Ever wonder where these came from? How these got generated?
Ever wanted to copy an interface file, and wonder about what happens if you use the same UUID, or - perhaps worse - what happens if you blow it away, or just change it willy nilly?
Well, I came across this and tested it on VirtualBox - because VirtualBox did not generate files or UUIDs for new NAT interfaces I created. I generated new UUIDs, and nothing complained or barked at all. Yay.
I'm sure I will remember this, but I'll post it just in case.
NOTE: The uuidgen utility seemed to be on the box. I did not need to install anything. I don't know what package this utility is a part of, and have not researched. It just seemed to work - for me at least.
http://www.itechlounge.net/2014/03/linux-how-to-generate-uuid-for-network-interface-on-rhelcentos/
Tuesday, November 8, 2016
Source NAT on Linux
Had a request come in to try and do a source-based NAT.
The reason for this is that the customer had a ISP router that they presumably could not log in and configure to do NAT with. Behind this router, was a Switch - apparently an L3 Switch that had some intelligence, but apparently it could not do NAT. It could have actually been related to change control, also.
I found this website here, which discussed how to do SNAT.
http://www.netfilter.org/documentation/HOWTO/NAT-HOWTO-6.html
Since websites tend to die an move, I will clip the excerpt of text I was interested in:
----------------------------------------------------------------------------------------------------------
You want to do Source NAT; change the source address of connections to something different. This is done in the POSTROUTING chain, just before it is finally sent out; this is an important detail, since it means that anything else on the Linux box itself (routing, packet filtering) will see the packet unchanged. It also means that the `-o' (outgoing interface) option can be used.
Source NAT is specified using `-j SNAT', and the `--to-source' option specifies an IP address, a range of IP addresses, and an optional port or range of ports (for UDP and TCP protocols only).
You don't need to put in the source address explicitly with masquerading: it will use the source address of the interface the packet is going out from. But more importantly, if the link goes down, the connections (which are now lost anyway) are forgotten, meaning fewer glitches when connection comes back up with a new IP address.
Since I used FirewallD, I had to put the NAT rule into the direct.xml rule of FirewallD (I considered trying to put it in a zone-based rule, but decided to use direct.xml).
In testing this, I found some very interesting things. I did not have an IP to NAT "to", since I don't run the networks here, and everything is set up for DHCP. But - I did have two NICs on two separate networks, so I decided to SNAT the IPs of NIC A (10.1.x.y) to NIC B (172.31.x.y).
I used tcpdump to examine packets that typically came out of NIC A as 10.1.x.y, to see if they would come out as 172.31.x.y: tcpdump -A -n -i NICA grep "172.31.x.y"
This seemed to work as long as I had ONE rule for ONE Nic. But if I tried to use TWO rules for the TWO Nics, nothing seemed to NAT at all.
The reason for this is that the customer had a ISP router that they presumably could not log in and configure to do NAT with. Behind this router, was a Switch - apparently an L3 Switch that had some intelligence, but apparently it could not do NAT. It could have actually been related to change control, also.
I found this website here, which discussed how to do SNAT.
http://www.netfilter.org/documentation/HOWTO/NAT-HOWTO-6.html
Since websites tend to die an move, I will clip the excerpt of text I was interested in:
----------------------------------------------------------------------------------------------------------
You want to do Source NAT; change the source address of connections to something different. This is done in the POSTROUTING chain, just before it is finally sent out; this is an important detail, since it means that anything else on the Linux box itself (routing, packet filtering) will see the packet unchanged. It also means that the `-o' (outgoing interface) option can be used.
Source NAT is specified using `-j SNAT', and the `--to-source' option specifies an IP address, a range of IP addresses, and an optional port or range of ports (for UDP and TCP protocols only).
## Change source addresses to 1.2.3.4.
# iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to 1.2.3.4
## Change source addresses to 1.2.3.4, 1.2.3.5 or 1.2.3.6
# iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to 1.2.3.4-1.2.3.6
## Change source addresses to 1.2.3.4, ports 1-1023
# iptables -t nat -A POSTROUTING -p tcp -o eth0 -j SNAT --to 1.2.3.4:1-1023
Masquerading
There is a specialized case of Source NAT called masquerading: it should only be used for dynamically-assigned IP addresses, such as standard dialups (for static IP addresses, use SNAT above).You don't need to put in the source address explicitly with masquerading: it will use the source address of the interface the packet is going out from. But more importantly, if the link goes down, the connections (which are now lost anyway) are forgotten, meaning fewer glitches when connection comes back up with a new IP address.
## Masquerade everything out ppp0.
# iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
----------------------------------------------------------------------------------------------------------Since I used FirewallD, I had to put the NAT rule into the direct.xml rule of FirewallD (I considered trying to put it in a zone-based rule, but decided to use direct.xml).
In testing this, I found some very interesting things. I did not have an IP to NAT "to", since I don't run the networks here, and everything is set up for DHCP. But - I did have two NICs on two separate networks, so I decided to SNAT the IPs of NIC A (10.1.x.y) to NIC B (172.31.x.y).
I used tcpdump to examine packets that typically came out of NIC A as 10.1.x.y, to see if they would come out as 172.31.x.y: tcpdump -A -n -i NICA grep "172.31.x.y"
This seemed to work as long as I had ONE rule for ONE Nic. But if I tried to use TWO rules for the TWO Nics, nothing seemed to NAT at all.
Friday, October 21, 2016
VLC Streaming
Cool article on how to stream video using VLC.
http://www.howtogeek.com/118075/how-to-stream-videos-and-music-over-the-network-using-vlc/
http://www.howtogeek.com/118075/how-to-stream-videos-and-music-over-the-network-using-vlc/
Wednesday, October 19, 2016
Resetting Network Interface Statistics
Resetting the statistics on ifconfig (interfaces).
I have wanted to do that numerous times.
Here is how (which involves unloading and reloading the kernel module).
This won't work if the kernel is monolothic (compiled without modules).
http://www.ducea.com/2006/09/08/resetting-ifconfig-counters/
I have wanted to do that numerous times.
Here is how (which involves unloading and reloading the kernel module).
This won't work if the kernel is monolothic (compiled without modules).
http://www.ducea.com/2006/09/08/resetting-ifconfig-counters/
Tuesday, September 27, 2016
LSB Init Standard
This is a good-to-know for anyone working with Linux.
There's a standard to try and normalize / rationalize the init scripts across Linux distributions.
Here's a little blog on that topic:
http://www.thegeekstuff.com/2012/03/lsbinit-script/
Tuesday, September 6, 2016
More Fun with VirtualBox
Created a VirtualBox without enough disk space (compiling Boost / ASIO - another topic for another day).
Had to resize the drive.
Used this resource here, which worked like a champ.
http://www.howtogeek.com/124622/how-to-enlarge-a-virtual-machines-disk-in-virtualbox-or-vmware/
I did create a Primary partition at the end of the disk, and made it a Swap Partition (with Label Swap and formatted as linux-swap).
Installing VirtualBox GuestAdditions
Good blog on how to do this.
https://naveensnayak.wordpress.com/2016/01/19/installing-virtualbox-guest-addition-on-centos-7-server-no-gui/
I did not realize that GuestAdditions plugs into the kernels with a bunch of kernel modules, which requires you to have the kernel-devel packages in order to build those modules.
https://naveensnayak.wordpress.com/2016/01/19/installing-virtualbox-guest-addition-on-centos-7-server-no-gui/
I did not realize that GuestAdditions plugs into the kernels with a bunch of kernel modules, which requires you to have the kernel-devel packages in order to build those modules.
Subscribe to:
Posts (Atom)
SLAs using Zabbix in a VMware Environment
Zabbix 7 introduced some better support for SLAs. It also had better support for VMware. VMware, of course now owned by BroadSoft, has prio...
