I am running CentOS 7.2, and I'm struggling to get a simple script to execute on ifup of any interface.
My /sbin/ifup-local looks like this:
[root#oracle2 ~]# cat /sbin/ifup-local
#!/bin/bash
if [[ "$1" == "eth0" ]]
then
exec /vpnup
fi
[root#oracle2 ~]#
The referenced script /vpnup looks like this:
[root#oracle2 ~]# cat /vpnup
#!/bin/bash
#
# CompanyX Production L2TP VPN - UP
#
#
echo -e "\n"
echo -e "PLEASE WAIT\n"
echo -e "Dialling Production L2TP VPN... \n"
echo -e ".........................................\n"
ipsec auto --up L2TP-PSK && echo "c qvprodvpn" > /var/run/xl2tpd/l2tp-control
echo -e ".........................................\n"
echo "Connected..."
echo "Adding local static route to manage VPN bound traffic..."
sleep 6s
ip route add 10.10.24.0/24 via 10.10.24.51
echo "Route added..."
echo -e "...\n"
[root#oracle2 ~]#
Fairly simple, the script works fine when called at command line. It just dials into a L2TP VPN that I've setup, to get this box access to the production LAN of another segment of their network.
However, if I execute "service network restart" or indeed "systemctl restart network.service", the VPN interface does not come up, nor does the ip route get added. If I manually execute ifdown eth0, and then ifup eth0, it also does not run the script as intended.
If I execute "/sbin/ifup-local eth0" the script runs as expected, so I know my script is fine, and I know my ifup-local is fine.
Am I missing something obvious? I've never worked with pre/post up scripts before, but I always figured they were pretty simple... Was I wrong?
Ensure your ifcfg-eth0 script includes
NM_CONTROLLED=no
Otherwise, calling systemctl restart network or ifup eth0 will not execute ifup-pre-local, ifup-eth, ifup-post, ifup-local, etc. for eth0. They will still be called for lo, though.
Related
I am working with the latest Manjaro with the kernel: x86_64 Linux 5.10.15-1-MANJARO.
I am connected to my company network via VPN.
For this I use SNX with the build version 800010003.
When I start a Docker container (Docker version 20.10.3, build 48d30b5b32) which should connect to a machine from the company network, I get the following message.
[maurice#laptop ~]$ docker run --rm alpine ping company-server
ping: bad address 'company-server'
Also using the IP from the 'company-server' doesn't work.
A ping outside the container works, no matter using the name or IP.
The resolv.conf looks correct to me.
[maurice#laptop ~]$ docker run --rm alpine cat /etc/resolv.conf
# Generated by NetworkManager
search lan
nameserver 10.1.0.250
nameserver 10.1.0.253
nameserver 192.168.86.1
What I have found out so far.
If I downgrade packages glibc and lib32-glibc to version 2.32-5, the ping out of the container works again. Because of dependencies I have also to downgrade gcc, gcc-libs and lib32-gcc-libs to version 10.2.0-4.
I tried the whole thing with a fresh Pop OS 20.10 installation, same problem.
I also did a test with another VPN (OpenVPN) which worked fine. However, this was only a test scenario and cannot be used as an alternative.
I have been looking for a solution for several days but have not found anything. It would be really nice if someone could help me with this.
TL;DR:
on kernel >5.8 the tunsnx interface is no longer created with global scope and need to be recreated. small script to the rescure https://gist.github.com/Fahl-Design/ec1e066ec2ef8160d101dff96a9b56e8
Longer version:
Here are my findings and the solution to (temp) fix it:
Steps to reproduce:
connect your snx tunnel
see ping fails to server behind tunnel
docker run --rm -ti --net=company_net busybox /bin/sh -c "ping 192.168.210.210"
run this command to check ip and scope of the "tunsnx" interface
ip -o address show "tunsnx" | awk -F ' +' '{print $4 " " $6 " " $8}'
if you get something like
192.168.210.XXX 192.168.210.30/32 247
or (Thx Timz)
192.168.210.XXX 192.168.210.30/32 nowhere
the scope is not set to "global" and no connection can be established
to fix this, like "ronan lanore" suggested, you need to change the scope to global
this can be done with a little helper script like this one:
#!/usr/bin/env bash
#
# Usage: [dry_run=1] [debug=1] [interface=tunsnx] docker-fix-snx
#
# Credits to: https://github.com/docker/for-linwux/issues/288#issuecomment-825580160
#
# Env Variables:
# interface - Defaults to tunsnx
# dry_run - Set to 1 to have a dry run, just printing out the iptables command
# debug - Set to 1 to see bash substitutions
set -eu
_log_stderr() {
echo "$*" >&2
}
if [ "${debug:=0}" = 1 ]; then
set -x
dry_run=${dry_run:=1}
fi
: ${dry_run:=0}
: ${interface:=tunsnx}
data=($(ip -o address show "$interface" | awk -F ' +' '{print $4 " " $6 " " $8}'))
LOCAL_ADDRESS_INDEX=0
PEER_ADDRESS_INDEX=1
SCOPE_INDEX=2
if [ "$dry_run" = 1 ]; then
echo "[-] DRY-RUN MODE"
fi
if [ "${data[$SCOPE_INDEX]}" == "global" ]; then
echo "[+] Interface ${interface} is already set to global scope. Skip!"
exit 0
else
echo "[+] Interface ${interface} is set to scope ${data[$SCOPE_INDEX]}."
tmpfile=$(mktemp --suffix=snxwrapper-routes)
echo "[+] Saving current IP routing table..."
if [ "$dry_run" = 0 ]; then
sudo ip route save >$tmpfile
fi
echo "[+] Deleting current interface ${interface}..."
if [ "$dry_run" = 0 ]; then
sudo ip address del ${data[$LOCAL_ADDRESS_INDEX]} peer ${data[$PEER_ADDRESS_INDEX]} dev ${interface}
fi
echo "[+] Recreating interface ${interface} with global scope..."
if [ "$dry_run" = 0 ]; then
sudo ip address add ${data[$LOCAL_ADDRESS_INDEX]} dev ${interface} peer ${data[$PEER_ADDRESS_INDEX]} scope global
fi
echo "[+] Restoring routing table..."
if [ "$dry_run" = 0 ]; then
sudo ip route restore <$tmpfile 2>/dev/null
fi
echo "[+] Cleaning temporary files..."
rm $tmpfile
echo "[+] Interface ${interface} is set to global scope. Done!"
if [ "$dry_run" = 0 ]; then
echo "[+] Result:"
ip -o address show "tunsnx" | awk -F ' +' '{print $4 " " $6 " " $8}'
fi
exit 0
fi
[ "$debug" = 1 ] && set +x
Same problem for me now. Nothing big change but tunsnx interface scope change from global to 247. Delete it and re create with global scope.
Just for collection of possible solutions. I had the same problem but found that "tunsnx" interface was configured properly with "global" keyword. In my case the problem was that snx was started after docker daemon and restarting docker service docker restart helped.
I need some help with a Linux shell script which should automatically check if a host is reachable. It is best to ping port 22 every 3-5 seconds. If the port is reachable the program should execute the command service HelloWorld stop. If the host is not reachable, the script should automatically execute a command on the computer e.g. service HelloWorld start.
Does anyone know how to implement this?
I have something like this, but that not functionning,
#!/bin/bash
IP='192.168.1.1'
fping -c1 -t300 $IP 2>/dev/null 1>/dev/null
if [ "$?" = 0 ]
then
service helloworld stop
else
service helloworld start
fi
Try the following code
#!/bin/bash
IP='192.168.1.1'
PORT=22
(echo >/dev/tcp/$IP/$PORT) &>/dev/null
if [ "$?" = 0 ]
then
service helloworld stop
else
service helloworld start
fi
In this way, it's allowed to check IP with specific port is reachable or not
I want to write script in bash to connect to server, ping on it another server, get ip from ping command, and send that info back to pc who ran the script, and at the end connect to server who is pinged before.
My script:
#!/bin/bash
echo "Script to connect to server"
#ip_p used to connect to first server, on that server i want to use ping command'
ip_p=XYz.XYZ.XYZ.XYZ
user='username to the servers'
#ip_d - in that variable i want to save ip of the pinged server
ssh -t $user#$ip_p ip_d="ip_d=ping -c1 $1.domain | sed -nE 's/^PING[^(]+\(([^)]+)\).*/\1/p' && exit "
echo "start"
echo $ip_d
echo "stop"
ssh -t $user#$ip_d
How i wish to work:
domain i want to check test.nyslay.pl
connect to server which ip, and username was defined in script
ping server(part ".nyslay.pl", is always the same, but "test" i want to read from first argument of script run
get ip of domain from previous point
transfer ip from point: 2 to local machine, on which script is run
connect to the server which ip we get from point: 2
Use command substitution:
ip_d=$(ssh -t $user#$ip_p "ping -c1 $1.domain | sed -nE 's/^PING[^(]+\(([^)]+)\).*/\1/p'")
The output of ping (through sed) comes to the local machine via ssh, whose output is captured in the local variable ip_d.
I've set up a simple init.d script "S3logrotate" to run on shutdown. The "S3logrotate" script works fine when run manually from command line but the script does not function correctly on shut down.
The script uploads logs from my PC to an Amazon S3 bucket and requires wifi to run correctly.
Debugging proved that the script is actually run but the upload process fails.
I found that the problem seems to be that the script seems to run after wifi is terminated.
These are the blocks I used to test my internet connection in the script.
if ping -q -c 1 -W 1 8.8.8.8 >/dev/null; then
echo "IPv4 is up" >> *x.txt*
else
echo "IPv4 is down" >> *x.txt*
fi
if ping -q -c 1 -W 1 google.com >/dev/null; then
echo "The network is up" >> *x.txt*
else
echo "The network is down" >> *x.txt*
fi
The output for this block is:
IPv4 is down
The network is down
Is there any way to set the priority of an init.d script? As in, can I make my script run before the network connection is terminated? If not, is there any alternative to init.d?
I use Ubuntu 16.04 and have dual booted with Windows 10 if that's significant.
Thanks,
sganesan7
You should place you scrip in:
/etc/NetworkManager/dispatcher.d/pre-down.d
change group and owner to root
chown root:root S3logrotate
and it should work. If you need to do this for separate interface place script in
create a script inside
/etc/NetworkManager/dispatcher.d/
and name it (for example):
wlan0-down
and should work too.
I'm running a headless system with a raspberry pi and after a while of not connecting via ssh the system will stop responding to ssh, it is not the Wi-Fi dongle falling asleep, I have checked, seeing I have a piglow running piglow-sysmon, and the part of the pi glow that monitors network activity does show activity when the pi stops responding to ssh. I found a nice script for checking if Wi-Fi is up and if not restart it, although im not that great with bash scripting, and cannot figure out how or if i can mod it to work with ssh instead of Wi-Fi, if anyone can help me mod it, or provide a small quick one, I'm using cron to run it (once I can get it modded) every few minutes
here the script I'm trying to mod
#!/bin/bash
LOGFILE=/home/pi/network-monitor.log
if ifconfig wlan0 | grep -q "inet addr:" ;
then
echo "$(date "+%m %d %Y %T") : Wifi OK" >> $LOGFILE
else
echo "$(date "+%m %d %Y %T") : Wifi connection down! Attempting reconnection." >> $LOGFILE
ifup --force wlan0
OUT=$? #save exit status of last command to decide what to do next
if [ $OUT -eq 0 ] ; then
STATE=$(ifconfig wlan0 | grep "inet addr:")
echo "$(date "+%m %d %Y %T") : Network connection reset. Current state is" $STATE >> $LOGFILE
else
echo "$(date "+%m %d %Y %T") : Failed to reset wifi connection" >> $LOGFILE
fi
fi
Try the following script. It makes a few assumptions:
1) Your account has its own ssh key in the authorized_keys file, so that "ssh localhost" essentially just gives you another shell, without prompting for a password
2) If the ssh command does not complete in three seconds, it would be safe to assume that the ssh daemon is up, but stuck for some reason:
#! /bin/bash
ssh localhost /bin/true &
sleep 3; kill -9 $!
if wait $!
then
echo Up
else
echo Down
fi
A bit crude, but should be effective. It's up to you to figure out how to restart the ssh service in an optimum way, here. Fill in the blanks.
You may also want to discard all standard error here, as it'll likely to have some unimportant noise...
If, on the other hand, this script reports that the ssh service is running, but you still can't connect from the outside, the problem is not the ssh service, but it lies elsewhere, so it's back to the drawing board for you.