The documentation for ports and services states that the microc8s will configure APIs to be accessible on the default network interface:
If I have eth0,1,2 which will be considered default? And how am I supposed to configure that?
To clarify - I need to bind all public APIs that microk8ks brings up to eth2 for example.
Thanks.
Related
I've set up a default vagrant setup, and I'd like to be able to find out what i can from the host about the guest.
For virtualbox setups, what happens is there are some pseudo interfaces that you can use to route and firewall the guest outgoing connections. But, when using vagrant, i noticed the availability of a private space eth0 which is NATted through the host interface. Searching using iproute2 and looking through the procfs does not show any interface at all.
A while back I found the vbox driver bypasses all the usual methods to inspect interfaces from the host machine. Is there a way to find out more about the interfaces on the guest from the host, and which chain should i target to firewall traffic from this?
Strangely just to answer: to find the existence of the ip address in procfs, you'll have to check the /proc/net/fib_trie. Unfortunately, anecdotally, this doesn't work on some procfs.
I have two network interfaces. Both interfaces have two private ip each for a total of 4. All are set to elastic ip.
I can ping only two public IP.
How can I activate 4 IP at a time?
You need to configure the secondory IPs from ec2 OS too.
From AWS Documentation:
Configuring the Operating System on Your Instance to Recognize the Secondary Private IPv4 Address
After you assign a secondary private IPv4 address to your instance,
you need to configure the operating system on your instance to
recognize the secondary private IP address.
If you are using Amazon Linux, the ec2-net-utils package can take care
of this step for you. It configures additional network interfaces that
you attach while the instance is running, refreshes secondary IPv4
addresses during DHCP lease renewal, and updates the related routing
rules. You can immediately refresh the list of interfaces by using the
command sudo service network restart and then view the up-to-date list
using ip addr li. If you require manual control over your network
configuration, you can remove the ec2-net-utils package. For more
information, see Configuring Your Network Interface Using
ec2-net-utils. If you are using another Linux distribution, see the
documentation for your Linux distribution. Search for information
about configuring additional network interfaces and secondary IPv4
addresses. If the instance has two or more interfaces on the same
subnet, search for information about using routing rules to work
around asymmetric routing. For information about configuring a Windows
instance, see Configuring a Secondary Private IP Address for Your
Windows Instance in a VPC in the Amazon EC2 User Guide for Windows
Instances
For Linux here is the post where the steps are explained:
https://bobcares.com/blog/an-easy-guide-to-setup-amazon-ec2-multiple-ips/
This seems like it should be beyond simple, so I hate asking. But I've tried to configure Windows Firewall to allow XDebug to connect to PHPStorm on port 9000 without success.
XDebug is on on Vagrant Box with private network connection--so the host machine has a virtual network adapter. Vagrant is 192.168.33.10 and the host PC is 192.168.33.1.
With Windows Firewall disabled, XDebug connects to PHPStorm. But I obviously don't want to leave my firewall off.
So I've tried to open a port in Windows Firewall with the following Inbound Rule settings:
General
Enabled: Check
Action: Allow the connection
Program and Services
All programs that meet the specified conditions: Checked
Services
Apply to all programs and services: Checked
Protocols and ports
Protocol type: TCP
Local port: Specific Ports : 9000
Remote port : All Ports
Scope
Local IP address
Any IP address: checked
Remote IP address
Any IP address: checked
Advanced
Profiles
Domain: checked
Private: checked
Public: checked
Interface types
All interface types: checked
Edge traversal: Block edge traversal
But it's not working to allow XDebug to connect to PHP storm. I've also tried setting the protocol to UDP. And I'm aware that if this rule did work, it would be excessively open (I could tighten up the scope), but for the moment I just want to see it work before tightening it.
There is a problem with Virtualbox network host-only interface since it is loopback interface and Windows manage it in a diffrent way.
Easy way to solve this is to open 'regedit'. Search for 'HKLM:\system\CurrentControlSet\control\class{4D36E972-E325-11CE-BFC1-08002BE10318}'. There is plenty of interfaces. Simply look one named 'VirtualBox Host-Only Ethernet Adapter'. Then add new DWORD(32) key named '*NdisDeviceType' and value '1' (hex). Reboot.
I don't know if there is a need to add standard fw rules like host port 9000 allow for all, since i had it already.
More about it - http://brianreiter.org/2010/09/18/fix-virtualbox-host-only-network-adapter-creates-a-virtual-public-network-connection-that-causes-windows-to-disable-services/
The simplest approach that I found: Windows Advanced Firewall (where you add/remove rules) -> right-click -> Properties (another place for en/disabling Local/Domain/Public firewalling)
Each off the three scopes (Local/Domain/Public) has a setting to exclude firewall-processing for specific network interfaces completely (!)
Turn of windows firewall for any vmware/virtualbox network interface. (unless you require it against your virtual machine)
This will allow any connection from your guest, to your host machine.
In general, it's easier to not specify rules in terms of protocols or port ranges. Rather, just let the the program executable have a firewall exception for everything. So instead of creating a rule for port 9000, just create a rule for "xdebug.exe", but don't limit it to just port 9000.
Control Panel->Windows Firewall -> click "Allow an app or feature through Windows Firewall", then add xdebug.exe (or whatever the executable name is). This will add a new set of inbound rules (one for UDP and another for TCP). Go back to the advanced settings page, find the new inbound rules that were created, and inspect each to validate thatl the "Scope" checkboxes are set (private, domain, public).
There's a way to turn on firewall logging so you can discover what is getting blocked when the firewall is on. Then you can add rules as appropriate.
http://technet.microsoft.com/en-us/library/cc787462(v=ws.10).aspx
If you have a NAT adapter on your box in addition to virtual adapter, you can change xdebug config in php.ini xdebug.remote_host parameter to the IP of physical interface on your machine. Easiest way to find out is to try to telnet to 9000 port.
Does Go offer a way to configure network interfaces? I found a very easy to use net.Interfaces method to get the information, but i want to modify the network configuration.
In order to modify your network config, the best way would be to call external tools like ip, iptables, ifconfig, brctl, etc..
This is the way we do in within docker (https://github.com/dotcloud/docker/blob/master/network.go#L72)
I've installed freeswitch and I'm following this
http://www.onlinesolution.co.nz/viewtopic.php?t=102
to add a softphone user. I had it connected so I could test dial the tetris theme (9891) and it all worked but when I restarted freeswitch it now says
2012-07-19 11:25:37.882544 [WARNING] sofia_reg.c:1989 Can't find user [1000#MY_IP]
You must define a domain called 'MY_IP' in your directory and add a user with the id="1000" attribute
and you must configure your device to use the proper domain in it's authentication credentials.
I don't know what I've changed to make it behave differently. Can anyone help?
I had this same issue and solved it by changing the IP addresses in the internal and external sip profiles.
/usr/local/freeswitch/conf/sip_profiles/internal.xml
/usr/local/freeswitch/conf/sip_profiles/external.xml
So in internal.xml I changed $${local_ip_v4} to 192.168.16.50 (freeswitch machines LAN IP).
And external.xml, $${local_ip_v4} to the external IP address (connecting to the internet).
Explained in the FreeSWITCH Wiki:
Multi Home Tutorial, "Setting the SIP profiles to use different Ethernet ports"