[Spce-user] [EXTERNAL] Physical interface VS virtual interface on iptables rules
Javier Valencia
javier.valencia at voiper.es
Wed Sep 18 18:44:02 EDT 2024
Hi Mika.
*What kind of environment is this with this virtual ethernet interface?*
It's a virtual (neth0:0 and neth0:1) ethernet adapter over physical (neth0)
one.
*What's inside your /etc/ngcp-config/network.yml?*
# cat /etc/ngcp-config/network.yml
---
hosts:
self:
dbnode: '1'
interfaces:
- lo
- neth0
- neth0:0
- neth0:1
lo:
cluster_sets:
- default
ip: 127.0.0.1
netmask: 255.255.255.0
shared_ip: []
shared_v6ip: []
type:
- sip_int
- ha_int
- web_ext
- web_int
- aux_ext
- ssh_ext
- api_int
- rtp_int
- stor_int
v6ip: ::1
v6netmask: 128
neth0:
dns_nameservers:
- XXX.XXX.XXX.XXX
- XXX.XXX.XXX.XXX
gateway: XXX.XXX.XX.XXX
hwaddr: XX:XX:XX:XX:XX:XX
ip: XXX.XXX.XXX.100
netmask: 255.255.255.0
type:
- ssh_ext
neth0:0:
ip: XXX.XXX.XXX.244
netmask: 255.255.255.255
type:
- sip_ext
- rtp_ext
- ssh_ext
neth0:1:
ip: XXX.XXX.XXX.249
netmask: 255.255.255.255
type:
- ssh_ext
role:
- proxy
- lb
- mgmt
- rtp
- db
- storage
status: online
swraiddevices: []
sysdescr: ''
syslocation: ''
sysname: ''
*What's output of `ip a` + `ip link` on your system?*
# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group
default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: neth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP
group default qlen 1000
link/ether XX:XX:XX:XX:XX:XX brd ff:ff:ff:ff:ff:ff
altname enp1s0f0
altname eno1
inet XXX.XXX.XXX.100/24 brd XXX.XXX.XXX.255 scope global neth0
valid_lft forever preferred_lft forever
inet XXX.XXX.XXX.244/32 brd XXX.XXX.XXX.244 scope global neth0:0
valid_lft forever preferred_lft forever
inet XXX.XXX.XXX.249/32 brd XXX.XXX.XXX.249 scope global neth0:1
valid_lft forever preferred_lft forever
inet6 XXXX::XXXX:XXXX:XXXX:7834/64 scope link
valid_lft forever preferred_lft forever
3: neth1: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group
default qlen 1000
link/ether XX:XX:XX:XX:XX:XX brd ff:ff:ff:ff:ff:ff
altname enp1s0f1
altname eno2
4: neth2: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group
default qlen 1000
link/ether XX:XX:XX:XX:XX:XX brd ff:ff:ff:ff:ff:ff
altname enp2s0f0
altname eno3
5: neth3: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group
default qlen 1000
link/ether XX:XX:XX:XX:XX:XX brd ff:ff:ff:ff:ff:ff
altname enp2s0f1
altname eno4
6: neth4: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group
default qlen 1000
link/ether XX:XX:XX:XX:XX:XX brd ff:ff:ff:ff:ff:ff
altname enp132s0f0
7: neth5: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group
default qlen 1000
link/ether XX:XX:XX:XX:XX:XX brd ff:ff:ff:ff:ff:ff
altname enp132s0f1
# ip link
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode
DEFAULT group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: neth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode
DEFAULT group default qlen 1000
link/ether XX:XX:XX:XX:XX:XX brd ff:ff:ff:ff:ff:ff
altname enp1s0f0
altname eno1
3: neth1: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT
group default qlen 1000
link/ether XX:XX:XX:XX:XX:XX brd ff:ff:ff:ff:ff:ff
altname enp1s0f1
altname eno2
4: neth2: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT
group default qlen 1000
link/ether XX:XX:XX:XX:XX:XX brd ff:ff:ff:ff:ff:ff
altname enp2s0f0
altname eno3
5: neth3: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT
group default qlen 1000
link/ether XX:XX:XX:XX:XX:XX brd ff:ff:ff:ff:ff:ff
altname enp2s0f1
altname eno4
6: neth4: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT
group default qlen 1000
link/ether XX:XX:XX:XX:XX:XX brd ff:ff:ff:ff:ff:ff
altname enp132s0f0
7: neth5: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT
group default qlen 1000
link/ether XX:XX:XX:XX:XX:XX brd ff:ff:ff:ff:ff:ff
altname enp132s0f1
Regards,
JV
[image: Profile picture]
Javier Valencia
Chief Technology Officer
VoIPer Telecom, S.L.
[image: Company logo]
[image: facebook] <https://www.facebook.com/voiper.ip> [image: twitter]
<https://twitter.com/voiper_ip> [image: instagram]
<https://www.youtube.com/channel/UC2VupaFEWpMsXAOygdf7Xaw> [image: linkedin]
<https://www.linkedin.com/company/voiper/>
(+34) 951 562 080 (+34) 687 486 759
javier.valencia at voiper.es
voiper.es
Calle Río Benamargosa, 15, 29651 Mijas Costa (Málaga)
El mié, 18 sept 2024 a las 8:49, Michael Prokop (<mprokop at sipwise.com>)
escribió:
> Hi,
>
> * Javier Valencia [Mon Sep 16, 2024 at 08:53:40PM +0200]:
> > Hi there!
> >
> > My NGCP CE mr9.5.7 (on bullseye (11.10) 5.10.0-30-amd64 SMP) box isn't
> > responding on sip_ext, because it's generating "/etc/iptables/rules.v4"
> > with virtual ethernet interface instead physical ethernet interface.
> >
> > In example:
> > -A INPUT -i *neth0:0* -p tcp --dport 5060 -j ACCEPT -m comment --comment
> > "sip_ext"
> >
> > Must be:
> > -A INPUT -i *neth0* -p tcp --dport 5060 -j ACCEPT -m comment --comment
> > "sip_ext"
> >
> > When I delete the first line and insert into iptables (with cli commands)
> > the second line, the server starts to respond.
> [...]
>
> Aha interesting. Before we're coming up with a workaround through
> /etc/ngcp-config/config.yml or ngcpcfg patchtt.tt2 for this, I'd
> like to understand your situation and how to properly fix this. :)
>
> What kind of environment is this with this virtual ethernet interface?
> What's inside your /etc/ngcp-config/network.yml?
> What's output of `ip a` + `ip link` on your system?
>
> PS: please make sure to subscribe to the mailing list, otherwise
> your messages end up in moderation queue (we just let it through)
> and you might also miss replies.
>
> regards
> -mika-
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sipwise.com/pipermail/spce-user_lists.sipwise.com/attachments/20240919/1ee3d459/attachment-0001.htm>
More information about the Spce-user
mailing list