Tag Archives: UDP

Linux

Syslog Server for Cisco Devices

Leave a comment

By SAMKZ

Hi,

My name is SAMKZ and I’m a dummy with Linux and I’m so sad about that.

I need to have a Syslog Server to archive Logs from my Cisco Routers and Switches.

I’d like to know to most robust way of doing this.

I’ve installed Centos 5.9 and Trixbox both on VMWares.

I’ve read around but to be frank, I don’t know very simple things. I don’t know which file to check for example to see if my VMWare receives theLogs on UDP 514 redirected port from my Gateway. I don’t know for example how to disable local loggings to minimize the size of the files.

I’d appreciate if you could help me.

Thanks

…read more

Source: FULL ARTICLE at The UNIX and Linux Forums

Linux

NIM on firewalled environment

Leave a comment

By depam

Currently setting up NIM on a firewalled environment and multiple gateways. By following the ports need to be opened on the below link:

IBM NIM Communication within a Firewall Environment – United States

I have asked network team to open up firewall but omitted the 32,768 to 65,535 port as our security won’t be able to open this big port ranges.

It seems that NFS by using mountd can be specified a specific port but TFTP specifically needs this high port:

tftp:
Client UDP Master UDP 69
Client UDP Master UDP (random port between 32768 and 65535)

Here the client communicates via UDP to the master’s port 69. The port that the client uses cannot be predicted.
Then, the master responds from port 69 back to the same port that made the request.
I used the bidirectional arrow to represent this.
Then random UDP ports are chosen on both the master and the client to affect the transfer of data. Again bidirectional.

Does this mean that nim mksysb might work but OS restore wont?

…read more

Source: FULL ARTICLE at The UNIX and Linux Forums

Business, Finance, Occupation & Industry

Silicon Labs Achieves ZigBee® IP Golden Unit Certification

Leave a comment

By Business Wirevia The Motley Fool

Filed under:

Silicon Labs Achieves ZigBee® IP Golden Unit Certification

Ember® ZigBee Silicon, Software and Tools Meet New ZigBee Alliance Specification for End-to-End IPv6-Based Wireless Mesh Networking

AUSTIN, Texas–(BUSINESS WIRE)– Silicon Labs (NAS: SLAB) , a leader in high-performance, analog-intensive, mixed-signal ICs, today announced that its Ember ZigBee solutions – silicon devices, software and development tools – have achieved Golden Unit certification from the ZigBee Alliance for the newly released ZigBee IP specification.

ZigBee IP is the first open standard for IPv6-based wireless mesh networking solutions, providing seamless, end-to-end Internet connectivity and a scalable architecture to control low-power devices. The new ZigBee IP specification adds network and security layers and an application framework to the IEEE 802.15.4 standard. It supports cost-effective, energy-efficient wireless mesh networks based on standard Internet protocols such as IPv6, 6LoWPAN, PANA, RPL, TCP, TLS and UDP. Ultimately, ZigBee IP will provide a standards-based foundation for Internet of Things (IoT) applications ranging from smart meters for the smart grid to in-home energy management systems to wireless sensor networks.

As one of the first to be certified by the ZigBee Alliance, Silicon Labs’ Ember ZigBee solutions, including EM35x wireless system-on-chip (SoC) devices, Ember ZigBee IP networking software and development tools, will serve as a preferred development platform for building and testing future connected products based on the ZigBee IP specification. The Golden Unit certification process instills confidence among developers and end users that all connected device products for the IoT from different vendors will interoperate seamlessly.

“We welcome the release of the ZigBee IP specification because it gives semiconductor, software and system suppliers a single proven standard for developing and deploying low-power, cost-effective IP-based solutions for the Internet of Things,” said Diwakar Vishakhadatta, vice president and general manager of Silicon Labs’ Embedded Systems group. “We look forward to continuing collaboration with the ZigBee Alliance and its members to promote ZigBee IP and implement the specification in a wide range of connected device products.”

About Ember ZigBee Solutions

Silicon Labs’ Ember ZigBee solutions include EM35x wireless devices, EmberZNet PRO software and development tools, providing a comprehensive, scalable platform for 2.4 GHz wireless mesh networking applications. The most widely used ZigBee platform for mesh networking applications, EM35x devices can be deployed as SoCs for cost-sensitive, low-power sensor networks and …read more
Source: FULL ARTICLE at DailyFinance

Linux

Facing issue in ip6table rule for port based routing management

Leave a comment

By rahulbhansali24

Hi,

Please help me on issue described below,
I have 4 machine setup, M1 -> M2 -> M3 | M4. And A laptop that can be reachable through both M3 and M4.

M2 has 2 NIC conected to M3 and M4. Now I want to divide the flow coming from M1 for laptop.
At M2, I have done following,
==============================
ip6tables -t mangle -A PREROUTING -p udp –dport 80 -j MARK –set-mark 12
echo 2 udp_flow >> /etc/iproute2/rt_tables
ip -6 rule add fwmark 12 table udp_flow
ip -6 route add $laptop-ip dev eth2 table udp_flow
==============================

Now if I send UDP traffic from M1 destined to Laptop IP, then if packet size is less then 1410 bytes then I can see complete UDP packets at M4 and successfully delivered to Laptop.

But if packet size > 1410 bytes, then fragmentaion happens and I can see only 1st fragmented packet at M4, not successive fragmented packets. I searched and find out that only 1st fragmented packet have information of UDP and destination port and hence marked properly and routed. Other fragmented packets have only UDP information not destination port, so not marked and dropped at M2.

Is there any solution or rule that can be applied so that all packets (whether fragmentation is there or not) can transfer to M4 only not M3 (destination port rule is compulsory) ?

If i put only UDP rule not including destination port then there is no issue with both cases with/without fragmentation.

Waiting for your helpful reply.

Thanks,

Rahul Bhansali

…read more
Source: FULL ARTICLE at The UNIX and Linux Forums

Linux

Why am i getting these strange packets while running my packet capture module written in c.?

Leave a comment

By arunpushkar

I have made an packet capture application running on intel machine, it is capturing packets with src address- 17.0.0.0 destination ip- 66.0.0.0, source port- 0, destination port- 0, and protocol- 0 what does these packets mean ?
The code written to interpreter captured bytes is given below. Which basically locate source address, destination address, source port, destination port, and protocol from various headers from packet captured. After it is done then only TCP and UDP packets are stored into a file. so it means only those packets having protocol number 6,17 should be saved but when i go through the file the packets with protocol 0,20,255,100,8,66 are also saved more over strange IP address are also seen like.2.8.2.8, 17.0.0.0, 66.0.0.0, 0.0.0.0 etc what are these packets, am i correct in my approach.

inline u_int32_t hash_function(const u_char *packet, int pkt_len)
{
u_int32_t hash=0;
u_int8_t next_protocol;
u_int32_t src_ip,dst_ip;
u_short src_p,dst_p;

unsigned short ip_hdr_len;

// Checking if it is a IPv4 or IPv6 packet
struct ether_header *eptr; /* net/ethernet.h */
eptr = (struct ether_header *) packet;

if (ntohs (eptr->ether_type) == ETHERTYPE_IP) // means it is IPv4 pkt
{
struct iphdr *ip4h = (struct iphdr *)(packet + sizeof(struct ethhdr) );
ip_hdr_len =ip4h->ihl*4;
next_protocol=ip4h->protocol;
pktFeatures.src_ip=ntohl(ip4h->saddr);
pktFeatures.dst_ip=ntohl(ip4h->daddr);
pktFeatures.pkt_len=pkt_len;
switch (next_protocol) //Check the Protocol and do accordingly...
{
case 6: //TCP Protocol
{
struct tcphdr *tcph=(struct tcphdr*)(packet + ip_hdr_len + sizeof(struct ethhdr));
pktFeatures.src_p=ntohs(tcph->th_sport);
pktFeatures.dst_p=ntohs(tcph->th_dport);
pktFeatures.protocol=next_protocol;
writeBytes((char *)&pktFeatures,sizeof(struct packet_features),WRITE_TO_FILE);
}
...read more
Source: FULL ARTICLE at The UNIX and Linux Forums

Linux

Firewall rule for multiport not getting deleted

Leave a comment

By vivek d rTHIS IS DUPLICATE THREAD. Since no one replied there i paste this here sorry 🙁

HTML Code:

http://www.unix.com/shell-programming-scripting/210481-firewall-rule-multiport-not-getting-deleted.html
The REJECT rule in iptables is as shown below

/etc/sysconfig/iptables>>

Code:
-A INPUT -s 10.110.110.52 -d 10.110.110.53 -p tcp -m tcp –dport 7800 -j REJECT –reject-with icmp-port-unreachable-A OUTPUT -s 10.110.110.53 -d 10.110.110.52 -p tcp -m tcp –dport 7800 -j REJECT –reject-with icmp-port-unreachable
[/CODE]
in the scripts i am using, commands to create and delte firewall as below

(also i want to know what would he command to create mutiport tcp rule in a script so that it would appear as above in iptables file..)

DeleteFirewall.sh>>

Code:
/sbin/iptables -D OUTPUT -p tcp –dport 7800 -s ${myip}/32 -d ${peerip}/32 -j REJECT/sbin/iptables -D OUTPUT -p tcp –sport 7800 -s ${myip}/32 -d ${peerip}/32 -j REJECT /sbin/iptables -D OUTPUT -p tcp –dport 7800 -s ${myip}/32 -d ${peerip}/32 -j REJECT/sbin/iptables -D OUTPUT -p tcp –sport 7800 -s ${myip}/32 -d ${peerip}/32 -j REJECT

Createfirewall.sh>>

Code:
/sbin/iptables -I INPUT -p tcp –dport 7800 -s ${peerip}/32 -d ${myip}/32 -j REJECT/sbin/iptables -I INPUT -p tcp –sport 7800 -s ${peerip}/32 -d ${myip}/32 -j REJECT /sbin/iptables -I OUTPUT -p tcp –dport 7800 -s ${myip}/32 -d ${peerip}/32 -j REJECT/sbin/iptables -I OUTPUT -p tcp –sport 7800 -s ${myip}/32 -d ${peerip}/32 -j REJECT

DisArmServer.sh>>

Code:
/sbin/iptables -I INPUT 1 -p tcp –sport ${JPORT} -s ${peerip}/32 -d ${myip}/32 -j REJECTif [ ! -z $JPORT ]; then /sbin/iptables -I INPUT 1 -p udp -m multiport –source-port ${JPORT} -s ${peerip}/32 -d ${myip}/32 -j DROP /sbin/iptables -I INPUT 1 -p udp -m multiport –destination-port ${JPORT} -s ${peerip}/32 -d ${myip}/32 -j DROPfi/sbin/iptables -I OUTPUT 1 -p tcp –sport ${JPORT} -s ${myip}/32 -d ${peerip}/32 -j REJECTif [ ! -z $JPORT ]; then /sbin/iptables -I OUTPUT 1 -p udp -m multiport –source-port ${JPORT} -s ${myip}/32 -d ${peerip} -j DROP /sbin/iptables -I OUTPUT 1 -p udp -m multiport –destination-port ${JPORT} -s ${myip}/32 -d ${peerip} -j DROPfi

ReArm.sh>>

Code:
/sbin/iptables -D INPUT -p tcp –sport ${JPORT} -s ${peerip}/32 -d ${myip}/32 -j REJECT if [ ! -z $JPORT ]; then logger -s -p info “${SCRIPT_NAME}: Running iptables command: /sbin/iptables -D INPUT -p udp -m multiport –source-port ${ODPORT},${OEPORT},${JPORT} -s ${peerip}/32 -d ${myip}/32 -j DROP” /sbin/iptables -D INPUT -p udp -m multiport –source-port ${JPORT} -s ${peerip}/32 -d ${myip}/32 -j DROP /sbin/iptables -D INPUT -p udp -m multiport –destination-port ${JPORT} -s ${peerip}/32 -d ${myip}/32 -j DROPfi/sbin/iptables -D OUTPUT -p tcp –dport ${JPORT} -s ${myip}/32 -d ${peerip}/32 -j REJECTif [ ! -z $JPORT ]; then /sbin/iptables -D OUTPUT -p udp -m multiport –source-port ${JPORT} -s ${myip}/32 -d ${peerip} -j DROP /sbin/iptables -D OUTPUT -p udp -m multiport –destination-port ${JPORT} -s ${myip}/32 -d ${peerip} -j DROPfi

deleteJBCacheFirewall.sh>>

Code:
/sbin/iptables -D INPUT -p tcp –sport ${JPORT} -s ${peerip}/32 -d ${myip}/32 -j REJECT/sbin/iptables -D OUTPUT -p tcp –sport ${JPORT} -s ${myip}/32 -d ${peerip}/32 -j REJECT /sbin/iptables -D INPUT -p udp -m multiport –source-port ${ODPORT},${OEPORT},${JPORT} -s ${peerip}/32 -d ${myip}/32 -j DROP/sbin/iptables -D INPUT -p udp -m multiport –destination-port ${ODPORT},${OEPORT},${JPORT} -s ${peerip}/32 -d ${myip}/32 -j DROP /sbin/iptables -D OUTPUT -p udp -m multiport –source-port ${ODPORT},${OEPORT},${JPORT} -s ${myip}/32 -d ${peerip} -j DROP/sbin/iptables -D OUTPUT -p udp -m multiport –destination-port ${ODPORT},${OEPORT},${JPORT} -s ${myip}/32 -d ${peerip} -j DROP

but none of these scripts written to remove this rule is removing it..

Code:
iptables -L -n | grep “7800”REJECT tcp — 10.110.110.52 10.110.110.53 tcp dpt:7800 reject-with icmp-port-unreachableREJECT tcp — 10.110.110.53 10.110.110.52 tcp dpt:7800 reject-with icmp-port-unreachable

and even when creating the rule we are using UDP for multiport but in iptables the rule is shown as multiprt for TCP(p tcp -m tcp –dport )… i am not able to understand where it came form.. any help will be deeply appreciated… 🙁
Source: The UNIX and Linux Forums

Linux

Firewall rule for multiport not getting deleted :-(

Leave a comment

By vivek d rThe REJECT rule in iptables is as shown below

Code:
/etc/sysconfig/iptables>>

-A INPUT -s 10.110.110.52 -d 10.110.110.53 -p tcp -m tcp –dport 7800 -j REJECT –reject-with icmp-port-unreachable

-A OUTPUT -s 10.110.110.53 -d 10.110.110.52 -p tcp -m tcp –dport 7800 -j REJECT –reject-with icmp-port-unreachable
in the scripts i am using, commands to create and delte firewall as below

Code:
DeleteFirewall.sh>>

/sbin/iptables -D OUTPUT -p tcp –dport 7800 -s ${myip}/32 -d ${peerip}/32 -j REJECT
/sbin/iptables -D OUTPUT -p tcp –sport 7800 -s ${myip}/32 -d ${peerip}/32 -j REJECT

/sbin/iptables -D OUTPUT -p tcp –dport 7800 -s ${myip}/32 -d ${peerip}/32 -j REJECT
/sbin/iptables -D OUTPUT -p tcp –sport 7800 -s ${myip}/32 -d ${peerip}/32 -j REJECT

Createfirewall.sh>>

/sbin/iptables -I INPUT -p tcp –dport 7800 -s ${peerip}/32 -d ${myip}/32 -j REJECT
/sbin/iptables -I INPUT -p tcp –sport 7800 -s ${peerip}/32 -d ${myip}/32 -j REJECT

/sbin/iptables -I OUTPUT -p tcp –dport 7800 -s ${myip}/32 -d ${peerip}/32 -j REJECT
/sbin/iptables -I OUTPUT -p tcp –sport 7800 -s ${myip}/32 -d ${peerip}/32 -j REJECT

DisArmServer.sh>>

/sbin/iptables -I INPUT 1 -p tcp –sport ${JPORT} -s ${peerip}/32 -d ${myip}/32 -j REJECT
if [ ! -z $JPORT ]; then
/sbin/iptables -I INPUT 1 -p udp -m multiport –source-port ${JPORT} -s ${peerip}/32 -d ${myip}/32 -j DROP
/sbin/iptables -I INPUT 1 -p udp -m multiport –destination-port ${JPORT} -s ${peerip}/32 -d ${myip}/32 -j DROP
Fi
/sbin/iptables -I OUTPUT 1 -p tcp –sport ${JPORT} -s ${myip}/32 -d ${peerip}/32 -j REJECT
if [ ! -z $JPORT ]; then
/sbin/iptables -I OUTPUT 1 -p udp -m multiport –source-port ${JPORT} -s ${myip}/32 -d ${peerip} -j DROP
/sbin/iptables -I OUTPUT 1 -p udp -m multiport –destination-port ${JPORT} -s ${myip}/32 -d ${peerip} -j DROP
Fi

ReArm.sh>>

/sbin/iptables -D INPUT -p tcp –sport ${JPORT} -s ${peerip}/32 -d ${myip}/32 -j REJECT

if [ ! -z $JPORT ]; then
Logger -s -p info “${SCRIPT_NAME}: Running iptables command: /sbin/iptables -D INPUT -p udp -m multiport –source-port ${ODPORT},${OEPORT},${JPORT} -s ${peerip}/32 -d ${myip}/32 -j DROP
/sbin/iptables -D INPUT -p udp -m multiport –source-port ${JPORT} -s ${peerip}/32 -d ${myip}/32 -j DROP
/sbin/iptables -D INPUT -p udp -m multiport –destination-port ${JPORT} -s ${peerip}/32 -d ${myip}/32 -j DROP
Fi
/sbin/iptables -D OUTPUT -p tcp –dport ${JPORT} -s ${myip}/32 -d ${peerip}/32 -j REJECT
if [ ! -z $JPORT ]; then
/sbin/iptables -D OUTPUT -p udp -m multiport –source-port ${JPORT} -s ${myip}/32 -d ${peerip} -j DROP
/sbin/iptables -D OUTPUT -p udp -m multiport –destination-port ${JPORT} -s ${myip}/32 -d ${peerip} -j DROP
Fi

deleteJBCacheFirewall.sh>>

/sbin/iptables -D INPUT -p tcp –sport ${JPORT} -s ${peerip}/32 -d ${myip}/32 -j REJECT
/sbin/iptables -D OUTPUT -p tcp –sport ${JPORT} -s ${myip}/32 -d ${peerip}/32 -j REJECT

/sbin/iptables -D INPUT -p udp -m multiport –source-port ${ODPORT},${OEPORT},${JPORT} -s ${peerip}/32 -d ${myip}/32 -j DROP
/sbin/iptables -D INPUT -p udp -m multiport –destination-port ${ODPORT},${OEPORT},${JPORT} -s ${peerip}/32 -d ${myip}/32 -j DROP

/sbin/iptables -D OUTPUT -p udp -m multiport –source-port ${ODPORT},${OEPORT},${JPORT} -s ${myip}/32 -d ${peerip} -j DROP
/sbin/iptables -D OUTPUT -p udp -m multiport –destination-port ${ODPORT},${OEPORT},${JPORT} -s ${myip}/32 -d ${peerip} -j DROP

but none of these scripts written to remove this rule is removing it..

Code:
iptables -L -n | grep “7800”
REJECT tcp — 10.110.110.52 10.110.110.53 tcp dpt:7800 reject-with icmp-port-unreachable
REJECT tcp — 10.110.110.53 10.110.110.52 tcp dpt:7800 reject-with icmp-port-unreachable

and even when creating the rule we are using UDP for multiport but in iptables the rule is shown as multiprt for TCP(p tcp -m tcp –dport )… i am not able to understand where it came form.. any help will be deeply appreciated… 🙁
Source: The UNIX and Linux Forums