Linux Networking

Route outgoing to particular IP through particular interface
Two nic:
Nic1
eth0: 14.192.18.22,gw- 14.192.18.1, 14.192.18.0/24
ip route list dev eth0
default via 14.192.18.1 proto static metric 100
14.192.18.0/24 proto kernel scope link src 14.192.18.22 metric 100
Nic2
eth1: 10.236.168.58, gw-none, 10.236.168.0/23
ip route show dev eth1
10.236.168.0/23 proto kernel scope link src 10.236.168.58 metric 100
The network 10.236.168.0/23 is available on eth1 with a scope of link, which means that the network is valid and reachable through this device (eth1).
scope has 4 options with link means valid only on this device.

What will happen if we delete the defaul rule.
route -n | grep 10.236.168
10.236.168.0 0.0.0.0 255.255.254.0 U 100 0 0 eth1
ping -c 1 10.236.168.1
PING 10.236.168.1 (10.236.168.1) 56(84) bytes of data.
64 bytes from 10.236.168.1: icmp_seq=1 ttl=255 time=0.374 ms

ip route del 10.236.168.0/23
PING 10.236.168.1 (10.236.168.1) 56(84) bytes of data.
— 10.236.168.1 ping statistics —
1 packets transmitted, 0 received, 100% packet loss, time 0ms –

ip route show dev eth1 – No route which guide what to be done all request from 10.236.168.58.

Manually add it.
ip route add 10.236.168.0/23 dev eth1 src 10.236.168.58
PING 10.236.168.1 (10.236.168.1) 56(84) bytes of data.
64 bytes from 10.236.168.1: icmp_seq=1 ttl=255 time=0.217 ms

To see the available routing tables utilized by OS, execute command.
ip rule show
0: from all lookup local
32766: from all lookup main
32767: from all lookup default
These are the three default rules in the RPDB(Routing policy database under linux) which will be available on any machine with an RPDB. The first rule specifies that any packet from any where should first be matched against routes in the local routing table.

To add a route so that all outgoing to 8.8.8.8 should go through interface eth1.
ping -c 2 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=45 time=67.9 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=45 time=67.8 ms

— 8.8.8.8 ping statistics —
2 packets transmitted, 2 received, 0% packet loss, time 1000ms
rtt min/avg/max/mdev = 67.869/67.924/67.979/0.055 ms

ip route add 8.8.8.8/32 dev eth1 src 10.236.168.58

ping -c 2 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
From 10.236.168.58 icmp_seq=1 Destination Host Unreachable
From 10.236.168.58 icmp_seq=2 Destination Host Unreachable

— 8.8.8.8 ping statistics —
2 packets transmitted, 0 received, +2 errors, 100% packet loss, time 999ms
pipe 2

To verify, execute the below command.
ip route show table main
default via 14.192.18.1 dev eth0 proto static metric 100
8.8.8.8 dev eth1 scope link src 10.236.168.58
10.236.168.0/23 dev eth1 proto kernel scope link src 10.236.168.58 metric 100
14.192.18.0/24 dev eth0 proto kernel scope link src 14.192.18.22 metric 100

To remove.
ip route del 8.8.8.8/32 dev eth1 src 10.236.168.58

To add custom table.

echo “2 custom” >> /etc/iproute2/rt_tables
#ip route add 8.8.8.8/32 dev eth1 src 10.236.168.58 table custom
#ping -c 2 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=45 time=68.0 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=45 time=67.8 ms
— 8.8.8.8 ping statistics —
2 packets transmitted, 2 received, 0% packet loss, time 999ms
rtt min/avg/max/mdev = 67.810/67.924/68.039/0.284 ms
#
See the current rules.
#ip rule show
0: from all lookup local
32766: from all lookup main
32767: from all lookup default
#

To make it understand the OS that any packet coming from 8.8.8.8 should use this, do the following.
#ip rule add from 8.8.8.8/32 table custom
#ip rule add to 8.8.8.8/32 table custom

#ip rule show
0: from all lookup local
32764: from all to 8.8.8.8 lookup custom
32765: from 8.8.8.8 lookup custom
32766: from all lookup main
32767: from all lookup default

#ping -c 2 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
From 10.236.168.58 icmp_seq=1 Destination Host Unreachable
From 10.236.168.58 icmp_seq=2 Destination Host Unreachable

— 8.8.8.8 ping statistics —
2 packets transmitted, 0 received, +2 errors, 100% packet loss, time 999ms
pipe 2
#

To delete rule.

ip rule del to 8.8.8.8/32 table custom
ip rule del from 8.8.8.8/32 table custom
ip route del 8.8.8.8/32 src 10.236.168.58 table custom
ip route show table custom

 

How to disble IPv6 

# vi /etc/sysctl.conf

Put the following entry to disable IPv6 for all adapter.

net.ipv6.conf.all.disable_ipv6 = 1

For particular adapter. (If the network card name is eno16777736).

net.ipv6.conf.eno16777736.disable_ipv6 = 1

To reflect the changes by executing the following command.

# sysctl -p

 

Find public IP from private IP- When NAT is configured.

curl ident.me
curl ifconfig.me
curl tnx.nl/ip
curl icanhazip.com
curl ipecho.net/plain
curl ip.appspot.com
curl whatsmyip.akamai.com

curl -w "%{url_effective}" -sSL  -o /dev/null  http://<IP> ..To find any redirects.
 

Network Goes down intermittent.

This is a bug. To fix this, execute the below command.
#systemctl restart NetworkManager
Ref url:- https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/1461015
 

tcpdump command line options

-i interface
–interface=interface
Listen on interface. If unspecified, tcpdump searches the system interface list for the lowest numbered, configured up interface (excluding loopback), which may turn out to be, for example, “eth0”.
On Linux systems with 2.2 or later kernels, an interface argument of “any” can be used to capture packets from all interfaces. Note that captures on the “any” device will not be done in promiscuous mode.
If the -D flag is supported, an interface number as printed by that flag can be used as the interface argument.

-q
Quick (quiet?) output. Print less protocol information so output lines are shorter.

-s snaplen
–snapshot-length=snaplen
Snarf snaplen bytes of data from each packet rather than the default of 262144 bytes. Packets truncated because of a limited snapshot are indicated in the output with “[|proto]”, where proto is the name of the protocol level at which the truncation has occurred. Note that taking larger snapshots both increases the amount of time it takes to process packets and, effectively, decreases the amount of packet buffering. This may cause packets to be lost. You should limit snaplen to the smallest number that will capture the protocol information you’re interested in. Setting snaplen to 0 sets it to the default of 262144, for backwards compatibility with recent older versions of tcpdump.

-n
Don’t convert addresses (i.e., host addresses, port numbers, etc.) to names.

-q
Quick (quiet?) output. Print less protocol information so output lines are shorter.

-vvv
Even more verbose output. For example, telnet SB … SE options are printed in full. With -X Telnet options are printed in hex as well.

-xx
When parsing and printing, in addition to printing the headers of each packet, print the data of each packet, including its link level header, in hex.

-XX
When parsing and printing, in addition to printing the headers of each packet, print the data of each packet, including its link level header, in hex and ASCII.

examples

tcpdump -i <Interface Name> -qs -n dst <Destination Server IP> and port not <Port No>
tcpdump -nni <Interface Name> -e -xx -XX port not <Port No>
tcpdump -qn -r <Read from file>
tcpdump port not 22 -w <Write to file>
tcpdump -vvv “icmp” -w pingout2.pcap

 

url:-

http://www.tcpdump.org/tcpdump_man.html

https://forum.ivorde.com/tcpdump-xx-xx-dump-packet-header-and-data-in-hex-and-ascii-format-t19790.html

http://serverfault.com/questions/38626/how-can-i-read-pcap-files-in-a-friendly-format

 

NAT Types

DNAT
Use : Forward a packet. Used in prerouting
Command.
iptables -A PREROUTING -i eth0 -p tcp –dport 80 -j DNAT –to-destination $eth0:8082
Forward all packats destined to 8082 to port 80.

SNAT
Use : NAT output to particular IP.
iptables -t nat -A POSTROUTING -o eth1 -j SNAT –to-source x.x.x.x
Forward all outbound from eth1 to x.x.x.x

Masquerade:-
iptables -t nat -A POSTROUTING -s 192.168.100.0/24 -o eth0 -j MASQUERADE
NThe MASQUERADE target lets you give it an interface, and whatever address is on that interface is the address that is applied to all the outgoing packets.
Ex :- When linux machine is a router for one or more machines on a local subnet and they need to access the Internet using the public address of the linux machine

URL : http://jensd.be/343/linux/forward-a-tcp-port-to-another-ip-or-port-using-nat-with-iptables
url : http://www.revsys.com/writings/quicktips/nat.html

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s