My Setup/Goal:
I'm running a specific version of Debian 10 on my rpi 4b and have nextcloudpi installed on top. This results in the need for another (virtual) interface because nextcloudpi runs on apache2, port 80 (as well as pi-hole).
I could have changed the apache port 80 but I want another interface/IP for my pihole/unbound setup. I could have also achieved it by using docker but it failed (either because IPv6 and macvlan are sometimes a bit buggy within docker or because my brain is a bit buggy).
However, I've installed Pihole successfully using IPv4 and IPv6 (local unicast fd00) of my macvlan. I have told apache to only use my physical interface IP, bound lighttpd to the other IPv4 of my Macvlan, and configured pihole to use the IPv4 and IPv6 local unicast of my Macvlan (setupvars.conf).
Central issue:
My central question: How do I configure unbound correctly to use the Macvlan interface? Do I have to change the default config at all?
Assuming my macvlan IPv4 looks like: 192.168.178.123/24,
what would my interface line look like?
Would I just need to add
interface: 192.168.178.123#5335
interface: my corresponding local unicast address of my Macvlan#5335 (fd00....)
???
Some further questions regarding Macvlan:
My Macvlan has also a global unicast address and I'm not sure about it since I remember a post which told me that macvlan with a global unicast address might be a security risk? In case this is true: how do I disable the global address for my Macvlan?
The important line if my interfaces.d file is:
pre-up ip link add name macvlan1 link eth0:1 address 02:3E:A6:22:01:05 type macvlan
Do I have to add "mode bridge"? What does it exactly do? I've read some information about networks and bridge mode in general but I'm still not sure whether to use or not?
So would it be
.... type macvlan mode bridge
?
Thank you much for your help!
I was successful by using the run command.
docker run --name=unbound --net=macvlan_network --ip=xxx.xxx.xx.x --restart=unless-stopped --detach=true mvance/unbound-rpi
Related
I have a hardware attached to my RPI board running Linux distro. This hardware & its associated Host stack has created a network interface called wpan0 and assigned some IPV6 addresses to it (I am able to ping the IPV6 address from a remote device in the same network)
Now, I want to enable data communication to this interface to any IPV6 IP assigned to the interface. How do I create and bind a socket to this interface? Also, I want to listen to any ports on this interface. How to achieve this?
How you create a socket depends on the language you use (you didn't specify), but when you want to bind a socket to ANY interface the IPv4 way is to listen to IP 0.0.0.0, the IPv6 equivalent is ::/0, that means all zeros/0 bits CIDR mask.
Redirecting all ports to one is less of a code issue and requires some hands on with IPTables and Prerouting (you can write some code that appends that to your conf file though), here is an example:
https://serverfault.com/questions/616535/iptables-destination-ip-and-port
I'm trying to install Artifactory on CentOS 8. While the installation proceeds reasonably, the configuration ends up binding to IPV6 rather than IPV4 interfaces. This of course seems to make it inaccessible on the IPV4 network. I've tried putting an IPV4 address in var/etc/system.yaml as described in: jfrog artifactory could not validate router error
without effect.
I've tried disabling the IPV6 interface, but that doesn't seem to be suffient.
Any hints would be most welcome.
Per https://jfrog.com/knowledge-base/artifactory-how-to-force-artifactory-to-run-with-ipv4-only-on-an-dual-stack-kubernete-cluster/
Add:
shared:
extraJavaOpts: "-Djava.net.preferIPv4Stack=true"
to system.yaml.
I have setup a CentOS VM to test Hadoop. I set a network interface in NAT mode with a paravirtualized network type interface. Port redirection for SSH (TCP 22) works without issues. However some other ports do not seem to fully work (9870, 8042, 9864). I can see some "action" happening. Let me give an example for port 9870.
These are my rules (remember I said the SSH rule works without issues):
RulesX TCP 127.0.0.1 59870 10.0.3.15 9870
When I try to access http://127.0.0.1:59870 I get automatically redirected to https://127.0.0.1:59870 but eventually I get a ERR_TIMED_OUT error.
Tracing the traffic on the VM, I can see the traffic coming in but I cannot see any response back (I have one single network interface):
I am not sure what else to look at.
Any idea is highly welcome. Thank you!
More than likely, you need to open the non-standard ports on Centos firewall.
Open firewall port on CentOS 7
I am trying to connect over Linux. My device is connected to two LANs (say eth0 and eth1) with different networks.
Both networks are connected to internet. I want my client program to be able to use eth1 even though my eth0 is the default interface.
There is an option setsockopt (SO_BINDTODEVICE) to bind to a specific interface but requires root priviledges which is not possible.
Binding to IP address of eth1 is not helping either. Please suggest is there any other way through socket APIs to link the connection with the interface. i.e. my client program will always usse eth1 source IP and interface to connect to the internet whereas all other programs will continue to use eth0 as ususal.
I investigated and appears changes in routing table can help in this but trying to avoid being risky to make system unstable as that is applied to every other programs too.
Thanks in advance.
Kris
I an writing a small application that needs to connect through one of multiple network interfaces on the machine. The interface is not the "default" one (the one with the default route). Is it possible to bind an outbound TCP socket directly to a specific interface?
Here is an example:
eth0: 192.168.1.10, gateway 192.168.1.1
eth1: 192.168.2.10, gateway 192.168.2.1
default gateway: 192.168.1.1
(both interfaces can reach the Internet through different external IPs)
Now, I want my application to use eth1 to connect to an external server, even if the system is configured to use eth0 for external traffic.
(The question is probably trivial, but I just wanted to know if it is possible at all before spending time on it)
Currently, I am using Python with Twisted, but if I have to use BSD sockets then so be it.
From: http://linux.about.com/od/commands/l/blcmdl7_socket.htm
SO_DONTROUTE - Don't send via a gateway, only send to directly connected hosts. The same effect can be achieved by setting the MSG_DONTROUTE flag on a socket send(2) operation. Expects an integer boolean flag.