I installed a FreeBSD 10.0 server(IP:10.1.2.3), and want to send packets to remote clients, with fake source ip, such as:
socket_sendto($socket $data, $length, 0, $ip, $port)
$data contains IP header, where i specify my "fake ip" here.
The questions is:
if i specify the IP to C class, everything goes well(below success):
10.1.2.4
10.1.3.5
if i specify the IP to B or A class, nothing send to destination(below failed):
10.2.1.2
11.1.2.3
So, how can i resolve the issue?
Btw i already modified sysctl.conf to :
net.inet.ip.forwarding=1
net.inet6.ip6.forwarding=1
net.inet.ip.fastforwarding=1
Sorry for poor English.
May be related to routing (netmasks). If Your server IP is 10.1.2.3/16, all IP adresses like 10.1.X.Y are directly reachable, but if You try to send to IP addresses outside this range, IP packet goes via routers. Properly configured router should not pass such fake packets. You should check defaultrouter setting in /etc/rc.conf. This defaultrouter may receive such fake packets, unless something else is blocking them on Your FreeBSD machine.
#Kestas is right, try the commands bellow:
1) Verify if you have route to the destination;
# netstat -ln
2) Test the connectivity:
# tracepath 10.2.1.2
3) Put on same network:
# ifconfig re0 10.2.1.1 / 255.0.0.0
GL !
Related
I have setup a simple HTTP java server running locally on port 8000. It simply prints a message "Hello world" when a request comes. When I try to ping it from the browser by running http://localhost:8000/test I get my message printed.
I want to get the same results from another computer that is not local. When I try to use my public IP lets say http:/43.xxx.xxx.xxx:8000/test (even from the same machine) I get an ERR_CONNECTION_REFUSED .
I probably suspect that has something to do with the firewall. Can anyone guide me a little more because I lack the experience?
Thanks in advance
You don't specify what host OS your server/firewall is running so I'll keep this generic...
Without knowing your application, it seems like the server is sending a reset (RST packet) when the first SYN packet shows up indicating that the port (on that interface [your external]) is closed. You can do a quick port scan from here (https://mxtoolbox.com/PortScan.aspx) if you don't have access to a remote machine to test with. Odds are, TCP/8000 will not be open.
If it is, in fact, closed, you'll have to look at the firewall that your host OS is running and find out how to allow TCP/8000 to your host. In a major firewall vendor, your rule would look similar to this:
Source: Any
Destination: Your Public IP Address
Service: TCP/8000
Action: Allow
Logging: Full
That being said, you mentioned this was a PC so look into "iptables" (if you're running *nix) or the Windows Firewall (if you're running Windows) on adding firewall rules (Unfortunately I just joined and can't ask questions/comments, yet).
If you really want to find out what packet is being sent, run a tcpdump on your external interface (let's say eth1) (assuming your remote IP is 1.2.3.4 and your home public IP is 4.5.6.7):
tcpdump -nn -vvv -e -s 0 -X -c 100 -i eth1 host 1.2.3.4 and host
4.5.6.7 and port 8000
Here you're looking for the SYN/SYN-ACK/ACK for a successful TCP negotiation or SYN/RST if there is a firewall rejecting (not dropping) the TCP stream to the port.
Once the port is open on the host OS firewall, take a look at the application to make sure it's configured properly. If this were a standard webserver, you could take a look at the configuration files for the "Allow from" directives to make sure that everyone can access the site. If this is a custom application that you've created, you'll have to check this yourself.
I finally solved my problem. I needed to open a forwarding port in my router that maps my local ip address to the public. My router is TP Link so this what I did:
http://www.tp-link.com/us/faq-72.html
Also in order for this to work every time and not to have to reconfigure this every time I reconected to the router (because I get a new local IP), I have created a static local ip for my server following this guide:
http://www.tp-link.com/us/faq-182.html
Thanks for all the replies.
I want to access a server on the Raspberry Pi Zero via WiFi.
YouTube Video describing the Problem
I am following the tutorial on this Blog for the Raspberry Pi .
Accessing the server with another laptop doesn't work. It says that it is not connected.
When I run on the Raspi
sudo cat /var/log/dnsmasq.log
I get at the end this error:
May 9 09:59:28 dnsmasq-dhcp[513]: no address range available for DHCP request via wlan0
But I am not sure if this has to do anything with the problem at all.
How can I make the Raspi Zero W http-Server (the http server is a server on the raspi) connectable over WiFi?
Here are the relevant parts of the files.
File: /etc/network/interfaces
auto lo
iface lo inet loopback
iface eth0 inet dhcp
iface wlan0 inet static
address 10.0.0.1
netmask 255.255.255.0
broadcast 255.0.0.0
pre-up iptables-restore < /etc/iptables.rules
File: /etc/dnsmasq.conf
#...
#at the end of the file
log-facility=/var/log/dnsmasq.log
address=/#/10.0.0.1
interface=wlan0
dhcp-range=10.0.0.10,10.0.0.250,12h
no-resolv
log-queries
File: /etc/dhcp/dhclient.conf
option rfc3442-classless-static-routes code 121 = array of unsigned integer 8;
send host-name = gethostname();
request subnet-mask, broadcast-address, time-offset, routers,
domain-name, domain-name-servers, domain-search, host-name,
dhcp6.name-servers, dhcp6.domain-search,
netbios-name-servers, netbios-scope, interface-mtu,
rfc3442-classless-static-routes, ntp-servers;
File: /etc/dhcpcd.conf
# Inform the DHCP server of our hostname for DDNS.
hostname
# Use the hardware address of the interface for the Client ID.
clientid
# Persist interface configuration when dhcpcd exits.
persistent
# Rapid commit support.
# Safe to enable by default because it requires the equivalent option set
# on the server to actually work.
option rapid_commit
# A list of options to request from the DHCP server.
option domain_name_servers, domain_name, domain_search, host_name
option classless_static_routes
# Most distributions have NTP support.
option ntp_servers
# A ServerID is required by RFC2131.
require dhcp_server_identifier
# Generate Stable Private IPv6 Addresses instead of hardware based ones
slaac private
# A hook script is provided to lookup the hostname if not set by the DHCP
# server, but it should not be run by default.
nohook lookup-hostname
I have read the blog and i successfully implemented the server following all the steps.It is possible that you have misconfigured something. My bets are on the /etc/network/interfaces file or on the /etc/dnsmasq.conf.
Also, check if you don't have another dhcp server on. Maybe the internal /etc/dhcp/dhcpd.conf is overwritting your ip pool.
Post the relevant part of all those files to see if there is any error.
Simple solution, plug in a HDMI monitor and keyboard and use the desktop network GUI to set up the Wifi (click on the WiFi logo, top right).
A longer winded option would be to use one of the hundreds of how to articles out there, for Raspberry Pis (regardless of Pi zero to Pi3 they are the same).
A quick Google search found this: https://learn.adafruit.com/adafruits-raspberry-pi-lesson-3-network-setup/setting-up-wifi-with-occidentalis
Or even (for those with shorter attention spans): https://www.google.co.uk/search?q=raspberry+pi+configure+wifi&oq=raspberry+pi+configure+wifi&aqs=chrome..69i57j0l5.6863j0j7&sourceid=chrome&ie=UTF-8#q=raspberry+pi+configure+wifi&tbm=vid
Good luck and don't be afraid to Google for these things.
If you run ifconfig -a, does your wlan0 interface have the proper IP address, 10.0.0.1? Mine did not. In /etc/network/interfaces I added the line
allow-hotplug wlan0
above the iface wlan0 line. That seemed to fix the address problem and the same error, "no address range available for DHCP request via wlan0" you are getting.
You have a problem with web pages then as nginx looks for pages in /var/www/html.
Use this line ...
sudo echo "<h1>hello<h1>" > /var/www/html/index.html
Note removal of "!" and different destination folder
I had the exact same problems you had and this got mine working for the most part.
I have a TCP server which runs in localhost (127.0.0.1), I am trying to connect to the server by injecting SYN packets to the loopback interface, but the server doesn't answer them. These packets have the source IP of the Ethernet interface of my internet adapter (and not localhost IP).
I watch the SYN packet that goes to my loopback server in Wireshark, but the server does not answer it with a SYN/ACK. I think it is because the IP source is not 127.0.0.1, which for example is 192.168.1.24.
If I go to the browser and I connect to my localhost server it works fine, but the source IP that I am using is 127.0.0.1 and the destination IP is 127.0.0.1 too; the only difference between the packets is the source IP.
I want to establish a TCP connection with my loopback server (localhost) by using different IP source addresses than 127.0.0.1. Is that possible?
For example, a Loopback TCP SYN packet which comes from 192.168.1.24 to 127.0.0.1 should be answered by the loopbackserver?
Thanks and regards!
You can send packets to localhost via Npcap Loopback Adapter and get response from the counterpart (e.g. a process on the same machine). An example is Nmap, Nmap uses Npcap Loopback Adapter to scan the ports of localhost. The command is: nmap -v -A 127.0.0.1. Nmap is open-sourced here, so you can see its code about the implementation. If you think Nmap is too complicated, you can see the source code of Nping here, a ping tool shipped by Nmap. Nping also uses Npcap Loopback Adapter when pinging localhost, which works differently with the original ping shipped by Windows.
Using IP of one of local adapters or using 127.0.0.1 should be the same. You can run Nmap to test it. Whatever, using 127.0.0.1 is the best and recommended by Npcap when talking to localhost.
So I think the issue still relates to your own implementation.
Does the server bind() using INADDR_LOOPBACK? If so, you could try changing it to INADDR_ANY to see if that helps. See also man 7 ip.
(These links are obviously Linux-specific; if your platform is something else, then refer to the documentation applicable to your system. For example, if you're on Windows, then maybe refer to https://msdn.microsoft.com/en-us/library/windows/desktop/ms737550(v=vs.85).aspx.)
I solved the problem, thank you very much for your answers.
The problem was a bit stupid, I was trying to establish a TCP connection with the loopback server (localhost) with IP source addresses that were not in the range of the loopback, loopback gateway: 127.0.0.1, loopback netmask: 255.255.0.0; It cant accept packets from IP source addresses that are not in the range of 127.0.X.X ; if I do NAT and I translate the packet from for example 192.168.1.154 to 127.0.1.154 the packet is received by the server and I can establish the server connection, I do not know how I did not realize it before.
Thank you for the time, regards!.
I think too that maybe it is better to bind the server to other virtual network adapter and not to the loopback, I am studing this: https://github.com/Microsoft/Windows-driver-samples/tree/master/network/ndis/netvmini/6x
It would be fine to create a miniport driver and bind the server there, we would have the advantage of having our own gateway and netmask and the layer would be ethernet and not BSD loopback. Your opinions will be interesting for me.
I have a linux server with two NICs (eth0 and eth1), and have set eth0 as default in "ip route." Now I would like to receive multicast packets on eth1. I have added "224.0.20.0/24 dev eth1 proto static scope link" to the routing table, and I connect as follows:
sock = socket(PF_INET, SOCK_DGRAM, IPPROTO_IP);
// port 12345, adress INADDR_ANY
bind(sock, &bind_addr, sizeof(bind_addr));
// multicast address 224.0.20.100, interface address 10.13.0.7 (=eth1)
setsockopt(sock, IPPROTO_IP, IP_ADD_MEMBERSHIP, &imreq, sizeof(imreq));
According to ip maddr it connects to that group on the right interface, and tshark -i eth1 shows that I am actually getting multicast packets.
However, I don't get any packets when calling recvfrom(sock). If I set "ip route default" to eth1 (instead of eth0), I do get packets via recvfrom. Is this an issue with my code or with my network setup, and what is the correct way of doing this?
(update) solution: caf hinted that this might be the same problem; indeed: after doing echo 0 > /proc/sys/net/ipv4/conf/eth1/rp_filter I can now receive multicast packets!
caf's comment that this is a duplicate of receiving multicast on a server with multiple interfaces (linux) answered this! (And I post this as an answer for clarity.) Namely, an echo 0 > /proc/sys/net/ipv4/conf/eth1/rp_filter resolves my issue.
Try adding a netmask and specifying 10.13.0.7 as the gateway in your routing table entry.
Correct, assuming you had two NICs with a default gw on only one of them.
Multicast uses unicast routes to determine path back to the source. It means, if multicast path is different from unicast path, then a multicast path will exit. It's a loop prevention mechanism called RPF check.
In this case the application bound to a NIC effectively was forced to join the IGMP over where as the unicast routes were learned from the other NIC with default gateway. So the check was failing. Thus no data.
You don't need to add any static routes. It should just work when you change the rp_filter value to 0.
Is there a clean and OS independent way to determine the local machine's IP addresses from Perl?
So far I have found the following solutions:
parse the output of ifconfig and ipconfig (hard, different windows versions have different ipconfig outputs)
establish a network connection to a well-known IP and examine the socket's local IP address (won't work if I can't establish a connection and will determine only one IP address)
Any better suggestion?
Net::Address::IP::Local looks promising.
use Net::Address::IP::Local;
# Get the local system's IP address that is "en route" to "the internet":
my $address = Net::Address::IP::Local->public;
You also have some other options, including your solution to "establish a network connection to a well-known IP and examine the socket's local IP address".
In that case (establishing network connection) however, that article points out that:
there is no such thing as a host's IP address.
Network interfaces have IP addresses, not hosts, and a single network interface can have many (virtual) IP addresses. The operating system's routing subsystem decides which network interface and IP address to use to connect to a remote machine.
If your machine only has one external network interface, and this interface only has one IP address then this IP address is commonly called the machine's address, but that is inaccurate.
For example, if the machine is connected to a VPN via a virtual interface it will use this interface's IP address to connect to another machine on the VPN, not the external IP address
Amongst the other solutions: Sys::Hostname - works if it comes up with a resolvable hostname.
use Sys::Hostname;
use Socket;
my $addr = inet_ntoa((gethostbyname(hostname))[4]);
print "$addr\n";
In my case, I need a solution without any non-core dependencies. I came up with this after studying the code in Net::Address::IP::Local:
#!/usr/bin/env perl
use strict;
use warnings;
use IO::Socket::INET;
my $local_ip_address = get_local_ip_address();
print "$local_ip_address\n";
# This idea was stolen from Net::Address::IP::Local::connected_to()
sub get_local_ip_address {
my $socket = IO::Socket::INET->new(
Proto => 'udp',
PeerAddr => '198.41.0.4', # a.root-servers.net
PeerPort => '53', # DNS
);
# A side-effect of making a socket connection is that our IP address
# is available from the 'sockhost' method
my $local_ip_address = $socket->sockhost;
return $local_ip_address;
}
get_local_ip_address() should return the same string as Net::Address::IP::Local->public_ipv4.
If desired, you can change the PeerAddr attribute (in the arguments to the constructor for IO::Socket::INET) to a local DNS server.
To retrieve the IP address of all interfaces, use IO::Interface::Simple:
perl -MIO::Interface::Simple '-Esay $_->address for grep { $_->is_running && defined $_->address } IO::Interface::Simple->interfaces'
If you are not interested in 127.0.0.1 (loopback) you can filter on $_->is_loopback.
Perldoc has an answer to this question in its FAQ ("perlfaq9") - using different modules (which are parts of the Standard Library) or even a built-in function.
I've had good success with IO::Interface on Linux and Solaris, and I think it even worked on AIX but I can't recall for sure. Poking around on search.cpan.org, rt.cpan.org and ActiveState's various sites, it looks like IO::Interface may be experiencing build problems on Windows. I guess the only way to know if it's available is to search for io-interface in PPM.
use WMI?
Example of extracting IP addresses (in Powershell, but it's pretty clear what's happening)
Example of accessing WMI from Perl (not the same WMI functions, but again the process is reasonably clear)
EDIT: after a search on Google codesearch for Networkadapterconfiguration and language "perl":
Example looks like pretty much what you need
EDIT2: In fact the OCS code seems to contain code for most platforms to do this, so while there may be no one set of code that does this, you may be able to re-use their ideas. It's GPL'd, though.
For example, here's the Solaris code. Other bits cover BSD, Linux, MacOS...
getting a network interface's IP address in Perl without additional modules usage and 'ifconfig' output parsing
Net::Address::IP::Local works fine, but since the original poster asks for all the local addresses, I think this one is better:
http://www.perlmonks.org/?node_id=166951
It worked fine for me with ActivePerl for Windows XP.
for windows I use
foreach (split(/\r?\n/,`netstat -r`))
{
next unless /^\s+0.0.0.0/;
#S = split(/\s+/);
# $S[3] = Default Gateway
# $S[4] = Main IP
}
The first line starting 0.0.0.0 is the default gateway. There maybe multiple gateways.
Lines starting 255.255.255.255 are also useful. netstat -r and route print are the same.
Can be adapted for OSX, Linux not so helpful.
I have used a combination of these Linux commands so no dependancy on any perl module.
hostname -i
hostname -I
ls /sys/class/net
ip -f inet addr show eth0| grep -Po 'inet \K[\d.]+'