Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 2 years ago.
Improve this question
I know both are IPSEC stacks in Linux kernel and that KLIPS is older and Netkey is newer but other than that I find no other documentation of them. I want to know the real technical differences between them. Is there any one here who can tell me the difference or share some documentation source?
Any help would be appreciated.
From the article linked by shdobxr, the most relevant part regarding the difference between KLIPS and Netkey seems to be the following:
When you apply firewall (iptables) rules, KLIPS is the easier case,
because with KLIPS, you can identify IPsec traffic, as this traffic
goes through ipsecX interfaces. You apply iptables rules to these
interfaces in the same way you apply rules to other network interfaces
(such as eth0).
When using NETKEY, applying firewall (iptables) rules is much more
complex, as the traffic does not flow through ipsecX interfaces; one
solution can be marking the packets in the Linux kernel with iptables
(with a setmark iptables rule). This mark is a member of the kernel
socket buffer structure (struct sk_buff, from the Linux kernel
networking code); decryption of the packet does not modify that mark.
Writing in 2014, all linux distros should now come with a kernel that support both KLIPS and Netkey.
http://www.linuxjournal.com/article/9916
This is by far the best break down of a VPN setup with either. You should be able to deduce what you need for this article.
Good luck!
Related
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 1 year ago.
Improve this question
Let's say I have a 100G disk which i want to expose as an ISCSI-target and I have configured 2-ISCSI-portals(IP1, IP2) which can be used to access the ISCSI-target
Note: I have used more than one portal for my High-Availability Use-cases
Let's say, From the Host, I have used IP1 for the login to the ISCSI-Target and am able to connect to the target successfully. After some time Say, because of some reason IP1 is down.is there a config/way to specify the ISCSIADM to fall back to IP2 for connecting to ISCSI-target
As stark says in the comments above, the answer is to use dm-multipath. There are numerous articles on how to set this up, but the short answer is that it'll likely "just work".
First, install multipathd on your system. Then, when you use iscsiadm in discovery mode, so long as your iSCSI target reports both portals, Linux is going to connect to both portals. You'll get two block devices, both with the same SCSI WWN. Multipathd wakes up, sees the two devices with the same WWN, and bundles them into a /dev/dm-X device for your use. From that point forward, multipathd manages the paths according to how you've configured its policy. The default may be fine for your use.
The key point here is that iscsiadm and iSCSI are kind of "out of the way". You'll have a session for each path. The sessions may come and go. DM-Multipath manages which sessions are involved in providing access to your LUN.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 5 years ago.
Improve this question
I'm on Linux Mint, never connected to the internet for weeks, and still not connected, doing some python programming (Python 3.6).
I happened to look at the firewall program in it 'report' section and see this
(please not that the firewall was actually set to ALLOW outgoing until I changed it just before this screenshot (it was only set to block incoming). Again, to my knowledge I am not, and have not, been connected to the internet at all and my networking is turned off.:
I'm not a network programmer, but this seems to be showing that these applications have been accessing network ports, correct?
Why would python 3.6 (which I was using) be on this list or ever need to connect to any port at all?? Am I looking at nefarious activity here?
I've heard that software can be placed directly on the hardware of a system. IS it possible that my network interface card could be activated and used without giving any indication?
And again, why would my python 3.6 application be on a firewall report at all?
I'm very concerned about this. Can someone enlighten me?
What you are looking at are mostly servers that are listening for incoming connections. That certainly covers ntpd, cups, ntpd.
It looks like some python programs have also been listening for connections, maybe as part of your programming exercises.
The fact that programs are listening for incoming connections doesn't mean anything has actually connected to them, or even that anything could.
An address of "*" indicates that it's a potential connection, not an actual connection that happened.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 6 years ago.
Improve this question
i have 2 interfaces on linux instance. both have static IPs . i have traffic from outside world coming to eth0(208.67.x.x) and inside my server i want the traffic to be redirected to eth1(192.168.X.x) to talk to any application inside.
Please help me on the route configs ..and can I do that on linux instance?
You can use a simple package called Firestarter. Firestarter internally edits iptables which are the actual rules to forward packets from source to destinations inside the linux kernel. Please follow the following guidelines to solve your problem. Note that I have given command line examples below but there is also a gui to help you with the setup.
Install firestarter on ubuntu using the command in the shell
sudo apt-get install firestarter
Define the external and internal interfaces in the /etc/firestarter/configuration file at appropriate places.
Select dhcp server on/off if you wish to run dhcp server on internal network interface.
You can also define rules for inbound and outbound traffic as firestarter is also a firewall. The rules can be defined in /etc/firestarter/inbound and /etc/firestarter/outbound folders.
For more information on iptables and firestarter visit :
https://help.ubuntu.com/community/IptablesHowTo
Hope this helps you with your problem. Thanks!
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 3 years ago.
Improve this question
I m new to the computer networking.
I came across two terms FIREWALL and packet sniffer.
To me the operation wise both appears to be same.Please clarify
Firewall
A firewall can either be software-based or hardware-based and is used to help keep a network secure. Its primary objective is to control the incoming and outgoing network traffic by analyzing the data packets and determining whether it should be allowed through or not
Sniffer
A packet analyzer (also known as a network analyzer, protocol analyzer or packet sniffer, or for particular types of networks, an Ethernet sniffer or wireless sniffer) is a computer program or a piece of computer hardware that can intercept and log traffic passing over a digital network or part of a network
By the way you can also check wikipedia...
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 2 years ago.
Improve this question
Is there a htop/top on Linux where I get to sort processes by network usage?
NetHogs is probably what you're looking for:
a small 'net top' tool. Instead of breaking the traffic down per protocol or per subnet, like most tools do, it groups bandwidth by process.
NetHogs does not rely on a special kernel module to be loaded. If there's suddenly a lot of network traffic, you can fire up NetHogs and immediately see which PID is causing this. This makes it easy to identify programs that have gone wild and are suddenly taking up your bandwidth.
Since NetHogs heavily relies on /proc, most features are only available on Linux. NetHogs can be built on Mac OS X and FreeBSD, but it will only show connections, not processes...
Also iftop:
display bandwidth usage on an interface
iftop does for network usage what top(1) does for CPU usage. It listens to network traffic on a named interface and displays a table of current bandwidth usage by pairs of hosts. Handy for answering the question "why is our ADSL link so slow?"...
iptraf is my favorite. It has a nice ncurses interface, and options for filtering, etc.
jnettop is another candidate.
edit: it only shows the streams, not the owner processes.
ntop or nagios
Check bmon. It's cli, simple and has charts.
Not exactly what question asked - it doesn't split by processes, only by network interfaces.
Another option you could try is iptstate.