I have an embedded device which when connected via usb, it gets a IP assigned. I should be able to telnet to this device using the assigned IP. I can see this in the ifconfig of my ubuntu machine.
Problem:
When I try to telnet, it does not connect and waits endlessly.
Workaround:
Disconnect the usb interface on my ubuntu system and run command $sudo dhclient enp0s20f0u9 manually. This refreshes the usb interface IP (getting the same ip address reassigned) but this time I can successfully telnet to the device.
This I need to do every time I plug in the device using usb. Very annoying. Any idea how to fix this permanently?
Another workaround solution is via updating the routing table.
The routing table at first was:
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 172.16.8.1 0.0.0.0 UG 100 0 0 enp0s31f6
169.254.0.0 0.0.0.0 255.255.255.252 U 100 0 0 enp0s20f0u9
169.254.0.0 0.0.0.0 255.255.0.0 U 1000 0 0 docker0
169.254.0.1 169.254.0.2 255.255.255.255 UGH 100 0 0 enp0s20f0u9
172.16.8.0 0.0.0.0 255.255.254.0 U 100 0 0 enp0s31f6
172.17.0.0 0.0.0.0 255.255.0.0 U 0 0 0 docker0
As we see, there are two entries for the interface enp0s20f0u9. Deleting the below route also solved the issue.
sudo route del -net 169.254.0.1 gw 169.254.0.2 netmask 255.255.255.255 dev enp0s20f0u9
Apparently this problem exists after Ubuntu 14.04. This post provides a solution but I am not keen on trying this if it will break something else.
Related
I want to use my raspberry pi, which runs Manjaro ARM, as a server for my local network. I have a golang server running permanently using systemd services. However, I can't access the website from another computer in the network. I disabled iptables and nftables but it still did not work. The server is running and I can even access the website, but only when using curl on the pi itself.
A ping from another machine works fine but scanning the port with nmap fails (the port is marked as filtered)
My code worked fine on my laptop, which runs regular Manjaro, I was able to access the website from any device on the network (even though iptables was not disabled there)
ss -lnt outputs:
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
LISTEN 0 4096 0.0.0.0:5355 0.0.0.0:*
LISTEN 0 4096 127.0.0.53%lo:53 0.0.0.0:*
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 4096 [::]:5355 [::]:*
LISTEN 0 4096 *:80 *:*
LISTEN 0 128 [::]:22 [::]:*
LISTEN 0 4096 *:443 *:*
curl -k https://andre-pi outputs Permanent Redirect but only when run on the pi
Any suggestions what else I could try?
With which command have you tried to access the website with curl? And does the server listen to 0.0.0.0 or 127.0.0.1?
Found the answer. There was another firewall I didn't know about called firewalld. I found it by going through all the installed packages with pacman -Qqe wich I piped through less.
I have a typical configuration where Rpi acts as an router between two subnets. One subnet is connected to Rpi eth0 and there is now laptop connected directly (one day there will be an ip-camera). Rpi connects via wlan0 to to wireless router to get an internet connection.
Picture of configuration
There is several instruction on the web to get this working and it almost works. I can ping devices connected to my wireless router (but not my wireless router!?), from laptop connected to Rpi. I have internet connection on laptop connected to Rpi. Problem is though that I can't ping my laptop (that is connected to Rpi) from subnet of my wireless router. Yes, it has got something to do with my iptables confuration.
Here is some data:
I have set up net.ipv4.ip_forward=1 in my sysctl.conf file
I have done these settings:
sudo iptables -t nat -A POSTROUTING -o wlan0 -j MASQUERADE
sudo iptables -A FORWARD -i wlan0 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
sudo iptables -A FORWARD -i eth0 -o wlan0 -j ACCEPT
IPtables look like this:
pi#raspberrypi:~ $ sudo iptables -L -v
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
296 191K ACCEPT all -- wlan0 eth0 anywhere anywhere state RELATED,ESTABLISHED
37 14316 ACCEPT all -- eth0 wlan0 anywhere anywhere
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Routing tabe looks like this:
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default 192.168.3.1 0.0.0.0 UG 100 0 0 wlan0
default 192.168.3.1 0.0.0.0 UG 202 0 0 eth0
10.10.0.0 0.0.0.0 255.255.255.0 U 202 0 0 eth0
192.168.3.0 0.0.0.0 255.255.255.0 U 100 0 0 wlan0
192.168.3.1 0.0.0.0 255.255.255.255 UH 202 0 0 eth0
Any other information that could be useful?
In your wireless router routing table you should forward traffic going to 10.10.0.0/24 to the interface connected to the second subnet, the traffic going to 192.3.0.0/24 to the interface connected to the Rpi and other traffic to the interface connected to internet.
You also should have a routing table to the Subnet-1 with your Rpi as a gateway like this:
Destination Gateway Genmask
192.168.3.0 Rpi #IP 255.255.255.0
I am building a home server on Raspberry Pi 3 model A+ and am trying to set up Webmin. IP is 192.168.2.16 and the hostname is raspberrypi. Using SSH, I downloaded Webmin and ran it on port 10000, but I cannot access it on my browser at raspberrypi:10000. I can access raspberrypi, though.
I tried restarting it, reinstalling it, and changing the port number as in this post Unable to access Webmin through browser, but none of these seemed to work.
Firewall is disabled as default on Raspberry Pi, so it should not be an issue.
The port is accepting connections and I can access it through the command line, but on the browser the website never loads.
$ nc -zvw 3 raspberrypi 10000
Connection to raspberrypi 10000 port [tcp/webmin] succeeded!
$ netstat -an | grep 10000
tcp 0 0 0.0.0.0:10000 0.0.0.0:* LISTEN
tcp 0 0 192.168.2.16:10000 192.168.2.13:53130 ESTABLISHED
udp 0 0 0.0.0.0:10000 0.0.0.0:*
Any help would be appreciated.
Accessing https://raspberrypi:10000 instead of http worked.
I'm struggling to enable remote access for Postgres DB version 9.6 on MacOS Sierra.
What I have done so far:
modify postgres.conf, set listen_addresses = "*"
modify pg_hb.conf, add these lines:
host all all 0.0.0.0/0 md5
host all all * md5
I checked the Firewall setting (GUI), and see the postgres process is allowing incoming connections.
From PgAdmin tool running on the macOS machine, I can use the ip of macOS machine to connect to the PG database.
The result of running netstat -an | grep 5432:
tcp4 0 0 *.5432 . LISTEN
tcp6 0 0 *.5432 . LISTEN
d06ae6d89823b48f stream 0 0 d06ae6d89b32fcb7 0 0 0 /tmp/.s.PGSQL.5432
However, I couldn't access to the PG database from another machine in same wifi network. (I can ping the ip of the PG database machine).
Any idea of suggestion is highly appreciate.
Thanks.
I have a PC with two network interfaces: eth0 and eth1.
eth0 - Has an ip of 192.168.11.X/24.
eth1 - Has an ip of 192.168.130.X/24. eth1 has internet connectivity.
How does my OS know which interface to use when I try connecting to the internet? Does it iterate over all default gateways? Does it have any cache of what each interface provides? Is there any difference in the behaivior between Windows and Linux?
I'm going to answer for the Linux side of the house (at least for Debian-based systems, such as Ubuntu, since it's more common for users at this point):
Type the following into a command line:
route -n
You should see your "routing table" appear, with something like the following:
Destination Gateway Genmask ... Iface
0.0.0.0 192.168.11.254 0.0.0.0 ... eth0
169.254.0.0 0.0.0.0 255.255.0.0 ... eth0
192.168.11.0 0.0.0.0 255.255.255.0 ... eth0
192.168.130.0 0.0.0.0 255.255.255.0 ... eth1
I omitted a couple columns, but basically, the line that says "0.0.0.0" under "Destination" is the line that determines where your default route is. In other words, where all of the traffic goes that isn't destined for any of the other subnets in the other lines (google.com, facebook.com, whatever).
If it's not right (such as in the above table, where "eth1" is the card you want with Internet access), you should change the default route:
sudo route del default
sudo route add default gw 192.168.130.254 netmask 255.255.255.0
That will fix it for now. To make it permanent, edit your interfaces file:
sudo gedit /etc/network/interfaces
Edit it to look something like the following (change as necessary to your specific situation):
auto eth0
iface eth0 inet dhcp
up route del default
auto eth1
iface eth1 inet dhcp
up route add default gw 192.168.130.254 netmask 255.255.255.0
Then restart networking to see if that did the trick:
sudo /etc/init.d/networking restart
The feature you're asking about is a routing table, a list of destinations known to the host.
When the OS needs to forward a packet it checks this list and chooses the most appropriate one (from specific destinations to general ones). For example:
192.0.2.0/28 - 192.0.2.1 via eth1
198.51.100.0/27 - 198.51.100.1 via eth0
0.0.0.0/0 - 203.0.113.1 via eth0
Note the last destination: it will match any IPv4 address.