I want to forward 9876 of 192.168.9.111 to 192.168.9.112:3333, configured as follows:
# firewall-cmd --list-all
public (active)
target: default
icmp-block-inversion: no
interfaces: eth0
sources:
services: dhcpv6-client ssh
ports: 9876/tcp
protocols:
masquerade: yes
forward-ports: port=9876:proto=tcp:toport=3333:toaddr=192.168.9.112
source-ports:
icmp-blocks:
rich rules:
# sysctl -a |grep forward |grep 4
net.ipv4.conf.all.forwarding = 1
net.ipv4.conf.all.mc_forwarding = 0
net.ipv4.conf.default.forwarding = 1
net.ipv4.conf.default.mc_forwarding = 0
net.ipv4.conf.docker0.forwarding = 1
net.ipv4.conf.docker0.mc_forwarding = 0
net.ipv4.conf.eth0.forwarding = 1
net.ipv4.conf.eth0.mc_forwarding = 0
net.ipv4.conf.lo.forwarding = 1
net.ipv4.conf.lo.mc_forwarding = 0
net.ipv4.ip_forward = 1
net.ipv4.ip_forward_use_pmtu = 0
# the destination is listening:
# telnet 192.168.9.112 3333
Trying 192.168.9.112...
Connected to 192.168.9.112.
Escape character is '^]'.
# but the forward does not work
# telnet 192.168.9.111 9876
Trying 192.168.9.111...
telnet: connect to address 192.168.9.111: Connection refused
Any idea?
net.ipv4.ip_forward=1 already set 1
and he is not trying to ping, he is connecting via telnet
Turns out your also need to edit /etc/sysctl.conf to include:
net.ipv4.icmp_echo_ignore_broadcasts = 1
net.ipv4.ip_forward=1
Related
I'm trying to set PMTU for windows server 2019(B) on ubuntu 20.0.4(A). In order to
check whether the set succeeds, I need to make the size of packet sent from B to A bigger
than the set PMTU(1300) but less than default PMTU(1500). I know that something like
'verify ping' will make the size of outbound packet same as inbound packet. So I can
send a packet with size 1400 with DF set and check whether the response is
fragmented to make sure the setting is successful. However, I
don't know the official name of it and how to create it with scapy.
OK, I figured that out. PING is enough for that. However, I can't set the MTU for windows server 2019 by scapy. This is the code I used in Ubuntu
import scapy.all as scapy
sip = '192.168.100.4'
dip = '192.168.100.5'
ip = scapy.IP()
icmp = scapy.ICMP()
ip.dst = dip
ip.src = sip
ip.protocol = 1 # ICMP
icmp.type = 3 # Destination Unreachable
# set ICMP code Fragmentation needed but DF set 4
icmp.code = 4 # Fragmentation needed
mtu = 1300
icmp.unused = mtu
# Construct the Inner IP embedded into the ICMP error message to simulate
# the packet which caused the ICMP error
ip_orig = scapy.IP()
# ip_orig.src = '10.10.10.2'
# ip_orig.dst = '10.10.10.1'
ip_orig.src = '192.168.100.5'
ip_orig.dst = '192.168.100.4'
udp_orig = scapy.UDP()
udp_orig.sport = 50000
udp_orig.dport = 50000
udp_orig1 = scapy.UDP()
udp_orig1.sport = 53
udp_orig1.dport = 631
# Send the packet
udp_orig.dport = 631
udp_orig.sport = 88
# scapy.send(ip/udp_orig)
scapy.send (ip/icmp/ip_orig/udp_orig1)
After run it, the PING sent back is still with length 1514.
I installed Mariadb 10.5.12-1.el7 on Centos 7.9
Sometimes when I run some query like "SHOW VARIABLES LIKE 'max_join_size';" , this message appear :
ERROR 2006 (HY000): MySQL server has gone away
No connection. Trying to reconnect...
Connection id: 3515012
Current database: *** NONE ***
I setup a cluster Packemaker/drbd/mariadb
And these are the conf:
max_allow_packet = 1G
bind-address = 0.0.0.0
datadir= /db/mysql/
socket=/db/mysql/mysql.sock
log_error=/var/log/mariadb/error.log
skip-external-locking
innodb_buffer_pool_size = 75G
innodb_log_file_size = 18G
innodb_buffer_pool_instances = 75
max_allowed_packet = 1G
thread_stack = 256K
thread_cache_size = 2000
max_connections = 2000
query_cache_limit = 256K
table_open_cache = 2000
table_definition_cache = 1400
expire_logs_days = 10
max_binlog_size = 100M
default_storage_engine = innodb
innodb_file_per_table = 1
interactive_timeout = 30
wait_timeout = 30
query_cache_type = 1
query_cache_size = 36M
query_cache_min_res_unit = 2K
What is the cause of this issue ?
Thanks
My goal is to develop a script that can send IP packets to any host to any other host in a different subnet. Right now everything is seemingly working, except my IP packet is malformed so scapy cannot send it.
def sendIPMessage(interfaceName, dst_ip, routerIP, message):
s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
s.bind(("", port))
src_addr = get_mac_address(interface=interfaceName)
my_ip = get_ip_address(interfaceName)
netmask = ipaddress.ip_address(dst_ip) in ipaddress.ip_network(my_ip)
if netmask is True: # if dst is in the same network
arp_MAC = sendArpMesage(interfaceName, dst_ip)
else:
arp_MAC = sendArpMesage(interfaceName, routerIP)
ether = Ether(src=str(src_addr), dst=str(arp_MAC))
print(ether.show())
size = len(message) + 14
ip = IP(src=my_ip, dst=dst_ip, proto=17, ihl=5, len=size, ttl=5, chksum=0)
#print(ip.show())
payload = Raw(message)
packet = ether / ip / msg
del packet[IP].chksum
packet = packet.__class__(bytes(packet)) # same as packet.show2()
print(packet.show())
success = send(packet)
if success is not None:
print(success.show)
else:
print("success is None")
Here is the show() information
Begin emission:
*Finished sending 1 packets.
Received 1 packets, got 1 answers, remaining 0 packets
###[ Ethernet ]###
dst = 4e:98:22:86:f6:75
src = 00:00:00:00:00:11
type = LOOP
None
###[ Ethernet ]###
dst = 4e:98:22:86:f6:75
src = 00:00:00:00:00:11
type = IPv4
###[ IP ]###
version = 4
ihl = 5
tos = 0x0
len = 28
id = 1
flags =
frag = 0
ttl = 5
proto = udp
chksum = 0xe9c2
src = 192.168.1.101
dst = 10.0.0.1
\options \
###[ UDP ]###
sport = 21608
dport = 26995
len = 8297
chksum = 0x7320
###[ Padding ]###
load = 'a test'
None
.
Sent 1 packets.
success is None
And this is what wireshark currently looks like
I am not sure if the problem is because the checksum values do not align, but any help creating this packet would be appreciated
i am running 4 carbon cache instance behind 1 carbon relay instance. Below is my carbon.conf.
[cache:1]
LINE_RECEIVER_PORT = 2103
PICKLE_RECEIVER_PORT = 2104
CACHE_QUERY_PORT = 7102
STORAGE_DIR = /graphite_data/01
LOCAL_DATA_DIR = /graphite_data/01
[cache:2]
LINE_RECEIVER_PORT = 2203
PICKLE_RECEIVER_PORT = 2204
CACHE_QUERY_PORT = 7202
STORAGE_DIR = /graphite_data/02
LOCAL_DATA_DIR = /graphite_data/02
[cache:3]
LINE_RECEIVER_PORT = 2303
PICKLE_RECEIVER_PORT = 2304
CACHE_QUERY_PORT = 7302
STORAGE_DIR = /graphite_data/03
LOCAL_DATA_DIR = /graphite_data/03
[cache:4]
LINE_RECEIVER_PORT = 2403
PICKLE_RECEIVER_PORT = 2404
CACHE_QUERY_PORT = 7402
STORAGE_DIR = /graphite_data/04
LOCAL_DATA_DIR = /graphite_data/04
I have configured my carbon relay with below configutaion
LINE_RECEIVER_INTERFACE = 0.0.0.0
LINE_RECEIVER_PORT = 2003
PICKLE_RECEIVER_INTERFACE = 0.0.0.0
PICKLE_RECEIVER_PORT = 2004
RELAY_METHOD = consistent-hashing
.
REPLICATION_FACTOR = 1
DESTINATIONS=127.0.0.1:2104:1,127.0.0.1:2204:2,127.0.0.1:2304:3,127.0.0.1:2404:4
I have configured my graphite webapp with the below configuration to get the data from all carbon cache process
STANDARD_DIRS = ['/graphite_data/01',
'/graphite_data/02',
'/graphite_data/03',
'/graphite_data/04']
# You *should* use 127.0.0.1 here in most cases
CARBONLINK_HOSTS = ["127.0.0.1:7102:1", "127.0.0.1:7202:2", "127.0.0.1:7302:3","127.0.0.1:7402:4"]
After configuration , i started pushing data with example-client.py to my carbon relay process. I could see that relay is pushing data to carbon-cache process.
**[root#poc-graphite graphite]# ls /graphite_data/02/system/loadavg_5min.wsp
/graphite_data/02/system/loadavg_5min.wsp
[root#poc-graphite graphite]# ls /graphite_data/03/system/loadavg_1min.wsp
/graphite_data/03/system/loadavg_1min.wsp
[root#poc-graphite graphite]# ls /graphite_data/04/system/loadavg_15min.wsp
/graphite_data/04/system/loadavg_15min.wsp**
But I am not able to see this metrics in my webapp. is there something wrong with configuration.
You should check the path of the twisted plugin with blow commands:
$python
Python 2.7.6 (default, Mar 22 2014, 22:59:56)
[GCC 4.8.2] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> import sys
>>> sys.path
['', '/usr/lib/python2.7', '/usr/lib/python2.7/plat-x86_64-linux-gnu', '/usr/lib/python2.7/lib-tk', '/usr/lib/python2.7/lib-old', '/usr/lib/python2.7/lib-dynload', '/usr/local/lib/python2.7/dist-packages', '/usr/lib/python2.7/dist-packages']
If in the results exist the path "/usr/local/lib/python2.7/dist-packages", just remove it:
sudo rm -rf /usr/local/lib/python2.7/dist-packages/twiste*
and then
sudo service carbon-cache stop ## wait a few seconds here
sudo service carbon-cache start
I set up RTCPeerConnection but it only works locally (between 2 laptops on my wireless connection). For other connections I see a black stream. I suspect it is due to the ICE candidates not being properly gathered, they only contain local IPs:
RTCIceCandidate {sdpMLineIndex: 0, sdpMid: "", candidate: "a=candidate:2999745851 1 udp 2113937151 192.168.56.1 51411 typ host generation 0
↵"} app.js:14530
RTCIceCandidate {sdpMLineIndex: 0, sdpMid: "", candidate: "a=candidate:3366620645 1 udp 2113937151 192.168.0.17 44628 typ host generation 0
↵"} app.js:14530
RTCIceCandidate {sdpMLineIndex: 1, sdpMid: "", candidate: "a=candidate:2999745851 1 udp 2113937151 192.168.56.1 51411 typ host generation 0
↵"} app.js:14530
RTCIceCandidate {sdpMLineIndex: 1, sdpMid: "", candidate: "a=candidate:3366620645 1 udp 2113937151 192.168.0.17 44628 typ host generation 0
↵"}
RTCIceCandidate {sdpMLineIndex: 0, sdpMid: "", candidate: "a=candidate:4233069003 1 tcp 1509957375 192.168.56.1 0 typ host generation 0
↵"} app.js:14507
RTCIceCandidate {sdpMLineIndex: 0, sdpMid: "", candidate: "a=candidate:2250862869 1 tcp 1509957375 192.168.0.17 0 typ host generation 0
↵"} app.js:14507
RTCIceCandidate {sdpMLineIndex: 1, sdpMid: "", candidate: "a=candidate:4233069003 1 tcp 1509957375 192.168.56.1 0 typ host generation 0
↵"} app.js:14507
RTCIceCandidate {sdpMLineIndex: 1, sdpMid: "", candidate: "a=candidate:2250862869 1 tcp 1509957375 192.168.0.17 0 typ host generation 0
↵"}
Here is the iceServers config:
this.configuration = {
'iceServers': [
{
'url': 'stun:stun.l.google.com:19302'
}
]
};
However on another deployment machine this configuration actually works for remote peers and I receive candidates with a public IP.
EDIT
Actually running tests with yet another peer outputs the following:
handling offer from radu1
caching candidate from radu1 (x 15 - saving them locally because the remote description is not received/set yet and it will throw errors like: Illegal string...)
Set remote description from radu1
Object {sdp: "v=0
↵o=- 7594479116751954142 2 IN IP4 127.0.0.1
↵s…06 label:iuzaFLXbo6HCbnWGdobaYN2gSPQmAFKZQaP1v0
↵", type: "offer"}
sdp: "v=0
↵o=- 7594479116751954142 2 IN IP4 127.0.0.1
↵s=-
↵t=0 0
↵a=group:BUNDLE audio video
↵a=msid-semantic: WMS iuzaFLXbo6HCbnWGdobaYN2gSPQmAFKZQaP1
↵m=audio 1 RTP/SAVPF 111 103 104 0 8 106 105 13 126
↵c=IN IP4 0.0.0.0
↵a=rtcp:1 IN IP4 0.0.0.0
↵a=ice-ufrag:nFjsr4JB2b6hTc4K
↵a=ice-pwd:z3BUY0Mlga5JywRNw9lLGqeF
↵a=ice-options:google-ice
↵a=fingerprint:sha-256 64:76:B6:98:ED:FA:6D:D5:E2:40:B6:FE:98:00:29:F7:28:93:C5:6A:CF:2F:59:D2:B7:82:14:BF:38:FD:3B:83
↵a=setup:actpass
↵a=mid:audio
↵a=extmap:1 urn:ietf:params:rtp-hdrext:ssrc-audio-level
↵a=sendrecv
↵a=rtcp-mux
↵a=crypto:1 AES_CM_128_HMAC_SHA1_80 inline:xGSOTjjxbfNVNAxoRxY6UFHTJY86bFnGqK1p23Tm
↵a=rtpmap:111 opus/48000/2
↵a=fmtp:111 minptime=10
↵a=rtpmap:103 ISAC/16000
↵a=rtpmap:104 ISAC/32000
↵a=rtpmap:0 PCMU/8000
↵a=rtpmap:8 PCMA/8000
↵a=rtpmap:106 CN/32000
↵a=rtpmap:105 CN/16000
↵a=rtpmap:13 CN/8000
↵a=rtpmap:126 telephone-event/8000
↵a=maxptime:60
↵a=ssrc:4260698723 cname:8jJISPnQEaP+YvYy
↵a=ssrc:4260698723 msid:iuzaFLXbo6HCbnWGdobaYN2gSPQmAFKZQaP1 iuzaFLXbo6HCbnWGdobaYN2gSPQmAFKZQaP1a0
↵a=ssrc:4260698723 mslabel:iuzaFLXbo6HCbnWGdobaYN2gSPQmAFKZQaP1
↵a=ssrc:4260698723 label:iuzaFLXbo6HCbnWGdobaYN2gSPQmAFKZQaP1a0
↵m=video 1 RTP/SAVPF 100 116 117
↵c=IN IP4 0.0.0.0
↵a=rtcp:1 IN IP4 0.0.0.0
↵a=ice-ufrag:nFjsr4JB2b6hTc4K
↵a=ice-pwd:z3BUY0Mlga5JywRNw9lLGqeF
↵a=ice-options:google-ice
↵a=fingerprint:sha-256 64:76:B6:98:ED:FA:6D:D5:E2:40:B6:FE:98:00:29:F7:28:93:C5:6A:CF:2F:59:D2:B7:82:14:BF:38:FD:3B:83
↵a=setup:actpass
↵a=mid:video
↵a=extmap:2 urn:ietf:params:rtp-hdrext:toffset
↵a=extmap:3 http://www.webrtc.org/experiments/rtp-hdrext/abs-send-time
↵a=sendrecv
↵a=rtcp-mux
↵a=crypto:1 AES_CM_128_HMAC_SHA1_80 inline:xGSOTjjxbfNVNAxoRxY6UFHTJY86bFnGqK1p23Tm
↵a=rtpmap:100 VP8/90000
↵a=rtcp-fb:100 ccm fir
↵a=rtcp-fb:100 nack
↵a=rtcp-fb:100 goog-remb
↵a=rtpmap:116 red/90000
↵a=rtpmap:117 ulpfec/90000
↵a=ssrc:1805691906 cname:8jJISPnQEaP+YvYy
↵a=ssrc:1805691906 msid:iuzaFLXbo6HCbnWGdobaYN2gSPQmAFKZQaP1 iuzaFLXbo6HCbnWGdobaYN2gSPQmAFKZQaP1v0
↵a=ssrc:1805691906 mslabel:iuzaFLXbo6HCbnWGdobaYN2gSPQmAFKZQaP1
↵a=ssrc:1805691906 label:iuzaFLXbo6HCbnWGdobaYN2gSPQmAFKZQaP1v0
↵"
type: "offer"
RTC: adding stream from radu1
Sending answer to radu1
Set candidate from cache for radu1 (x 15)
RTCIceCandidate {sdpMLineIndex: 0, sdpMid: "", candidate: "a=candidate:826241329 1 udp 2113937151 169.254.159.173 52996 typ host generation 0
↵"}
...
The above results in an peerconnection.iceConnectionState = 'checking'. Is the order of events right for a callee?
Receive offer
Receive ice candidates from another peer but not saving them because setRemoteDescription callback was not fired
Remote description successfully set.
Remote stream is received
Send answer
Add cached candidates
Note that this actual setup works between 2 laptops in my LAN. I can view remote streams. It just doesn't work for different networks, black screen and iceConnectionState = 'checking'
What does that mean?
How can I solve/debug this problem?
Do I need to setup any other STUN/TURN servers?
Solved by properly setting up a STUN/TURN server. Seems that some peers need a TURN server to relay traffic because STUN fails.