#StackBounty: #linux #firewall #routing ICMP Host Unreachable messages result in martian source packets

Bounty: 50

I’ve been trying to understand a peculiar behavior in our routing/firewall setup for quite some time now, but don’t really understand what’s going on.

We have a firewall/router appliance that has two external facing interfaces and a number of internal VLANs.

The specific behavior is observed when a client (MAC f4:f5:d8:d2:f2:4c, IP 10.99.154.254 in this example) on our guest WiFi network VLAN 99 sends a ping echo request to some internet host 8.8.8.8, which we prohibit.

The router sends back an ICMP host unreachable packet from its vlan99 interface (MAC 00:08:a2:0d:00:70, IP 10.99.0.2) to the client, and at the exact same time we see a martian packet on the external interface eth-ext1:

tcpdump shows this:

tcpdump -i vlan99 -vvvvn 'icmp and host 10.99.154.254'
11:59:21.555564 f4:f5:d8:d2:f2:4c > 00:08:a2:0d:00:70, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto ICMP (1), length 84)
    10.99.154.254 > 8.8.8.8: ICMP echo request, id 2303, seq 1, length 64
11:59:21.555651 00:08:a2:0d:00:70 > f4:f5:d8:d2:f2:4c, ethertype IPv4 (0x0800), length 126: (tos 0xc0, ttl 64, id 8585, offset 0, flags [none], proto ICMP (1), length 112)
    10.99.0.2 > 10.99.154.254: ICMP host 8.8.8.8 unreachable, length 92
    (tos 0x0, ttl 63, id 0, offset 0, flags [DF], proto ICMP (1), length 84)
    10.99.154.254 > 8.8.8.8: ICMP echo request, id 2303, seq 1, length 64

Nothing surprising here, this is the original ping from the client and the resulting ICMP packet going back to the guest client informing them that the host is unreachable.

At the same time, an entry appears in the kernel log:

Feb 21 11:59:21 ganymede kernel: IPv4: martian source 10.99.154.254 from 8.8.8.8, on dev eth-ext1
Feb 21 11:59:21 ganymede kernel: ll header: 00000000: 00 08 a2 0d 00 70 f4 f5 d8 d2 f2 4c 08 00        .....p.....L..

The link layer information shows that this ethernet frame came from the client device to the router’s vlan99 interface, which makes me wonder why it appears as a martian packet on eth-ext1 with a source address of 8.8.8.8.

I have failed so far to get a trace of the packet with the martian source, which leaves me wondering if martian source logging also happens on an egress interface, before tcpdump has a chance to see it?

I’ll gladly provide more information on request (routing tables or the like), and would appreciate any pointers as to what’s going on here.


Get this bounty!!!

#StackBounty: #linux #network-interface Network device name separators

Bounty: 50

Other than ‘:‘, which I use for secondary IP “aliases” on a network device (e.g., eth0:1) and ‘.‘, which I use for VLANs (e.g., eth0.100), what other device name separators are permissible and wise under Linux?

In one particular system design, I’d like to name my macvlan interfaces so that their base device is obvious. These interfaces might themselves have secondary IPs or VLAN discipline, so I don’t want to reuse colon and period. Solidus seems good on paper, but would probably confound scripts that interrogated sysfs looking for, e.g., eth0/1.


Get this bounty!!!

#StackBounty: #package #linux can not access melpa packages- hung up at Contacting host: elpa.gnu.org:80

Bounty: 100

I am trying to access the melpa packages but when typing:

package-refresh-contents

emacs gets hung up at: “Contacting host: elpa.gnu.org:80”

I am completely new to emacs and fairly new to Linux and I have been stuck on this for a few hours.

I found this question on stackoverflow below:

https://stackoverflow.com/questions/29085937/package-refresh-contents-hangs-at-contacting-host-elpa-gnu-org80

and added:

(setq package-archives '(("gnu" . "http://elpa.gnu.org/packages/")
             ("marmalade" . "http://marmalade-repo.org/packages/")
             ("melpa" . "http://melpa.org/packages/")))

but it did not help.

I also tried switching https to http but that did not help either.

Can someone please help? Any suggestions or references would be much appreciated. Below is a screen shot of my code.

enter image description here


Get this bounty!!!

#StackBounty: #linux #color #debian #accessibility ICC Color profile for colorblind (deuteranomaly)

Bounty: 100

I have deuteranomaly, and am looking for an ICC profile or dedicated piece of software which could modify the intensity of the colors green and red.

My intention is to use this on my PC which runs the latest version of Debian Linux. Android 8 has a feature like this built in, found in the settings under Accessibility > colour correction. I am reading that Gnome 2 (deprecated) had a feature like this within its accessibility settings as well, however the latest version of Gnome removed this feature.

If somehow the color filters could be extracted as usable profiles from either the old Gnome program or Android, that would satisfy my needs!

I have been searching for something like this for weeks, and all I could find was one ICC profile created by an individual for himself, and although it may have helped him, it does not seem to truly fix the difference in sight of a person with Deuteranomaly and normal color vision.

Alternatively I am willing to put in the effort and write my own ICC profile if nothing at all exists, however I am not sure how I can use the .icc format and its units (xyz decimals) to adjust the green and red colors to accurately reflect “normal color vision”.


Get this bounty!!!

#StackBounty: #linux #networking #wireless-networking #automation Set networking so as to turn Wi-Fi on/off when X process is started/i…

Bounty: 100

My aim is to set (through scripts/daemons/whatever piece of software might help) my laptop networking so as to turn on automatically when I start software X (e.g. Firefox), and automatically turn off once that software has been closed/terminated.
(even more ambitious, setting 2 softwares X and Y as switches, if possible)
Any contribution will be greatly appreciated!


Get this bounty!!!

#StackBounty: #linux #ubuntu #permissions #php #nginx Nextcloud: Can’t create or write into the data directory /var/nc_data

Bounty: 50

I’m getting the above error. What I tried so far:

  • checked the permissions. I even did chmod 777 /var/nc_data -R
  • first included all used party in open_basedir in my php.ini. When that didn’t work, I commented it out completely (in fpm and cli php.ini)
  • checked if SELinux is active. It isn’t.

I don’t have any more ideas to start with. I run an ubuntu server 18.04 inside a Hyper-V virtual machine. I use nginx 1.14.0, mariadb 10.1.29, php 7.2 and nextcloud 13.0.2.

Does someone have an idea?

Or could tell me where more error details could be logged so I have something to start with. nginx and php logs just have notices in them.

Thank you guys in advance 🙂

Marin

PS: Nextcloud vHost configuration: https://pastebin.com/wZJLp0rx

PPS: Nextcloud config.php:

<?php
$CONFIG = array (
  'instanceid' => 'oc2xpzs4xkog',
);

(it’s not much written in because it’s not set up yet)


Get this bounty!!!

#StackBounty: #linux #pycharm How to configure PyCharm to keep tabs organized in a user-defined place

Bounty: 50

PyCharm has 3 tabs on the left by default: 1:Project, 2:Favorites, 7:Structure, and 1:Project is in the top left corner, while the other two are in the bottom left corner.

I prefer having all 3 tabs next to each other in the top left corner. I can drag them from where they are to my preferred position. However, when I restart PyCharm they return to their default locations.

I’ve tried Window -> Save Current Layout As Default but that doesn’t seem to affect the tabs.

Is there a way to persist my preferred tab layout?


Get this bounty!!!

#StackBounty: #linux #grep #sed #awk #iperf How can I output iperf results for only Interval and Bandwidth?

Bounty: 50

I am trying to get the output from the command

iperf -c 10.0.0.1 -t 3600 -i 2

And only need the Interval and bandwidth fields listed for the entire hour of logging.

I haven’t used grep or awk in years upon years.

Help would be awesome!

Sample Output:

------------------------------------------------------------
Client connecting to node2, TCP port 5001
TCP window size:  129 KByte (WARNING: requested  130 KByte)
------------------------------------------------------------
[  3] local <IP Addr node1> port 2530 connected with <IP Addr node2> port 5001
[ ID] Interval       Transfer     Bandwidth
[  3]  0.0-10.0 sec  19.7 MBytes  15.8 Mbits/sec

Desired Output:

0.0-10.0 15.8


Get this bounty!!!