SIOCADDRT: Network is unreachable when trying to add route - networking
Here is the ifconfig from Ubuntu:
eno1: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
ether ac:1f:6b:3c:60:c4 txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
eno2: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 10.134.50.124 netmask 255.255.255.0 broadcast 10.134.50.255
inet6 fe80::c94e:c0f0:2149:ce10 prefixlen 64 scopeid 0x20<link>
ether ac:1f:6b:3c:60:c5 txqueuelen 1000 (Ethernet)
RX packets 116239544 bytes 98775856318 (98.7 GB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 38366240 bytes 7250711499 (7.2 GB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 1094335 bytes 262320880 (262.3 MB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 1094335 bytes 262320880 (262.3 MB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
virbr0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
inet 192.168.122.1 netmask 255.255.255.0 broadcast 192.168.122.255
ether 52:54:00:f9:60:b6 txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
vmnet1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.16.212.1 netmask 255.255.255.0 broadcast 172.16.212.255
inet6 fe80::54af:eff1:f932:d2b8 prefixlen 64 scopeid 0x20<link>
ether 00:50:56:c0:00:01 txqueuelen 1000 (Ethernet)
RX packets 4002 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 151408 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
vmnet8: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.36.1 netmask 255.255.255.0 broadcast 192.168.36.255
inet6 fe80::bba6:8b54:ddcf:8499 prefixlen 64 scopeid 0x20<link>
ether 00:50:56:c0:00:08 txqueuelen 1000 (Ethernet)
RX packets 4214 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 152463 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
Here is the ipconfig from Windows (with Cygwin):
Windows IP Configuration
Ethernet adapter Ethernet:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : cwnow.local
Ethernet adapter VirtualBox Host-Only Network:
Connection-specific DNS Suffix . :
Link-local IPv6 Address . . . . . : fe80::d8fb:7a9d:b018:8399%20
IPv4 Address. . . . . . . . . . . : 192.168.56.1
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
Ethernet adapter Npcap Loopback Adapter:
Connection-specific DNS Suffix . :
Link-local IPv6 Address . . . . . : fe80::927:546c:aa9d:f57e%19
Autoconfiguration IPv4 Address. . : 169.254.245.126
Subnet Mask . . . . . . . . . . . : 255.255.0.0
Default Gateway . . . . . . . . . :
Wireless LAN adapter Local Area Connection* 1:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Wireless LAN adapter Local Area Connection* 3:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Ethernet adapter VMware Network Adapter VMnet1:
Connection-specific DNS Suffix . :
Link-local IPv6 Address . . . . . : fe80::a941:328d:af54:6a14%12
IPv4 Address. . . . . . . . . . . : 192.168.146.1
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
Ethernet adapter VMware Network Adapter VMnet8:
Connection-specific DNS Suffix . :
Link-local IPv6 Address . . . . . : fe80::9ed:bfc8:373c:3ce6%2
IPv4 Address. . . . . . . . . . . : 192.168.195.1
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
Wireless LAN adapter Wi-Fi:
Connection-specific DNS Suffix . :
Link-local IPv6 Address . . . . . : fe80::fcfd:d9cc:e5ba:3c31%13
IPv4 Address. . . . . . . . . . . : 10.134.52.220
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 10.134.52.196
Ethernet adapter Bluetooth Network Connection:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
When I am on the Windows machine, I can ping the Ubuntu machine:
$ ping -c 3 10.134.50.124
PING 10.134.50.124 (10.134.50.124): 56 data bytes
64 bytes from 10.134.50.124: icmp_seq=0 ttl=62 time=3.011 ms
64 bytes from 10.134.50.124: icmp_seq=1 ttl=62 time=4.598 ms
64 bytes from 10.134.50.124: icmp_seq=2 ttl=62 time=2.967 ms
--- 10.134.50.124 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max/stddev = 2.967/3.525/4.598/0.759 ms
But I cannot ping the Windows machine from the Ubuntu machine:
$ ping -c 3 10.134.52.220
PING 10.134.52.220 (10.134.52.220) 56(84) bytes of data.
--- 10.134.52.220 ping statistics ---
3 packets transmitted, 0 received, 100% packet loss, time 2080ms
I attempted some route commands on the Ubuntu machine, but had no success:
$ route add -host 10.134.52.220 gw 10.134.52.196
SIOCADDRT: Operation not permitted
$ route add -host 10.134.52.220 gw 10.134.52.196 netmask 255.255.248.0
route: netmask 000007ff doesn't make sense with host route
$ route add -host 10.134.52.220/24 gw 10.134.52.196
route: netmask 000000ff doesn't make sense with host route
$ route add -host 10.134.52.220/21 gw 10.134.52.196
route: netmask 000007ff doesn't make sense with host route
Here is the route table on Ubuntu:
$ netstat -ar
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
default _gateway 0.0.0.0 UG 0 0 0 eno2
10.134.50.0 0.0.0.0 255.255.255.0 U 0 0 0 eno2
10.134.52.220 _gateway 255.255.255.255 UGH 0 0 0 eno2
link-local 0.0.0.0 255.255.0.0 U 0 0 0 eno2
172.16.212.0 0.0.0.0 255.255.255.0 U 0 0 0 vmnet1
192.168.36.0 0.0.0.0 255.255.255.0 U 0 0 0 vmnet8
192.168.122.0 0.0.0.0 255.255.255.0 U 0 0 0 virbr0
Here is the route table on Windows:
$ netstat -ar
===========================================================================
Interface List
23...8c 16 45 26 ae 98 ......Intel(R) Ethernet Connection (5) I219-LM
20...0a 00 27 00 00 14 ......VirtualBox Host-Only Ethernet Adapter
19...02 00 4c 4f 4f 50 ......Npcap Loopback Adapter
4...76 e5 f9 dd 66 34 ......Microsoft Wi-Fi Direct Virtual Adapter
7...74 e5 f9 dd 66 35 ......Microsoft Wi-Fi Direct Virtual Adapter #2
12...00 50 56 c0 00 01 ......VMware Virtual Ethernet Adapter for VMnet1
2...00 50 56 c0 00 08 ......VMware Virtual Ethernet Adapter for VMnet8
13...74 e5 f9 dd 66 34 ......Intel(R) Dual Band Wireless-AC 8265
11...74 e5 f9 dd 66 38 ......Bluetooth Device (Personal Area Network)
1...........................Software Loopback Interface 1
===========================================================================
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 10.134.52.196 10.134.52.220 50
10.134.52.0 255.255.255.0 On-link 10.134.52.220 306
10.134.52.220 255.255.255.255 On-link 10.134.52.220 306
10.134.52.255 255.255.255.255 On-link 10.134.52.220 306
127.0.0.0 255.0.0.0 On-link 127.0.0.1 331
127.0.0.1 255.255.255.255 On-link 127.0.0.1 331
127.255.255.255 255.255.255.255 On-link 127.0.0.1 331
169.254.0.0 255.255.0.0 On-link 169.254.245.126 281
169.254.245.126 255.255.255.255 On-link 169.254.245.126 281
169.254.255.255 255.255.255.255 On-link 169.254.245.126 281
192.168.56.0 255.255.255.0 On-link 192.168.56.1 281
192.168.56.1 255.255.255.255 On-link 192.168.56.1 281
192.168.56.255 255.255.255.255 On-link 192.168.56.1 281
192.168.146.0 255.255.255.0 On-link 192.168.146.1 291
192.168.146.1 255.255.255.255 On-link 192.168.146.1 291
192.168.146.255 255.255.255.255 On-link 192.168.146.1 291
192.168.195.0 255.255.255.0 On-link 192.168.195.1 291
192.168.195.1 255.255.255.255 On-link 192.168.195.1 291
192.168.195.255 255.255.255.255 On-link 192.168.195.1 291
224.0.0.0 240.0.0.0 On-link 127.0.0.1 331
224.0.0.0 240.0.0.0 On-link 192.168.56.1 281
224.0.0.0 240.0.0.0 On-link 192.168.146.1 291
224.0.0.0 240.0.0.0 On-link 192.168.195.1 291
224.0.0.0 240.0.0.0 On-link 169.254.245.126 281
224.0.0.0 240.0.0.0 On-link 10.134.52.220 306
255.255.255.255 255.255.255.255 On-link 127.0.0.1 331
255.255.255.255 255.255.255.255 On-link 192.168.56.1 281
255.255.255.255 255.255.255.255 On-link 192.168.146.1 291
255.255.255.255 255.255.255.255 On-link 192.168.195.1 291
255.255.255.255 255.255.255.255 On-link 169.254.245.126 281
255.255.255.255 255.255.255.255 On-link 10.134.52.220 306
===========================================================================
Persistent Routes:
None
IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 331 ::1/128 On-link
20 281 fe80::/64 On-link
12 291 fe80::/64 On-link
2 291 fe80::/64 On-link
19 281 fe80::/64 On-link
13 306 fe80::/64 On-link
19 281 fe80::927:546c:aa9d:f57e/128
On-link
2 291 fe80::9ed:bfc8:373c:3ce6/128
On-link
12 291 fe80::a941:328d:af54:6a14/128
On-link
20 281 fe80::d8fb:7a9d:b018:8399/128
On-link
13 306 fe80::fcfd:d9cc:e5ba:3c31/128
On-link
1 331 ff00::/8 On-link
20 281 ff00::/8 On-link
12 291 ff00::/8 On-link
2 291 ff00::/8 On-link
19 281 ff00::/8 On-link
13 306 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
What route command do I need so the Ubuntu can reach the Windows machine?
Related
Upload speed very slow in Ubuntu 18.04.6 while download speed is normal
I bought a new 1GB/ps server from OneProvider and installed Ubuntu 18.04.6 on it. The upload speed from ssh or FTP is very good, but the download speed is about 100kb/s from ssh, FTP and I tried to install Nginx and download from it but it's also about 100kb/ps. All attempts from more than 5 devices from different locations some of these tried were from another server in the same network with (wget) but all attempts did not exceed the speed of 150kb/s. this is (ip a) output : 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever 2: eno1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000 link/ether d4:ae:52:ca:0f:6e brd ff:ff:ff:ff:ff:ff inet (serverip)/24 brd 62.210.207.255 scope global eno1 valid_lft forever preferred_lft forever inet6 fe80::d6ae:52ff:feca:f6e/64 scope link valid_lft forever preferred_lft forever 3: eno2: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000 link/ether d4:ae:52:ca:0f:6f brd ff:ff:ff:ff:ff:ff (ethtool eno1)output : Settings for eno1: Supported ports: [ TP ] Supported link modes: 10baseT/Half 10baseT/Full 100baseT/Half 100baseT/Full 1000baseT/Full Supported pause frame use: No Supports auto-negotiation: Yes Supported FEC modes: Not reported Advertised link modes: 10baseT/Half 10baseT/Full 100baseT/Half 100baseT/Full 1000baseT/Full Advertised pause frame use: No Advertised auto-negotiation: Yes Advertised FEC modes: Not reported Speed: 1000Mb/s Duplex: Full Port: Twisted Pair PHYAD: 1 Transceiver: internal Auto-negotiation: on MDI-X: on Supports Wake-on: g Wake-on: d Link detected: yes (ethtool -S eno1)output : NIC statistics: rx_bytes: 67518474469 rx_error_bytes: 0 tx_bytes: 1939892582744 tx_error_bytes: 0 rx_ucast_packets: 457688996 rx_mcast_packets: 1105671 rx_bcast_packets: 743858 tx_ucast_packets: 1341579130 tx_mcast_packets: 12 tx_bcast_packets: 4 tx_mac_errors: 0 tx_carrier_errors: 0 rx_crc_errors: 0 rx_align_errors: 0 tx_single_collisions: 0 tx_multi_collisions: 0 tx_deferred: 0 tx_excess_collisions: 0 tx_late_collisions: 0 tx_total_collisions: 0 rx_fragments: 0 rx_jabbers: 0 rx_undersize_packets: 0 rx_oversize_packets: 0 rx_64_byte_packets: 4346996 rx_65_to_127_byte_packets: 430360977 rx_128_to_255_byte_packets: 1072678 rx_256_to_511_byte_packets: 420201 rx_512_to_1023_byte_packets: 250311 rx_1024_to_1522_byte_packets: 23087362 rx_1523_to_9022_byte_packets: 0 tx_64_byte_packets: 899130 tx_65_to_127_byte_packets: 11634758 tx_128_to_255_byte_packets: 2699608 tx_256_to_511_byte_packets: 3443633 tx_512_to_1023_byte_packets: 7211982 tx_1024_to_1522_byte_packets: 1315690035 tx_1523_to_9022_byte_packets: 0 rx_xon_frames: 0 rx_xoff_frames: 0 tx_xon_frames: 0 tx_xoff_frames: 0 rx_mac_ctrl_frames: 0 rx_filtered_packets: 113311 rx_ftq_discards: 0 rx_discards: 0 rx_fw_discards: 0 (ifconfig eno1 |grep errors) output : RX errors 0 dropped 93 overruns 0 frame 0 TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 (lshw -C network) output : *-network:0 description: Ethernet interface product: NetXtreme II BCM5716 Gigabit Ethernet vendor: Broadcom Inc. and subsidiaries physical id: 0 bus info: pci#0000:01:00.0 logical name: eno1 version: 20 serial: d4:ae:52:ca:0f:6e size: 1Gbit/s capacity: 1Gbit/s width: 64 bits clock: 33MHz capabilities: pm vpd msi msix pciexpress bus_master cap_list ethernet physical tp 10bt 10bt-fd 100bt 100bt-fd 1000bt-fd autonegotiation configuration: autonegotiation=on broadcast=yes driver=bnx2 driverversion=2.2.6 duplex=full firmware=7.4.8 bc 7.4.0 NCSI 2.0.11 ip=(serverip) latency=0 link=yes multicast=yes port=twisted pair speed=1Gbit/s resources: irq:16 memory:c0000000-c1ffffff *-network:1 DISABLED description: Ethernet interface product: NetXtreme II BCM5716 Gigabit Ethernet vendor: Broadcom Inc. and subsidiaries physical id: 0.1 bus info: pci#0000:01:00.1 logical name: eno2 version: 20 serial: d4:ae:52:ca:0f:6f capacity: 1Gbit/s width: 64 bits clock: 33MHz capabilities: pm vpd msi msix pciexpress bus_master cap_list ethernet physical tp 10bt 10bt-fd 100bt 100bt-fd 1000bt-fd autonegotiation configuration: autonegotiation=on broadcast=yes driver=bnx2 driverversion=2.2.6 duplex=half firmware=7.4.8 bc 7.4.0 NCSI 2.0.11 latency=0 link=no multicast=yes port=twisted pair resources: irq:17 memory:c2000000-c3ffffff
https and http working on local network but only http working outside local network
I'm developing a website. Once when I had Windows 10 + XAMPP + Cloudflare-flexible-ssl I could access my website from outside local network with the lock icon appearing in the browsers and https working like a charm (dispite this solution not being secure between my home-server and cloudflare's end). Now I'm using Ubuntu 20.04 + NGINX + self-made ssl certificate with certbot. It is working like a charm from local network but when I try to access my domain from outside my local network I end up with HTTP working fine but HTTPS stuck with ERR_CONNECTION_TIME_OUT or ERR_CONNECTION_REFUSED, mostly after an page loading that takes very long and never ends.
sudo netstat -an | grep "LISTEN "
tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.53:53 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:46285 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:33060 0.0.0.0:* LISTEN
tcp6 0 0 :::22 :::* LISTEN
nmap -sT mydomain.com
Starting Nmap 7.80 ( https://nmap.org ) at 2022-08-31 19:03 -03
Nmap scan report for mydomain.com (127.0.0.1)
Host is up (0.00014s latency).
rDNS record for 127.0.0.1: localhost
Not shown: 996 closed ports
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
443/tcp open https
3306/tcp open mysql
nmap -sT my.ipv4.public.ip(192.XX.XXX.XXX)
Starting Nmap 7.80 ( https://nmap.org ) at 2022-08-31 19:11 -03
Nmap scan report for 191-055-235-169.xd-dynamic.algartelecom.com.br (my.ipv4.public.ip)
Host is up (0.0018s latency).
Not shown: 998 filtered ports
PORT STATE SERVICE
80/tcp open http
443/tcp open https
sudo iptables -L -vn
Chain INPUT (policy DROP 153 packets, 25075 bytes)
pkts bytes target prot opt in out source destination
5282 638K f2b-sshd tcp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 22
50363 4662K ufw-before-logging-input all -- * * 0.0.0.0/0 0.0.0.0/0
50363 4662K ufw-before-input all -- * * 0.0.0.0/0 0.0.0.0/0
14107 1158K ufw-after-input all -- * * 0.0.0.0/0 0.0.0.0/0
153 25075 ufw-after-logging-input all -- * * 0.0.0.0/0 0.0.0.0/0
153 25075 ufw-reject-input all -- * * 0.0.0.0/0 0.0.0.0/0
153 25075 ufw-track-input all -- * * 0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 ufw-before-logging-forward all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ufw-before-forward all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ufw-after-forward all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ufw-after-logging-forward all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ufw-reject-forward all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ufw-track-forward all -- * * 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT 7 packets, 316 bytes)
pkts bytes target prot opt in out source destination
24573 61M ufw-before-logging-output all -- * * 0.0.0.0/0 0.0.0.0/0
24573 61M ufw-before-output all -- * * 0.0.0.0/0 0.0.0.0/0
2315 144K ufw-after-output all -- * * 0.0.0.0/0 0.0.0.0/0
2315 144K ufw-after-logging-output all -- * * 0.0.0.0/0 0.0.0.0/0
2315 144K ufw-reject-output all -- * * 0.0.0.0/0 0.0.0.0/0
2315 144K ufw-track-output all -- * * 0.0.0.0/0 0.0.0.0/0
Chain f2b-sshd (1 references)
pkts bytes target prot opt in out source destination
31 1804 REJECT all -- * * 151.63.97.42 0.0.0.0/0 reject-with icmp-port-unreachable
20 1648 REJECT all -- * * 70.51.16.212 0.0.0.0/0 reject-with icmp-port-unreachable
211 18552 REJECT all -- * * 110.42.190.60 0.0.0.0/0 reject-with icmp-port-unreachable
5020 616K RETURN all -- * * 0.0.0.0/0 0.0.0.0/0
Chain ufw-after-forward (1 references)
pkts bytes target prot opt in out source destination
Chain ufw-after-input (1 references)
pkts bytes target prot opt in out source destination
70 5460 ufw-skip-to-policy-input udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:137
42 9213 ufw-skip-to-policy-input udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:138
0 0 ufw-skip-to-policy-input tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:139
0 0 ufw-skip-to-policy-input tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:445
0 0 ufw-skip-to-policy-input udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:67
0 0 ufw-skip-to-policy-input udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:68
13842 1119K ufw-skip-to-policy-input all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type BROADCAST
Chain ufw-after-logging-forward (1 references)
pkts bytes target prot opt in out source destination
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW BLOCK] "
Chain ufw-after-logging-input (1 references)
pkts bytes target prot opt in out source destination
146 20965 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW BLOCK] "
Chain ufw-after-logging-output (1 references)
pkts bytes target prot opt in out source destination
Chain ufw-after-output (1 references)
pkts bytes target prot opt in out source destination
Chain ufw-before-forward (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmptype 3
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmptype 11
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmptype 12
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmptype 8
0 0 ufw-user-forward all -- * * 0.0.0.0/0 0.0.0.0/0
Chain ufw-before-input (1 references)
pkts bytes target prot opt in out source destination
10280 1340K ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
24083 2022K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
0 0 ufw-logging-deny all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate INVALID
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate INVALID
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmptype 3
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmptype 11
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmptype 12
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmptype 8
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp spt:67 dpt:68
16000 1300K ufw-not-local all -- * * 0.0.0.0/0 0.0.0.0/0
1836 138K ACCEPT udp -- * * 0.0.0.0/0 224.0.0.251 udp dpt:5353
0 0 ACCEPT udp -- * * 0.0.0.0/0 239.255.255.250 udp dpt:1900
14164 1162K ufw-user-input all -- * * 0.0.0.0/0 0.0.0.0/0
Chain ufw-before-logging-forward (1 references)
pkts bytes target prot opt in out source destination
Chain ufw-before-logging-input (1 references)
pkts bytes target prot opt in out source destination
Chain ufw-before-logging-output (1 references)
pkts bytes target prot opt in out source destination
Chain ufw-before-output (1 references)
pkts bytes target prot opt in out source destination
10282 1340K ACCEPT all -- * lo 0.0.0.0/0 0.0.0.0/0
11976 60M ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
2315 144K ufw-user-output all -- * * 0.0.0.0/0 0.0.0.0/0
Chain ufw-logging-allow (0 references)
pkts bytes target prot opt in out source destination
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW ALLOW] "
Chain ufw-logging-deny (2 references)
pkts bytes target prot opt in out source destination
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate INVALID limit: avg 3/min burst 10
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW BLOCK] "
Chain ufw-not-local (1 references)
pkts bytes target prot opt in out source destination
210 28471 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type LOCAL
1836 138K RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type MULTICAST
13954 1133K RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type BROADCAST
0 0 ufw-logging-deny all -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 10
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain ufw-reject-forward (1 references)
pkts bytes target prot opt in out source destination
Chain ufw-reject-input (1 references)
pkts bytes target prot opt in out source destination
Chain ufw-reject-output (1 references)
pkts bytes target prot opt in out source destination
Chain ufw-skip-to-policy-forward (0 references)
pkts bytes target prot opt in out source destination
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain ufw-skip-to-policy-input (7 references)
pkts bytes target prot opt in out source destination
13954 1133K DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain ufw-skip-to-policy-output (0 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
Chain ufw-track-forward (1 references)
pkts bytes target prot opt in out source destination
Chain ufw-track-input (1 references)
pkts bytes target prot opt in out source destination
Chain ufw-track-output (1 references)
pkts bytes target prot opt in out source destination
2112 127K ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 ctstate NEW
196 16547 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 ctstate NEW
Chain ufw-user-forward (1 references)
pkts bytes target prot opt in out source destination
Chain ufw-user-input (1 references)
pkts bytes target prot opt in out source destination
45 2732 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22
9 492 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
3 172 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:443
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:1701
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:1701
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:443
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:443
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 80,443
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 80,443 /* 'dapp_Nginx%20Full' */
Chain ufw-user-limit (0 references)
pkts bytes target prot opt in out source destination
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 5 LOG flags 0 level 4 prefix "[UFW LIMIT BLOCK] "
0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable
Chain ufw-user-limit-accept (0 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
Chain ufw-user-logging-forward (0 references)
pkts bytes target prot opt in out source destination
Chain ufw-user-logging-input (0 references)
pkts bytes target prot opt in out source destination
Chain ufw-user-logging-output (0 references)
pkts bytes target prot opt in out source destination
Chain ufw-user-output (1 references)
pkts bytes target prot opt in out source destination
sudo nano /etc/nginx/sites-available/mydomain.com.conf
map $http_origin $allow_origin {
~^https?://(.*\.)?lojascolmeia.com.br(:\d+)?$ $http_origin;
~^https?://(.*\.)?localhost(:\d+)?$ $http_origin;
default "";
}
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
upstream wsbackend {
server localhost:2020;
}
server {
# gzip Settings
#should add!!!: gzip_static on;
gzip on;
gzip_disable "msie6";
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_buffers 16 8k;
gzip_http_version 1.1;
gzip_types text/plain text/css application/json application/x-javascript application/javascript text/xml application/xml application/xml+rss text/javascript;
# cache-control
# Media: images, icons, video, audio, HTC
location ~* \.(?:jpg|jpeg|gif|png|ico|cur|gz|svg|svgz|mp4|mp3|ogg|ogv|webm|htc|woff2|woff|webp|webm|ttf|)$ {
expires 1M;
access_log off;
# max-age must be in seconds
add_header Cache-Control "max-age=8380800, public";
}
# CSS and Javascript
location ~* \.(?:css|js)$ {
expires 1y;
access_log off;
add_header Cache-Control "max-age=8380800, public";
}
server_name _ mydomain.com;
error_page 500 502 503 504 /50x.html;
index index.php;
root /var/www/html/mydomain;
access_log /var/www/html/logs/nginx_access.log;
error_log /var/www/html/logs/nginx_error.log;
# HEADERS
add_header 'Access-Control-Allow-Origin' $allow_origin;
# content-security-policy
add_header X-Frame-Options SAMEORIGIN always;
add_header X-Content-Type-Options nosniff always;
add_header X-XSS-Protection "1; mode=block" always;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ /index.php?goto=$uri&$args;
}
client_max_body_size 100M;
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/var/run/php/php8.1-fpm.sock;
}
location /dbadm {
auth_basic "Admin Login";
auth_basic_user_file /etc/nginx/pma_pass;
}
# location ~ \.json {
# add_header Content-Type application/json;
# }
listen 443 ssl http2; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/lojascolmeia.com.br/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/lojascolmeia.com.br/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
#proxy_ssl_server_name on;
location /websocket {
proxy_pass http://127.0.0.1:8443;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_redirect off;
proxy_read_timeout 86400s;
proxy_send_timeout 86400s;
keepalive_timeout 86400s;
# prevents 502 bad gateway error
proxy_ignore_client_abort on;
proxy_buffers 8 32k;
proxy_buffer_size 64k;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
}
}
server {
if ($host = mydomain.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
server_name _ mydomain.com;
listen 80;
return 404; # managed by Certbot
}
sudo nano /etc/nginx/nginx.conf
user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;
events {
worker_connections 768;
# multi_accept on;
}
http {
##
# Basic Settings
##
sendfile on;
tcp_nopush on;
types_hash_max_size 2048;
# server_tokens off;
server_names_hash_bucket_size 64;
# server_name_in_redirect off;
include /etc/nginx/mime.types;
default_type application/octet-stream;
##
# SSL Settings
##
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;
##
# Logging Settings
##
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
##
# Gzip Settings
##
gzip on;
# gzip_vary on;
# gzip_proxied any;
# gzip_comp_level 6;
# gzip_buffers 16 8k;
# gzip_http_version 1.1;
# gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
##
# Virtual Host Configs
##
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
server_tokens off; #https://ubiq.co/tech-blog/hide-nginx-server-version-header/
}
#mail {
# # See sample authentication script at:
# # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
#
# # auth_http localhost/auth.php;
# # pop3_capabilities "TOP" "USER";
# # imap_capabilities "IMAP4rev1" "UIDPLUS";
#
# server {
# listen localhost:110;
# protocol pop3;
# proxy on;
# }
#
# server {
# listen localhost:143;
# protocol imap;
# proxy on;
# }
#}
tcpdump and then loading my webpage from localnetwork
sudo tcpdump -n -i any src or dst 192.XX.XXX.XXX(home-network-ipv4-public-ip-from-another-device-from-local-network-connected-to-my-server-via-ssh)
tcpdump: data link type LINUX_SLL2
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on any, link-type LINUX_SLL2 (Linux cooked v2), snapshot length 262144 bytes
19:35:39.086944 enp2s0 In IP 191.55.235.169.54086 > 192.168.1.107.443: Flags [S], seq 3186999685, win 64240, options [mss 1412,nop,wscale 8,nop,nop,sackOK], length 0
19:35:39.087013 enp2s0 Out IP 192.168.1.107.443 > 191.55.235.169.54086: Flags [S.], seq 2236039596, ack 3186999686, win 64240, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0
19:35:39.091325 enp2s0 In IP 191.55.235.169.54086 > 192.168.1.107.443: Flags [.], ack 1, win 512, length 0
19:35:39.091377 enp2s0 In IP 191.55.235.169.54086 > 192.168.1.107.443: Flags [P.], seq 1:518, ack 1, win 512, length 517
19:35:39.091399 enp2s0 Out IP 192.168.1.107.443 > 191.55.235.169.54086: Flags [.], ack 518, win 501, length 0
19:35:39.092254 enp2s0 Out IP 192.168.1.107.443 > 191.55.235.169.54086: Flags [.], seq 1:1413, ack 518, win 501, length 1412
19:35:39.092256 enp2s0 Out IP 192.168.1.107.443 > 191.55.235.169.54086: Flags [.], seq 1413:2825, ack 518, win 501, length 1412
19:35:39.092257 enp2s0 Out IP 192.168.1.107.443 > 191.55.235.169.54086: Flags [P.], seq 2825:4097, ack 518, win 501, length 1272
19:35:39.093381 enp2s0 In IP 191.55.235.169.54086 > 192.168.1.107.443: Flags [.], ack 2825, win 512, length 0
19:35:39.094964 enp2s0 Out IP 192.168.1.107.443 > 191.55.235.169.54086: Flags [P.], seq 4097:4580, ack 518, win 501, length 483
19:35:39.096049 enp2s0 In IP 191.55.235.169.54086 > 192.168.1.107.443: Flags [.], ack 4580, win 512, length 0
19:35:39.102807 enp2s0 In IP 191.55.235.169.54086 > 192.168.1.107.443: Flags [P.], seq 518:582, ack 4580, win 512, length 64
19:35:39.102834 enp2s0 In IP 191.55.235.169.54086 > 192.168.1.107.443: Flags [P.], seq 582:674, ack 4580, win 512, length 92
19:35:39.102887 enp2s0 Out IP 192.168.1.107.443 > 191.55.235.169.54086: Flags [.], ack 674, win 501, length 0
19:35:39.103058 enp2s0 Out IP 192.168.1.107.443 > 191.55.235.169.54086: Flags [P.], seq 4580:4659, ack 674, win 501, length 79
19:35:39.103137 enp2s0 Out IP 192.168.1.107.443 > 191.55.235.169.54086: Flags [P.], seq 4659:4738, ack 674, win 501, length 79
19:35:39.103205 enp2s0 Out IP 192.168.1.107.443 > 191.55.235.169.54086: Flags [P.], seq 4738:4809, ack 674, win 501, length 71
19:35:39.103301 enp2s0 In IP 191.55.235.169.54086 > 192.168.1.107.443: Flags [P.], seq 674:1365, ack 4580, win 512, length 691
19:35:39.104771 enp2s0 In IP 191.55.235.169.54086 > 192.168.1.107.443: Flags [.], ack 4809, win 512, length 0
19:35:39.104793 enp2s0 In IP 191.55.235.169.54086 > 192.168.1.107.443: Flags [P.], seq 1365:1396, ack 4809, win 512, length 31
19:35:39.104812 enp2s0 Out IP 192.168.1.107.443 > 191.55.235.169.54086: Flags [.], ack 1396, win 501, length 0
19:35:39.115063 enp2s0 Out IP 192.168.1.107.443 > 191.55.235.169.54086: Flags [.], seq 4809:6221, ack 1396, win 501, length 1412
19:35:39.115066 enp2s0 Out IP 192.168.1.107.443 > 191.55.235.169.54086: Flags [.], seq 6221:7633, ack 1396, win 501, length 1412
19:35:39.115068 enp2s0 Out IP 192.168.1.107.443 > 191.55.235.169.54086: Flags [.], seq 7633:9045, ack 1396, win 501, length 1412
19:35:39.115069 enp2s0 Out IP 192.168.1.107.443 > 191.55.235.169.54086: Flags [.], seq 9045:10457, ack 1396, win 501, length 1412
19:35:39.115070 enp2s0 Out IP 192.168.1.107.443 > 191.55.235.169.54086: Flags [P.], seq 10457:11869, ack 1396, win 501, length 1412
19:35:39.115268 enp2s0 Out IP 192.168.1.107.443 > 191.55.235.169.54086: Flags [.], seq 11869:13281, ack 1396, win 501, length 1412
19:35:39.115384 enp2s0 Out IP 192.168.1.107.443 > 191.55.235.169.54086: Flags [.], seq 13281:14693, ack 1396, win 501, length 1412
19:35:39.115511 enp2s0 Out IP 192.168.1.107.443 > 191.55.235.169.54086: Flags [.], seq 14693:16105, ack 1396, win 501, length 1412
19:35:39.115630 enp2s0 Out IP 192.168.1.107.443 > 191.55.235.169.54086: Flags [.], seq 16105:17517, ack 1396, win 501, length 1412
19:35:39.115749 enp2s0 Out IP 192.168.1.107.443 > 191.55.235.169.54086: Flags [P.], seq 17517:18929, ack 1396, win 501, length 1412
19:35:39.116796 enp2s0 In IP 191.55.235.169.54086 > 192.168.1.107.443: Flags [.], ack 7633, win 512, length 0
19:35:39.116831 enp2s0 Out IP 192.168.1.107.443 > 191.55.235.169.54086: Flags [.], seq 18929:20341, ack 1396, win 501, length 1412
19:35:39.116833 enp2s0 Out IP 192.168.1.107.443 > 191.55.235.169.54086: Flags [.], seq 20341:21753, ack 1396, win 501, length 1412
19:35:39.116834 enp2s0 Out IP 192.168.1.107.443 > 191.55.235.169.54086: Flags [P.], seq 21753:22031, ack 1396, win 501, length 278
19:35:39.117833 enp2s0 In IP 191.55.235.169.54086 > 192.168.1.107.443: Flags [.], ack 17517, win 512, length 0
19:35:39.118256 enp2s0 In IP 191.55.235.169.54086 > 192.168.1.107.443: Flags [.], ack 22031, win 512, length 0
19:35:39.391422 enp2s0 In IP 191.55.235.169.54086 > 192.168.1.107.443: Flags [P.], seq 1396:1615, ack 22031, win 512, length 219
19:35:39.391510 enp2s0 In IP 191.55.235.169.54086 > 192.168.1.107.443: Flags [P.], seq 1615:2081, ack 22031, win 512, length 466
19:35:39.391551 enp2s0 Out IP 192.168.1.107.443 > 191.55.235.169.54086: Flags [.], ack 2081, win 501, length 0
19:35:39.391761 enp2s0 Out IP 192.168.1.107.443 > 191.55.235.169.54086: Flags [P.], seq 22031:22066, ack 2081, win 501, length 35
19:35:39.394267 enp2s0 Out IP 192.168.1.107.443 > 191.55.235.169.54086: Flags [P.], seq 22066:22417, ack 2081, win 501, length 351
19:35:39.395852 enp2s0 In IP 191.55.235.169.54086 > 192.168.1.107.443: Flags [.], ack 22417, win 511, length 0
19:35:39.402034 enp2s0 In IP 191.55.235.169.54086 > 192.168.1.107.443: Flags [P.], seq 2081:2207, ack 22417, win 511, length 126
19:35:39.402071 enp2s0 In IP 191.55.235.169.54086 > 192.168.1.107.443: Flags [P.], seq 2207:2537, ack 22417, win 511, length 330
19:35:39.402121 enp2s0 Out IP 192.168.1.107.443 > 191.55.235.169.54086: Flags [.], ack 2537, win 501, length 0
19:35:39.402303 enp2s0 Out IP 192.168.1.107.443 > 191.55.235.169.54086: Flags [P.], seq 22417:22452, ack 2537, win 501, length 35
19:35:39.404553 enp2s0 Out IP 192.168.1.107.443 > 191.55.235.169.54086: Flags [P.], seq 22452:22791, ack 2537, win 501, length 339
^C
49 packets captured
49 packets received by filter
0 packets dropped by kernel
**tcpdump and then loading my webpage from device outside local network (over 3G)
sudo tcpdump -n -i any src or dst XXX.XXX.XXX.XXX(my-phone-ip-over-3G)
tcpdump: data link type LINUX_SLL2
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on any, link-type LINUX_SLL2 (Linux cooked v2), snapshot length 262144 bytes
19:59:56.882577 enp2s0 In IP 200.160.124.42.37474 > 192.168.1.107.80: Flags [SEW], seq 1941385008, win 65535, options [mss 1412,nop,wscale 5,nop,nop,TS val 1626285022 ecr 0,sackOK,eol], length 0
19:59:56.882642 enp2s0 Out IP 192.168.1.107.80 > 200.160.124.42.37474: Flags [S.E], seq 971375185, ack 1941385009, win 65160, options [mss 1460,sackOK,TS val 1104199128 ecr 1626285022,nop,wscale 7], length 0
19:59:56.905511 enp2s0 In IP 200.160.124.42.37474 > 192.168.1.107.80: Flags [.], ack 1, win 4112, options [nop,nop,TS val 1626285045 ecr 1104199128], length 0
19:59:56.935141 enp2s0 In IP 200.160.124.42.37474 > 192.168.1.107.80: Flags [P.], seq 1:403, ack 1, win 4112, options [nop,nop,TS val 1626285076 ecr 1104199128], length 402: HTTP: GET / HTTP/1.1
19:59:56.935175 enp2s0 Out IP 192.168.1.107.80 > 200.160.124.42.37474: Flags [.], ack 403, win 506, options [nop,nop,TS val 1104199180 ecr 1626285076], length 0
19:59:56.935289 enp2s0 Out IP 192.168.1.107.80 > 200.160.124.42.37474: Flags [P.], seq 1:359, ack 403, win 506, options [nop,nop,TS val 1104199180 ecr 1626285076], length 358: HTTP: HTTP/1.1 301 Moved Permanently
19:59:56.966260 enp2s0 In IP 200.160.124.42.37474 > 192.168.1.107.80: Flags [.], ack 359, win 4101, options [nop,nop,TS val 1626285105 ecr 1104199180], length 0
19:59:57.087070 enp2s0 In IP 200.160.124.42.37474 > 192.168.1.107.80: Flags [.], ack 359, win 4101, length 0
19:59:57.087096 enp2s0 Out IP 192.168.1.107.80 > 200.160.124.42.37474: Flags [.], ack 403, win 506, options [nop,nop,TS val 1104199332 ecr 1626285105], length 0
20:00:05.684479 enp2s0 In IP 200.160.124.42.37474 > 192.168.1.107.80: Flags [R], seq 1941385411, win 0, length 0
10 packets captured
10 packets received by filter
0 packets dropped by kernel
MY MODEM(NOKIA G-240W-G) CONFIG FOR PORT FOWARDING
enter image description here
What I have done:
Tryed disabling UFW (Ubuntu firewall) but still not working outside local network.
Called my ISP over 10 times. They always say it must be a local network problem. They swear all ports are opened and free to use it.
I'm thinking to fall back to Cloudflare`s flexible ssl and work all trafic upon port 80 or pay for premium internet access or something...
I uploaded my app to an remote VPS exactly the way it was setted on my local network and everything just worked fine. So the problem was my ISP blocking the ports...
TFTP timeout while bootstraping nodes (Mirantis Openstack)
I have a strange issue with TFTP server. While I'm trying to boot my bare-metal Dell R710 to provision new roles to Mirantis Openstack I'm getting: CLIENT MAC ADDR: .... CLIENT IP: ... GATEWAY IP: ... PXE-E32: TFTP open timeout But the most strange thing that server will boot successfully after some time (in a few hours). We are using integrated NICs - Broadcom NetXtream II cards Please find below tcpdump from tftp/dhcp server (fuel master): [root#fuel2 ~]# sudo tcpdump ether host d0:67:xx:xx:xx:xx tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes 12:08:54.881515 IP 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from d0:67:xx:xx:xx:xx (oui Unknown), length 548 12:08:59.028611 IP 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from d0:67:xx:xx:xx:xx (oui Unknown), length 548 12:08:59.083520 ARP, Request who-has fuel2.labs.mydomain.org tell 172.25.190.7, length 46 12:08:59.083558 ARP, Reply fuel2.labs.mydomain.org is-at 00:50:56:a8:38:e1 (oui Unknown), length 28 12:08:59.083751 IP 172.25.190.7.bootpc > SI1-SCCM-LV.mydomain.org.pxe: BOOTP/DHCP, Request from d0:67:xx:xx:xx:xx (oui Unknown), length 548 12:08:59.111846 IP 172.25.190.7.ah-esp-encap > SI1-SCCM-LV.mydomain.org.tftp: 36 RRQ "boot\x86\wdsnbp.com" octet tsize 0 12:09:01.115771 IP 172.25.190.7.acp-port > SI1-SCCM-LV.mydomain.org.tftp: 36 RRQ "boot\x86\wdsnbp.com" octet tsize 0 12:09:05.125596 IP 172.25.190.7.msync > SI1-SCCM-LV.mydomain.org.tftp: 36 RRQ "boot\x86\wdsnbp.com" octet tsize 0 12:09:11.112825 IP 172.25.190.7.gxs-data-port > SI1-SCCM-LV.mydomain.org.tftp: 36 RRQ "boot\x86\wdsnbp.com" octet tsize 0 12:09:19.077381 IP 172.25.190.7.vrtl-vmf-sa > SI1-SCCM-LV.mydomain.org.tftp: 36 RRQ "boot\x86\wdsnbp.com" octet tsize 0 12:09:29.022504 IP 172.25.190.7.newlixengine > SI1-SCCM-LV.mydomain.org.tftp: 41 RRQ "boot\x86\wdsnbp.com" octet blksize 1456 12:10:05.052292 IP 172.25.190.7.newlixconfig > SI1-SCCM-LV.mydomain.org.tftp: 41 RRQ "boot\x86\wdsnbp.com" octet blksize 1456 12:11:17.063229 IP 172.25.190.7.tsrmagt > SI1-SCCM-LV.mydomain.org.tftp: 41 RRQ "boot\x86\wdsnbp.com" octet blksize 1456 12:13:05.052148 IP 172.25.190.7.tpcsrvr > SI1-SCCM-LV.mydomain.org.tftp: 41 RRQ "boot\x86\wdsnbp.com" octet blksize 1456 12:15:29.018871 IP 172.25.190.7.idware-router > SI1-SCCM-LV.mydomain.org.tftp: 41 RRQ "boot\x86\wdsnbp.com" octet blksize 1456
Issue was solved. Looks like we have a wds service in our network that is listening this subnet as well.
Puzzled about the `telnet localhost` and `telnet 0.0.0.0`
I wrote a simple GO program which listens to 0.0.0.0:9999 and 127.0.0.1:9999:
func main() {
go bind("0.0.0.0:9999", "111 ")
go func() {
time.Sleep(2 * time.Second)
bind("127.0.0.1:9999", "222 ")
}()
time.Sleep(time.Hour)
}
func bind(address string, content string) {
fmt.Println("-------------", address, "-----------------")
listener, err := net.Listen("tcp", address)
if err != nil {
panic(err)
return
}
fmt.Println(listener.Addr().String())
conn, _ := listener.Accept()
for {
_, err := conn.Write([]byte(content))
if err != nil {
panic(err)
}
time.Sleep(1 * time.Second)
}
}
The meaning of the code:
It binds two addresses, and gives different responses to the clients of them
binding "0.0.0.0:9999": will send "111 " repeat to client
binding "127.0.0.1:9999": will send "222 " repeat to client
And then I use telnet to try different addresses, and the responses are:
telnet 127.0.0.1 9999: 222 (OK)
telnet localhost 9999: 111 (WHY?!)
telnet 0.0.0.0 9999: 222 (WHY?!)
telnet <my-internal-ip> 9999: 111 (OK)
I'm quite confused about some of them:
telnet localhost 9999: 111 (WHY?!)
localhost should point to 127.0.0.1, so I think it's same to telnet 127.0.0.1 9999 and the response should be 222, but the actual one is 111
telnet 0.0.0.0 9999: 222 (WHY?!)
I think 0.0.0.0 is not same to 127.0.0.1, I expect to get response of 111, but get 222
I also have a demo project: https://github.com/golang-demos/go-bind-0.0.0.0-127.0.0.1-demo
Update: My os is OSX
Both localhost and 0.0.0.0 are resolved to 127.0.0.1 by the OS $ ping 0.0.0.0 PING 0.0.0.0 (127.0.0.1) 56(84) bytes of data. 64 bytes from 127.0.0.1: icmp_seq=1 ttl=64 time=0.024 ms $ping localhost PING localhost (127.0.0.1) 56(84) bytes of data. 64 bytes from localhost (127.0.0.1): icmp_seq=1 ttl=64 time=0.035 ms` localhost could resolve to something else depending on /etc/hosts file. An excellent explanation for Linux ping 0.0.0.0 behavior is here.
ip addressing for Nth computers
the question is, calculate these information: "ip subnet zero, first ip, last ip, broadcast, ip subnet mask" for a Class B IP (172.16.0.0/16) for X number of PCs, for example, for 27811 computers...
Address: 172.16.0.0 10101100.00010000 .00000000.00000000 Netmask: 255.255.0.0 = 16 11111111.11111111 .00000000.00000000 Wildcard: 0.0.255.255 00000000.00000000 .11111111.11111111 => Network: 172.16.0.0/16 10101100.00010000 .00000000.00000000 (Class B) Broadcast: 172.16.255.255 10101100.00010000 .11111111.11111111 HostMin: 172.16.0.1 10101100.00010000 .00000000.00000001 HostMax: 172.16.108.163 10101100.00010000 .11111111.11111110 Hosts/Net: 27811 (Private Internet) For a Class B IP address the first 16 digits should be static(they will never change). The remaining 16 digits keep changing... So for ur problem.. the IP addresses go like this... 172.16.0.1 ..... 172.16.0.255 172.16.1.0 ..... 172.16.1.255 . . . 172.16.107.0 ..... 172.16.107.255 172.16.108.0 ..... 172.16.108.163 ---> This will count to 27811 hosts