Bridged interfaces and Tailscale "Raspberry" - interface

Im trying to connect my apple tv to my home network and since the apple tv doesnt support vpn, ithought of getting a raspberry and setup tailscale on it and bridge eth0 and eth1 so that the apple tv gets vpn connection.
what i have done
sudo brctl addbr br0
sudo brctl addif br0 eth0 eth1
nano /etc/dhcpcd.conf
denyinterfaces eth0 eth1
nano /etc/network/interfaces
auto br0
iface br0 inet dhcp
bridge_ports eth0 eth1
sudo iptables -t nat -A POSTROUTING -o tailscale0 -j MASQUERADE
sudo iptables -A FORWARD -i br0 -o tailscale0 -j ACCEPT
sudo iptables -A FORWARD -i tailscale0 -o br0 -j ACCEPT
sudo iptables -A INPUT -i tailscale0 -m state --state RELATED,ESTABLISHED -j ACCEPT
i add 1 for the table
sudo ip route add default dev tailscale0 table vpnout
sudo ip route add 192.168.0.0/24 dev br0 table vpnout
sudo ip rule add from 192.168.0.0/24 table vpnout
sudo ip rule add to 1192.168.0.0/24 table vpnout
what happened is that i can get internet connection on eth1 but not routing tailscale traffic through eth1
ifconfig
br0: flags=4163 mtu 1500
inet 192.168.0.107 netmask 255.255.255.0 broadcast 192.168.0.255
inet6 fe80::20e:c6ff:fe56:48a5 prefixlen 64 scopeid 0x20
ether 00:0e:c6:56:48:a5 txqueuelen 1000 (Ethernet)
RX packets 6485 bytes 1781523 (1.6 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 1717 bytes 247950 (242.1 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
eth0: flags=4163 mtu 1500
ether b8:27:eb:88:2b:90 txqueuelen 1000 (Ethernet)
RX packets 8128 bytes 2260563 (2.1 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 3001 bytes 418999 (409.1 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
eth1: flags=4163 mtu 1500
ether 00:0e:c6:56:48:a5 txqueuelen 1000 (Ethernet)
RX packets 1280 bytes 152865 (149.2 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 4534 bytes 1581066 (1.5 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73 mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10
loop txqueuelen 1000 (Local Loopback)
RX packets 2 bytes 78 (78.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 2 bytes 78 (78.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
tailscale0: flags=4305 mtu 1280
inet 100.108.x.x netmask 255.255.255.255 destination 100.108.x.x
inet6 fe80::7e1e:4058:6116:d2f5 prefixlen 64 scopeid 0x20
unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 txqueuelen 500 (UNSPEC)
RX packets 16 bytes 1486 (1.4 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 24 bytes 1694 (1.6 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
any suggestions ?


You have a typo
sudo ip rule add to 1192.168.0.0/24 table vpnout

Related

Sharing connection between 2 RPi with Network Manager

I have 2 RPis connected together with an ethernet cable. For the 1st RPi, the wifi is disabled, and it should get the internet connection from the 2nd RPi that is connected to the internet by wifi.
I am using the Network Manager (NM), and I also need that both RPis have static IPs on their eth0 interface:
RPi1 : 192.168.4.115/24 # The RPi that is not connected to wifi
RPi2 : 192.168.4.1/24 # The RPi that is connected to wifi
I configured the static IP of the RPi1 in /etc/dhcpcd.conf. For the RPi2, I used the NM when I configured the shared connection :
# On RPi2
nmcli connection add type ethernet ifname eth0 ipv4.method shared con-name local
nmcli connection modify local ipv4.addresses 192.168.4.1/24
nmcli connection up local
When I check the connection of the RPi2, I have the good IP, and when I ping 1.1.1.1 I have a reply:
pi#raspberrypi2:~ $ ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.4.1 netmask 255.255.255.0 broadcast 192.168.4.255
inet6 fe80::514:af1e:da15:6f80 prefixlen 64 scopeid 0x20<link>
ether e4:5f:01:4c:5c:00 txqueuelen 1000 (Ethernet)
RX packets 105 bytes 20375 (19.8 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 178 bytes 22385 (21.8 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
wlan0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.11.16 netmask 255.255.255.0 broadcast 192.168.11.255
inet6 fe80::750f:5ec2:8158:fb80 prefixlen 64 scopeid 0x20<link>
ether e4:5f:01:4c:5c:01 txqueuelen 1000 (Ethernet)
RX packets 488 bytes 59706 (58.3 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 206 bytes 30178 (29.4 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
But on the first RPi, even if I have the good IP on eth0 (192.168.4.115), when I try a ping, I have connect: network is unreachable
So I don't know what is missing to achieve the sharing of the connection. And I don't know what I can check? Feel free to ask for any useful data, I don't know what can be useful.
The first RPi doesn't use the NM because I don't need it, the normal way of the RPi is enough.

How to fix pgAdmin4 connection refused error

I'm getting this error when attempting to setup a new server on pgAdmin4:
Unable to connect to server:
could not connect to server: Connection refused (0x0000274D/10061)
Is the server running on host "192.168.210.146" and accepting
TCP/IP connections on port 5432?
I have postgres 12.7 running on CentOS 8 inside a virtual box 6.1 VM which is running on my Windows 10 21H1 laptop. I can connect to the OS using putty and the CentOS web client just fine.
Here is some network info via the CentOS web client terminal:
# nmap localhost
Starting Nmap 7.70 ( https://nmap.org ) at 2021-07-14 16:59 PDT
Nmap scan report for localhost (127.0.0.1)
Host is up (0.000014s latency).
Other addresses for localhost (not scanned): ::1
Not shown: 996 closed ports
PORT STATE SERVICE
22/tcp open ssh
111/tcp open rpcbind
5432/tcp open postgresql
9090/tcp open zeus-admin
Nmap done: 1 IP address (1 host up) scanned in 1.68 seconds
netstat -tlpn
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 1/systemd
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 954/sshd
tcp 0 0 127.0.0.1:5432 0.0.0.0:* LISTEN 972/postmaster
tcp 0 0 127.0.0.1:37753 0.0.0.0:* LISTEN 1620/cockpit-bridge
# firewall-cmd --list-all
public (active)
target: default
icmp-block-inversion: no
interfaces: enp0s3
sources:
services: cockpit dhcpv6-client postgresql ssh
ports: 5432/tcp
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
#
# ifconfig
enp0s3: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.210.146 netmask 255.255.254.0 broadcast 192.168.211.255
inet6 fe80::a00:27ff:fecb:8d2d prefixlen 64 scopeid 0x20<link>
ether 08:00:27:cb:8d:2d txqueuelen 1000 (Ethernet)
RX packets 4704 bytes 512333 (500.3 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 3757 bytes 2510585 (2.3 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 7252 bytes 2161674 (2.0 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 7252 bytes 2161674 (2.0 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
In the PgAdmin setup server screen I'm using the ip address listed above of 192.168.210.146, user postgres and its password, port 5432 and the database is set to postgres.
I get this same error trying to establish odbc and jdbc connections from my laptop but I'm not sure what in the postgres environment needs to be fixed.I did add 1 entry the pg_hba.conf file as shown below, but that didn't help:
# IPv4 local connections:
host all all 127.0.0.1/32 ident
host all all 192.168.210.146/32 trust #added;not helping
Is there another file or setting that needs to be fixed?
Thanks.

The solution was to first un-comment the listen_address entry in postgresql.conf and then set it to the necessary ip number. Everything connects just fine now. Thanks

Add second IP4 to the server (CentOS)

I just wanted to store a second IP address in the CWP.
I used the IP Manager, which is located in the admin panel.
He creates the following file:
ifcfg-:1
with the following content
DEVICE=:1
TYPE=Ethernet
ONBOOT=yes
NM_CONTROLLED=no
BOOTPROTO=static
IPADDR=5.199.130.204
NETMASK=255.255.255.255
GATEWAY=91.194.84.1
when I enter the command
service network restart
I get the following message
[root#cpanel network-scripts]# service network restart
Restarting network (via systemctl):
** (pkttyagent:19657): WARNING **: 18:17:04.966: Unable to register authentication agent: GDBus.Error:org.freedesktop.PolicyKit1.Error.Failed: Cannot determine user of subject
Error registering authentication agent: GDBus.Error:org.freedesktop.PolicyKit1.Error.Failed: Cannot determine user of subject (polkit-error-quark, 0)
[ OK ]
but with the command ifconfig I cannot see the new IP address
[root#cpanel network-scripts]# ifconfig
docker0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
inet 172.17.0.1 netmask 255.255.0.0 broadcast 172.17.255.255
ether 02:42:80:6b:74:bf txqueuelen 0 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
enp1s0f0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 91.194.84.77 netmask 255.255.255.0 broadcast 91.194.84.255
inet6 fe80::225:90ff:fee1:a1cc prefixlen 64 scopeid 0x20<link>
ether 00:25:90:e1:a1:cc txqueuelen 1000 (Ethernet)
RX packets 896454492 bytes 77246656595 (71.9 GiB)
RX errors 0 dropped 121675 overruns 21 frame 0
TX packets 328489556 bytes 321552938430 (299.4 GiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
device memory 0xfea80000-feafffff
enp1s0f1: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
ether 00:25:90:e1:a1:cd txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
device memory 0xfe980000-fe9fffff
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 28795464 bytes 8187828621 (7.6 GiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 28795464 bytes 8187828621 (7.6 GiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
virbr0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
inet 192.168.122.1 netmask 255.255.255.0 broadcast 192.168.122.255
ether 52:54:00:d8:74:c8 txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
I would like to add the IP 5.199.130.204 to my server and then use it for the 2 nameservers.
however I cannot recognize this ip after entering it with the command ifconfig.
did I do something wrong?

ifconfig shows only one result
check use
id address or nmcli con show conname
can append
nmcli con mod +ipv4.addresses ip/prefix
or
append to ifcfg-*
IPADDR1=ip
PREFIX1=prefix but, direct change is not recommended

You should fix the polkitd issue that is appearing
groupadd -g 23 nohidproc
usermod -a -G nohidproc polkitd
mount -o remount,rw,hidepid=2,gid=nohidproc /proc
systemctl restart polkit
Add the following in /etc/fstab as well
echo "proc /proc proc defaults,hidepid=2,gid=nohidproc 0 0" >> /etc/fstab

IBM ICP Auth-pdp does not respond

At task: Waiting for auth-pdp to start auth-pdp pod could not reach mariadb-0. Has anyone faced this issue before?
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- 0:02:09 --:--:-- 0curl: (7) Failed to connect to mariadb port 3306: Operation timed out
I have checked mariadb container if it is running, then realized it has no ip address.
kubectl -n kube-system get pods -o wide
...
mariadb-0 1/1 Running 0 7m <none> 34.65.234.2
...
Then I tried port-forward mariadb I could reach from local terminal
kubectl -n kube-system port-forward mariadb-0 8080:3306 &
[1] 9483
Forwarding from 127.0.0.1:8080 -> 3306
Forwarding from [::1]:8080 -> 3306
^C
curl localhost:3306
5.5.5-10.2.17-MariaDB-1:10.2.17+maria~bionic~rHO8ewF5���vtf~is&`4#M=mysql_native_password!��#08S01 Got packets out of order
I exed auth-pdp pod try curl another services
bash-4.4# env | grep -i mongo
MONGODB_SERVICE_PORT=27017
MONGODB_PORT_27017_TCP=tcp://10.0.0.181:27017
MONGODB_PORT_27017_TCP_PROTO=tcp
MONGODB_PORT_27017_TCP_ADDR=10.0.0.181
MONGODB_SERVICE_HOST=10.0.0.181
MONGODB_PORT_27017_TCP_PORT=27017
MONGODB_PORT=tcp://10.0.0.181:27017
bash-4.4# curl 10.0.0.181:27017
It looks like you are trying to access MongoDB over HTTP on the native driver port.
I reviewed the interfaces of mariadb pod and found the following:
calie6c068a340a: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet6 fe80::ecee:eeff:feee:eeee prefixlen 64 scopeid 0x20<link>
ether ee:ee:ee:ee:ee:ee txqueuelen 0 (Ethernet)
RX packets 451 bytes 27552 (27.5 KB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 348 bytes 27089 (27.0 KB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
caliee45ca146c2: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet6 fe80::ecee:eeff:feee:eeee prefixlen 64 scopeid 0x20<link>
ether ee:ee:ee:ee:ee:ee txqueuelen 0 (Ethernet)
RX packets 191 bytes 14176 (14.1 KB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 87 bytes 9236 (9.2 KB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
calif6e93cd4328: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet6 fe80::ecee:eeff:feee:eeee prefixlen 64 scopeid 0x20<link>
ether ee:ee:ee:ee:ee:ee txqueuelen 0 (Ethernet)
RX packets 7302 bytes 1203027 (1.2 MB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 7645 bytes 4818796 (4.8 MB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
docker0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
inet 172.17.0.1 netmask 255.255.0.0 broadcast 172.17.255.255
inet6 fe80::42:1ff:feee:54b4 prefixlen 64 scopeid 0x20<link>
ether 02:42:01:ee:54:b4 txqueuelen 0 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 5 bytes 446 (446.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
ens4: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1460
inet 10.240.0.11 netmask 255.255.255.255 broadcast 10.240.0.11
inet6 fe80::4001:aff:fef0:b prefixlen 64 scopeid 0x20<link>
ether 42:01:0a:f0:00:0b txqueuelen 1000 (Ethernet)
RX packets 753548 bytes 3753160696 (3.7 GB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 697800 bytes 219630854 (219.6 MB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 214601 bytes 54627282 (54.6 MB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 214601 bytes 54627282 (54.6 MB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
The ens4 NIC has the same IP address as the Node where the pod is running. It does not got a unique address. Then the following resolves:
k exec -it auth-idp-bkqwf -c init-mariadb bash
bash-4.4# curl 10.240.0.11:3306 --output dummy.txt
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 148 0 148 0 0 144k 0 --:--:-- --:--:-- --:--:-- 144k

pcap - does not work on specific interface

I have used pcap library used in my application. It was working previously.
I have not done any changes to my code, but fails to capture the packets only on specific interface "eth0". But for other interfaces like eth1 and wlan0 it works as expected.
Output of Ifconfig command is :
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 10.1.14.128 netmask 255.255.255.0 broadcast 10.1.14.255
inet6 fe80::5642:49ff:fee1:3a03 prefixlen 64 scopeid 0x20<link>
ether 54:42:49:e1:3a:03 txqueuelen 1000 (Ethernet)
RX packets 476 bytes 53618 (52.3 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 365 bytes 61306 (59.8 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
device interrupt 18
eth1: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
inet6 fe80::280:c8ff:fe3c:fe04 prefixlen 64 scopeid 0x20<link>
ether 00:80:c8:3c:fe:04 txqueuelen 1000 (Ethernet)
RX packets 34500 bytes 48274193 (46.0 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 1732834 (1.6 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 16436
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 0 (Local Loopback)
RX packets 10775 bytes 1170782 (1.1 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 10775 bytes 1170782 (1.1 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
wlan0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 134.96.174.7 netmask 255.255.248.0 broadcast 134.96.175.255
inet6 fe80::226:c7ff:fe9d:1f00 prefixlen 64 scopeid 0x20<link>
ether 00:26:c7:9d:1f:00 txqueuelen 1000 (Ethernet)
RX packets 981018 bytes 1250676710 (1.1 GiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 248507 bytes 31718095 (30.2 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
Are these flag Id's(same for all) have anything to do with my problem .?
Best
yash

The driver of your interface will need to support putting the iface into promiscous mode to collect packets that are not directly addressed to your NIC.