ipv6 neigh entries getting failed - linux-kernel

I have bunch of ipv6 neigh entries which are failed:
6000::2828:2802 dev eth2 lladdr 00:1f:a0:02:0e:b2 STALE
7000::1e1e:1e01 dev eth1 FAILED
8000::1e1e:1e01 dev eth1 FAILED
4000::1414:149e dev eth2 lladdr 00:03:00:04:00:09 PERMANENT
5000::1e1e:1e01 dev eth1 FAILED
3000::a0a:a3a dev eth1 lladdr 00:03:00:03:00:09 PERMANENT
Now, When I use flush to remove these entries, it says nothing to flush. Do you guys know how to flush or remove these entries, If I delete the entry, it goes in the failed state. Can I change the time for these values, so it automatically gets removed in say 10 seconds.

They should completely disappear when you do something like
ip -6 neigh del 3000::a0a:a3a dev eth1
But much more important: those addresses are bogons. They should never be in use anywhere... Seeing them in your neighbor discovery tables means that your system thinks they are on-link, and that should not be the case.
I suggest you look at your network configuration first. Your interfaces might have the wrong prefixes of prefix-lengths configured...

Yes you can have them removed in 10 secs or whatever.
$ sysctl net.ipv6.neigh.default
...
net.ipv6.neigh.default.gc_interval = 30
net.ipv6.neigh.default.gc_stale_time = 60
...
gc_interval is seconds after which the clean-up kicks in to remove stale entries.
gc_stale_time is seconds after which the entries are marked to be stale.
You can set both these values to 10. You can override these values exclusively for eth1 under net.ipv6.neigh.eth1.
$ sysctl -w net.ipv6.neigh.eth1.gc_interval=10
$ sysctl -w net.ipv6.neigh.eth1.gc_stale_time=10

Related

How to Change IP address in 30 seconds automatically?

I have developed a web scrape software for personal use. Now I need to change my IP address in every 30 seconds for resist block. What is the best way to change IP address in every 30 seconds?
Thank You.
Use proxy plugins that can help you do this.
If you are on UNIX system, you can try this:
Create an ip.sh file with content below, replacing eth0 by your network interface if necessary and by the 3 first numbers of your network's IP address (e.g. 192.168.1)
chmod 700 ip.sh
./ip.sh (use sudo if you're not using the administrator account)
ip.sh file:
#!/bin/bash
index=2
while :
do
ifconfig eth0 <IP>.${index} netmask 255.255.255.0 up
index=$((index+1))
if [ "$index" -gt "254" ]; then
index=2
fi
sleep 30
done

VPS: Taking control of hotname and /etc/resolv.conf (debian 10)

Wanting to set hostname and domain name or wanting so take control of what dns server to use.
If I edit resolv.conf at reboot changes are reseted to what comes from dhcp
playing with /etc/cloud/cloud.cfg doesn't seem to change the problem.
It's because it's got nothing to do with cloud settings lol
the magie manly happens in /etc/dhcp/dhclient.conf
I commented out that line
send host-name = gethostname();
request subnet-mask, broadcast-address, time-offset, routers,
# domain-name, domain-name-servers, domain-search, host-name,
dhcp6.name-servers, dhcp6.domain-search, dhcp6.fqdn, dhcp6.sntp-servers,
netbios-name-servers, netbios-scope, interface-mtu,
rfc3442-classless-static-routes, ntp-servers;
Then in /etc/cloud/cloud.cfg I had to adjust a couple things
[...]
# preserve_hostname: false
preserve_hostname: true
[...]
# - timezone
[...]
# manage_etc_hosts: true
manage_etc_hosts: false
I also needed to add a line in /etc/hosts
127.0.1.1 myName.Mydomain.foo myName
127.0.1.1 xxxxx.your-cloud.etc xxxxx
127.0.0.1 localhost
Lost time on this... so I thought it might be nice to share the solution.

Vagrant reload doesn't work, something else is running

Homestead.yaml is set up correctly:
folders:
- map: ~/web/sites/example
to: /home/vagrant/sites/example
sites:
- map: example.app
to: /home/vagrant/sites/example/public
and localhost is also set up correctly:
127.0.0.1 example.app
which should show the default Laravel welcome page after I use vagrant reload --provision, but it shows 'It works!' instead. Vagrant halt still shows 'It works!', so something else is running, probably from me testing something else. But I don't remember what I have done.
How do I figure out what is running? Googling "localhost folder" doesn't help. Or is something else wrong? I'm using a Mac, by the way.
To figure out what is running, you can use the netstat command, that will show you network connections.
Since you are accessing only by 127.0.0.1, you must be using this service port 80, so using netstat -n | grep ":80" may show you this. If you are using other port, and know it by number, you can pass this to grep, instead of the cited "80".

Mac OSX – open a port

I want to open the port 25 of my Mac, so I edited the file /etc/pf.conf
MacBook-Pro-de-nunito:~ calzada$ more /etc/pf.conf
#
# Default PF configuration file.
#
# This file contains the main ruleset, which gets automatically loaded
# at startup. PF will not be automatically enabled, however. Instead,
# each component which utilizes PF is responsible for enabling and disabling
# PF via -E and -X as documented in pfctl(8). That will ensure that PF
# is disabled only when the last enable reference is released.
#
# Care must be taken to ensure that the main ruleset does not get flushed,
# as the nested anchors rely on the anchor point defined here. In addition,
# to the anchors loaded by this file, some system services would dynamically
# insert anchors into the main ruleset. These anchors will be added only when
# the system service is used and would removed on termination of the service.
#
# See pf.conf(5) for syntax.
#
#
# com.apple anchor point
#
pass in proto tcp from any to any port 80
pass in proto tcp from any to any port 25
scrub-anchor "com.apple/*"
nat-anchor "com.apple/*"
rdr-anchor "com.apple/*"
dummynet-anchor "com.apple/*"
anchor "com.apple/*"
load anchor "com.apple" from "/etc/pf.anchors/com.apple"
But when I restart the service, I got these errors:
MacBook-Pro-de-nunito:~ calzada$ sudo pfctl -f /etc/pf.conf
pfctl: Use of -f option, could result in flushing of rules
present in the main ruleset added by the system at startup.
See /etc/pf.conf for further details.
No ALTQ support in kernel
ALTQ related functions disabled
/etc/pf.conf:24: Rules must be in order: options, normalization, queueing, translation, filtering
/etc/pf.conf:25: Rules must be in order: options, normalization, queueing, translation, filtering
/etc/pf.conf:26: Rules must be in order: options, normalization, queueing, translation, filtering
pfctl: Syntax error in config file: pf rules not loaded
adding the lines at the end of the file:
MacBook-Pro-de-nunito:~ calzada$ sudo pfctl -f /etc/pf.conf
pfctl: Use of -f option, could result in flushing of rules
present in the main ruleset added by the system at startup.
See /etc/pf.conf for further details.
No ALTQ support in kernel
ALTQ related functions disabled
MacBook-Pro-de-nunito:~ calzada$ nmap -p 25 localhost
Starting Nmap 7.40 ( https://nmap.org ) at 2017-03-12 21:35 CET
Nmap scan report for localhost (127.0.0.1)
Host is up (0.00023s latency).
Other addresses for localhost (not scanned): ::1
PORT STATE SERVICE
25/tcp closed smtp
Nmap done: 1 IP address (1 host up) scanned in 0.04 seconds
Are you sure you have something listening on port 25? If you don't have anything listening on port 25 it will show as closed.
As you ran nmap on localhost you wouldn't even need to allow anything through the firewall. You would only need to allow it through the firewall if traffic was coming inbound from another device.
You can use the following to check if a program is listening on port 25
lsof -n -i:25 | grep LISTEN

Remove EC2's entry from resolv.conf

I have private DNS servers and I want to write them to resolv.conf with resolvconf on Debian on AWS/EC2.
There is a problem in the order of nameserver entries.
In my resolv.conf, EC2's default nameserver is always written at first line like so:
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
# DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
nameserver 172.16.0.23
nameserver 10.0.1.185
nameserver 10.100.0.130
search ap-northeast-1.compute.internal
172.16.0.23 is EC2's default nameserver and others are mine.
How to remove EC2 entry? Or, how to move EC2 entry to third?
Here I have an interface file:
% ls -l /etc/resolvconf/run/interface/
-rw-r--r-- 1 root root 62 Jun 7 23:35 eth0
It seems that the file eth0 is automatically generated by dhcp so can't remove it permanently.
% cat /etc/resolvconf/run/interface/eth0
search ap-northeast-1.compute.internal
nameserver 172.16.0.23
My private DNS entry is here:
% cat /etc/resolvconf/resolv.conf.d/base
nameserver 10.0.1.185
nameserver 10.100.0.130
Please help.
I think I just solved a very similar problem. I was bothered by Amazon EC2's crappy internal DNS servers so I wanted to run a local caching dnsmasq daemon and use that in /etc/resolv.conf. At first I just did echo nameserver 127.0.0.1 > /etc/resolv.conf but then I realized that my change would eventually be overwritten by the DHCP client after a reboot or DHCP lease refresh.
What I've now done instead is to edit /etc/dhcp3/dhclient.conf and uncomment the line prepend domain-name-servers 127.0.0.1;. You should be able to use the prepend directive in a very similar way.
Update: These instructions are based on Ubuntu Linux but I imagine the general concept applies on other systems as well, even other DHCP clients must have similar configuration options.
I'm approaching this problem from the other direction (wanting the internal nameservers), much of what I've learned may be of interest.
There are several options to control name resolution in the VPC management console.
VPC -> DHCP option sets -> Create dhcp option set
You can specify your own name servers there.
http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_DHCP_Options.html
Be sure to attach this dhcp option set to your VPC to get it to take effect.
Alternatively (I found this out by mistake) local dns servers are not set if the following settings are disabled in VPC settings:
DnsHostnames
and
DnsSupport
http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/vpc-dns.html
Settings can also be overridden locally (which you'll notice if you move instances between vpcs). /etc/dhcp/dhclient.conf
The following line might be of interest:
prepend domain-name-servers
Changes, of course, take effect on dhclient start.
How do I assign a static DNS server to a private Amazon EC2 instance running Ubuntu, RHEL, or Amazon Linux?
Short Description
Default behavior for an EC2 instance associated with a virtual private cloud (VPC) is to request a DNS server address at startup using the Dynamic Host Configuration Protocol (DHCP). The VPC responds to DHCP requests with the address of an internal DNS server. The DNS server addresses returned in the DHCP response are written to the local /etc/resolv.conf file and are used for DNS name resolution requests. Any manual modifications to the resolv.conf file are overwritten when the instance is restarted.
Resolution
To configure an EC2 instance running Linux to use static DNS server entries, use a text editor such as vim to edit the file /etc/dhcp/dhclient.conf and add the following line to the end of the file:
supersede domain-name-servers xxx.xxx.xxx.xxx, xxx.xxx.xxx.xxx;
Ubuntu - dhclient.conf - DHCP client configuration file 
The supersede statement
supersede [ option declaration ] ;
If for some option the client should always use a locally-configured value or values
rather than whatever is supplied by the server, these values can be defined in the
supersede statement.
The prepend statement
prepend [ option declaration ] ;
If for some set of options the client should use a value you supply, and then use the
values supplied by the server, if any, these values can be defined in the prepend
statement. The prepend statement can only be used for options which allow more than one
value to be given. This restriction is not enforced - if you ignore it, the behaviour
will be unpredictable.
The append statement
append [ option declaration ] ;
If for some set of options the client should first use the values supplied by the server,
if any, and then use values you supply, these values can be defined in the append
statement. The append statement can only be used for options which allow more than one
value to be given. This restriction is not enforced - if you ignore it, the behaviour
will be unpredictable.
In here someone come with solution that basically replaces the file on boot using rc.local
https://forums.aws.amazon.com/thread.jspa?threadID=74497
Edit /etc/sysconfig/network-scripts/ifcfg-eth0 to say PEERDNS=no
Create a file called /etc/resolv.backup with what you want
Add the following 2 lines to /etc/rc.local:
rm -f /etc/resolv.conf cp /etc/resolv.backup /etc/resolv.conf
This is what we are doing for our servers in the environment.
interface "eth0"
{
prepend domain-name-servers 10.x.x.x;
supersede host-name "{Hostname}";
append domain-search "domain";
supersede domain-name "DOMAIN";
}
Hope this helps.
The following worked in a Debian stretch on AWS EC2.
Just create /etc/dhcp/dhclient-enter-hooks.d/nodnsupdate:
#!/bin/sh
make_resolv_conf(){
:
}
Then you can modify /etc/resolv.conf and it will persist your changes across restarts.
Setup in crontab as
#reboot cp -r /home/.../resolv.conf /etc/resolv.conf

Resources