Does anyone know how do I get socat to listen on all interfaces assigned to one particular network interface ? I'm not sure if it's even possible.
If I want to bind socat to a particular IP:PORT I always parse the IP info from the output of ip command and then bind socat to it like this:
NETIFC=$(ip -o -4 addr list eth0 | awk '{print $4}' | cut -d/ -f1)
socat -d -d TCP4-LISTEN:1234,fork,bind=$(NETIFC) UNIX-CLIENT:/tmp/foo.sock
I thought I would be able to achieve what I'm after by running the socat like this:
socat -d -d TCP4-LISTEN:1234,fork,so-bindtodevice=eth0 UNIX-CLIENT:/tmp/foo.sock
But I believe I'm missing some low level network programming knowledge and therefore don't quite get what is this option supposed to be doing and am just plainly hoping it should do what I want it to do, but in fact it actually binds to ALL network interfaces.
The following port forwarder listens on IP: x.y.z.t:80, without binding to 80 on any other exposed IPs (unlike the bind parameter).
SOCAT_SOCKADDR=x.y.z.t socat TCP-LISTEN:80,reuseaddr,fork,su=nobody TCP:a.b.c.d:80
If an interface has multiple IP’s, there is some experimenting to do! In the ip v4, v6 case it might be best to use two forwarders. For my current purposes, the code above is sufficient.
Related
I am in an emergency situation and I need the count of request in a linux port.
Request will be HTTP GET and port is 7003. How I can get request count per second?
Try this:
netstat -a | grep ESTABLISHED | grep -c :7003
This should give you an idea of what you have at the moment.
Network sniffer is one way to do that.
Wireshark is a free network sniffer.
With Wireshark you can use the following display filter to show only HTTP-GET requests:
http.request.method == "GET"
You can limit amount of captured traffic by using a capture filter. For getting TCP port 7003 traffic only, you can use the capture filter:
tcp port 7003
Then the statistics summary dialog of Wireshark shows the wanted value:
You can use watch and netstat like below:
watch netstat -a | grep ESTABLISHED | grep -c ':7003$'
Default watch run that command per second.
I am fairly new to linux I wanted to ask if its possible in linux commands to run a "route -n" command to retrieve information for a specific NIC. E.G route -n ether0. Because currently it shows me for all the NIC's but what if I want just for one?
Use the iproute2 ip command (rather than the antique route command), and provide a selector with your NIC:
# for ether0
ip -o route list dev ether0
(I've added -o since your tags indicate that you're using this for scripting purposes; ensuring that each result lives on its own line is appropriate in this case).
This is a significant improvement on the simple route | grep ether0 approach, as it shows routing entries which can end up sending traffic through a NIC but don't name that NIC explicitly.
As the default for iproute2 is to avoid leaning on the resolver, no local flag equivalent to -n is necessary; instead, if you did want to use the resolver, you would need to add -r.
Do you want see route for ether0, you can use below command
ip -o route show dev ether0
or
ip route show | grep ether0
or
route -n | grep ether0
or
netstat -nr | grep ether0
To see NIC for ether0, you can use ifconfig command and Gateway NIC you can use arp -a commands
ifconfig ether0
for see GW and direct connected NICS you can use below command
arp -a
I have a Linux server with multiple network namespaces defined:
# ip netns list
qdhcp-7dedbd4e-2265-4aa2-baac-add4e341dd18
qdhcp-851379ba-1d51-4e45-8e50-b756e81c0949
qdhcp-a19927c5-83b4-4bb4-a8b8-f21fdb5e004b
qdhcp-b94605ff-b0e2-4cfe-a95e-3dd10208a5fb
... ...
Each namespace contains one or more virtual network adapters - in this case, it's a TAP device:
# ip netns exec qdhcp-7dedbd4e-2265-4aa2-baac-add4e341dd18 ip route
192.168.168.0/24 dev tapda4018ab-b7 proto kernel scope link src 192.168.168.2
169.254.0.0/16 dev tapda4018ab-b7 proto kernel scope link src 169.254.169.254
default via 192.168.168.1 dev tapda4018ab-b7
Now let's say I know the name of the adapter - tapda4018ab-b7 - but I don't know the namespace it belongs to. Is there a way to look it up without checking namespaces one by one? Is there a generic Linux command to do this? Or at least OpenStack Neutron-specific command?
According to this man page http://man7.org/linux/man-pages/man8/ip-netns.8.html you could run the exec command on all namespaces but I tested it on an ubuntu trusty servers and it will not accept "-all" as an argument. So the only way I know to get such an information is via a small bash script. I made one that could certainly be improved as my scripting skills are rather basic, but it will do the work:
#!/bin/bash
i=$(ip netns list | wc -l)
counter=1
while [ $counter -le $i ]; do
ns=$(ip netns | head -$counter | tail -1)
ip netns exec $ns ip route | grep $1 | grep proto
let counter=counter+1
done
You can then launch the script using as sole argument your tap device as in the example bellow:
root#columbo:~# ./list_all_namespace tap8164117b-e3
5.5.5.0/25 dev tap8164117b-e3 proto kernel scope link src 5.5.5.3
If you do not provide an argument it will give you an error.
If I understand Neutron correctly (which is a big if - my only experience is with a fairly limited toy installation of Kilo/2015.1.2), you should be able to track through neutron's database to figure out the netns you're looking for
I believe your tap interface would be named using the first 5 octets (10 characters) of the port uuid that it's associated with, and the qdhcp netns uses the uuid of it's network, so you should be able to use the neutron CLI to track down the correct namespace.
You should be able to find the neutron port for your tap interface with:
$ neutron port-list | grep "da4018ab-b7"
| da4018ab-b7xx-xxxx-xxxx-xxxxxxxxxxxx | | fa:16:xx:xx:xx:xx | {"subnet_id": ...
where "da4018ab-b7" was pulled out of "tapda4018ab-b7". You can then use the full port uuid:
$ neutron port-show da4018ab-b7xx-xxxx-xxxx-xxxxxxxxxxxx
The network_id in the result from port-show should let you figure out the netns (qdhcp-network_id) containing tapda4018ab-b7.
You should be able to use similar logic to track down qg interfaces (which will probably show up on bridges in the default netns), but in that case it's the device_id that owns the port that gives you the qrouter-device_id netns you want.
You can use this script. Save this as get_dhcp_namespace.sh :-
ubuntu#ubuntu$ cat get_dhcp_namespace.sh
#!/bin/bash
interface=$1
id=${interface:3}
port_id=$(neutron port-list | grep $id | awk -F'|' '{print $2}' | tr -d ' ')
net_id=$(neutron port-show $port_id | grep network_id | awk -F'|' '{print $3}' | tr -d ' ')
echo "DHCP namespace is: qdhcp-$net_id"
Run this with the tap interface provided as argument. Don't forget to source the keystonerc/openstackrc/credentials file.
ubuntu#ubuntu$ ./get_dhcp_namespace.sh tapda4018ab-b7
qdhcp-bd39f45d-b45c-4e08-ab74-85c0b1180aea
I discovered only last week with help on here that I could have the OS Architecture (32/64) stored in a variable like this:
arch=$(getconf LONG_BIT)
I am hoping that I can use a similar method for local IP address:
ipaddress=$(????)
So that any occurrences of $ipaddress will be replaced with "192.168.1.100" or whatever the local IP might be
Unfortunately, it is not possible to extract the IP address of the system from the sysconf sub-system.
It is possible to have several IP addresses associated with the interfaces on a Linux system so there is no way to determine which IP address is the 'correct' one.
You could use the following shell snippet to list the active IP addresses on the system:
ifconfig | grep 'inet addr' | awk '{print $2}' | cut -d ':' -f2
On my system this lists the following IP addresses:
192.168.1.12
127.0.0.1
If you see similar output, it means you've only got a single active interface along with the local loopback, so you can add |grep -v 127 to the previous snippet to filter out the local loopback address.
I'm not sure whether to post it here or at ServerFault.
Anyway, I'm trying to work around company's firewall to connect to some media sharing site using my phone's 3g network. I've come up with a simple ip route command which take pppd's inet address as it's parameter. But, I want to make it a little bit more automated by reading the inet address right from the script, not by passing it via command line parameter.
Here's the scenario, to make it more obvious:
The command invocation as of now: $jumpfirewall xxx.xxx.xxx.xxx
The command invocation I want: $jumpfirewall
Do you know some command or library that I can use to read it from command line?
Adapted from cyberciti:
/sbin/ifconfig ppp0 | grep 'inet addr:' | cut -d: -f2 | awk '{ print $1}'
The ifconfig ppp0 will get information for your primary PPP interface; the grep cuts it down to the line containing the IP address; the cut splits out everything after inet addr: up to bcast:, giving something like 1.2.3.4 Bcast:; and the awk call will print only the first (space-separated) field, leaving you with only the IP address.
pppd automatically calls a script in /etc/ppp/ip-up when a link is brought up. In this script, $4 is the local IP address of the PPP link. (On some distributions, /etc/ppp/ip-up is set to call the scripts in /etc/ppp/ip-up.d, with $PPP_LOCAL set to the IP address, so you can place your script there).
This way, you won't have to manually call the script - just bring up the PPP link and it'll be run automatically. There's a corresponding /etc/ppp/ip-down you can use to undo your route when the link goes down.