Current zone
# firewall-cmd --get-active-zones public interfaces: eth0
What’s active in this zone ?
# firewall-cmd --zone=public --list-all public (default, active) interfaces: eth0 sources: services: dhcpv6-client http https ssh ports: masquerade: no forward-ports: icmp-blocks: rich rules:
As I was debugging an issue at work related to http headers being forwarded by haproxy I used a couple tcpdump commands that was great, storing here for future reference .
tcpdump -s 1024 -l -A | grep X-Forwarded-For tcpdump -s 1024 -l -A src 192.168.9.56 or dst 192.168.9.56
First one will print lines containing X-Forwarded-For, second one let you filter on src and/or destination .
Note that tcpdump by default does not include 127.0.0.1 or ::1 ( lo ) .
I’m running CentOS 7 on my workstation these days, like it a lot.
At work our dhcp setup dns search for the domain containing our windows hosts but the Unix and Linux hosts I work with are in an other domain.
In the network manager gui in gnome3 I can’t seem to figure out where to add this second search domain, so I’ve been adding it manually to resolv.conf after each boot …
Got tired of that so i added:
DOMAIN='myDomain.no'
in /etc/sysconfig/network-scripts/ifcfg-eno1 and did a
systemctl restart network.service
problem solved.
thnx superuser.com
UPDATE 30th october 2015:
This does not work at all at my workstation at my new job.
I’m not using NetworkManager any more, not sure if that’s the reason though.
By setting SEARCH in /etc/sysconfig/network instead things got a lot better:
# /etc/sysconfig/network SEARCH='example.com sub.example.com'
Ok so you’ve been working like h#%”# for a couple months (mabye a year), implementing new application servers, moving around services, upgrading other servers and pretty much been busy. Of course you’re updating documentation all the way ! :p … But for that 1 in a million incident where you just happened to forget about updating the documentation of your servers, say you wonder about “do I have control of all my web servers now ? is it possible I might have forgotten to stop Apache on some random server (?)
nmap comes to the rescue, say I want to find every server in the 192.168.0.0/24 subnet listening to port 80:
nmap -p 80 192.168.0.0/24
I installed bind9 at localhost so that I could setup forwarders for our LAN dns servers + for my Unix dns servers in DMZ ( I don’t have access to configure the LAN dns server, which would be a better option) . I setup something like this in /etc/bind/named.conf.local (Debian type of distro):
zone "windows.domain.servers." IN {
type forward;
forward only;
forwarders { 10.0.0.1; 10.0.0.2; };
};
zone "unix.dmz.servers." IN {
type forward;
forward only;
forwarders { 192.168.0.1; };
};
domain names and forward ip’s has been changed .
With this setup, I could configure my workstation to use localhost for dns queries, and tell /etc/resolv.conf to search for both the domains I want regular access to without typing the fqdn .
But there was a problem getting answers from my unix dns server in DMZ, /var/log/syslog told me something like:
Nov 15 09:27:07 uranus named[8184]: validating @0x7f94784dgd70: unix.dmz SOA: got insecure response; parent indicates it should be secure Nov 15 09:27:07 uranus named[8184]: error (no valid RRSIG) resolving 'lb01.unix.dmz.servers/DS/IN': 192.168.0.1#53 Nov 15 09:27:07 uranus named[8184]: error (no valid DS) resolving 'lb01.unix.dmz.servers/A/IN': 192.168.0.1#53
Since I haven’t got time to debug this stuff in detail, I simply edited /etc/bind/named.conf.options and setup
dnssec-validation no;
And my localhost bind9 could resolv stuff from our DMZ
Thnx isc.org and
groups.google.com
Ethtool is a great tool you can use to adjust several settings at your NIC.
It’s especially great to detect if a cable is connected or not. Say you’ve got 3 NIC’s at your server, your hooking up one to the switch and wondering did I hook up eth0, eth1 or eth2 now (?)
# ethtool eth1 Settings for eth1: Supported ports: [ TP ] Supported link modes: 10baseT/Half 10baseT/Full 100baseT/Half 100baseT/Full 1000baseT/Full Supports auto-negotiation: Yes Advertised link modes: 10baseT/Half 10baseT/Full 100baseT/Half 100baseT/Full 1000baseT/Full Advertised auto-negotiation: Yes Speed: 1000Mb/s Duplex: Full Port: Twisted Pair PHYAD: 0 Transceiver: internal Auto-negotiation: on Supports Wake-on: umbg Wake-on: d Current message level: 0x00000007 (7) Link detected: yes
As we can see ‘Link detected: yes, we’ve got a winner.
Note: you have to bring up the interface with :
> # ifconfig eth1 up
or else ethtool will say the link is not detected even if a cable is attached.