#StackBounty: #linux #networking #firewall #virtualbox #firewalld Firewalld forward port with VirtualBox IP is always 10.0.2.2, drops s…

Bounty: 50

I am trying to setup web server with virtual box in it.

This is my setup:

# this does nothing
firewall-cmd --zone=public --add-port=80/tcp --permanent 
firewall-cmd --zone=public --add-forward-port=port=80:proto=tcp:toport=8080 --permanent
# with masquerade on/off, zone=external, no change
firewall-cmd --zone=public --add-masquerade --permanent
firewall-cmd --reload

I have net.ipv4.ip_forward = 1 in /etc/sysctl.conf

  • Host machine (Centos 7) port: 80
  • VirtualBox (Ubuntu 16.04) port: 8080

It works, but virtual machine sees all communication coming from 10.0.2.2. How to make host machine firewall not dropping the source IP?

I am sure it’s possible without changing virtualbox configuration. I rebuild system using automated scripts, it used to work.

What am I missing? I don’t want to use bridge on vm

Edit: I also tried switching zone to ‘external’ and realized MASQUERADE is not to be found in iptables


Get this bounty!!!

#StackBounty: #networking #vmware No internet connectivity in Ubuntu

Bounty: 100

Issue:
No network connectivity on ubuntu VM through wired connection.Cant use WIFI.

I tried this question(Can't connect to a network at all) and started troubleshooting with this one (Can't connect to a network at all)..

below is some info which may help you.I tried to solve this for more than 2 days.but no luck

IP of host :
enter image description here

vmware settings:
enter image description here

ifconfig:
enter image description here

/etc/network/interfaces:

auto lo
iface lo inet loopback

auto ens33
iface ens33 inet dhcp

ubuntu screenshots:

enter image description here

enter image description here


Get this bounty!!!

#StackBounty: #linux #networking #firewall #linux-networking #firewalld Firewalld forward port with VirtualBox IP is always 10.0.2.2, d…

Bounty: 50

I am trying to setup web server with virtual box in it.

This is my setup:

# this does nothing
firewall-cmd --zone=public --add-port=80/tcp --permanent 
firewall-cmd --zone=public --add-forward-port=port=80:proto=tcp:toport=8080 --permanent
# with masquerade on/off, zone=external, no change
firewall-cmd --zone=public --add-masquerade --permanent
firewall-cmd --reload

I have net.ipv4.ip_forward = 1 in /etc/sysctl.conf

  • Host machine (Centos 7) port: 80
  • VirtualBox (Ubuntu 16.04) port: 8080

It works, but virtual machine sees all communication coming from 10.0.2.2. How to make host machine firewall not dropping the source IP?

I am sure it’s possible without changing virtualbox configuration. I rebuild system using automated scripts, it used to work.

What am I missing? I don’t want to use bridge on vm

Edit: I also tried switching zone to ‘external’ and realized MASQUERADE is not to be found in iptables


Get this bounty!!!

#StackBounty: #linux #networking #firewall #linux-networking #firewalld Firewalld and masquerading with VirtualBox IP is always 10.0.2….

Bounty: 50

I am trying to setup web server with virtual box in it.

This is my setup:

# this does nothing
firewall-cmd --zone=public --add-port=80/tcp --permanent 
firewall-cmd --zone=public --add-forward-port=port=80:proto=tcp:toport=8080 --permanent
# with masquerade on/off, zone=external, no change
firewall-cmd --zone=public --add-masquerade --permanent
firewall-cmd --reload

I have net.ipv4.ip_forward = 1 in /etc/sysctl.conf

  • Host machine (Centos 7) port: 80
  • VirtualBox (Ubuntu 16.04) port: 8080

It works, but virtual machine sees all communication coming from 10.0.2.2. How to make host machine firewall not dropping the source IP?

I am sure it’s possible without changing virtualbox configuration. I rebuild system using automated scripts, it used to work.

What am I missing? I don’t want to use bridge on vm

Edit: I also tried switching zone to ‘external’ and realized MASQUERADE is not to be found in iptables


Get this bounty!!!

#StackBounty: #windows #networking #dns #windows-registry #services Why does every executable sends DNS request after deleting DNScache…

Bounty: 50

In Windows, there is a service named DNS Client service (dnscache) caches DNS names and registers the full computer name. When it is running only svchost.exe connects to DNS server. Then I stop and delete that service with the following process::

  1. Set dependency of Network Store Interface Service (NSI) to only Remote Procedure Call (RPCSS):: reg add "HKLMSYSTEMCurrentControlSetServicesnsi" /V "DependOnService" /T REG_MULTI_SZ /D "RPCSS" /F

  2. Set dependency of Network Connectivity Assistant Service (NcaSvc) to only Base Filtering Engine (BFE):: reg add "HKLMSYSTEMCurrentControlSetServicesNcaSvc" /V "DependOnService" /T REG_MULTI_SZ /D "BFE" /F

Set Services Dependencies

  1. Stop & Delete DNScache service:: sc stop "Dnscache" & sc delete "Dnscache"

Delete DNScache service

After deleteing DNScache service, every executable file which is connected to internet (including every browser) send & receive DNS packets (with netstat). With this process, it is obvious that Windows does not save dnscache. you can see that with ipconfig /displaydns.

Question: Why every executable sends DNS request after deleting DNScache service?


Get this bounty!!!

#StackBounty: #networking #audio #video #vlc-media-player #streaming VLC udp stream stops after any interrupt or track change in lan in…

Bounty: 50

I am trying to stream audio in lan network in mac os sierra with vlc version 2.2.5.1 Umbrella.

I am able to stream my playlist .xspf file. But it stops after one song finish or track change and need to reconnect again in client machine (receiver). I am using default vlc wizard to stream setup.

I tried sout keep , sout all and gather. Also i tried to encode all songs in same format by selecting trancode audio.But nothing worked for me.Perhaps i am trying commands in wrong order.It works fine for windows 7 os.Please guide me in this what’s going wrong?

Below are MRL generating by vlc wizard.

enter image description here

here is what i am receving log in receiver machine,

     /Applications/VLC.app/Contents/MacOS/share/share/lua/meta/art
core debug: no art finder modules matched
core debug: art not found for aa
macosx debug: releasing old sleep blocker (34696)
macosx debug: prevented sleep through IOKit (34702)
ts debug: PMTCallBack called
ts debug: new PMT program number=1 version=2 pid_pcr=68
ts debug:   * es pid=68 type=3 dr->i_tag=0xa
ts debug: found language: 
ts debug:   * es pid=68 type=3 fcc=mpga
ts warning: discontinuity received 0x0 instead of 0x9 (pid=68)
core warning: clock gap, unexpected stream discontinuity
core warning: feeding synchro with a new reference point trying to recover from clock gap
core debug: discarded audio buffer
mpeg_audio debug: emulated startcode (no startcode on following frame)
core debug: discarded audio buffer
core debug: discarded audio buffer
core debug: discarded audio buffer
core debug: discarded audio buffer
core debug: discarded audio buffer
core debug: discarded audio buffer
core debug: discarded audio buffer
core debug: discarded audio buffer
core debug: discarded audio buffer
core warning: clock gap, unexpected stream discontinuity
core warning: feeding synchro with a new reference point trying to recover from clock gap
clock error: Timestamp conversion failed (delay 1000000, buffering 0, bound 3000000)
core error: Could not convert timestamp 55337150977
core debug: discarded audio buffer
clock error: Timestamp conversion failed (delay 1000000, buffering 0, bound 3000000)
core error: Could not convert timestamp 55337177099
core debug: discarded audio buffer
clock error: Timestamp conversion failed (delay 1000000, buffering 0, bound 3000000)
core error: Could not convert timestamp 55337203222
core debug: discarded audio buffer
clock error: Timestamp conversion failed (delay 1000000, buffering 0, bound 3000000)
core error: Could not convert timestamp 55337229344
core debug: discarded audio buffer
clock error: Timestamp conversion failed (delay 1000000, buffering 0, bound 3000000)
core error: Could not convert timestamp 55337255466
core debug: discarded audio buffer


Get this bounty!!!

#StackBounty: #networking #server #dhcp Interface coming up with wrong address after being assigned to a bridge

Bounty: 50

I recently set up a bridge across two interfaces on my 16.04 machine, with an interfaces file looking like this. Before this setup, eth0 was the primary interface on the machine, with another interface controlled by virt-manager for VM traffic. In the meantime I have deleted this other interface for unrelated reasons, leaving a bridge connected to a single interface.

After a reboot, I notice that eth0 is up with an address of 192.168.88.222, and that an extra route has been added for eth0 which breaks traffic on the machine until I delete it.

ifconfig

ifconfig

br0       Link encap:Ethernet  HWaddr 78:e3:b5:10:79:9a
          inet addr:192.168.88.50  Bcast:192.168.88.255  Mask:255.255.255.0
          inet6 addr: fe80::7ae3:b5ff:fe10:799a/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:812083 errors:0 dropped:1389 overruns:0 frame:0
          TX packets:249805 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:445964938 (445.9 MB)  TX bytes:25560648 (25.5 MB)

eth0      Link encap:Ethernet  HWaddr 78:e3:b5:10:79:9a
          inet addr:192.168.88.222  Bcast:192.168.88.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:8707341 errors:0 dropped:3 overruns:0 frame:0
          TX packets:2619256 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:2349484249 (2.3 GB)  TX bytes:214546276 (214.5 MB)
          Memory:c0400000-c041ffff

interfaces

auto lo
iface lo inet loopback

auto eth0
iface eth0 inet manual

auto br0
iface br0 inet static
bridge_ports eth0
bridge_stp off
bridge_maxwait 0
bridge_fd 0
address 192.168.88.50
netmask 255.255.255.0
gateway 192.168.88.1
network 192.168.88.0
broadcast 192.168.88.255
dns-nameservers 192.168.88.8
dns-domain example.lan

route -n

Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.88.1    0.0.0.0         UG    0      0        0 br0
192.168.88.0    0.0.0.0         255.255.255.0   U     0      0        0 br0
0.0.0.0         192.168.88.1    255.255.255.0   UG    0      0        0 eth0

(note the ‘route’ output may look strange as I’m going from memory here, given the difficulties of copypasting from a machine with no network access!)

Deleting the route defined on eth0 is necessary to allow traffic to flow.

Judging this, it looks like something else is bringing up eth0 before the bridge gets set up – but I have no idea what that might be. My DHCP server shows no leases for the .222 address, and no attempts to broadcast for an address.

This process has to be repeated after every reboot.

Where is this spurious address coming from, if not dhclient or interfaces?


Get this bounty!!!

#StackBounty: #networking #wifi Share wwan0 connection to lan

Bounty: 50

I am trying to share my LTE modem connection (wwan0) to my ethernet lan port on my rPi.

I am following this guide, every interface is up and running.

@raspberrypi:~ $ ifconfig -a

eth0      Link encap:Ethernet  HWaddr b8:27:eb:2a:2a:0f  
      inet addr:192.168.2.1  Bcast:192.168.2.255  Mask:255.255.255.0
      UP BROADCAST MULTICAST  MTU:1500  Metric:1
      RX packets:6056 errors:0 dropped:0 overruns:0 frame:0
      TX packets:7515 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:1000 
      RX bytes:413209 (403.5 KiB)  TX bytes:431931 (421.8 KiB)

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:36 errors:0 dropped:0 overruns:0 frame:0
          TX packets:36 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1 
          RX bytes:2813 (2.7 KiB)  TX bytes:2813 (2.7 KiB)

wlan0     Link encap:Ethernet  HWaddr b8:27:eb:7f:7f:5a  
          inet addr:192.168.1.50  Bcast:192.168.1.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:323 errors:0 dropped:2 overruns:0 frame:0
          TX packets:485 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:30591 (29.8 KiB)  TX bytes:55800 (54.4 KiB)

wwan0     Link encap:Ethernet  HWaddr 00:1e:10:1f:00:00  
          inet addr:100.64.181.186  Bcast:100.64.181.187  Mask:255.255.255.252
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:14 errors:0 dropped:0 overruns:0 frame:0
          TX packets:50 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:1922 (1.8 KiB)  TX bytes:8367 (8.1 KiB)

sudo nano /etc/network/interfaces

#iface eth0 inet manual
allow-hotplug eth0  
iface eth0 inet static  
address 192.168.2.1
netmask 255.255.255.0

sudo nano /etc/dnsmasq.conf

interface=eth0      # Use interface eth0  
listen-address=192.168.2.1 # Explicitly specify the address to listen on  
bind-interfaces      # Bind to the interface to make sure we aren't sending things elsewhere  
server=8.8.8.8       # Forward DNS requests to Google DNS  
domain-needed        # Don't forward short names  
bogus-priv           # Never forward addresses in the non-routed address spaces.  
dhcp-range=192.168.2.1,192.168.2.50,12h # Assign IP addresses between 172.24.1.50 and 172.24.1.150 with a 12 hour lease time  

sudo nano /etc/sysctl.conf

net.ipv4.ip_forward=1

sudo iptables -t nat -A POSTROUTING -o wwan0 -j MASQUERADE 

    pi@raspberrypi:~ $ route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         setup.ubnt.com  0.0.0.0         UG    10     0        0 wlan0
default         100.64.35.177   0.0.0.0         UG    1000   0        0 wwan0
100.64.35.176   *               255.255.255.240 U     1000   0        0 wwan0
192.168.1.0     *               255.255.255.0   U     10     0        0 wlan0
192.168.2.0     *               255.255.255.0   U     0      0        0 eth0

…If I am connecting my client PC with rPi I get IP address via DHCP, but there is no internet connection. Can not ping (IP, hostname).

Route table after connecting the client:

pi@raspberrypi:~ $ route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         setup.ubnt.com  0.0.0.0         UG    10     0        0 wlan0
default         100.64.35.177   0.0.0.0         UG    1000   0        0 wwan0
100.64.35.176   *               255.255.255.240 U     1000   0        0 wwan0
link-local      *               255.255.0.0     U     202    0        0 eth0
192.168.1.0     *               255.255.255.0   U     10     0        0 wlan0
192.168.2.0     *               255.255.255.0   U     0      0        0 eth0

syslog:

Jul 26 00:35:32 raspberrypi dhcpcd[760]: eth0: carrier acquired
Jul 26 00:35:32 raspberrypi kernel: [  662.708525] smsc95xx 1-1.1:1.0 eth0: link up, 100Mbps, full-duplex, lpa 0xC5E1
Jul 26 00:35:32 raspberrypi dhcpcd[760]: eth0: IAID eb:2a:2a:0f
Jul 26 00:35:33 raspberrypi dnsmasq-dhcp[794]: DHCPDISCOVER(eth0) 00:0e:c6:d9:b4:b0
Jul 26 00:35:33 raspberrypi dnsmasq-dhcp[794]: DHCPOFFER(eth0) 192.168.2.40 00:0e:c6:d9:b4:b0
Jul 26 00:35:33 raspberrypi dhcpcd[760]: eth0: soliciting an IPv6 router
Jul 26 00:35:33 raspberrypi dhcpcd[760]: eth0: soliciting a DHCP lease
Jul 26 00:35:34 raspberrypi dnsmasq-dhcp[794]: DHCPREQUEST(eth0) 192.168.2.40 00:0e:c6:d9:b4:b0
Jul 26 00:35:34 raspberrypi dnsmasq-dhcp[794]: DHCPACK(eth0) 192.168.2.40 00:0e:c6:d9:b4:b0 Adrians-MBP
Jul 26 00:35:42 raspberrypi dhcpcd[760]: eth0: using IPv4LL address 169.254.153.193
Jul 26 00:35:42 raspberrypi avahi-daemon[430]: Registering new address record for 169.254.153.193 on eth0.IPv4.
Jul 26 00:35:42 raspberrypi dhcpcd[760]: wwan0: adding default route via 100.64.35.177
Jul 26 00:35:42 raspberrypi dhcpcd[760]: eth0: adding route to 169.254.0.0/16
Jul 26 00:35:43 raspberrypi dhcpcd[760]: wwan0: removing default route via 100.64.35.177
Jul 26 00:35:44 raspberrypi ntpd[784]: Listen normally on 8 eth0 169.254.153.193 UDP 123
Jul 26 00:35:44 raspberrypi ntpd[784]: peers refreshed
Jul 26 00:36:01 raspberrypi CRON[1732]: (root) CMD (/home/pi/script/watchdog.sh >/dev/null 2>&1)
Jul 26 00:37:01 raspberrypi CRON[1751]: (root) CMD (/home/pi/script/watchdog.sh >/dev/null 2>&1)
Jul 26 00:37:53 raspberrypi dhcpcd[760]: eth0: carrier lost
Jul 26 00:37:53 raspberrypi kernel: [  803.801956] smsc95xx 1-1.1:1.0 eth0: link down
Jul 26 00:37:53 raspberrypi avahi-daemon[430]: Withdrawing address record for 169.254.153.193 on eth0.
Jul 26 00:37:53 raspberrypi dhcpcd[760]: wwan0: adding default route via 100.64.35.177
Jul 26 00:37:53 raspberrypi dhcpcd[760]: eth0: deleting route to 169.254.0.0/16
Jul 26 00:37:54 raspberrypi dhcpcd[760]: wwan0: removing default route via 100.64.35.177
Jul 26 00:37:55 raspberrypi ntpd[784]: Deleting interface #8 eth0, 169.254.153.193#123, interface stats: received=0, sent=0, dropped=0, active_time=131 secs
Jul 26 00:37:55 raspberrypi ntpd[784]: peers refreshed

    pi@raspberrypi:~ $ sudo iptables -t nat -v -L -n --line-number
Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination         

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 1 packets, 240 bytes)
num   pkts bytes target     prot opt in     out     source               destination         

Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination         
1        1   240 MASQUERADE  all  --  *      wwan0   0.0.0.0/0            0.0.0.0/0 

Only wwan0 sharing is not working, If I replace with Wifi wlan0 it’s immediately starts working. What could be the problem?

EDIT:

If I understand correctly eth0 (and clients behind them) basically trying to access gateway with lowest metric setup.ubnt.com, but they can’t reach this gateway, because it’s my internal network and we redirected request using iptables masquerade.

default routing table:

$ route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default             setup.ubnt.com  0.0.0.0         UG    10     0        0 wlan0
default             100.64.213.33   0.0.0.0         UG    1000   0        0 wwan0
100.64.213.32   *               255.255.255.224 U     0      0        0 wwan0
192.168.1.0        *               255.255.255.0   U     10     0        0 wlan0
192.168.2.0        *               255.255.255.0   U     0      0        0 eth0

So If I remove setup.ubnt.com route for test:

pi@raspberrypi:~ $ sudo route del default gw setup.ubnt.com

It’s immediately starts working. But it’s not good for me, because now every connection is done trough wwan0’s.

Now my question is: how to set wwan0’s gateway to eth0, because it’s always changing (LTE services are dhcp). (Without disabling wlan0). Basically I am trying to isolate wwan0<->eth0 to use as a LTE->LAN adapter and keep wlan0 for all other networking on rPi.


Get this bounty!!!

#StackBounty: #networking #server #apache2 Enabled http2 but still serving over http1.1

Bounty: 50

To enabled HTTP/2 on my 16.04 server, I followed this guide as recommended by Google, but for some reason my site is still being served over HTTP/1.1. I’ve checked and double checked that everything is correct, restarted the service (and the server!) several times, all to no avail.

  • http2 mod is enabled in apache2.
  • Protocols h2 h2c http/1.1 is added to my site configuration file (and just tested in my apache.conf)
  • I have restarted the service and the server

Am I missing something?

EDIT:

Just ran curl -I -k --http2 https://framework.jacob.rocks/ and received the following…

HTTP/1.1 200 OK
Date: Thu, 20 Jul 2017 17:12:52 GMT
Server: Apache/2.4.27 (Ubuntu)
Upgrade: h2,h2c
Connection: Upgrade
Link: <https://framework.jacob.rocks/wp-json/>; rel="https://api.w.org/"
Link: <https://framework.jacob.rocks/>; rel=shortlink
X-TEC-API-VERSION: v1
X-TEC-API-ROOT: https://framework.jacob.rocks/wp-json/tribe/events/v1/
X-TEC-API-ORIGIN: https://framework.jacob.rocks
Content-Type: text/html; charset=UTF-8


Get this bounty!!!

#StackBounty: #networking #wifi #configuration #optimization #connectivity How to create a configuration to only connect to WiFi if sig…

Bounty: 50

Is there any chance to create a configuration that does the following job?


Only connect to available WiFi if it’s signal is stronger than 30 %


At many places, I stay in the border area of barely available wifi-signals. Thereupon those inevitable signal-abortions are just annoying, so I always have to switch between mobile data and wifi manually by myself.

Is there any chance to set up some configuration that only allows connecting to WiFi for the case that signal strength is strong enough to avoid terminations (and hereby guarantee a stable connection)?


Simplified approach:

If signal strength is < 30 % ⇒ connection not allowed

If signal strength is ≥ 30 % ⇒ connection allowed


The value of 30 % is only an example of course… Maybe 20 % would make more sense, we will see!


Get this bounty!!!