Mac OS X 10.10.1 AMP stack offline use - macos

before the update to Yosemite (on Mavericks) i was able to access my locally hosted sites via apache even when the wifi was completely turned off. i set up my AMP stack according to this tutorial: http://wizardmode.com/2012/06/apache-php-mysql-dev-on-os-x-lion-with-a-minimum-of-pain/
FROM THE TUTORIAL
One more thing. OS X will refuse to do DNS lookups if you’re not connected to a network (under some circumstances). There’s a simple way around that, in two steps:
First, install VirtualBox. Create a new virtual machine, and give it a Host-only network adapter. (You can use the FreeDos image, if you don’t actually need a virtual machine for anything. It’s small.) Start the virtual machine at least once.
You can do this from the commandline with this snippet (after VirtualBox is installed):
(ifconfig | grep -s vboxnet) || VBoxManage hostonlyif create ipconfig vboxnet0 --ip 192.168.56.1 --netmask 255.255.255.0
This prevents OS X from disabling normal DNS resolution when you’re not connected to a network.
Second, create a ‘dev’ domain resolver entry:
sudo mkdir -p /etc/resolver
sudo tee /etc/resolver/dev <<EOT
nameserver 127.0.0.1
domain dev
search_order 1
EOT
This tells OS X that it can always ask localhost (your dnsmasq server) for domain resolution for .dev domains when it doesn’t have other DNS servers.
Now if you type ifconfig in a terminal, one of the lines should start with vboxnet0: – if it does, great! OS X will happily do DNS lookups even if you’re on an airplane, so you can keep using your .dev domains wherever you are.
END TUTORIAL SECTION
after the update i went through hell to get all my local sites running and now they only work if i have an internet connection
I am running dnsmasq according to the tutorial and I did the whole VirtualBox trick. here is the relevant output of ifconfig:
vboxnet0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
ether 0a:00:27:00:00:00
inet 192.168.56.1 netmask 0xffffff00 broadcast 192.168.56.255
vboxnet1: flags=8842<BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
ether 0a:00:27:00:00:01
I'm not really sure what's going wrong. Here is a screenshot of my wifi network settings:
you can see the opendns servers and then localhost for dns resolution purposes.
furthermore, here is scutil --dns output:
DNS configuration
resolver #1
nameserver[0] : 208.67.222.222
nameserver[1] : 208.67.220.220
nameserver[2] : 127.0.0.1
flags : Request A records, Request AAAA records
reach : Reachable
resolver #2
domain : dev
nameserver[0] : 127.0.0.1
flags : Request A records, Request AAAA records
reach : Reachable,Local Address
order : 1
DNS configuration (for scoped queries)
resolver #1
nameserver[0] : 208.67.222.222
nameserver[1] : 208.67.220.220
nameserver[2] : 127.0.0.1
if_index : 4 (en0)
flags : Scoped, Request A records, Request AAAA records
reach : Reachable
I'm really at a loss here for what's happening and going wrong. I've tried debugging some of the shell scripts from the tutorial to see if they are causing problems but I can't figure it out. This should be simple as pie IMO. Why is this such a nightmare?
Any help would be greatly, greatly appreciated as I'm wasting valuable time that could be used for building useful things on this mess. THANK YOU!!!!

As of 10.10 and discoveryd no DNS resolution can take place when you are disconnected from all networks.
you can confirm this by running scutil --dns once when connected, and again when disconnected.
Here is a video that shows the difference in behavior between 10.9 and 10.10 https://www.youtube.com/watch?v=3m9OI_AjCx8
I've tried to escalate this with Apple, the response was that it's expected behavior.
The only workaround I know of is to re-add mDNSResponder as per http://arstechnica.com/apple/2015/01/why-dns-in-os-x-10-10-is-broken-and-what-you-can-do-to-fix-it/

Related

No access to web or mysql on vagrant after upgrading to macos monterey

Last week I decided to upgrade the mac to the latest version Monterey. Well. Most things works, except for Vagrant. Well.. it works, except there is almost no connection to the server.
vagrant ssh works.
I have been able to launch virtualbox, but access to http or mysql is not happening.
I know the mysql-server is running. The same goes with the apache server.
Logs have been checked and I cannot see that any traffic going to the server.
Ping is not working.
I have updated virtualbox. I have destroyed the box and upgraded vagrant / homestead. still no luck.
MORE INFO:
When I run traceroute I see that the first hit is the correct IP I have set in hosts file. Then it goes to 192.168.0.1 which isn't going anywhere.
I guess the 192.168.0.1 comes from the mac virtualbox / vagrant is running on.
Any pointers on what to do next are welcome.
Probably the same problem as mine (I couldn't use any longer IP 192.168.10.10). VirtualBox did some changes lately (from VirtualBox 6.1.28 I think) and a new configuration is needed to use your preferred (192.168.0.1) IP address:
On Linux, macOS and Solaris Oracle VM VirtualBox will only allow IP
addresses in 192.168.56.0/21 range to be assigned to host-only
adapters. For IPv6 only link-local addresses are allowed. If other
ranges are desired, they can be enabled by creating
/etc/vbox/networks.conf and specifying allowed ranges there. For
example, to allow 10.0.0.0/8 and 192.168.0.0/16 IPv4 ranges as well as
2001::/64 range put the following lines into /etc/vbox/networks.conf:
* 10.0.0.0/8 192.168.0.0/16
* 2001::/64
You can check the whole information here.
Alternatively (skipping the networks.conf configuration) you can use any IP from the initially supported range like for instance: 192.168.56.10

Unable to access local network IP from docker container

Running macOS and docker ubuntu on it, I am unable to ping my local network's IP addresses. Below is the network configuration of my docker container. I can ping my host machine's IP address but I am unable to access other IP addresses on the local network.
root# ping 172.17.101.192
PING 172.17.101.192 (172.17.101.192) 56(84) bytes of data.
From 172.17.0.3 icmp_seq=1 Destination Host Unreachable
From 172.17.0.3 icmp_seq=2 Destination Host Unreachable
root# ifconfig
eth0 Link encap:Ethernet HWaddr 02:42:ac:11:00:03
inet addr:172.17.0.3 Bcast:0.0.0.0 Mask:255.255.0.0
inet6 addr: fe80::42:acff:fe11:3/64 Scope:Link
Is there any network configuration which would help me to perform this operation?
I have tried net=host but it is not helping it.
I was using docker for mac, the issue was docker internal network conflicting with my local network addressing.
To resolve the this issue, i need to go to Preferences in the dokcer menu.
In Preferences menu Daemon>Advanced Menu, i can supply other bip.
{
"bip" : "12.12.0.1/24"
}
Click apply and restart. The next time docker will start with internal network as 12.12.0.1/24.
I think docker internal network could be conflicting with your local network addressing.
Try to run Docker changing the default internal network to something that doesn't conflict, as 172.31.0.0/24. Add to your Docker startup options --bip 172.31.0.1/24, probably located in /etc/default/docker:
# Use DOCKER_OPTS to modify the daemon startup options.
DOCKER_OPTS="--bip 172.31.0.1/24"
UPDATE: Although this is true in Linux, Mac implementation is different, see docs here, so it depends if you're using Docker for Mac or for Linux.
Just to test, try to attach your laptop to a different network, any in the range of 192.168.0.0/16 would suffice.
I'm guessing you're using docker-machine.
You should check out docker for mac as it has some networking improvements that may make this work for you. This is what I'm using and I'm able to reach other hosts on my internal network from docker.
I tried the following, and it works:
mac-os $> ifconfig
en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
ether 78:31:c1:bd:4b:84
inet6 fe80::1425:a90d:9c00:ef53%en0 prefixlen 64 secured scopeid 0x4
inet 10.191.41.1 netmask 0xfffff800 broadcast 10.191.47.255
nd6 options=201<PERFORMNUD,DAD>
media: autoselect
status: active
So my ip is 10.191.41.1. Then I do:
mac-os $> docker run -ti --rm ubuntu bash -c "apt-get update && apt-get install -y inetutils-ping && ping 10.191.41.1"
Which installs the "ping" command, and tries to ping my host. I get the right answers:
[...]
PING 10.191.41.1 (10.191.41.1): 56 data bytes
64 bytes from 10.191.41.1: icmp_seq=0 ttl=37 time=0.303 ms
64 bytes from 10.191.41.1: icmp_seq=1 ttl=37 time=0.536 ms
[...]
I wanted to throw this answer out as it happened to me on Windows, but could really on any environment. I was using a bridge network on my local machine for a service I was developing and ran into similar issues, what was weird was that pinging our production physical servers (which started with a 10.10... IP pattern) or the random sites on the internet I was able to receive a response. But the physical dev server which sat on a 172.16... pattern didn't work.
Finally I discovered through doing docker network inspect on the networks I had locally that one had created with the same subnet of 172.16... which overlapped my physical server IP address range. So when I was pinging the physical dev server, it was trying to find it on the virtual docker network, where it didn't exist.
After deleting that network (it was a dev one I didn't use), everything worked.
docker network rm {networkName}
If I had to keep the network, it is possible to change the subnet in the docker-compose file. If you need to change the conflicting subnet, the link to that is here How do configure docker compose to use a given subnet if a variable is set, or choose for itself if it isn't?
That would look something like this (if you wanted a 12.12 subnet):
networks:
default:
ipam:
config:
- subnet: 12.12.0.0/16

Web App on LAN VM: curl -L works from other vms, browser/curl on host doesn't

I am in the process of setting up a Hadoop cluster of virtual machines on my LAN and a process on one of the vms (the ResourceManager) provides a Web UI which is exhibiting strange behavior. All vms run from my desktop and have been assigned ips.
The URL I am targeting is resourcemanager:8088 and here is the behavior.
From other vms running on my desktop:
curl -v resourcemanager:8088
returns an HTTP 302 Found response with Location: http://resourcemanager:8088/cluster. Looking this up I saw this is a redirect, and curl -L resourcemanager:8088 successfully retrieves the HTML.
From the desktop running the vms:
Trying to reach the URL from (Chrome) browser gives net::ERR_CONNECTION_REFUSED. Also
curl resourcemanager:8088
returns curl: (7) Failed to connect to resourcemanager port 8088: Connection refused.
Each vm has the same /etc/hosts:
::1 localhost
127.0.0.1 localhost
10.0.0.3 namenode
10.0.0.4 resourcemanager
10.0.0.5 datanode1
and the .../drivers/etc/hosts file on my (Windows) desktop looks the same minus the localhost lines.
To make matters more complicated, a second process (the NameNode) also provides a web ui, call it namenode:50070, and I am able to curl it from both the desktop and vms, and I can get to it via browser from my desktop.
Any ideas?
EDIT
Specs:
Desktop OS: Windows 10
VMs OS: Arch Linux latest (Linux kernel 4.5.4)
An initial Arch+hadoop VM was created with Hyper-V, then cloned to create the three "cluster" vms listed above. After cloning, each vm was given a unique hostname (listed above) and assigned a reserved IP address from my router (also listed above). All VMs use an "external vm switch".
I cannot comment, because I do not have 50 reputation yet, but that might have to do with the configuration of the service behind port 8088: The VM probably got a 'small' netmask from the virtual dhcp server, which presumably covered the IP range of all other VMs, not including the host machine. If that had happened and the service was configured like many others -to listen on all interfaces- it would not react on requests and your connection would reach a closed port, causing a 'connection refused' error. How is that?

Trouble setting up port forwarding for transparent proxy on Mac OS X

I'm trying to set up a transparent proxy on my Mac OS X Lion (10.7.5), so I can use mitmproxy (to intercept SSL traffic from android applications). I followed the steps in the mitmproxy docs for setting up port forwarding with pf on Mac OS X, and they all went without any errors:
$ sudo sysctl -w net.inet.ip.forwarding=1
Password:
net.inet.ip.forwarding: 0 -> 1
$ sudo pfctl -f pf.conf
No ALTQ support in kernel
ALTQ related functions disabled
$ sudo pfctl -e
No ALTQ support in kernel
ALTQ related functions disabled
pf enabled
But it doesn't seem to have had any effect. When I go to websites in my browser, it makes a direct request, and doesn't go through the port I specified. Here is the pf.conf file (en1 is my wifi):
rdr on en1 inet proto tcp to any port 80 -> 127.0.0.1 port 4500
rdr on en1 inet proto tcp to any port 443 -> 127.0.0.1 port 4500
Thanks for stopping by the IRC channel today. I've tracked this down, and the basic issue is that the rdr rules apply to inbound traffic. This means that they will NOT redirect traffic coming from the box itself. If you think about it, this is inevitable: we can't distinguish between an outbound connection from a non-mitmproxy app, and an outbound connection from mitmproxy itself. We can use route-to to send the traffic to lo0 and then redirect it, but that causes an infinite loop where mitmproxy's own outbound connections are also redirected back to mitmproxy.
Because I know a bit about your use case, I would suggest exploring ways to do this with VirtualBox. A plan of attack would be to set the VirtualBox network up in bridge mode, and then use a pf rule with a match on the source address to redirect traffic to mitmproxy. That should do what you want, and not cause singularities in time and space due to infinite redirection.
Please drop by the IRC channel again if you need a further hand with this.
Did you try net.inet.ip.scopedroute=0? From http://lucumr.pocoo.org/2013/1/6/osx-wifi-proxy/:
Now currently if you finish that above setup you will notice that
nothing actually works. The cause for this is a Bug in the OS X kernel
that requires flipping the net.inet.ip.scopedroute flag to 0. I am not
entirely sure what it does, but the internet reports that it breaks
network sharing through the user preferences. In any case it fixes
ipfw based forwarding so you can flip it with sysctl:
$ sudo sysctl -w net.inet.ip.scopedroute=0
Unfortunately in OS X Lion this flag can actually not be flipped from
userspace so you need to set it as boot parameter and then restart
your computer. You can do this by editing the
/Library/Preferences/SystemConfiguration/com.apple.Boot.plist file
(continued...)
You are using the port 4500 instead the default port 8080.
Do you start mitmproxy with the port specification?: mitmproxy -T --host -p 4500
Did you follow the steps to set the certificate in the Android device? http://mitmproxy.org/doc/certinstall/android.html
Another problem could be the gateway on your android phone: Preferences - Wifi - Hold on the network you are using - Edit network - Advanced options - Set as gateway the ip of your machine with mitmproxy.
By the way I have the same warning with No ALTQ function but it works.

How to setup EC2 internal IP forwarding to External DNS using macos X?

Here the problem, I have two servers on EC2, which have internal/private IPs (10.148.73.230, 10.148.73.231), unfortunately I do not have Elastic IPs available and connect to these servers using External DNS like: ec2-50-132-69-161.us-west-2.compute.amazonaws.com (IP:50.132.69.161) and ec2-50-132-69-162.us-west-2.compute.amazonaws.com (IP:50.132.69.162).
I have macbook and now I need to simulate access to these EC2 servers using their internal IPs.
The first idea was to setup IP forwarding on mac using: ipfw and natd... but after several hours it still not working for some reason. Im fine to make quick and dirty, or using any GUI, but didn't find any...
Desperate for help, here my current script:
sysctl -w net.inet.ip.forwarding=1
ipfw add 1000 forward 10.148.73.230,80 log ip from me 80 to 50.132.69.162) dst-port 80
/usr/sbin/natd -alias_address 10.148.73.230 -interface en1 -use_sockets -same_ports -unregistered_only -dynamic -clamp_mss -enable_natportmap -natportmap_interface en0 -redirect_port tcp 50.132.69.162:1-10000 1-10000 -l
Or is there any better solution to make the forwarding?
Just taking a shot in the dark here as as windows/linux guy. I do understand your problem with EC2 and use it myself, generally with elastic ip's however.
Is it possible to just setup the hosts file like you could on windows/linux??
http://support.apple.com/kb/TA27291?viewlocale=en_US

Resources