networking

tcpdump tip

As I was debugging an issue at work related to http headers being forwarded by haproxy I used a couple tcpdump commands that was great, storing here for future reference .

tcpdump -s 1024 -l -A | grep X-Forwarded-For

tcpdump -s 1024 -l -A src 192.168.9.56 or dst 192.168.9.56

First one will print lines containing X-Forwarded-For, second one let you filter on src and/or destination .
Note that tcpdump by default does not include 127.0.0.1 or ::1 ( lo ) .

CentOS 7 dhcp + custom ‘search domain’

I’m running CentOS 7 on my workstation these days, like it a lot.
At work our dhcp setup dns search for the domain containing our windows hosts but the Unix and Linux hosts I work with are in an other domain.
In the network manager gui in gnome3 I can’t seem to figure out where to add this second search domain, so I’ve been adding it manually to resolv.conf after each boot …

Got tired of that so i added:

DOMAIN='myDomain.no'

in /etc/sysconfig/network-scripts/ifcfg-eno1 and did a

systemctl restart network.service

problem solved.

thnx superuser.com

UPDATE 30th october 2015:
This does not work at all at my workstation at my new job.
I’m not using NetworkManager any more, not sure if that’s the reason though.

By setting SEARCH in /etc/sysconfig/network instead things got a lot better:

# /etc/sysconfig/network
SEARCH='example.com sub.example.com'

Did I forget about some web server in my dmz (?)

Ok so you’ve been working like h#%”# for a couple months (mabye a year), implementing new application servers, moving around services, upgrading other servers and pretty much been busy. Of course you’re updating documentation all the way ! :p … But for that 1 in a million incident where you just happened to forget about updating the documentation of your servers, say you wonder about “do I have control of all my web servers now ? is it possible I might have forgotten to stop Apache on some random server (?)
nmap comes to the rescue, say I want to find every server in the 192.168.0.0/24 subnet listening to port 80:

nmap -p 80 192.168.0.0/24

bind9 using forwarders

I installed bind9 at localhost so that I could setup forwarders for our LAN dns servers + for my Unix dns servers in DMZ ( I don’t have access to configure the LAN dns server, which would be a better option) . I setup something like this in /etc/bind/named.conf.local (Debian type of distro):

zone "windows.domain.servers." IN {
   type forward;
   forward only;
   forwarders { 10.0.0.1; 10.0.0.2; };
};

zone "unix.dmz.servers." IN {
   type forward;
   forward only;
   forwarders { 192.168.0.1; };
};

domain names and forward ip’s has been changed .
With this setup, I could configure my workstation to use localhost for dns queries, and tell /etc/resolv.conf to search for both the domains I want regular access to without typing the fqdn .
But there was a problem getting answers from my unix dns server in DMZ, /var/log/syslog told me something like:

Nov 15 09:27:07 uranus named[8184]:   validating @0x7f94784dgd70: unix.dmz SOA: got insecure response; parent indicates it should be secure
Nov 15 09:27:07 uranus named[8184]: error (no valid RRSIG) resolving 'lb01.unix.dmz.servers/DS/IN': 192.168.0.1#53
Nov 15 09:27:07 uranus named[8184]: error (no valid DS) resolving 'lb01.unix.dmz.servers/A/IN': 192.168.0.1#53

Since I haven’t got time to debug this stuff in detail, I simply edited /etc/bind/named.conf.options and setup

dnssec-validation no;

And my localhost bind9 could resolv stuff from our DMZ
Thnx isc.org and
groups.google.com

Ethtool is great

Ethtool is a great tool you can use to adjust several settings at your NIC.
It’s especially great to detect if a cable is connected or not. Say you’ve got 3 NIC’s at your server, your hooking up one to the switch and wondering did I hook up eth0, eth1 or eth2 now (?)

# ethtool eth1
Settings for eth1:
	Supported ports: [ TP ]
	Supported link modes:   10baseT/Half 10baseT/Full 
	                        100baseT/Half 100baseT/Full 
	                        1000baseT/Full 
	Supports auto-negotiation: Yes
	Advertised link modes:  10baseT/Half 10baseT/Full 
	                        100baseT/Half 100baseT/Full 
	                        1000baseT/Full 
	Advertised auto-negotiation: Yes
	Speed: 1000Mb/s
	Duplex: Full
	Port: Twisted Pair
	PHYAD: 0
	Transceiver: internal
	Auto-negotiation: on
	Supports Wake-on: umbg
	Wake-on: d
	Current message level: 0x00000007 (7)
	Link detected: yes

As we can see ‘Link detected: yes, we’ve got a winner.
Note: you have to bring up the interface with :

>
# ifconfig eth1 up

or else ethtool will say the link is not detected even if a cable is attached.