Category Archives: Linux networking

The Portmapper service runs on port 111 tcp/udp

ss -lntp | grep 111

LISTEN 0 128 *:111 *:* users:(("rpcbind",pid=816,fd=8))
LISTEN 0 128 [::]:111 [::]:* users:(("rpcbind",pid=816,fd=11))

pcinfo -p
program vers proto port service
100000 4 tcp 111 portmapper
100000 3 tcp 111 portmapper
100000 2 tcp 111 portmapper
100000 4 udp 111 portmapper
100000 3 udp 111 portmapper
100000 2 udp 111 portmapper

systemctl stop rpcbind.socket
rpcinfo -p
rpcinfo: can't contact portmapper: RPC: Remote system error - Connection refused

systemctl disable rpcbind

veth with kernel namespaces


ip netns add netns0
ip netns list
netns0

ip netns exec netns0 ip link set lo up
ip link add veth-default type veth peer name veth-netns0
ip link set veth-netns0 netns netns0

ip a | grep veth
6: veth-default@if5: mtu 1500 qdisc noop state DOWN group default qlen 1000
link/ether 56:78:d4:a5:8f:55 brd ff:ff:ff:ff:ff:ff link-netns netns0

ip addr add 10.0.3.1/24 dev veth-default
ip link set veth-default up

ip a | grep veth
6: veth-default@if5: mtu 1500 qdisc noqueue state LOWERLAYERDOWN group default qlen 1000
link/ether 56:78:d4:a5:8f:55 brd ff:ff:ff:ff:ff:ff link-netns netns0
inet 10.0.3.1/24 scope global veth-default
valid_lft forever preferred_lft forever

ip netns exec netns0 ip link set veth-netns0 up
ip netns exec netns0 ip addr add 10.0.3.2/24 dev veth-netns0

ping 10.0.3.2
PING 10.0.3.2 (10.0.3.2) 56(84) bytes of data.
64 bytes from 10.0.3.2: icmp_seq=1 ttl=64 time=0.102 ms
64 bytes from 10.0.3.2: icmp_seq=2 ttl=64 time=0.062 ms
64 bytes from 10.0.3.2: icmp_seq=3 ttl=64 time=0.062 ms
^C
--- 10.0.3.2 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2082ms

echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -A FORWARD -o eno0 -i veth-default -j ACCEPT
iptables -A FORWARD -i eno0 -o veth-default -j ACCEPT
iptables -t nat -A POSTROUTING -s 10.0.3.2/24 -o eno0 -j MASQUERADE

ip netns exec netns0 route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
10.0.3.0 0.0.0.0 255.255.255.0 U 0 0 0 veth-netns0

ip netns exec netns0 ip route add default via 10.0.3.1
ip netns exec netns0 ping srv24x7.com
PING srv24x7.com (93.115.28.151) 56(84) bytes of data.
64 bytes from pagirnis.cloudlix.com (93.115.28.151): icmp_seq=1 ttl=58 time=1.19 ms
64 bytes from pagirnis.cloudlix.com (93.115.28.151): icmp_seq=2 ttl=58 time=1.47 ms
64 bytes from pagirnis.cloudlix.com (93.115.28.151): icmp_seq=3 ttl=58 time=1.65 ms
^C
--- srv24x7.com ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2002ms
rtt min/avg/max/mdev = 1.190/1.437/1.649/0.189 ms

ip netns list
netns0 (id: 0)

QUIC

Quick UDP Internet Connections (QUIC) is, as its name states, a transport layer protocol based on multiplexed UDP connections. In fact, QUIC uses a combination of TCP + TLS + SPDY over UDP with several enhancements with respect to the current HTTP/2 over TCP implementation.

Restarting network (via systemctl): Job for network.service canceled

service network restart
Restarting network (via systemctl): Job for network.service canceled.
[FAILED]

systemctl restart network
Job for network.service canceled.

If cyberpanel server network is down (venet0: mtu 1500 qdisc noop state DOWN) after server reboot, make sure:

vi /etc/fstab
#/usr/.tempdisk /tmp ext4 loop,rw,noexec,nosuid,nodev,nofail 0 0
#/tmp /var/tmp none bind 0 0

service network restart
Restarting network (via systemctl):
[ OK ]

monitor and block syn flood

Can help prevent SYN flood DDoS attack

[Mon Nov 4 17:35:53 2019] possible SYN flooding on ctid 0, port 465. Sending cookies.
[Mon Nov 4 19:23:41 2019] possible SYN flooding on ctid 0, port 25. Sending cookies

cat > SYN_RECV.sh << "END"

#!/bin/bash
netstat -natp | grep SYN_RECV | sort | awk '{ print $5 }' | sort | cut -d ":" -f1 | uniq -c | awk '{if ($1>100) system("iptables -I INPUT -s "$2" -j REJECT")}'
END

#ANsible copy and add to cron:

ansible -i inv.txt cpa -m copy -a "src=SYN_RECV.sh dest=/root/bin/SYN_RECV.sh mode=755 owner=root group=root"
ansible -i inv cpa -m cron -a "name=SYN_BLOCK job=/root/bin/SYN_RECV.sh user=root"