Develop Reference

Tunnel Gre problem between two hosts (vps and dedicated server)

Hello guys i need to resolve this problem (all server have installed centos 7): i'm trying to create a gre tunnel through vps (in Italy - OpenVZ) and a dedicated server (in Germany), but they do not communicate internally (ping and ssh command tests). Next i create a gre tunnel trought vps (in Italy - OpenVZ) and vps (in France - KVM OpenStack) and their communicate, i next i had create a tunnel trought vps (in France - KVM OpenStack) and a dedicated server (in Germany) their communicate. I can not understand why the vps (in Italy - OpenVZ) and the dedicated server (in Germany) do not communicate, ideas on how I can fix (
I also tried with iptables disabled, firewalld is not enable)? Thanks
In other words:
In other attempts (by this i mean that i managed to successfully create the GRE Tunnel between these machines):
The VPS (in France) and VPS (in Italy) communicate internally (ping and ssh command tests)
The VPS (in France) and Dedicated Server (in Germany) communicate internally (ping and ssh command tests)
Problem (by this i mean that i could not successfully create the GRE Tunnel between these machines):
The VPS (in Italy) and Dedicated Server (in Germany) do not communicate internally (ping and ssh command tests). I also asked hosting services if they had any restrinzione but nothing.
My configuration:
VPS command for tunnel:
echo 'net.ipv4.ip_forward=1' >> /etc/sysctl.conf
iptunnel add gre1 mode gre local VPS_IP remote DEDICATED_SERVER_IP ttl 255
ip addr add 192.168.168.1/30 dev gre1 ip link set gre1 up
Dedicated server command for tunnel:
iptunnel add gre1 mode gre local DEDICATED_SERVER_IP remote VPS_IP ttl 255
ip addr add 192.168.168.2/30 dev gre1
ip link set gre1 up
[root#VPS ~]# ping 192.168.168.2
PING 192.168.168.2 (192.168.168.2) 56(84) bytes of data.
^C
--- 192.168.168.2 ping statistics ---
89 packets transmitted, 0 received, 100% packet loss, time 87999ms
[root#DE ~]# ping 192.168.168.1
PING 192.168.168.1 (192.168.168.1) 56(84) bytes of data.
^C
--- 192.168.168.1 ping statistics ---
92 packets transmitted, 0 received, 100% packet loss, time 91001ms
[root#VPS ~]# tcpdump -i venet0 "proto gre" tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on venet0, link-type LINUX_SLL (Linux cooked), capture size 262144 bytes ^C 0 packets captured 1 packet received by filter 0 packets dropped by kernel
[root#DE ~]# tcpdump -i enp2s0 "proto gre" tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on enp2s0, link-type EN10MB (Ethernet), capture size 262144 bytes ^C 0 packets captured 0 packets received by filter 0 packets dropped by kernel
[root#VPS ~]# lsmod | grep gre
ip_gre 4242 -2
ip_tunnel 4242 -2 sit,ip_gre
gre 4242 -2 ip_gre
[root#DE ~]# lsmod | grep gre
ip_gre 22707 0
ip_tunnel 25163 1 ip_gre
gre 13144 1 ip_gre
Console image with full command output

If ip_forwarding is required for the tunnel to work, you need to do /sbin/sysctl -p
And what does the output of ip tunnel show and ip route show on both the ends

mosquitto subscribe to test broker: Network is unreachable

I'm trying to subscribe to http://test.mosquitto.org/ with the following command:
mosquitto_sub -h test.mosquitto.org -p 1883 -t "#" -v
When doing so, it first says nothing and after a few minutes it prints Error: Network is unreachable. To make sure I also tried to subscribe to https://iot.eclipse.org/ and also tried to use the ip instead of the DNS name of the broker.
Does anybody know how I can subscribe to the broker?
EDIT: I can ping test.mosquitto.org

mosquitto_sub -h test.mosquitto.org -p 1883 -t "#" -v
When doing so, it first says nothing and after a few minutes it prints
Error: Network is unreachable
seems like dns is isn’t resolved, to test check the dns is resolved first simple test would be to do a ping,
ping test.mosquitto.org
If its reachable it should print out following:
ping test.mosquitto.org
PING test.mosquitto.org (37.187.106.16) 56(84) bytes of data.
64 bytes from ks.ral.me (37.187.106.16): icmp_seq=1 ttl=54 time=15.4 ms
64 bytes from ks.ral.me (37.187.106.16): icmp_seq=2 ttl=54 time=15.3 ms
^C
--- test.mosquitto.org ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 15.311/15.393/15.476/0.148 ms
Once dns is resolved following should work without any errors:
mosquitto_sub -h test.mosquitto.org -p 1883 -t "#" -v

How do I make my Docker container communicate with another node through a 2nd interface?

I am struggling to perform a pathetic test that involves the communication between a server in a sandbox01 network and a Docker container that is running in my "Docker Host" server (this machine is in the same subnet as the other nodes in the sandbox01 network. i.e., it has an interface called ens34, on the 10.* address/range. It also has an eth0 interface, on the 9.* network, which allows it to access the outside world: download packages, docker images, etc. etc.).
Anyway, here is a little diagram to illustrate what I have:
The problem:
Cannot communicate between a node in sandbox01 subnet (10.* network) and the container.
e.g., someserver.sandbox01 → mydocker2 : ens34 :: docker0 :: vethXXX → container
The communication only works when I stop iptables, which makes things really mysterious!!! Just wondering if you faced any similar issues.. any ideas would be extremely appreciated.
The mystery:
After many tests, it was confirmed that the container can't communicate with any other node in the 10.* network – it doesn't behave as expected: it was supposed to produce a response through its gateway, docker0 (172.17.0.1), and find its way through the routing table in the docker host to communicate with "someserver.sandbox01" (10.1.21.59).
It only works when we let it process the MASQUARADE in iptables. However, Docker automatically adds this rule: -A POSTROUTING -s 172.17.0.0/16 ! -o docker0 -c 0 0 -j MASQUERADE
**Note the " ! -o docker0" there, so Docker doesn't want us to mask the ip addresses that are sending requests??? This is messing up the communication somehow...
The container responds ok to any communication coming through the IP 9.* (eth0) -- i.e., I can send requests from my laptop -- but never through the 10.* (ens34). If I run a terminal within the container, the container can ping ALL the IP addresses leveraging all the mapped routes, EXCEPT, EXCEPT!!! the IP addresses in the 10.* range. Why??????
[root#mydocker2 my-nc-server]# docker run -it -p 8080:8080 --name nc-server nc-server /bin/sh
sh-4.2# ping 9.83.90.55
PING 9.83.92.20 (9.83.90.55) 56(84) bytes of data.
64 bytes from 9.83.90.55: icmp_seq=1 ttl=117 time=124 ms
64 bytes from 9.83.90.55: icmp_seq=2 ttl=117 time=170 ms
^C
--- 9.83.90.55 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1000ms
rtt min/avg/max/mdev = 124.422/147.465/170.509/23.046 ms
sh-4.2# ping 9.32.145.98
PING 9.32.148.67 (9.32.145.98) 56(84) bytes of data.
64 bytes from 9.32.145.98: icmp_seq=1 ttl=63 time=1.37 ms
64 bytes from 9.32.145.98: icmp_seq=2 ttl=63 time=0.837 ms
^C
--- 9.32.145.98 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 0.837/1.104/1.372/0.269 ms
sh-4.2# ping 10.1.21.5
PING 10.1.21.5 (10.1.21.5) 56(84) bytes of data.
^C
--- 10.1.21.5 ping statistics ---
4 packets transmitted, 0 received, 100% packet loss, time 2999ms
sh-4.2# ping 10.1.21.60
PING 10.1.21.60 (10.1.21.60) 56(84) bytes of data.
^C
--- 10.1.21.60 ping statistics ---
4 packets transmitted, 0 received, 100% packet loss, time 2999ms
For some reason, this interface here doesn't play well with Docker:
ens34: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 10.1.21.18 netmask 255.255.255.0 broadcast 10.1.21.255
Could this be related to the fact that the eth0 is the primary NIC for this Docker host?
The workaround:
In mydocker2 we need to stop iptables and add a new sub-interface under ens34 →
service iptables stop
ifconfig ens34:0 10.171.171.171 netmask 255.255.255.0
And in someserver.sandbox01 we need to add a new route →
route add -net 10.171.171.0 netmask 255.255.255.0 gw 10.1.21.18
Then the communication between then works. I know.. bizarre, right?
In case any of you wants to ask, no, I don't want to use the " --net=host " option to replicate the interfaces from the docker host to my container.
So, thoughts? Suggestions? Ideas?

SOLVED!!!
Inside /etc/sysconfig/network-scripts, there were 2 files:
route-ens34 and rule-ens34-
if you remove those, and restart the network, it should start working.
Cheers!

How to find application working or down using ping command in linux?

Is there any command to find website is working or down in linux ? Hope ping command helps...but how to check return packets successfull or not ?
ping www.google.com
Please advise is there any way to find website is working or not using ping command in shell script ?

Rather than ping use this telnet command to make sure port 80 is open:
telnet www.domain.com 80
You can even send HEAD request after opening telnet session if website is not blocking it.

Not every website responds to ping, and a successful ping does not prove the site is actually working correctly. With lynx, you can test the actual contents of a page:
lynx -dump www.google.com \
| grep --silent '________' \
&& echo "Google search form found." \
|| echo "No Google search form found."
nmap will tell you if the port is listening:
nmap www.google.com -p 80
tcptraceroute will also tell you if a port is open:
tcptraceroute www.google.com 80
There's also wget, curl...

In script you can look for echo $? output after you test using ping as explained below.
If the ping is successful which means the website is up, the echo output will return 0 else non-zero.
esunboj#L9AGC12:~$ ping 155.53.12.255
PING 155.53.12.255 (155.53.12.255) 56(84) bytes of data.
^C
--- 155.53.12.255 ping statistics ---
3 packets transmitted, 0 received, 100% packet loss, time 2000ms
esunboj#L9AGC12:~$ echo $?
1
esunboj#L9AGC12:~$ ping 155.53.12.7
PING 155.53.12.7 (155.53.12.7) 56(84) bytes of data.
64 bytes from 155.53.12.7: icmp_req=1 ttl=48 time=239 ms
64 bytes from 155.53.12.7: icmp_req=2 ttl=48 time=240 ms
64 bytes from 155.53.12.7: icmp_req=3 ttl=48 time=241 ms
^C
--- 155.53.12.7 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2002ms
rtt min/avg/max/mdev = 239.250/240.304/241.451/0.985 ms
esunboj#L9AGC12:~$ echo $?
0

ping send will send ICMP ECHO_REQUEST to network hosts and on success it will receive ICMP ECHO_REPLAY you can run tcpdump to verify

Linux - ping all devices in a file to check accessibility

I have a file with about 500 devices which I need to ping to check if they're currently accessible or not from various subnets around my network. It's essentially a basic test to check for routing/accessibility issue.
Not sure where to start really. I have a basic file in which I have put each individual IP in a file line-by-line.
For example, the file looks like this:
192.168.1.1
192.168.1.2
192.168.1.3
192.168.1.4
I'd need it to return something like the following, if the third in line didn't get a reply:
192.168.1.1 Accessible
192.168.1.2 Accessible
192.168.1.3 Inaccessible
192.168.1.4 Accessible
I'm running Ubuntu here. Apologies for not having any idea where to start !
Cheers
Steve.

You should use nmap in ping scan mode with:
nmap -sn -oG - -v -iL hosts_to_scan.txt
This will try to ping all hosts contained in the hosts_to_scan.txt file.
By the way, you can also specifify a subnet, if that is the case:
nmap -sn -oG - -v 192.168.1.0/24
And/or save the result to file:
nmap -sn -oG status.txt -v 192.168.1.0/24
nmap -sn -oG status.txt -v -iL hosts_to_scan.txt

I would use nmap probably for a long list, but if you are in a command line and need a quick one-liner, this will do also:
$ for i in `cat file.txt `;do ping -c 1 $i;done
PING 8.8.8.8 (8.8.8.8): 56 data bytes
64 bytes from 8.8.8.8: icmp_seq=0 ttl=50 time=16.271 ms
--- 8.8.8.8 ping statistics ---
1 packets transmitted, 1 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 16.271/16.271/16.271/0.000 ms
PING 8.8.4.4 (8.8.4.4): 56 data bytes
64 bytes from 8.8.4.4: icmp_seq=0 ttl=50 time=16.030 ms
--- 8.8.4.4 ping statistics ---
1 packets transmitted, 1 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 16.030/16.030/16.030/0.000 ms
On a positive note, this method it's quick and easy to remember. Works (probably) with all major shells (bash, zsh, *sh?).
On the other hand it's fairly verbose and you don't want that in say 200 IP's, even 10 might be hard to monitor.
I would write a script in ruby, or pytho or whatever language you like if nmap can't cut it.
EDIT: This one is cleaner and also has some additional stats:
for i in `cat file.txt `;do ping -c 1 $i|grep 64;done
64 bytes from 8.8.8.8: icmp_seq=0 ttl=50 time=15.397 ms
64 bytes from 8.8.4.4: icmp_seq=0 ttl=50 time=13.170 ms
There's virtually nothing that can't be done with gnu-tools.

Basic schema would be to ping each one of the servers and print the result.
If you store the IPs in a ips.txt file, you could do:
while read my_ip
do
test_ping $my_ip
done < ips.txt
And then create a function such as test_ping, that pings once to each IP:
test_ping () {
if ping -c 1 $1 &> /dev/null
then
echo "$1 Accessible"
else
echo "$1 Inaccessible"
fi
}