What is the solution for this?? I am tried to setup new VPC from Scratch.
I have created a VPC with CIDR 10.0.0.0/16 in Mumbai region.
And Created a Internet Gate way and attached to these VPC.
Created Two subnets
1)10.0.1.0/24,With Public IP, In Availability Zone US-East-1a
2)10.0.2.0/24 With out public Ip,In Availability Zone US-East-1b
Both subnets are in different zones
Creates TWO Route tables
1.Route table1 with Public subnet(10.0.1.0/24) and added Internet Gateway.
2.Route Table2 with Private Subnet(10.0.2.0/24) WITHOUT internet Gateway
Modified the default NETWORK ACL's to allow inbound traffic for only HTTP,HTTPS,TELNET,SSH
For Outbound Traffic -ALLOW ALL
And I launched a EC2 instance with PUBLIC SUBNET(10.0.1.0/24)
These EC2 instance have Public IP and Private Ip.
And EC2 Security group
INBOUND- HTTP,HTTPS,SSH for 0.0.0.0/0
Outbound -ALL for 0.0.0.0/0
I am able to login into ec2 console and sudo -i to become sudo user
confirmed i am able to connect to the internet properly
ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=56 time=1.27 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=56 time=1.39 ms
64 bytes from 8.8.8.8: icmp_seq=3 ttl=56 time=1.43 ms
^C
--- 8.8.8.8 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2003ms
rtt min/avg/max/mdev = 1.270/1.366/1.438/0.082 ms
then when i try to do yum update -y or trying to do yum install httpd
I am getting bellow error
"# yum update -y
Loaded plugins: priorities, update-motd, upgrade-helper
Could not retrieve mirrorlist http://repo.ap-south-1.amazonaws.com/latest/main/mirror.list error was
12: Timeout on http://repo.ap-south-1.amazonaws.com/latest/main/mirror.list: (28,
'Resolving timed out after 5515 milliseconds')
One of the configured repositories failed (Unknown),
and yum doesn't have enough cached data to continue. At this point the only
safe thing yum can do is fail. There are a few ways to work "fix" this:
1. Contact the upstream for the repository and get them to fix the problem.
2. Reconfigure the baseurl/etc. for the repository, to point to a working
upstream. This is most often useful if you are using a newer
distribution release than is supported by the repository (and the
packages for the previous distribution release still work).
3. Disable the repository, so yum won't use it by default. Yum will then
just ignore the repository until you permanently enable it again or use
--enablerepo for temporary usage:
yum-config-manager --disable <repoid>
4. Configure the failing repository to be skipped, if it is unavailable.
Note that yum will try to contact the repo. when it runs most commands,
so will have to try and fail each time (and thus. yum will be be much
slower). If it is a very temporary problem though, this is often a nice
compromise:
yum-config-manager --save --setopt=<repoid>.skip_if_unavailable=true
As I launched instance with Public Ip and have Internet Gateway and
opened HTTP,HTTPS,SSH ports for ec2 instance level and
for VPC level -HTTP,HTTPS,SSH,TELENET is opened for inbound , Still getting the above error.?
I think you have to enable DNS resolution for your custom VPC that might solve your problem.
Try to perform yum repolist and see if the repos are available, also could you provide the configuration files of "/etc/yum.repos.d/*" to see if there is any errors in repo files.
Related
I have an AWS Linux 2 instance, with two interfaces in different subnets, where I installed Openvpn using the 172.23.0.0/24 network. Openvpn is working and I can connect to it. However, from the remote client I can only ping the interface connected to the Internet and the Openvpn tunnel interface which has the 172.23.0.1 address. I can not ping the other interface with the 10.0.0.8 address. From the instance, I can ping all addresses. If I run tcpdump, I can see the packets arriving from the remote client, but the interface does not respond.
I have stoped source and destination check and I have also activated ip forwarding with sysctl -w net.ipv4.ip_forward=1 and even tried sysctl -w net.ipv4.conf.all.proxy_arp=1 and sysctl -w net.ipv4.conf.all.proxy_arp_pvlan=1. This is a brand new instance where the only thing installed is Openvpn. No firewall.
Can not figure this out and would appreciate some help.
Is there a way to configure dnsmasq so that it only serves DNS requests from remote systems? What I want is that ('internet' means outside my network):
Any DNS request from a program on the dnsmasq machine just uses the internet DNS servers and ignores dnsmasq
A DNS request from a remote system directed to the dnsmasq machine receives a response from dnsmasq, which could be a locally configured response or one that dnsmasq has relayed on to the internet DNS servers
Optionally restrict the IP addresses of remote servers permitted to query the dnsmasq system.
FYI my use case is needing to patch/respond locally to requests from an embedded system to add resilience with a remote server is down; I can't change the queried hostname so I want to be able to locally spoof the IP address, but only affecting specific queries from this embedded system which I've manually directed to my local dnsmasq server.
After much digging, I stumbled across the answer. The magic incantation required to achieve this is:
$ echo DNSMASQ_EXCEPT=lo | sudo tee --append /etc/default/dnsmasq
$ sudo systemctl restart dnsmasq
Look up DNSMASQ_EXCEPT for details but basically this stops dnsmasq providing DNS services to the lo interface.
I am running a windows docker container on a Windows Server 2016 host, running default configuration.
When running the docker container using the command:
docker run -it microsoft/windowsservercore powershell
When I run the command:
ping <hostIPAddress>
It just says that the request times out.
I have checked that I can ping 8.8.8.8 and google.com etc... and even other machines on the same subnet. The only one I cannot ping is the host.
I have added '--dns ' to the 'docker run' command but this only allows me to ping the host machine via hostname and not IP.
Has anyone else seen this problem and have a solution?
I found a workaround (I'm not willing to call it a solution):
Windows Container Network Drivers: create a 'transparent' network:
docker network create -d transparent trans
Attach container to this network
docker run --network=trans ...
Important: Please note, that with this network, your container needs to obtain an IP Adress from the Host Subnet and it is directly exposed to it.
maybe related (this is about access the containers from the host):
According to https://github.com/Microsoft/Virtualization-Documentation/issues/253#issuecomment-217975932 (JMesser81):
This is a known limitation in our Windows NAT implementation (WinNAT) that you cannot access the external port in a static port mapping directly from the container (NAT) host.
Hoping this might help somebody.
On Windows 10 when hosting a Linux container on 0.0.0.0:5057 I was able to ping my server from my Windows host (powershell) using the IP address of the vEthernet (Default Switch) NIC found in Control Panel>All Control Panel Items>Network Connections:
In my case I have a corporate managed McAfee firewall running on my Windows host. I could not add any additional rules on the firewall, but fortunately there was a rule that allowed access from 172.16.0.0/24.
I used "docker network create -d transparent trans" and it worked as described, but I was not happy with an IP from my host network assigned to the container.
I did the following:
docker network create --driver=nat --subnet=172.16.0.0/24 br0
Added --network=br0 to my docker run command
I am facing the same issue.
My workaround is to restart docker service, afterwards it works fine. I'm still looking for a permanent solution.
root#a6c40eb25cbf:/# ping xxx.xx.xx.xxx
PING xxx.xx.xx.xxx (xxx.xx.xx.xxx): 56 data bytes
64 bytes from xxx.xx.xx.xxx: icmp_seq=0 ttl=37 time=3.541 ms
64 bytes from xxx.xx.xx.xxx: icmp_seq=1 ttl=37 time=2.643 ms
64 bytes from xxx.xx.xx.xxx: icmp_seq=2 ttl=37 time=1.857 ms
^C--- xxx.xx.xx.xxx ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
This works for me, I hope it works for you.
Currently, you must have WSL or WSL2 installed and have Virtualization enabled to run Docker on Windows.
The installation of WSL from PowerShell is with the following command.
wsl --install -d Ubuntu
Obviously you need to download and install Docker Desktop on Windows. It will be necessary to enable the WSL integration from the Docker desktop settings after installing it.
After configuring WSL and Docker Desktop, you can create/use your containers. Example:
docker run --name some-postgres -e POSTGRES_PASSWORD=mysecretpassword -d postgres
Finally you must identify the IP of WSL, you must open the Linux distribution that you installed in the first step, in our case Ubuntu, this will open your terminal and here we will execute:
ifconfig
and you will identify the ip of eth0. Example: 172.27.123.123
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.27.123.123 netmask 255.255.240.0 broadcast 172.27.127.255
inet6 fe80::215:5dff:fecf:b4 prefixlen 64 scopeid 0x20<link>
ether 00:15:5d:cf:00:b4 txqueuelen 1000 (Ethernet)
RX packets 4389 bytes 299784 (299.7 KB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 4343 bytes 315643 (315.6 KB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
Now you can ping from CMD in Windows to this IP.
NOTE: the connection will depend on the port of your container, example: 172.27.123.123:8080.
Running macOS and docker ubuntu on it, I am unable to ping my local network's IP addresses. Below is the network configuration of my docker container. I can ping my host machine's IP address but I am unable to access other IP addresses on the local network.
root# ping 172.17.101.192
PING 172.17.101.192 (172.17.101.192) 56(84) bytes of data.
From 172.17.0.3 icmp_seq=1 Destination Host Unreachable
From 172.17.0.3 icmp_seq=2 Destination Host Unreachable
root# ifconfig
eth0 Link encap:Ethernet HWaddr 02:42:ac:11:00:03
inet addr:172.17.0.3 Bcast:0.0.0.0 Mask:255.255.0.0
inet6 addr: fe80::42:acff:fe11:3/64 Scope:Link
Is there any network configuration which would help me to perform this operation?
I have tried net=host but it is not helping it.
I was using docker for mac, the issue was docker internal network conflicting with my local network addressing.
To resolve the this issue, i need to go to Preferences in the dokcer menu.
In Preferences menu Daemon>Advanced Menu, i can supply other bip.
{
"bip" : "12.12.0.1/24"
}
Click apply and restart. The next time docker will start with internal network as 12.12.0.1/24.
I think docker internal network could be conflicting with your local network addressing.
Try to run Docker changing the default internal network to something that doesn't conflict, as 172.31.0.0/24. Add to your Docker startup options --bip 172.31.0.1/24, probably located in /etc/default/docker:
# Use DOCKER_OPTS to modify the daemon startup options.
DOCKER_OPTS="--bip 172.31.0.1/24"
UPDATE: Although this is true in Linux, Mac implementation is different, see docs here, so it depends if you're using Docker for Mac or for Linux.
Just to test, try to attach your laptop to a different network, any in the range of 192.168.0.0/16 would suffice.
I'm guessing you're using docker-machine.
You should check out docker for mac as it has some networking improvements that may make this work for you. This is what I'm using and I'm able to reach other hosts on my internal network from docker.
I tried the following, and it works:
mac-os $> ifconfig
en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
ether 78:31:c1:bd:4b:84
inet6 fe80::1425:a90d:9c00:ef53%en0 prefixlen 64 secured scopeid 0x4
inet 10.191.41.1 netmask 0xfffff800 broadcast 10.191.47.255
nd6 options=201<PERFORMNUD,DAD>
media: autoselect
status: active
So my ip is 10.191.41.1. Then I do:
mac-os $> docker run -ti --rm ubuntu bash -c "apt-get update && apt-get install -y inetutils-ping && ping 10.191.41.1"
Which installs the "ping" command, and tries to ping my host. I get the right answers:
[...]
PING 10.191.41.1 (10.191.41.1): 56 data bytes
64 bytes from 10.191.41.1: icmp_seq=0 ttl=37 time=0.303 ms
64 bytes from 10.191.41.1: icmp_seq=1 ttl=37 time=0.536 ms
[...]
I wanted to throw this answer out as it happened to me on Windows, but could really on any environment. I was using a bridge network on my local machine for a service I was developing and ran into similar issues, what was weird was that pinging our production physical servers (which started with a 10.10... IP pattern) or the random sites on the internet I was able to receive a response. But the physical dev server which sat on a 172.16... pattern didn't work.
Finally I discovered through doing docker network inspect on the networks I had locally that one had created with the same subnet of 172.16... which overlapped my physical server IP address range. So when I was pinging the physical dev server, it was trying to find it on the virtual docker network, where it didn't exist.
After deleting that network (it was a dev one I didn't use), everything worked.
docker network rm {networkName}
If I had to keep the network, it is possible to change the subnet in the docker-compose file. If you need to change the conflicting subnet, the link to that is here How do configure docker compose to use a given subnet if a variable is set, or choose for itself if it isn't?
That would look something like this (if you wanted a 12.12 subnet):
networks:
default:
ipam:
config:
- subnet: 12.12.0.0/16
I am in the process of setting up a Hadoop cluster of virtual machines on my LAN and a process on one of the vms (the ResourceManager) provides a Web UI which is exhibiting strange behavior. All vms run from my desktop and have been assigned ips.
The URL I am targeting is resourcemanager:8088 and here is the behavior.
From other vms running on my desktop:
curl -v resourcemanager:8088
returns an HTTP 302 Found response with Location: http://resourcemanager:8088/cluster. Looking this up I saw this is a redirect, and curl -L resourcemanager:8088 successfully retrieves the HTML.
From the desktop running the vms:
Trying to reach the URL from (Chrome) browser gives net::ERR_CONNECTION_REFUSED. Also
curl resourcemanager:8088
returns curl: (7) Failed to connect to resourcemanager port 8088: Connection refused.
Each vm has the same /etc/hosts:
::1 localhost
127.0.0.1 localhost
10.0.0.3 namenode
10.0.0.4 resourcemanager
10.0.0.5 datanode1
and the .../drivers/etc/hosts file on my (Windows) desktop looks the same minus the localhost lines.
To make matters more complicated, a second process (the NameNode) also provides a web ui, call it namenode:50070, and I am able to curl it from both the desktop and vms, and I can get to it via browser from my desktop.
Any ideas?
EDIT
Specs:
Desktop OS: Windows 10
VMs OS: Arch Linux latest (Linux kernel 4.5.4)
An initial Arch+hadoop VM was created with Hyper-V, then cloned to create the three "cluster" vms listed above. After cloning, each vm was given a unique hostname (listed above) and assigned a reserved IP address from my router (also listed above). All VMs use an "external vm switch".
I cannot comment, because I do not have 50 reputation yet, but that might have to do with the configuration of the service behind port 8088: The VM probably got a 'small' netmask from the virtual dhcp server, which presumably covered the IP range of all other VMs, not including the host machine. If that had happened and the service was configured like many others -to listen on all interfaces- it would not react on requests and your connection would reach a closed port, causing a 'connection refused' error. How is that?