centos random traffic egress IP - centos

The server has many different C-segment IPs(200+). When a new connection is established, I want to get one of these randomly as the source IP.
Tried to use iptables without success
OS: centos7
connection agreement:TCP,UDP,HTTP,HTTPS

Related

unable to connect to openfire server with external ip

I'm trying to connect to openfire server using spark. I have dynamic dns, made port forwarding on port 5222 in d-link router. When i'm logging with host name as private ip for example "192.168.0.101" - connection is established, but when i'm setting my domain (pizokas.hopto.org) as host name i get the following error
Unknown connection error. Please review logs for the following information.
But there are no logs in openfire server, so i assume packets are dropped in router. I have firewall turned off. At this point i can't find information why the connection cannot be established. I'm using my own laptop as server and as a client, os win 10. Maybe somebody had similar issue?
The connection was established when i was trying to connect to server from outside of lan

IP issues with kubeadm install

I have installed kubeadm on my host running ubuntu 16.04. My corporate network has a firewall that blocks certain images (gcr.io link). So i use an Airtel 4G dongle for the installation.
But everytime I unplug the dongle and replug it, the IP address changes. Thus making the kube-api-server not reachable.
Unable to connect to the server dial tcp 100.x.x.x:6443: i/o timeout
How should i fix this?
Is there any way for me to make the IP static? Is there any workaround?
That only you use the static IP, that the other can be find apiserver,
if you don't have static IP, maybe you can consider the NAT private netwrok

Connecting Orion Context Broker from another machine

I can't connect to ContextBroker from another machine, even a machine in the same LAN.
Accessing by ssh without any problem
ssh geezar#192.168.1.115
and then
curl localhost:1026/statistics
the terminal shows the statistics, all right
<orion>
<xmlRequests>3</xmlRequests>
<jsonRequests>1</jsonRequests>
<updates>1</updates>
<versionRequests>1</versionRequests>
<statisticsRequests>2</statisticsRequests>
<uptime_in_secs>84973</uptime_in_secs>
<measuring_interval_in_secs>84973</measuring_interval_in_secs>
</orion>
But when I try without ssh connection...
curl 192.168.1.115:1026/statistics
curl: (7) Failed to connect to 192.168.1.115 port 1026: No route to host
Even, I routed the port 1026 to that machine (192.168.1.115) on the router configuration, and tried to access from my public IP, the result is the same, failed to connect
I think I am missing something, but.. what is it?
The most probable causes of this problem are:
Something in the host (e.g a firewall or security group) is blocking the incoming connection
Something in the client (e.g a firewall) is blocking the outcoming connection
There is some other network issue is causing the connection problem.
EDIT: in GNU/Linux system, iptables is usually used as firewall. It can be disabled typically running iptables -F.

How to drop the incoming packet from openVswitch integration bridge for specific IP?

I have installed the openvSwitch server on my two centos server (KVM). I have created two VM’s and bridged using openvSwitch. I am able to ping between the two VM’s. I am using VLAN for differentiating the private network.
Below is the VM IP
VM1 IP : 198.0.0.2 (resides in host1)
VM2 IP : 198.0.0.3 (resides in host2)
VLAN: 1000
I have followed the steps from the below link to configure the openvSwitch and it works fine.
http://openvswitch.org/support/config-cookbooks/vlan-configuration-cookbook/
Now I want to block few ports. I want to block the incoming traffic to the port 443, 80 for the VM1. One option is I can modify the iptables in my VM to drop the traffic to the ports. But I don’t want to modify the firewall rules in the VM. I want to drop the packets from the OVS integration Bridge itself.
Thanks,
Kalpeer

WSEACCES error binding to socket on Windows Server 2008

I have a windows server 2008 machine on which I am unable to bind to a socket at a particular high-port range without getting an error 10013 (WSAEACCES). In particular, I can't bind to ports 62788-64764, which is rather inconvenient since I'm trying to start up a service that is configured to run on ports in that range, and I can't change that configuration. The process is launched from a cmd window having Administrator privileges.-a
Why can't I bind to these port numbers?
I've tried all the obvious things:
Netstat -a does not show any processes listening on those ports.
Using netsh int ipv4 show excludedportrange protocol=tcp, I verified that there aren't any excluded ports in this range:
Start Port End Port
---------- --------
80 80
443 443
8172 8172
47001 47001
The machine was running a DNS server, so I set the DNS SocketPoolSize to zero, but that didn't work. (I even shut the server down, but that didn't help either).
I've rebooted (and kicked) the machine several times, and I've reset the winsock catalog (netsh winsock reset).
There's got to be some other configuration setting I am missing; any ideas?
UPDATE: I discovered that shutting down the Windows service "Internet Connection Sharing" makes the problem go away, although why that service was locking up these specific ports is still unclear to me.
I'd guess with ICS enabled, Hide NAT is also enabled (internal IPs hiding behind a single - or multiple - external IPs). That means the Server will need to rewrite source IP and source port of clients going to the internet to avoid source port collisions.
Hiding NAT gateways thus usually reserve a port range in the higher area (>port 50000) for that. So ICS may block a whole range of high ports for NAT porposes.
And this is why server applications should stay in the low / privileged range of ports (i.e. <1024)