Develop Reference

Openvpn client can only ping one of two interfaces in the same AWS Linux 2 instance

I have an AWS Linux 2 instance, with two interfaces in different subnets, where I installed Openvpn using the 172.23.0.0/24 network. Openvpn is working and I can connect to it. However, from the remote client I can only ping the interface connected to the Internet and the Openvpn tunnel interface which has the 172.23.0.1 address. I can not ping the other interface with the 10.0.0.8 address. From the instance, I can ping all addresses. If I run tcpdump, I can see the packets arriving from the remote client, but the interface does not respond.
I have stoped source and destination check and I have also activated ip forwarding with sysctl -w net.ipv4.ip_forward=1 and even tried sysctl -w net.ipv4.conf.all.proxy_arp=1 and sysctl -w net.ipv4.conf.all.proxy_arp_pvlan=1. This is a brand new instance where the only thing installed is Openvpn. No firewall.
Can not figure this out and would appreciate some help.

Enable remote access from one custom IP to Elasticsearch cluster

I've a VPS with installed Elasticsearch. the question is how it will be possible to connect this remote machine with my home IP? I know that with simple line possible to allow all connections, but it is not secure. When I try to add my custom IP, the ES is closed localhost connection and doesn't start properly.
Thank you in any advice!

First set network.host in elasticsearch.yml to the VPS public IP address, not localhost. Next you would need to open port 9200 (or whichever you are using) to you home computers specific IP address. So assuming your VPS is Linux you would achieve this by whitelisting your IP address in Iptables and opening this port to that IP address only.
iptables -A INPUT -p tcp -s <source> --dport 9200 -j ACCEPT
As to how secure this would be. In general the recommendations I've seen floating around are mostly agreeing on the fact that it's a good idea to only allow local connections to your elasticsearch instance. If you want to try allowing remote connections for testing purposes, then as I've mentioned it is enough to bind your public IP instead of localhost in elasticsearch.yml and opening the appropriate ports.

Thank you for etarhan again. One important thing, please check your iptables (firewall) rules before production for opening port for any external IPs. If they allow any remote connection anybody can update, delete your elasticsearch clusters. I solved it by following above instruction, opened remote connection to my home IP but closed any others:
iptables -A INPUT -p tcp -s <source --dport 9200 -j ACCEPT
iptables -A INPUT -p tcp --dport 9200 -j DROP

How do I share my mac's internet connection with my beaglebone black? [closed]

Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 6 years ago.
Improve this question
I've read a lot of answers for this one, but none of them worked (presumably because they were written for outdated OS X versions). How do I actually share my Mac's internet connection with the beaglebone?

I will assume that you have successfully installed the necessary drivers and the beaglebone shows up in your list of network interfaces. Once that is the case, make sure you have properly configured the IP address and netmask. For the default beaglebone connection this looks something like this:
Once that is done, verify that you can connect to the beaglebone:
mac$ ssh root#192.168.7.2
Debian GNU/Linux 7
BeagleBoard.org Debian Image 2015-11-12
Support/FAQ: http://elinux.org/Beagleboard:BeagleBoneBlack_Debian
default username:password is [debian:temppwd]
Last login: Thu Nov 12 19:06:13 2015 from mac.local
root#beaglebone:~#
You are now ready to setup the nat, to allow the beaglebone to share your network connection. For that, first find the name of the network interface that's associated with your beaglebone:
$ ifconfig | grep -C 3 192.168.7.1
en9: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1486
ether 04:a3:16:ad:6c:4d
inet6 fe80::6a3:16ff:fead:6c4d%en9 prefixlen 64 scopeid 0x4
inet 192.168.7.1 netmask 0xfffffffc broadcast 192.168.7.3
nd6 options=1<PERFORMNUD>
media: autoselect
status: active
Then, activate ip forwarding and set the appropriate firewall rule:
mac$ sudo sysctl net.inet.ip.forwarding=1
net.inet.ip.forwarding: 0 -> 1
mac$ echo "nat on en0 from en9:network to any -> (en0)" | sudo pfctl -f - -e
pfctl: Use of -f option, could result in flushing of rules
present in the main ruleset added by the system at startup.
See /etc/pf.conf for further details.
No ALTQ support in kernel
ALTQ related functions disabled
pf enabled
Naturally, you need to substitute en9 for the interface name you found in the previous step. Also, if you already have the firewall enabled, you'll want to manually add that to the firewall configuration.
Lastly, we need to set up the default gateway:
mac$ ssh root#192.168.7.1
beaglebone# route add default gw 192.168.7.1 usb0
beaglebone# ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_req=1 ttl=54 time=16.6 ms
64 bytes from 8.8.8.8: icmp_req=2 ttl=54 time=20.5 ms
If everything worked, you should see the ping replies come in. If you can't connect to the beaglebone anymore, deactivate the firewall pfctl -d and verify that the rule was correct. If you can connect to the beaglebone, but the ping doesn't succeed, verify the routing table (route on the beaglebone, the nat table on the mac pfctl -s nat, and make sure that you ran the sysctl).

Mac OS X 10.10.1 AMP stack offline use

before the update to Yosemite (on Mavericks) i was able to access my locally hosted sites via apache even when the wifi was completely turned off. i set up my AMP stack according to this tutorial: http://wizardmode.com/2012/06/apache-php-mysql-dev-on-os-x-lion-with-a-minimum-of-pain/
FROM THE TUTORIAL
One more thing. OS X will refuse to do DNS lookups if you’re not connected to a network (under some circumstances). There’s a simple way around that, in two steps:
First, install VirtualBox. Create a new virtual machine, and give it a Host-only network adapter. (You can use the FreeDos image, if you don’t actually need a virtual machine for anything. It’s small.) Start the virtual machine at least once.
You can do this from the commandline with this snippet (after VirtualBox is installed):
(ifconfig | grep -s vboxnet) || VBoxManage hostonlyif create ipconfig vboxnet0 --ip 192.168.56.1 --netmask 255.255.255.0
This prevents OS X from disabling normal DNS resolution when you’re not connected to a network.
Second, create a ‘dev’ domain resolver entry:
sudo mkdir -p /etc/resolver
sudo tee /etc/resolver/dev <<EOT
nameserver 127.0.0.1
domain dev
search_order 1
EOT
This tells OS X that it can always ask localhost (your dnsmasq server) for domain resolution for .dev domains when it doesn’t have other DNS servers.
Now if you type ifconfig in a terminal, one of the lines should start with vboxnet0: – if it does, great! OS X will happily do DNS lookups even if you’re on an airplane, so you can keep using your .dev domains wherever you are.
END TUTORIAL SECTION
after the update i went through hell to get all my local sites running and now they only work if i have an internet connection
I am running dnsmasq according to the tutorial and I did the whole VirtualBox trick. here is the relevant output of ifconfig:
vboxnet0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
ether 0a:00:27:00:00:00
inet 192.168.56.1 netmask 0xffffff00 broadcast 192.168.56.255
vboxnet1: flags=8842<BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
ether 0a:00:27:00:00:01
I'm not really sure what's going wrong. Here is a screenshot of my wifi network settings:
you can see the opendns servers and then localhost for dns resolution purposes.
furthermore, here is scutil --dns output:
DNS configuration
resolver #1
nameserver[0] : 208.67.222.222
nameserver[1] : 208.67.220.220
nameserver[2] : 127.0.0.1
flags : Request A records, Request AAAA records
reach : Reachable
resolver #2
domain : dev
nameserver[0] : 127.0.0.1
flags : Request A records, Request AAAA records
reach : Reachable,Local Address
order : 1
DNS configuration (for scoped queries)
resolver #1
nameserver[0] : 208.67.222.222
nameserver[1] : 208.67.220.220
nameserver[2] : 127.0.0.1
if_index : 4 (en0)
flags : Scoped, Request A records, Request AAAA records
reach : Reachable
I'm really at a loss here for what's happening and going wrong. I've tried debugging some of the shell scripts from the tutorial to see if they are causing problems but I can't figure it out. This should be simple as pie IMO. Why is this such a nightmare?
Any help would be greatly, greatly appreciated as I'm wasting valuable time that could be used for building useful things on this mess. THANK YOU!!!!

As of 10.10 and discoveryd no DNS resolution can take place when you are disconnected from all networks.
you can confirm this by running scutil --dns once when connected, and again when disconnected.
Here is a video that shows the difference in behavior between 10.9 and 10.10 https://www.youtube.com/watch?v=3m9OI_AjCx8
I've tried to escalate this with Apple, the response was that it's expected behavior.
The only workaround I know of is to re-add mDNSResponder as per http://arstechnica.com/apple/2015/01/why-dns-in-os-x-10-10-is-broken-and-what-you-can-do-to-fix-it/

How to open incoming port 50070 in firewall (google compute engine)

I have my Single node Hadoop installed on Google Compute Engine instance and i want to open port 50070 on that machine to access the hadoop dashboard. i configured in the firewall rule as tcp:50070 in compute engine networks. but still i am unable to access my port outside the network (ie . via internet). I tried nmap for the public ip of my GCE instance and i got a result which has only ssh port got opened all other ports are filtered .
Note: i am using debian 7.5 image

Make sure your daemon is listening on port 50070. If you have more than one networks in you project make sure the port is opened on the right network. You can run the following commands to check the information about your instance and network.
lsof -i
gcutil --project= getinstance
gcutil --project= listnetworks
gcutil --project= listfirewalls
gcutil --project= getfirewall

Check if IP/Port is allowed in iptables or not.
iptables -L
would show you all the records.
To allow port in iptables you can do the following:
sudo iptables -A INPUT -p tcp -m tcp --dport 50070 -j ACCEPT
sudo iptables-save -c

Short answer
In addition to configure the firewall rule at GCE web console make sure that your server is listening at 0.0.0.0 instead of 127.0.0.1
Long answer
In the context of servers, 0.0.0.0 means all IPv4 addresses on the local machine. If a host has two IP addresses, 192.168.1.1 and 10.1.2.1, and a server running on the host listens on 0.0.0.0, it will be reachable at both of those IPs - Source
In contrast 127.0.0.1 is the IP address used to stablish a connection to the same machine used by the user this address is usually referred as the localhost.
It's often used when you want a network-capable application to only serve clients on the same host. A process that is listening on 127.0.0.1 for connections will only receive local connections on that socket. - Source
Hence, if you try to stablish a connection to your server from internet and your server is listening at 127.0.0.1 at your GCE machine, then, from the server point of view a request has never been received and as a consequence Goocle Cloud Firewall will refuse the connection because there is no server listening at the opened port (in your case 50070).
I hope this answer helps to solve your problem. Best regards.