Tag Archives: network

dig

NAME
DNS lookup utility.
SYNTAX
dig [@server] [-b address] [-c class] [-f filename] [-k filename] [-p port#] [-t type] [-x addr] [-y name:key] [-4] [-6] [name] [type] [class] [queryopt...]
dig [-h]
dig [global-queryopt...] [query...]

EXAMPLE
dig bilardi.net

How to configure an IP Tunnel

An IP tunnel is an Internet Protocol (IP) network communications channel between two networks. It is used to transport another network protocol by encapsulation of its packets.

IP tunnels are often used for connecting two disjoint IP networks that don’t have a native routing path to each other, via an underlying routable protocol across an intermediate transport network. In conjunction with the IPsec protocol they may be used to create a virtual private network between two or more private networks across a public network such as the Internet. Another prominent use is to connect islands of IPv6 installations across the IPv4 Internet.

You could try by two ways.
On-the-fly way
In the first (192.168.0.18) endpoint:
ip tunnel add mytun mode ipip local 192.168.0.18 remote 192.168.0.118
ip addr add 10.168.0.18/24 dev mytun
ip link mytun up

In the second (192.168.0.118) endpoint:
ip tunnel add mytun mode ipip local 192.168.0.118 remote 192.168.0.18
ip addr add 10.168.0.118/24 dev mytun
ip link mytun up

Permanent way
Host 192.168.0.18:
DEVICE=mytun
TYPE=IPIP
MY_OUTER_IPADDR=192.168.0.18
PEER_OUTER_IPADDR=192.168.0.118
MY_INNER_IPADDR=10.168.0.18/24
PEER_INNER_IPADDR=10.168.0.118/24
ONBOOT=yes

Host 192.168.0.118:
DEVICE=mytun
TYPE=IPIP
MY_OUTER_IPADDR=192.168.0.118
PEER_OUTER_IPADDR=192.168.0.18
MY_INNER_IPADDR=10.168.0.118/24
PEER_INNER_IPADDR=10.168.0.18/24
ONBOOT=yes

To starting tunnel is simple. On host 192.168.0.18 and on host 192.168.0.118:
ifup mytun

If you want check up tunnel:
ip addr ls

Reference: wikipedia.org, daverdave.com

nc

NAME
nc – TCP/IP swiss army knife

SYNOPSIS
nc [-options] hostname port[s] [ports] ...
nc -l -p port [-options] [hostname] [port]

EXAMPLE
nc -l -p 2345

netstat

NAME
netstat – Print network connections, routing tables, interface statistics, masquerade connections, and multicast memberships

SYNOPSIS

netstat [-venaoc] [--tcp|-t] [--udp|-u] [--raw|-w] [--unix|-u] [--inet|--ip] [--ax25] [--ipx] [--netrom]

netstat [-veenc] [--inet] [--ipx] [--netrom] [--ddp] [--ax25] {--route|-r}

netstat [-veenac] {--interfaces|-i} [iface]

netstat [-enc] {--masquerade|-M}

netstat [-cn] {--netlink|-N}

netstat {-V|--version} {-h|--help}
EXAMPLE
netstat -ano | grep ":3306"

How to control remote connections

It is often necessary to control the ports because firewall, other inbound port blocking problems, VMWare NAT’ed without port forwarding, MySQL not listening on the correct interface / MySQL not running networking, incorrect MySQL grant…)

Things to consider:

  • Is MySQL running and running with networking (you may need to specify a user/pass for these)?
  • mysqladmin --protocol=socket ping # check if accessible via UNIX socket
    mysqladmin --protocol=tcp ping # check if accessible via localhost TCP/IP
    mysqladmin --protocol=tcp --host=ipaddress ping # check if accessible via external IP (MySQL can be configured to listen on the loopback address only, it can also be configured to *skip-networking* entirely)

  • Is the machine accessible from other machines? Run
  • nmap -sT -p 22,3306 ipaddress

  • from another machine, this will give an indication whether the machine is accessible on the SSH/MySQL ports or not
  • If the VM is running in NAT networking mode (as opposed to bridged), then you’ll need to ensure the correct ports are forwarded to the machine’s real IP address, or otherwise use the NAT address (where accessible) for communicating
  • Is a firewall on the VM, or the VM’s host preventing access to port 3306 (the default MySQL port)? Check your firewall rules (iptables -L for iptables)
  • If you’re accessing the MySQL server via DNS, is DNS causing the problem? You can try connecting using the IP address instead of a hostname in this case to eliminate this possibility
  • If logins are working on the machine, but permission is being denied remote machines, remember that MySQL performs access control using username, password and hostname (with wildcards permitted). You may need to adjust your grant tables

Reference: serverfault.com

scp

NAME
scp – secure copy (remote file copy program)
SYNOPSYS
scp [-1246BCpqrv] [-c cipher] [-F ssh_config] [-i identity_file] [-l limit] [-o ssh_option] [-P port] [-S program] [[user@]host1:]file1 ... [[user@]host2:]file2
EXAMPLE
scp file user@ip.se.rv.er:/path/
scp -r directory user@hostname:/path/

rcp

NAME
rcp – remote file copy
SYNOPSIS
rcp [-p] [-x] [-k realm ] [-c ccachefile] [-C configfile] [-D port] [-N] [-PN | -PO] file1 file2
rcp [-p] [-x] [-k realm] [-r] [-D port] [-N] [-PN | -PO] file ... directory
rcp [-f | -t] ...

rsh

NAME
rsh - remote shell
SYNOPSIS
rsh host [-l username] [-n] [-d] [-k realm] [-f | -F] [-x] [-PN | -PO] command
rsh [-Kdnx] [-k realm] [-l username] host
rsh [-Kdnx] [-k realm] username@host [command]

nmap

NAME
nmap – Network exploration tool and security / port scanner
SYNOPSIS
nmap [Scan Type...] [Options] {target specification}
EXAMPLE
nmap -sT -p 22,3306 IP.SE.RV.ER
nmap -sS -O IP.SE.RV.ER

IP Failover configuration

Guide to configure IP Failover on CentOS server in ovh farm.
nano /etc/sysconfig/network-scripts/ifcfg-eth0:0
Copy and paste this code:
DEVICE="eth0:0"
BOOTPROTO=static
IPADDR="IP.FAIL.OVER"
NETMASK="255.255.255.255"
BROADCAST="IP.FAIL.OVER"
ONBOOT=yes

IP.FAIL.OVER is ip number of your IP Failover. Now set new interface and reboot server:
ifup eth0:0
/sbin/reboot

When server restarted ping IP.FAIL.OVER:
ping IP.FAIL.OVER
If you have more IP Failover, set eth0:1, eth0:2, ..

Reference: ovh.it