I am creating GRE Tunnel between two Linux (CentOS6) servers using below steps.
On the master server:
chkconfig iptables off
service iptables stop
sysctl -w net.ipv4.conf.default.rp_filter=0
modprobe ip_gre
ip tunnel add tun1 mode gre remote 98.123.87.97 local 106.61.58.98 ttl 255
ip addr add 10.0.1.0/24 dev tun1
ip link set dev tun1 up
ip addr add 98.123.87.95/27 dev eth0
On the slave server:
chkconfig iptables off
service iptables stop
sysctl -w net.ipv4.ip_forward=1
sysctl -w net.ipv4.conf.all.forwarding=1
sysctl -w net.ipv4.conf.proxy_arp=1
sysctl -w net.ipv4.conf.all.proxy_arp=1
sysctl -w net.ipv4.conf.eth0.rp_filter=0
sysctl -w net.ipv4.conf.default.rp_filter=0
modprobe ip_gre
ip tunnel add tunx mode gre remote 106.61.58.98 local 98.123.87.97 ttl 255
ip addr add 10.0.2.0/24 dev tun0
ip link set tunx up
ip route add 98.123.87.95/27 dev tun0
I need to add slave server's IP into the on my master server, I am getting the ping response form tunnelled IPs (Slave Server's IP) and when I am trying to SSH the tunnelled IP (Slave IP) I am reaching to Masters(this is what I want).
Problem is when I am trying to send outgoing traffic like DNS query by Tunnelled IP(Slave IP) I am getting time out request.
I guess this is routing issue of one of my server. Any idea what should i do to get through my outgoing traffic by tunnelled IPs?
Thanks,
Are you really adding 10.0.1.0/24 address? This is a network address, looks like mistake.
Also, you shuold add default route(or route to dns servers or whatever you want) on client machine through your tunnel with gateway=another_end_of_tunnel.
Don't forget to add static route to your machine if you don't want to loose connection, before adding default route!
Related
When trying to initiate docker swarm, I get the following error response from daemon:
could not choose an IP address to advertise since this system has multiple addresses on interface eth0 (aa11:a111:1a1a::111 and ba11:a111:1a1a::111).
When I execute:
sudo ip addr flush dev eth0
I successfully remove all ip addresses, however, they are recreated once I reboot. What might be the reason for this?
My server has 5 different external IPs (all working)
I added them by using:
ip addr add xx.xx.xx.xx/32 dev eth0
ip addr add yy.yy.yy.yy/32 dev eth0
ip addr add zz.zz.zz.zz/32 dev eth0
How can I should curl to use either zz.zz.zz.zz IP address ?
You should be able to use
curl --interface zz.zz.zz.zz http://example.com/
The issus is:
I configured the following policy routing:
ip route add 192.168.1.0/24 via 10.0.2.15 dev eth0 table 10
ip route add default via 10.0.2.15 dev eth0 table 10
ip rule add from 10.0.2.15 table 10
these configurations are temporary, once network restart or reboot,the policy route I configured would lost, Is there any way you can solve this problem?
Create a file if does not exist
/etc/sysconfig/network-scripts/route-eth0
Add the following contents
192.168.1.0/24 via 10.0.2.15 dev eth0
default via 10.0.2.15 dev eth0
default route can be added in /etc/sysconfig/network-scripts/ifcfg-eth0
GATEWAY=10.0.2.15
Third rule is not clear to me
I want to crawl webpages through browser and store network traffic per URL (not only HTTP but also udp, rtmp etc.) I came across this solution to use linux network namespace for per process routing. Following are the steps I followed, however unable to browse the webpage.
ip netns add test
create a pair of virtual network interfaces (veth-a and veth-b):
ip link add veth-a type veth peer name veth-b
change the active namespace of the veth-a interface:
ip link set veth-a netns test
configure the IP addresses of the virtual interfaces:
ip netns exec test ifconfig veth-a up 192.168.163.1 netmask 255.255.255.0
ifconfig veth-b up 192.168.163.254 netmask 255.255.255.0
configure the routing in the test namespace:
ip netns exec test route add default gw 192.168.163.254 dev veth-a
sudo bash -c ‘echo 1 > /proc/sys/net/ipv4/ip_forward’
sudo iptables -t nat -A POSTROUTING -s 192.168.163.0/24 -o wlan0 -j MASQUERADE
Open Browser in the namepace and get following:
sudo ip netns exec test /usr/bin/firefox http://google.com
(firefox:15861): GConf-WARNING **: Client failed to connect to the D-BUS daemon:
Failed to connect to socket /tmp/dbus-xE8M4KnMPn: Connection refused
(firefox:15861): LIBDBUSMENU-GLIB-WARNING **: Unable to get session bus: Could not connect: Connection refused
In wireshark: sudo ip netns exec test wireshark
I can see Only Outgoing DNS requests from 192.168.163 to 127.0.1.1.
Kindly let me know what I am missing here?
Instead of modifying the host /etc/resolv.conf a cleaner way would be to create a network namespace specific resolv.conf in the following path /etc/netns/ . The "ip netns" utility will bind-mound any resolv.conf on this path to a /etc/resolv.conf in a mount namespace for the process launched with the new network namespace.
Got it. I am able to ping 8.8.8.8. The problem was in DNS resolving.
Update DNS resolver.
put nameserver 8.8.8.8 in /etc/resolvconf/resolv.conf.d/base and in /etc/resolvconf/resolv.conf.d/head.
Restart Network.
sudo service network-manager restart
Now /etc/resolv.conf looks like.
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
# DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
nameserver 8.8.8.8
nameserver 127.0.1.1
Finally.
sudo ip netns exec test /opt/google/chrome/google-chrome --user-data-dir=/tmp/chrome2/ http://yahoo.com
I'm trying to run gwan on an Azure cloud machine. But I get issues with network interfaces, or I simply cannot hit the machine with the browser.
I believe the issue has to do with internal IP address assigned by the Azure router, but also I could be missing some critical security issue (or something else)
The machine is running CentOS.
Here is my configuration:
/etc/sysconfig/iptables-config
added a rule for accepting traffic via port 80
-A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
/etc/hosts
added the public IP address and mapped that to a subdomain of cloudapp.net
192.12.45.23 myappname.cloudapp.net
gwan_linux64-bit
changed the directories to suit the public IP.
mv 0.0.0.0_8080/#0.0.0.0
192.12.45.23_80/#192.12.45.23
run gwan
sudo ./gwan
can't listen on 168.62.8.160:80 (Cannot assign requested address)
Available network interfaces (2):
127.0.0.1 12.109.24.35
Then I tried both 12.109.24.35 and 127.0.0.1 interfaces -
gwan ran without an error, but I couldn't browse the machine using the public IP of 168.62.8.160:80
further info:
/etc/sysconfig/network doesnt use the FQDN myappname.cloudapp.net but
HOSTNAME=myappname
NETWORKING=yes
as well, /etc/sysconfig/network-scripts/ifcfg-eth0
DHCP_HOSTNAME=myappname
DEVICE=eth0
I don't know Azure and its specificities. But it seems that you are missing a system configuration for your IP address (a problem that has little to do with G-WAN).
Your error is:
"can't listen on 168.62.8.160:80
Available network interfaces (2): 127.0.0.1 12.109.24.35"
On a Linux machine you would have to assign the 168.62.8.160 IP address to one of your network adapters in order for the system to be able to use it.
For temporary changes: ifconfig eth0:1 168.62.8.160
For permanent changes:
vim /etc/network/interfaces
--------------------------------------------------------------
auto lo
iface lo inet loopback
auto eth0
iface eth0 inet static
address 12.109.24.35
network ... // replace ... by the relevant data
netmask ... // replace ... by the relevant data
auto eth0:1
iface eth0:1 inet static
address 168.62.8.160
network ... // replace ... by the relevant data
netmask ... // replace ... by the relevant data
--------------------------------------------------------------
...and then run: /etc/init.d/networking restart
That's what would work if you were running Linux, just in case that may help to understand what you are missing on Microsoft Azure.