Socat – Socket concatenator!

socat is a Multipurpose relay (“is a more complex variant of netcat. It is larger and more flexible and has more options that must be configured for a given task” – Wikipedia):

http://www.dest-unreach.org/socat/

Get it here: socat-1.7.2.0.tar.gz

Examples of use:

  • socat - TCP4:www.domain.org:80
    transfers data between STDIO (-) and a TCP4 connection to port 80 of host http://www.domain.org. This example results in an interactive connection similar to telnet or netcat. The stdin terminal parameters are not changed, so you may close the relay with ^D or abort it with ^C.
  • socat - SSL:server:4443,cafile=server.crt,cert=client.pem
    is an OpenSSL client that tries to establish a secure connection to an SSL server. Option cafile specifies a file that contains trust certificates: we trust the server only when it presents one of these certificates and proofs that it owns the related private key. Otherwise the connection is terminated. With cert a file containing the client certificate and the associated private key is specified. This is required in case the server wishes a client authentication; many Internet servers do not.
    The first address (‘-‘) can be replaced by almost any other socat address.
  • socat - UDP4-DATAGRAM:224.255.0.1:6666,bind=:6666,ip-add-membership=224.255.0.1:eth0
    transfers data from stdin to the specified multicast address using UDP. Both local and remote ports are 6666. Tells the interface eth0 to also accept multicast packets of the given group. Multiple hosts on the local network can run this command, so all data sent by any of the hosts will be received by all the other ones. Note that there are many possible reasons for failure, including IP-filters, routing issues, wrong interface selection by the operating system, bridges, or a badly configured switch.

See more examples in www.dest-uconcatenatornreach.org

Advertisements

Flushing ARP table entries for one specific IP

In some cases, the network elements use caching strategies in order to improve the network throughput. In this enviroment, is frequently that we are using subsystems like LVS with purpose of balance one service IP between a couple of hosts. In this cases, we can have several problems when we want use HA system because some network switch don’t releases  the old ARP entry of the service IP (due to caching effect). To avoid this aim, we’d use arping to force releases of  the old ARP entry.

  arping -v -c 1 -i eth0 -S 192.40.0.200 -t ff:ff:ff:ff:ff:ff 192.40.0.200
  arping: invalid option -- '-'
  Usage: arping [-fqbDUAV] [-c count] [-w timeout] [-I device] [-s source] destination
   -f : quit on first reply
   -q : be quiet
   -b : keep broadcasting, don't go unicast
   -D : duplicate address detection mode
   -U : Unsolicited ARP mode, update your neighbours
   -A : ARP answer mode, update your neighbours
   -V : print version and exit
   -c count : how many packets to send
   -w timeout : how long to wait for a reply
   -I device : which ethernet device to use (eth0)
   -s source : source ip address
   destination : ask for what ip address

For example, we can use this tip in the network/intefaces conffile:

auto eth0
iface eth0 inet static
  address 10.240.97.99
  netmask 255.255.255.0
  post-up arping -v -c 1 -i eth0 -S 192.40.0.99 -t ff:ff:ff:ff:ff:ff 192.40.0.99

The best documentation in the blackboard, … always

 

IPTables
IPTables

 

This diagram is chairing my work office. It has been drawn in a little blackboard  so that it is easilly visible for all members of the team. Many times, look up it is more useful than a big effort  of our mind.

The diagram show the different tables that IPTables is composited, the IP packages logic-flow arround the tables and try to show the relation between IPTables and the route tables of the system.