx-xxx-xxx ~]# ip netns add red [root@ip-xxx-xxx-xxx-xxx ~]# ip netns add blue [root@ip-xxx-xxx-xxx-xxx ~]# ip netns blue red
I have created the virtual cable 'veth-red' and 'veth-blue' and then connected them using the following command:
[root@ip-xxx-xxx-xxx-xxx ~]# ip link add veth-red type ve ...
I'm having quite a headache on this one. It used to work but I just realized it does not work anymore. Possibly because after some update.
I have OpenVPN running with this config:
client dev tun proto udp remote 126.96.36.199 1194 resolv-retry infinite remote-random nobind tun-mtu 1500 tun-mtu-extra 32 mssfix 1450 persist-key persist-tun ping 15 ping-restart 0 ping-timer-rem reneg-sec 0 comp-lzo no ...
In our linux embedded application we would like to keep available ports up and running and assigning with
0.0.0.0 IP address. In short we will be executing all ports with
ifconfig ethX 0.0.0.0, and setting all IP address to virtual interfaces
ethX:100 188.8.131.52 is there any security issues with configuring ethX to 0.0.0.0? Is there any other issue can be faced if we configure all IP address on virtual ...
As far as I understand, the interfaces virbr0 and virbr0-nic are created and managed by libvirt.
● 4: virbr0 Link File: /lib/systemd/network/99-default.link Network File: n/a Type: ether State: no-carrier (unmanaged) Driver: bridge HW Address: 52:54:00:0f:26:e6 Address: 192.168.122.1 ● 5: virbr0-nic Link File: /lib/systemd/netw ...
What is the correct way to setup NAT networking between KVM vm and host?
No firewall Installed
$ sudo arp-scan -r 5 -t 1000 --interface=eth0 --localnet
10.0.2.2 52:55:0a:00:02:02 locally administered 10.0.2.3 52:55:0a:00:02:03 locally administered
$ ip r
default via 10.0.2.2 dev eth0 proto dhcp metric 100 10.0.2.0/24 dev eth0 proto kernel scope link src 10.0.2.15 metric 100
Could you help me?
sudo echo "1" > /proc/sys/net/ipv4/ip_forward sudo iptables -t nat -A PREROUTING -p tcp --dport 443 -j DNAT --to-destination 184.108.40.206 sudo iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to-destination 220.127.116.11 sudo iptables -t nat -A POSTROUTING -j MASQUERADE
I am using these iptables rules to create loadbalancing servers. I am just distributing .mp4 and .mp3 contents, b ...
I made a port SSH local forwarding on a remote machine:
ssh -N -L 127.0.0.1:3388:127.0.0.1:22 localhost
it works on the remote machine itself:
telnet localhost 3388
Trying 127.0.0.1... Connected to 127.0.0.1. Escape character is '^]'. SSH-2.0-OpenSSH_7.4
However, when I use this forwarding from the local machine:
telnet remote.ip 3388
Trying remote.ip... telnet: Unable to conne ...
I want to redirect all the traffic from my computer from port 443 to port 8443. All the traffic is on the same machine. A proxy server is listening to port 8443 and i tried to add the following Rule:
sudo iptables -t nat -A PREROUTING -i wlp3s0 -p tcp --dport 443 -j REDIRECT --to-port 8443
But my proxy didn't get any package. wlp3s0 is my wifi adapter according to ifconfig. What did i wrong?
I have a dell chassis m1000e. All blades are connected internally with Dellm8024 10gbit switch.
I've SSD on blades. However, when i am testing the speed between the blades the maximum speed size is 120 MBp/s. I even cant get near 10 Gbit speed. I tried to configure manually MTU but had no luck.
What would be the possible reason for this low speed? Any ideas for troubleshooting?
Regards, Qasim Azam...
I have a kubernetes set up with a pod containing the following containers:
- Squid container
- transocks (like redsocks); a transparent SOCKS proxy
I am running this in k3s locally on a linux PC and want to transparently proxy all outgoing traffic from the PC through this transparent proxy. So outgoing host traffic forced to the transocks port on the kubernetes pod. Right now it is not working, the co ...
Given: a CentOS 8-powered computer with three network adapters.
eth0, eth2: external, connected to two different ISPs
eth1: faces home network (intranet)
The task: allow accessing certain internal services from either ISP. There are several services, I only mention SSH below.
In the configs below:
IP1: external IP at first ISP (ISP1), assigned to eth0
Gateway1: IP of gateway provided by ISP1
Our existing network has two ISP links, connected to CISCO ISR4351 router
ISP1: (total 6 usable Live IPs) IP: 192.168.201.212 Subnet: 255.255.255.248 Gateway: 192.168.201.209
ISP2: IP: 172.20.28.236 Subnet: 255.255.255.248 Gateway: 172.20.28.233
Two ports GbE 1/0/1 & GbE 1/0/3 of cisco 9200 series switch (nick name: internet switch) are present in “Internet vLAN eg: vlan70” each port connected ...
I came across a tricky problem with source NAT when using multiple VRF on a Debian based router. It's a bit complex to explain, so I will try to be clear, but it will not be short, sorry for that. The problem should be easy to reproduce though.
To isolate the "management" part of the router (ssh and other services) from its router job (routing and NATing packets), I tried to set up the "mgmt" VRF ...
I had a network adaptor of speed 20Gbps. By stressing this adaptor using one of benchmarking tools (netperf is the tool which I used), I was able to get ~18Gbps which is well accepted.
Now, after installing one more adaptor of the same speed i.e. 20Gbps, and stressing both adaptors using the benchmarking tool, I was expecting ~36 to ~38Gbps. But still able to get the same ~18Gbps.
Does this mean, th ...
Trying to understand the
TEE module of iptables.
Intend is trying to clone and send the same packet to 2 IPs
Tried the following
iptables -A INPUT -P tcp --dport 2003 -j TEE --gateway IP1 iptables -A INPUT -P tcp --dport 2003 -j TEE --gateway IP2
tee the traffic to both gateways or only the 1st rule?
running the command
iptables -L -v shows the rules and packets getting counted against ...
My xen bridge was working fine before a USB/SATA cable got moved. None of my xen clients can ping the www.
root@NewInspiron15:/etc/xen# xl list Name ID Mem VCPUs State Time(s) Domain-0 0 32145 8 r----- 403.3 hvm-debian01.tradercoin 2 8024 1 ------ 7.5 root@NewInspiron1 ...
I've already configured a Nat policy in the NSA that goes from the primary router(192.168.1.1, 18.104.22.168) to the server (10.1.0.125) on port xxxx and the reverse policy.
I'm trying to set up a server to act as a gateway - basically it will deal with connections coming from a k8s cluster to the external world (mainly databases behind VPNs).
So I have the following setup: OpenVPN with specific routes, and HAProxy that act as gateway.
In my .opvn config file, I have something like this:
dev tun persist-tun persist-key cipher AES-256-CBC ncp-ciphers AES-256-GCM:AES-128-GCM a ...
We have F5 Networks SSL VPN setup and added some internal websites in F5 portal. One website works good, but the other one has session problem.
When I sign in to F5 portal, from there I go to internal website (which F5 redirects) 1, then I can sign in into that website with X user, but then when I want to sign in with other user, it stills signs me in with X user not matter what user you write. Eve ...
I am currently using OpenWrt (version: 19.07.7) on Virtual Box (version: 6.1).
As also having a Linux machine that I use, in order, to ssh into OpenWrt and route synthetic traffic to it.
And trying to change the traffic classification of the CAKE algorithm on OpenWrt using
tc filter replace scripts.
Specifically, I have a loop of 10 iterations and, in each iteration, and commit a different mappin ...
I would like to create a TCP proxy that supports multiple hosts. The example I saw was where a DNS server was used to point a specific host to a TCP proxy which had the host hardcoded in it. The TCP proxy can not handle multiple hosts because if all hosts were routed to the TCP proxy, the proxy would not know where to send the data to. Are there any ways to get around this issue?
I'm working on a project right now where we have an embedded Linux system running some sensor/motor control functionality, and we're creating a GUI application to allow the user to control the system. In the future we may run both applications on a single system, but for the time being, we want to be able to install this as an upgrade to existing machines, and the existing controller boards don't have ...
I want to analyze my Debian 9 server's network workload to detect some possible network overloads.
The main metrics I need to analyze are:
- CPS (connections per second)
Is there a way to obtain these metrics from within Linux?
I thought that CPS metric could be somehow obtained through conntrack
NEW connections events but not sure that this would be the most proper way..
Sorry if obviou ...
I am new to socket programming and have a couple of questions.
For the context, I have a server and client with each having a socket opened: the socket on the server is bounded to
INADDR_ANY which from my understanding listens to connection requests from any network interface, and the socket on the client-side is connected to a loopback interface for the time being.
With this config, client is con ...
I've server and virtual machine on it. I'm hosting OpenVPN on this server. The virtual machine has two interfaces: ens18 - for public IP, ens19 - for an internal network. I'm trying to ping 10.2.0.3 (virtual machine ip on ens19) via VPN, but it's not responding. When I run
tcpdump -i ens19 icmp on the virtual machine, its returning this:
tcpdump: verbose output suppressed, use -v or -vv for full protocol ...
I have no internet connectivity in freshly installed PfSense system.
- I've created OVH instance with Ubuntu and I mounted
- After booting to
mfsbsdthere was also internet problem. Couldn't download anything or ping at all.
- I copied PfSense image through SSH using local network.
- I installed PfSense with
UFS BIOS option.
- Using OVH console I can see that PfSense booted properly after r ...