03-05-2005
Also you could consider using a secure tunnel between the machines for this and routing this fraffic through the tunnel.
10 More Discussions You Might Find Interesting
1. Shell Programming and Scripting
hey guys, i am on a box named pluto and i need to be able to log into another box named genesis. i need to be able to ssh into genesis as root and not get asked for the password. what file do i need to edit on genesis to make this happen? i searched for the .rhosts file it doesn't seem to exist.... (1 Reply)
Discussion started by: Terrible
1 Replies
2. Solaris
I forgot how to configure multiple host servers on the my CDE windows in Solaris.
I'll appreciate any help
Thanks,
Remi (2 Replies)
Discussion started by: Remi
2 Replies
3. UNIX for Dummies Questions & Answers
Hello,
Iam looking for a solution to keep track on my traffic usuage, monthly usuage.
Anybody could recommend anything?
/empty (2 Replies)
Discussion started by: empty
2 Replies
4. Red Hat
Ok Time warner cable / voip modem feeding Cisco PIX 501 Wan port from PIX 501 LAN port to WAN port on Linksys wrt54GL wireless router.
so
-->Modem-->PIX 501-->WRT54GL-->Linux Server, wireless desktop, wireless laptop (2), Wireless MAC Pro, Wireless Apple TV, Wireless printer.
my... (0 Replies)
Discussion started by: tedeansiii
0 Replies
5. Solaris
I'm trying to use the Solaris 10 "encrypt" command in a script. I want to encrypt a file called "database", but not using a keyfile, instead using a keyphrase. Running this from the cli requests the user to input "Enter key:" which is fair enough but I want to run this from a script. I've tried... (1 Reply)
Discussion started by: fixit9660
1 Replies
6. Solaris
Hi,
I am trying to find a Solaris 10 alternative to the HPUX inetd.sec functionality.
I want to grant access to one service for one IP address only.
# grep fme2eall /etc/services
fme2eall 35000/tcp
# svcs -a | grep fme2eall
online Mar_09 ... (2 Replies)
Discussion started by: ejdv
2 Replies
7. Solaris
I added some entries in the /etc/hosts.allow on a Solaris 10 system.
Do I need to bounce inetd?
I have read some accounts where any changes made to the /etc/hosts.allow will be taken in automatically.
And other accounts where you need to run:
svcadm refresh inetd
My... (1 Reply)
Discussion started by: snoman1
1 Replies
8. Solaris
Hello All,
I am trying find a command that would show me the stats of outgoing traffic on UPD ports on a Solaris 10 box. I would appreciate if anybody could help me out on this.
Thank you much!!!
Best Regards
Sudharma. (7 Replies)
Discussion started by: sudharma
7 Replies
9. Solaris
Hi All
We have T4-4 Server with 2 HBA configured for SAN connectivity. We want to monitor Data traffice going through these HBA. On other AIX system we have that capability with nmon. Following screen shows nmon HBA monitoring can we achieve same in Solaris 10.
... (1 Reply)
Discussion started by: uxravi
1 Replies
10. Proxy Server
Hi there,
I have a VPS and am working on a little side project for myself and friend which is a DNS proxy. Everything was great till recently. My VPS IP has been detected by some botnet or something, and I believe SMURF attacks are occuring. The VPS provider keeps shutting down my VPS... (3 Replies)
Discussion started by: phi0x
3 Replies
LEARN ABOUT MOJAVE
tc-tunnel_key
Tunnel metadata manipulation action in tc(8) Linux Tunnel metadata manipulation action in tc(8)
NAME
tunnel_key - Tunnel metadata manipulation
SYNOPSIS
tc ... action tunnel_key { unset | SET }
SET := set src_ip ADDRESS dst_ip ADDRESS id KEY_ID dst_port UDP_PORT [ csum | nocsum ]
DESCRIPTION
The tunnel_key action combined with a shared IP tunnel device, allows to perform IP tunnel en- or decapsulation on a packet, reflected by
the operation modes UNSET and SET. The UNSET mode is optional - even without using it, the metadata information will be released automati-
cally when packet processing will be finished. UNSET function could be used in cases when traffic is forwarded between two tunnels, where
the metadata from the first tunnel will be used for encapsulation done by the second tunnel. SET mode requires the source and destination
ip ADDRESS and the tunnel key id KEY_ID which will be used by the ip tunnel shared device to create the tunnel header. The tunnel_key
action is useful only in combination with a mirred redirect action to a shared IP tunnel device which will use the metadata (for SET ) and
unset the metadata created by it (for UNSET ).
OPTIONS
unset Unset the tunnel metadata created by the IP tunnel device. This function is not mandatory and might be used only in some specific
use cases (as explained above).
set Set tunnel metadata to be used by the IP tunnel device. Requires id , src_ip and dst_ip options. dst_port is optional.
id Tunnel ID (for example VNI in VXLAN tunnel)
src_ip Outer header source IP address (IPv4 or IPv6)
dst_ip Outer header destination IP address (IPv4 or IPv6)
dst_port
Outer header destination UDP port
[no]csum
Controlls outer UDP checksum. When set to csum (which is default), the outer UDP checksum is calculated and included in the
packets. When set to nocsum, outer UDP checksum is zero. Note that when using zero UDP checksums with IPv6, the other tunnel
endpoint must be configured to accept such packets. In Linux, this would be the udp6zerocsumrx option for the VXLAN tunnel
interface.
If using nocsum with IPv6, be sure you know what you are doing. Zero UDP checksums provide weaker protection against cor-
rupted packets. See RFC6935 for details.
EXAMPLES
The following example encapsulates incoming ICMP packets on eth0 into a vxlan tunnel, by setting metadata to VNI 11, source IP 11.11.0.1
and destination IP 11.11.0.2, and by redirecting the packet with the metadata to device vxlan0, which will do the actual encapsulation
using the metadata:
#tc qdisc add dev eth0 handle ffff: ingress
#tc filter add dev eth0 protocol ip parent ffff:
flower
ip_proto icmp
action tunnel_key set
src_ip 11.11.0.1
dst_ip 11.11.0.2
id 11
action mirred egress redirect dev vxlan0
Here is an example of the unset function: Incoming VXLAN traffic with outer IP's and VNI 11 is decapsulated by vxlan0 and metadata is unset
before redirecting to tunl1 device:
#tc qdisc add dev eth0 handle ffff: ingress
#tc filter add dev vxlan0 protocol ip parent ffff: flower
enc_src_ip 11.11.0.2 enc_dst_ip 11.11.0.1 enc_key_id 11 action tunnel_key unset action mirred egress redirect dev tunl1
SEE ALSO
tc(8)
iproute2 10 Nov 2016 Tunnel metadata manipulation action in tc(8)