Windows: adding routes

To view the existing routes,

C:\> route print

To add a static route,

Syntax:

C:\> route add <target> mask <netmask> <gateway IP> metric <metric cost> if <interface>

Example:

C:\> route add 10.10.10.0 mask 255.255.255.0 192.168.1.1 metric 1

Note: If there is more than one Network Interface and if the interface is not mentioned, the interface is selected based on the gateway IP.

This Static route gets erased when the system reboots. To avoid this, use the -p (Persistent) switch to the above command:

C:\> route -p add 10.10.10.0 mask 255.255.255.0 192.168.1.1 metric 1

This writes the persistent route to the following Windows Registry key as a string value (REG_SZ):

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes

Also, you can write a small batch file with the route commands and add it to the startup folder to add the routes at startup (similar to the startup scripts in Solaris)

Tags

Related Posts

Share This

Check TCP connections and their remote origins

Useful if you feel you’re getting DDOS, flood, or other attacks:

netstat -an | grep tcp | awk '{print $5}'|sed 's/::ffff://'|cut -f1 -d':'| sort | uniq -c | sort -n -r

Tags

Related Posts

Share This

Eliminating too many TIME_WAIT sockets

Some time in your life you’ll run across an Apache server that always has tons of TIME_WAIT connections just seeming to hang out. While these don’t take up as many resources as an ESTABLISHED connection, why keep them around so long? This short article will show you how to identify how many you have, and how to tell your server to reduce them, reuse and recycle them (see, recycling IS a good thing).

First, SSH into your server and become root.

Next, let’s see how many TIME_WAITs you have hanging out:

netstat -nat | awk '{print $6}' | sort | uniq -c | sort -n

You should see something like this:

      1 established)
      1 Foreign
      3 FIN_WAIT2
      5 LAST_ACK
      6 CLOSING
      9 SYN_RECV
     10 ESTABLISHED
     22 FIN_WAIT1
     26 LISTEN
    466 TIME_WAIT

So – let’s get that number smaller.

See what your current values are in these files by catting them to the screen:

cat /proc/sys/net/ipv4/tcp_fin_timeout
cat /proc/sys/net/ipv4/tcp_tw_recycle
cat /proc/sys/net/ipv4/tcp_tw_reuse

If you have default settings, you’ll probably see values of 60, 0 and 0. Let’s change those values to 30, 1, 1.

echo 30 > /proc/sys/net/ipv4/tcp_fin_timeout
echo 1 > /proc/sys/net/ipv4/tcp_tw_recycle
echo 1 > /proc/sys/net/ipv4/tcp_tw_reuse

Now, let’s make the change persistent by adding them to the sysctl.conf file. First however, let’s make sure there aren’t any entries in there yet for these settings. cat the file and grep for the changes we’re about to make:

cat /etc/sysctl.conf | grep "net.ipv4.tcp_fin_timeout"
cat /etc/sysctl.conf | grep "net.ipv4.tcp_tw_recycle"
cat /etc/sysctl.conf | grep "net.ipv4.tcp_tw_reuse"

Make notes of what your settings are if you had any results.

Now, edit the /etc/sysctl.conf with your favorite editor and add these lines to the end of it (or edit the values you have in yours if they exist already):

# Decrease TIME_WAIT seconds
net.ipv4.tcp_fin_timeout = 30

# Recycle and Reuse TIME_WAIT sockets faster
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_tw_reuse = 1

Now, let’s rerun that command from before and see where your TIME_WAITs are at:

netstat -nat | awk '{print $6}' | sort | uniq -c | sort -n

(You may need to wait at least a minute or so, depending on what your old values were, to see a change here.)

Tags

Related Posts

Share This

Setting up an SSH tunnel

This howto page will provide instructions on how to reach services running inside a firewall from outside of the network by using the Putty SSH Client and SSH Port Tunneling.

Requirements

Download Putty.exe.

Port Tunneling

Launch Putty. Different categories will be listed on the left side, click on Connection > SSH > Tunnels.

Under Add new forwarded port:, enter the following information:
Source port: [port on local machine]
Destination: [hostname of remote machine]:[port on remote machine]
Click Add.

It would look like this if I wanted to forward port 80 on the CCIS webserver to 8080 on my local machine:
CCIS Webserver Tunneled to port 8080

Clicking Add will add it to the list of forwarded ports:

Connecting

After setting up the port tunnel, select Session from the category list on the left side.
Enter login.ccs.neu.edu in the Host Name (or IP Address) field and click the Open button at the bottom right.

Select Yes if prompted with this window:

Use your CCIS username and password when prompted to login and your port tunnel will be setup.

Utilizing the Port Tunnel

Now that the port is tunneled, you can connect to it using localhost:[port forwarded] where [port forwarded] is the local port you chose earlier.

In our previous example we forwarded port 80 on www.ccs.neu.edu to localhost:8080. We can now open up a web browser and browse to localhost:8080 to see it:

MSSQL Over an SSH Tunnel

The steps are practically the same as tunneling any other service, except the port you will tunnel is 1433. When connecting from MSSQL Management Studio, the connection host will be 127.0.0.1,[port you forwarded] . Notice the comma between the ip and the port number, this is very important. The following screens will show the proper setup:


And there you have it, you should now be able to SSH Tunnel to any service inside a firewall.

Tags

Related Posts

Share This

Convert IPs to decimal and back

This is a simple script that interactively converts an IP address to its decimal equivalent. This can sometimes be used to bypass web content filtering devices as not all will convert the decimal to an IP and then a hostname.

#!/usr/bin/perl
 #
 # prompt for an IP
 print "Enter an IP Address: ";
# get the users input
 $_ = ;
# remove the newline "n" character
 chomp($_);
# should validate the input, but this was a simple/quick program
 $converteddecimal = ip2dec($_);
 $convertedip = dec2ip($converteddecimal);
print "nIP address: $_n";
 print "Decimal: $converteddecimaln";
# print "IP: $convertedipn";
# this sub converts a decimal IP to a dotted IP
 sub dec2ip ($) {
 join '.', unpack 'C4', pack 'N', shift;
 }
# this sub converts a dotted IP to a decimal IP
 sub ip2dec ($) {
 unpack N => pack CCCC => split /./ => shift;
 }

Tags

Related Posts

Share This

Add extra IPs to a server

1. Determine what existing range files exist:

# cd /etc/sysconfig/network-scripts/

# ls ifcfg-eth1-range*

You will see at least one file, possibly several. Find the highest number following the “range” and add one to it. This will be the new range number.

For example, if you see ifcfg-eth1-range0 and ifcfg-eth1-range1, your new range number will be “3”.

2. Determine the next available interface number (clone number).

# ifconfig | grep eth1

You will see a list of interfaces that looks like this

eth1 Link encap:Ethernet HWaddr 00:08:74:A3:29:70
eth1:0 Link encap:Ethernet HWaddr 00:08:74:A3:29:70
eth1:1 Link encap:Ethernet HWaddr 00:08:74:A3:29:70
.
.
.
eth1:8 Link encap:Ethernet HWaddr 00:08:74:A3:29:70

Find the highest number after the “eth1:”. Add one to it and this your new clone number. In this case it would be 9.

3. create a range file for the new range number. (for this example, we will use range3)

# vi ifcfg-eth1-range3

4. Write the following lines to the range file. (replace the dummy ip information with your desired ip range and the CLONENUM_START value with the one calculated above)

IPADDR_START='123.0.0.1'
IPADDR_END='123.0.0.10'
CLONENUM_START='9'

5. Write and quit the range file, and restart your network.

# /etc/init.d/network restart

6. Your new ips should now be visible by running:

# ifconfig

 

Tags

Related Posts

Share This