echo stats | nc 127.0.0.1 11211 | grep accept
STAT accepting_conns 1
or
strace -e read,write -fp $(pgrep memcached)
memcached show connections
Leave a reply
Category Archives: Linux networking
wireguard-ui without docker
wget wireguard-ui:
https://github.com/ngoduykhanh/wireguard-ui/releases
tar -xvzf wireguard-ui-*.tar.gz
mkdir /opt/wireguard-ui
mv wireguard-ui /opt/wireguard-ui/
vim /opt/wireguard-ui/.env
SESSION_SECRET=
WGUI_USERNAME=
WGUI_PASSWORD=
vim /opt/wireguard-ui/postup.sh
#!/usr/bin/bash
# /opt/wireguard-ui/postup.sh
ufw route allow in on wg0 out on eth0
iptables -t nat -I POSTROUTING -o eth0 -j MASQUERADE
vim /opt/wireguard-ui/postdown.sh
#!/usr/bin/bash
# /opt/wireguard-ui/postdown.sh
ufw route delete allow in on wg0 out on eth0
iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
chmod +x /opt/wireguard-ui/post*.sh
vim /etc/systemd/system/wireguard-ui-daemon.service
[Unit]
Description=WireGuard UI Daemon
Wants=network-online.target
After=network-online.target
[Service]
User=root
Group=root
Type=simple
systemctl daemon-reload
systemctl start wireguard-ui-daemon.service
vim /etc/systemd/system/wgui.service
[Unit]
Description=Restart WireGuard
After=network.target
[Service]
Type=oneshot
ExecStart=/usr/bin/systemctl restart [email protected]
[Install]
RequiredBy=wgui.path
vim /etc/systemd/system/wgui.path
[Unit]
Description=Watch /etc/wireguard/wg0.conf for changes
[Path]
PathModified=/etc/wireguard/wg0.conf
[Install]
WantedBy=multi-user.target
systemctl daemon-reload
systemctl enable wgui.{path,service}
systemctl start wgui.{path,service}
Nginx proxy:
add_header Cache-Control no-cache;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $http_host;
proxy_pass http://127.0.0.1:5000/;
ubuntu iptables remove all rules
iptables allow all:
iptables -P INPUT ACCEPT && iptables -P FORWARD ACCEPT && iptables -P OUTPUT ACCEPT && iptables -t nat -F && iptables -t mangle -F && iptables -F && iptables -X && iptables-save > /etc/iptables/rules.v4
wireguard remove key
wg set wg0 peer public_key remove
wg-quick save wg0; wg-quick down wg0; wg-quick up wg0;
wg-dashboard reset password
find /opt/wg-dashboard/ -iname server_config.json
Remove current user from json array:
{
“id”: 1,
“username”: “xxx”,
“password”: “xxx
}
systemctl restart wg-dashboard.service
Access http://vpn_server_ip/createuser to create new user
ifup alias ERROR : [/etc/sysconfig/network-scripts/ifup-eth] Device does not seem to be present, delaying initializatio
make sure HWADDR was set
vi /etc/sysconfig/network-scripts/ifcfg-eth100
HWADDR=MAC ADDRESS
how to stop open vpn
sudo killall openvpn
openvpn3 fedora
dnf copr enable dsommers/openvpn3
dnf install openvpn3-client
openvpn3 config-import --config /pat/to/my.ovpn
openvpn3 session-start --config /pat/to/my.ovpn
wireguard 2 interfaces not workig
vim /etc/wireguard/wg0.conf
[Interface]
Address = 10.0.0.1/24
ListenPort = 51820
PrivateKey = WG0_SERVER_PRIVATE_KEY
SaveConfig = false
[Peer]
# client1
PublicKey = PUBKEY_FROM_CLIENT_ONE
AllowedIPs = 10.0.0.2/32
vim /etc/wireguard/wg1.conf
[Interface]
Address = 10.0.1.1/24
ListenPort = 51821
PrivateKey = WG1_SERVER_PRIVATE_KEY
SaveConfig = false
[Peer]
# client2
PublicKey = PUBKEY_FROM_CLIENT_TWO
AllowedIPs = 10.0.1.2/32
systemctl start wg-quick@wg0
systemctl start wg-quick@wg1
telnet udp connection linux
nc -z -v -u 192.168.0.100 100
Connection to 192.118.0.100 100 port [udp/ntp] succeeded!
syn flood attack
apt install hping3
hping3 -c 15000 -d 120 -S -w 64 -p 80 –flood –rand-source 192.168.1.100
csf allow ssh specific IP
vi /etc/csf/csf.allow
192.168.100.100
vi /etc/csf/csf.conf
TCP_IN section remove your SSH port
or
vi /etc/csf/csf.conf
tcp|in|d=22|s=192.168.100.100
csf -ra
wireguard setup
add-apt-repository ppa:wireguard/wireguard
apt-get update
apt install wireguard
MacOS
brew install wireguard-tools
wg genkey | tee privatekey | wg pubkey > publickey
Server side:
/etc/wireguard/wg0.conf
[Interface]
Address = 10.0.0.1/24
DNS = 1.1.1.1
PrivateKey = [ServerPrivateKey]
ListenPort = 51820
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o enp9s0 -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o enp9s0 -j MASQUERADE
[Peer]
#Peer #1
PublicKey = [Peer#1PublicKey]
AllowedIPs = 10.0.0.3/32
[Peer]
#Peer #2
PublicKey = [Peer#2PublicKey]
AllowedIPs = 10.0.0.10/32
[Peer]
#Peer #3
PublicKey = [Peer#3PublicKey]
AllowedIPs = 10.0.0.2/32
[Peer]
#Peer #4
PublicKey = [Peer#4PublicKey]
AllowedIPs = 10.0.0.11/32
Client side:
/etc/wireguard/wg0.conf
[Interface]
Address = 10.0.0.3/24
PrivateKey = [PrivateKeyPeer#1]
[Peer]
PublicKey = [ServerPublicKey]
Endpoint = some.domain.com:51820
AllowedIPs = 0.0.0.0/0
# This is for if you're behind a NAT and
# want the connection to be kept alive.
PersistentKeepalive = 25
Start/stop interface
wg-quick up wg0
wg-quick down wg0
Start/stop service
$ sudo systemctl stop [email protected]
$ sudo systemctl start [email protected]
Instead of having to modify the file for every client you want to add to the
server you could also use the wg tool instead:
# add peer
wg set wg0 peer
# verify connection
wg
# save to config
wg-quick save wg0
iptables delay port
Simulate delayed and dropped packets
iptables -A INPUT -m statistic --mode random --probability 0.01 -j DROP
The Portmapper service runs on port 111 tcp/udp
ss -lntp | grep 111
LISTEN 0 128 *:111 *:* users:(("rpcbind",pid=816,fd=8))
LISTEN 0 128 [::]:111 [::]:* users:(("rpcbind",pid=816,fd=11))
pcinfo -p
program vers proto port service
100000 4 tcp 111 portmapper
100000 3 tcp 111 portmapper
100000 2 tcp 111 portmapper
100000 4 udp 111 portmapper
100000 3 udp 111 portmapper
100000 2 udp 111 portmapper
systemctl stop rpcbind.socket
rpcinfo -p
rpcinfo: can't contact portmapper: RPC: Remote system error - Connection refused
systemctl disable rpcbind