I have an IP address showing up in /var/log/maillog trying to connect to SMTPD. The attempt to connect always fails, but I want to send him to spamd instead so I ran the command:
pfctl -t spamd -T add 123.456.78.90
pfctl -t spamd -T show shows that the IP address is there.
I reloaded pf, but the IP still shows up in maillog and not the spamd log.
Am I missing a step?
Related
I've got a very strange problem.
There's a cron job on the server to run a script daily:
wget -O /dev/null --timeout=300 --tries=1 "http://website.com/script"
It was all working well since about two weeks ago, I started receiving errors:
--2016-07-13 09:45:01-- http://website.com/script
Resolving website.com (website.com)... 11.22.33.44
Connecting to website.com (website.com)|11.22.33.44|:80... failed: Connection timed out.
Giving up.
These are some information for this question:
The cron job is on the same server of http://website.com hosted.
I can access the script (http://website.com/script) correctly from browser on my desktop.
The server is CentOS 7, with WHM and cPanel installed.
Anyone know what could be the issue? or how do I suppose to identify the issue?
Thanks
If the issue still is unresolved..
You could try running wget in debug mode to see if you get some more info.
wget -dv -O /dev/null --timeout=300 --tries=1 "http://website.com/script"
Also, confirm if the resolved IP "11.22.33.44" belongs to one of the servers NIC's.
ip a s (ip address show) or
ifconfig -a
If the IP is not listed, It could be that the ip "11.22.33.44" is a public facing address of the company's firewall. And that the FW is directing requests on port 80 from the outside/internet (where you're browser is) to that specific server. And the Firewall/Nat/Proxy, could be configured to not allow requests coming from inside the network, reaching the external IP of the firewall and getting back in.
If this is the case, you could try changing you're wget using the internal ip address, something like: (still using -dv for debugging, remove after)
wget -dv -O /dev/null --timeout=300 --tries=1 --header="Host: website.com" http://127.0.0.1/script
Note1: the --header="Host: website.com" will tell you're webserver what site you wanna reach
Note2: maybe you'll have to change the IP: 127.0.0.1 (localhost address) to one of the server's NIC addresses.
If the website is up try a different command.
*/10 * * * * /usr/bin/wget -q -O temp.txt http://website.com/script
Try adding -H
wget -H -O /dev/null --timeout=300 --tries=1 "http://website.com/script"
I have tried nmap, nbtscan, fping, arp-scan for the overstated need and all are producing expected output.
But I am facing some trouble with the arp command its not working and showing something like this:
? (10.240.253.2) at 80:a1:d7:7c:22:94 [ether] on eth0
<something>.local (10.240.253.53) at 9c:2a:70:d8:50:ed [ether] on eth0
I have tried arp -a and arp -a -n both. Also I tried running ping -b <broadcast ip address> before these command but ping -b does not execute at all means it does nothing.
On other systems in my network it is running fine. But it seems there is some setting problem with my computer that I am not aware of.
arp is not a scanner. It queries your system's ARP cache.
Therefore, it will only show IP and MAC addresses of hosts which have sent ARP queries or answers recently seen by your system.
As you mention, nmap, for example, is much more suited to what you're trying to do than arp.
Below is the output of the netstat command with -n & -r options in which the destination field shows compacted address (127.1/16). I wanted to know that is there any way or options available to netstat command to display entire Destination IP (127.1.0.0/16) rather than (127.1/16) ?
#netstat -r -n
Destination Gateway Flags Refs Use Mtu Interface
127.0.0.1 127.0.0.1 UH 110 296172 33212 lo0
127.1/16 link#7 UC 2 0 - vlan10
But the command is not showing 127.1.0.0/8, it's showing 127.1/16, which means the whole 127.1.x.x range.
Read up on netmasks: http://en.wikipedia.org/wiki/Subnetwork#IPv4_subnetting
And experiment with them here, to get a better understanding: http://jodies.de/ipcalc
You may want to consider alternatives to just using netstat. "netstat -r" gives the same output as "route". You could also try "ip route show", or "ip route show dev " if you want to see routes going via a particular device/interface. Your may also be interested the output returned by "routel".
I am trying to run beanstalkd
if i use 127.0.0.1 with port no 11300 it works or for the matter any other port
beanstalkd -d -l 127.0.0.1 -p 11300
But if use external IP it doesn't work.
beanstalkd -d -l 107.0.1.5 -p 11300
Should i enable the port or something . If i should how does it work in the first case and not the second
The IP address you pass to beanstalkd is the address that it binds to - if given, it will only accept connections to that address on the machine it runs on. So the address 107.0.1.5 must be on one of the network interfaces on the machine you run it on.
If you want you can simply omit the -l <address> option to get beanstalkd to listen on all of the addresses on the host.
I am using snmp to query and set some OIDs in IPv6 mode. I use the below snmp command. I have checked and configured it to listen to udp6:161.
snmpget -cpublic -v2c udp6:[2001:db8:3c4d::41a9:8e4e:a094:3840] .1.3.6.1.4.1.1429.5.1.1.2.5.6.0
It gives the result as
Timeout: No Response from udp6:[2001:db8:3c4d::41a9:8e4e:a094:3840]
The given ip address is also alive when checked using ping. Changed conf file to include rwcommunity6 and rocommunity6. What am I doing wrong?
As Cougar said in the comment, you must tell snmpd to listen to the ipv6 address. By default, snmpd only listens to udp4:. To get it to listen to multiple transports, you should specify each:
snmpd udp: udp6:
for example. Also, because the agent won't respond if the incoming packet is denied authorization, you can always run snmpd with the dump flag (-d) to show what traffic it is receiving. If it's not receiving it, you've found one problem. But if it is but not responding, you've found another. Make sure you run it in the foreground (-f) and with logging to stderr (-Le):
snmpd -f -Le -d udp: udp6:
Is it working for this command?
snmpget -v 2c -c public localhost .1.3.6.1.2.1.1.1.0
It should give system description. If yes then it has been set correctly. Otherwise you need to set it using the command snmpconf -g basic_setup