| 1994 1995 1996 1997 1998 1999 2000 2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014 2015 2016 2017 2018 2019 2020 <2021> 2022 2023 2024 2025 | Index | 1994 1995 1996 1997 1998 1999 2000 2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014 2015 2016 2017 2018 2019 2020 <2021> 2022 2023 2024 2025 |
| <== Date ==> | <== Thread ==> |
|---|
| Subject: | RE: Multiple IOCs on one host Issue |
| From: | "Manoussakis, Adamandios via Tech-talk" <tech-talk at aps.anl.gov> |
| To: | Ralph Lange <ralph.lange at gmx.de> |
| Cc: | "tech-talk at aps.anl.gov" <tech-talk at aps.anl.gov> |
| Date: | Fri, 19 Mar 2021 18:47:03 +0000 |
|
Nm my stupidity, I was looking at the wrong iptables (filter) not the nat table. I will test this out now on our main system and see if it solves the issue of multiple IOCs. Still need to figure out why the grep is not working correctly
though. From: Manoussakis, Adamandios <manoussakis1 at llnl.gov>
So I just hardcoded in addr/bcast to see if the rest of the script would function correctly and now it gets down to the iptables command that sets up the rules. But when I check sudo iptables -L -v -n I am not seeing it added for some
reason. jetson@ubuntu:/etc/network/if-up.d$ sudo ifup ens33 Internet Systems Consortium DHCP Client 4.3.5 Copyright 2004-2016 Internet Systems Consortium. All rights reserved. For info, please visit
https://www.isc.org/software/dhcp/ Listening on LPF/ens33/00:0c:29:c6:6f:a0 Sending on LPF/ens33/00:0c:29:c6:6f:a0 Sending on Socket/fallback DHCPDISCOVER on ens33 to 255.255.255.255 port 67 interval 3 (xid=0xe228736a) DHCPREQUEST of 192.168.252.132 on ens33 to 255.255.255.255 port 67 (xid=0x6a7328e2) DHCPOFFER of 192.168.252.132 from 192.168.252.254 DHCPACK of 192.168.252.132 from 192.168.252.254 cmp: EOF on /tmp/tmp.nKI1m7I1fj which is empty /sbin/dhclient-script: 8: /etc/dhcp/dhclient-exit-hooks.d/chrony: /usr/lib/chrony/chrony-helper: not found bound to 192.168.252.132 -- renewal in 889 seconds. + PORT=5064 + [ dhcp != none ] + [ ens33 != lo ] + ip addr show ens33 + line=2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000 link/ether 00:0c:29:c6:6f:a0 brd ff:ff:ff:ff:ff:ff inet 192.168.252.132/24 brd 192.168.252.255 scope global ens33 valid_lft forever preferred_lft forever inet6 fe80::20c:29ff:fec6:6fa0/64 scope link tentative valid_lft forever preferred_lft forever + addr=192.168.252.132 + bcast=192.168.252.255 + [ -z 192.168.252.132 -o -z 192.168.252.255 ] + [ start = start ] + iptables -t nat -A PREROUTING -d 192.168.252.132 -p udp --dport 5064 -j DNAT --to-destination 192.168.252.255 + exit 0 jetson@ubuntu:/etc/network/if-up.d$ sudo iptables -L -v -n Chain INPUT (policy ACCEPT 381K packets, 587M bytes) pkts bytes target prot opt in out source destination
Chain FORWARD (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination
0 0 DOCKER-USER all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 DOCKER-ISOLATION-STAGE-1 all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- * docker0 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED 0 0 DOCKER all -- * docker0 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- docker0 !docker0 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- docker0 docker0 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT 192K packets, 17M bytes) pkts bytes target prot opt in out source destination
Chain DOCKER (1 references) pkts bytes target prot opt in out source destination
Chain DOCKER-ISOLATION-STAGE-1 (1 references) pkts bytes target prot opt in out source destination
0 0 DOCKER-ISOLATION-STAGE-2 all -- docker0 !docker0 0.0.0.0/0 0.0.0.0/0
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0
Chain DOCKER-ISOLATION-STAGE-2 (1 references) pkts bytes target prot opt in out source destination
0 0 DROP all -- * docker0 0.0.0.0/0 0.0.0.0/0
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0
Chain DOCKER-USER (1 references) pkts bytes target prot opt in out source destination
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0
From: Tech-talk <tech-talk-bounces at aps.anl.gov>
On Behalf Of Manoussakis, Adamandios via Tech-talk Thanks Heinz, I seem to be still getting the return error from Ralph’s script even with the changes below that you mentioned. I did have to add the closing quotations on the last grep commands for addr/bcast, I was getting unterminated string error. line=`ip addr show $IFACE` addr=`echo $line | grep -Po 'inet\s+[^\s]+\s+' | grep -Po '\d+.*’ '` [ -z "$addr" -o -z "$bcast" ] && return 1 @Ralph Here is what the script is going through, seems like the grep is still failing jetson@ubuntu:/etc/network/if-up.d$ sudo sh -x ioc.sh + PORT=5064 + [ != none ]s + [ != lo ] + ip addr show + line=1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000 link/ether 00:0c:29:c6:6f:a0 brd ff:ff:ff:ff:ff:ff inet 192.168.252.132/24 brd 192.168.252.255 scope global ens33 valid_lft forever preferred_lft forever inet6 fe80::20c:29ff:fec6:6fa0/64 scope link valid_lft forever preferred_lft forever 3: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
link/ether 02:42:6a:5e:1a:03 brd ff:ff:ff:ff:ff:ff inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0 valid_lft forever preferred_lft forever + echo 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128
scope host valid_lft forever preferred_lft forever 2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000 link/ether 00:0c:29:c6:6f:a0 brd ff:ff:ff:ff:ff:ff inet 192.168.252.132/24 brd 192.168.252.255 scope global
ens33 valid_lft forever preferred_lft forever inet6 fe80::20c:29ff:fec6:6fa0/64 scope link valid_lft forever preferred_lft forever 3: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default link/ether 02:42:6a:5e:1a:03
brd ff:ff:ff:ff:ff:ff inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0 valid_lft forever preferred_lft forever + grep -Po inet\s+[^\s]+\s+ + grep -Po \d+.*’ + addr= + grep -Po \d+.*’ + grep -Po brd\s+[^\s]+\s+ + echo 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128
scope host valid_lft forever preferred_lft forever 2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000 link/ether 00:0c:29:c6:6f:a0 brd ff:ff:ff:ff:ff:ff inet 192.168.252.132/24 brd 192.168.252.255 scope global
ens33 valid_lft forever preferred_lft forever inet6 fe80::20c:29ff:fec6:6fa0/64 scope link valid_lft forever preferred_lft forever 3: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default link/ether 02:42:6a:5e:1a:03
brd ff:ff:ff:ff:ff:ff inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0 valid_lft forever preferred_lft forever + bcast= + [ -z -o -z ] + return 1 From: Tech-talk
tech-talk-bounces at aps.anl.gov On Behalf Of Ralph Lange via Tech-talk On Fri, 19 Mar 2021 at 10:59, Heinz Junkes <junkes at fhi-berlin.mpg.de> wrote:
Impressive. Do these work with older systems - where the other expressions worked? Cheers, ~Ralph |