I am using RHEL8 and want to change the context port. Does anyone know how to do it?
Thanks
You'll want to use semanage assuming your custom type for port 2658 exists, and you're deploying to a vanilla RHEL server.
semanage port -a -t <custom_type_here> -p <protocol> <port_here>
Assuming protocol is tcp based:
semanage port -a -t my_2658_t -p tcp 2658
More complicated deployments should probably customize corenetwork.te directly.
Related
I'm trying to make a Docker container accessible on e.g. 1.2.3.4:9999:99 from the Internet (so from outside the container) to be seen as the same IP from inside so when I'm inside the container and doing curl http://bot.whatismyipaddress.com/ I would get 1.2.3.4. I'm struggling with it for hours and no progress.
I'm running the container with docker run --name public254 -d -p 123.456.789.254:22:22 some-image:latest and it's accessible through 123.456.789.254 indeed. When inside it's seen as the main IP of the host as it's supposed to.
Now I want to modify this. What should I do next?
Well. I did it.
Enable forwarding
echo 1 > /proc/sys/net/ipv4/ip_forward
Find out container's internal IP
docker inspect -f '{{ .NetworkSettings.IPAddress }}' some_container
Route it correctly
iptables -t nat -I POSTROUTING -p all -s <container internal IP> -j SNAT --to-source <container external IP>
I have an embedded Linux firmware running on a home router. When I run the following commands one by one from the terminal as root, it works without any errors and serves my purpose. I know this is not a secure policy. This is only to test something.
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT
iptables -F
iptables -X
iptables -A INPUT -p tcp -i eth1 --dport 4444 -j ACCEPT
However, when this is run in a bash script as root as below,
#!/bin/bash
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT
iptables -F
iptables -X
iptables -A INPUT -p tcp -i eth1 --dport 4444 -j ACCEPT
it gives the following error:
iptables: Bad policy name. Run `dmesg' for more information.
iptables: Bad policy name. Run `dmesg' for more information.
iptables: Bad policy name. Run `dmesg' for more information.
iptables: No chain/target/match by that name.
iptables: No chain/target/match by that name.
I have confirmed that the last line of bash script executes without errors and the entry can be seen in iptables. However, all the other lines throw an error. What am I doing wrong? Surprisingly, the same batch script works fine on my Ubuntu machine.
Did you create the script in Windows, or in some other way that gave it Windows line endings (CRLF) where the router is expecting Unix line endings (LF)?
That would lead to the interpreter reading an extra unprintable character on the end of each of the commands, which would give the errors shown.
You can check by running cat -v myScript.sh. Incorrect Windows line endings will show as:
iptables -P INPUT ACCEPT^M
iptables -P FORWARD ACCEPT^M
iptables -P OUTPUT ACCEPT^M
iptables -F^M
iptables -X^M
iptables -A INPUT -p tcp -i eth1 --dport 4444 -j ACCEPT
I'm trying to test how our app handles when the Docker registry becomes unavailable for it to pull Docker images, and want to mimic the situation.
I don't have any control over the firewall rule of the network or DNS of the servers. The only changes I can make are on the VM I'm using, like VM configurations and Docker configurations. Wondering what I can do to make it as if Dockerhub is down?
You can use the iptables to filter the output on your VM and dropping packet
For example :
# iptables -A OUTPUT -d 192.168.12.34 -j DROP
or
# iptables -A OUTPUT -p tcp -d 192.168.12.34 --dport 80,443 -j DROP
I am trying to access a ISCSI drive on a machine with IP 1.0.0.13 (hostname store.blue.com). The machine in which I am trying to create connection has the IP 1.0.0.11 (Hostname: loc1.blue.com). From loc1.blue.com I could discover the iqn but not able to login due to below error.
[root#loc1 ~]# iscsiadm -m discovery -t sendtargets -p store.blue.com
1.0.0.13:3260,1 iqn2015-04.com.blue:store.target1
[root#loc1 ~]# iscsiadm -m node -targetname iqn2015-04.com.blue:store.target1 -p 1.0.0.13 -login
iscsiadm: can not recognize operation: 'gin'
At first I open ports for ISCSI 3260 & 860 and tried the connection but that didn't help. So I stopped iptables service and disabled firewall on both machines. Still I get the same error.
Please advise.
Your syntax is wrong - it's not -login, it's -l or --login (note the two dashes):
# iscsiadm -m node --targetname iqn2015-04.com.blue:store.target1 -p 1.0.0.13 --login
The syntax was incorrect. It should have been --targetname. Complete statement is as follows.
iscsiadm --mode node --targetname iqn2015-04.com.blue:store.target1 --portal store.blue.com:3260 --login
I got the task of converting some iptables rules into puppet firewall. I am currently stuck on this:
iptables -A INPUT -p tcp -m tcp ! --tcp-flags FIN,SYN,RST,ACK SYN -m conntrack --ctstate NEW -j DROP -m comment --comment "drop new not syn"
I can't find a method to use neither --match or --ctstate in Puppet Firewall. How can I do this?
The git repository now contains the ctstate option.
You have to either use git version or wait for a new release on the puppet forge.
Hope this helps.