Category Archives: Linux

Graylog Syslog Input Failed to start on port 514

Probably you are having the same issue as me, so let me clarify. You can use lower ports when you run Graylog as root, since this is not the case how can we fix this? The catch is redirecting traffic from a different port 1514 to port 514 UDP/TCP.

Assuming that you are using Two Input Streams

[email protected]:~$ sudo iptables -t nat -A PREROUTING -p tcp –dport 514 -j REDIRECT –to 1514
[email protected]:~$ sudo iptables -t nat -A PREROUTING -p udp –dport 514 -j REDIRECT –to 1514

[email protected]:~$ netstat -nutlp
(Not all processes could be identified, non-owned process info
will not be shown, you would have to be root to see it all.)
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0* LISTEN –
tcp 0 0* LISTEN –
tcp 0 0* LISTEN –
tcp6 0 0 :::22 :::* LISTEN –
tcp6 0 0 :::* LISTEN –
udp 0 0* –
udp6 0 0 :::1514 :::* –
udp6 0 0 :::1514 :::* –
udp6 0 0 :::1514 :::* –
udp6 0 0 :::1514 :::* –
udp6 0 0 :::1514 :::* –
udp6 0 0 :::1514 :::* –
udp6 0 0 :::1514 :::* –

[email protected]:~$ sudo iptables-save
# Generated by iptables-save v1.6.1 on Tue Jul 23 13:04:56 2019
:INPUT ACCEPT [84:11215]
:OUTPUT ACCEPT [33:2344]
-A PREROUTING -p udp -m udp –dport 514 -j REDIRECT –to-ports 1514
-A PREROUTING -p tcp -m tcp –dport 514 -j REDIRECT –to-ports 1514
# Completed on Tue Jul 23 13:04:56 2019
# Generated by iptables-save v1.6.1 on Tue Jul 23 13:04:56 2019
:INPUT ACCEPT [111065:37834236]
:OUTPUT ACCEPT [106771:36862434]
# Completed on Tue Jul 23 13:04:56 2019

Below you can confirm if the Policy is working, in this case the Chain OUTPUT.

[email protected]:~$ sudo iptables -L -v -n
Chain INPUT (policy ACCEPT 124K packets, 42M bytes)
pkts bytes target prot opt in out source destination

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination

Chain OUTPUT (policy ACCEPT 119K packets, 41M bytes)
pkts bytes target prot opt in out source destination

TAP vs TUN Interfaces

What is the TUN ?
The TUN is Virtual Point-to-Point network device.
TUN driver was designed as low level kernel support for
IP tunneling.

What is the TAP ?
The TAP is a Virtual Ethernet network device.
TAP driver was designed as low level kernel support for
Ethernet tunneling.

What is the difference between TUN driver and TAP driver?
TUN works with IP frames. TAP works with Ethernet frames.

These kind of interfaces are supported in Linux

White box with Cumulus Networks

Probably you heard about “white box” term or Open Networking, which is a new move in the Networking Industry. It’s pretends decouple hardware from software in network device sold by vendor. Have you imagined running NX-OS in x86 server for a network fabric (leaf?) purpose? What do you earn doing this? It would be cheaper off course but you will need Network/Ops teams evolve with that (skill gap?). Some Service Providers like AT&T are moving on white box solutions, they are testing Provider Edge (PE) modes in  MPLS network, replacing expensive boxes from vendors which doing basic functions. At the moment Cisco is not getting there with any product! Juniper is doing some advances, his new product OCX 1100 you can run Cumulus. But what is Cumulus? It’s full-featured Linux OS for networking hardware!
I’ve had an opportunity to play with Cumulus (2 spines/leafs with OSPF, BGP, VXLAN, Bridging), and it seems interesting, but i would expect a more readable CLI. Are we be able to learn another CLI? Absolutely!

Recently Cumulus Networks launch a Virtual Edition called Cumulus VX , it’s available for different Hypervisors, so Network Engineers  will not be in the dark any more. Another benefit with Virtual editions is run a demonstration to customers is a few clicks.


Rescan NIC on Centos

After clone a VM (Centos 6) in Vmware i was not able to use the nic (eth0), after some research it was using the same original VM MAC-ADDRESS (00:0c:29:2c:a9:ae)

To solve it i did:

rm -f /etc/udev/rules.d/70-persistent-net.rules

Because this is my lab i can reboot my vservers whenever i want :), so i rebooted

After reboot i was able too see correct mac-address assigned to my vserver

[[email protected] ~]# cat /etc/udev/rules.d/70-persistent-net.rules
# This file was automatically generated by the /lib/udev/write_net_rules
# program, run by the persistent-net-generator.rules rules file.
# You can modify it, as long as you keep each rule on a single
# line, and change only the value of the NAME= key.

# PCI device 0x8086:0x100f (e1000) (custom name provided by external tool)
SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="00:0c:29:2c:a9:af", ATTR{type}=="1", KERNEL=="eth*", NAME="eth0"

Eth0 Interface pick up the right MAC and  i was able to communicate with my Lab World :)

[[email protected] ~]# vi /etc/sysconfig/network-scripts/ifcfg-eth0

Finalmente em IPv6 :)

Infelizmente durou mais que o previsto, mas já é possível aceder ao blog via IPv6 :)
A solução assenta em Dual-Stack, em que a componente IPv6 é disponibilizada através de um túnel Point-to-Point IPv6 over IPv4 estabelecido com a Hurricane Electric.
Esta disponibiliza um Broker de Túneis sem qualquer custo, necessitando apenas de registar-se no site.
Após ativado o registo, poderá criar até 5 túneis e atribuir prefixos /48 aos túneis (rede para clientes), no site já existem diversas pré-configurações para diferentes sistemas como: Cisco, Juniper, Fortigate, FreeBSD, Linux entre outros.

O esquema de rede é mais ou menos assim:

Quando um utilizador acede via IPv6, o tráfego é encaminhado na Internet até à rede da Hurricane Electric, encaminhando-o posteriormente pelo túnel estabelecido. O retorno do tráfego é efetuado exatamente pelo mesmo caminho.

Resumindo, agora existem 2 formas de aceder ao Blog, através de IPv4 e IPv6, portanto já não existem desculpas!

Hurricane Electric Free IPv6 Tunnel Broker