In order to patch centos 6 for bind bug CVE-2015-5477 it is necessary to use the CR (continuous release) repository as it is not available for 6.6 and will be released in 6.7 and thus must be installed as a hot fix.
To do this simple enable the CR repository
# yum install centos-release-cr
Then update bind
# yum update bind
For good measure restart bind
# service named restart
And then I suggest you remvoe the CR repository
# yum erase centos-release-cr
You can check which repositories are in use
# yum repolist
Thursday 30 July 2015
Friday 24 July 2015
redirecting tcp traffic
Sometimes I see a transit issue on the internet which I can't fix as I don't have a contract with the particular company in question. Whilst I am waiting for it to be resolved I sometimes route traffic round the issue by bouncing it off another server in another part of the world.
So for instance if I wanted to send tcp traffic to a particular port from a server in say the UK to a server in Singapore when there is a traffic issue between them then I could bounce the traffic off a server I have in Japan using iptables.
SERVERIP="x.x.x.x"
DESTIP="y.y.y.y"
ORIGIP="z.z.z.z"
PORT="nnn"
iptables -F -t nat
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A PREROUTING -p tcp -s $ORIGIP -d $SERVERIP --dport $PORT -j DNAT --to-destination $DESTIP
iptables -A POSTROUTING -t nat -o eth0 -s $ORIGIP -d $DESTIP -j MASQUERADE
iptables -A POSTROUTING -t nat -o eth0 -s $DESTIP -d $ORIGIP -j MASQUERADE
Simply run the commands above on the server in Japan setting SERVERIP to the address of the server in Japan, DESTIP to the address of the server in Singapore and ORIGIP to the address of the server in the UK.
Once that's done send the traffic to SERVIP rather than DESTIP and it will be redirsted to DESTIP and appear to be from ORIGIP.
Bear in mind you won't be able to send traffic to SERVERIP on the port specified so it's probably not a good idea to redirect port 22!
So for instance if I wanted to send tcp traffic to a particular port from a server in say the UK to a server in Singapore when there is a traffic issue between them then I could bounce the traffic off a server I have in Japan using iptables.
SERVERIP="x.x.x.x"
DESTIP="y.y.y.y"
ORIGIP="z.z.z.z"
PORT="nnn"
iptables -F -t nat
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A PREROUTING -p tcp -s $ORIGIP -d $SERVERIP --dport $PORT -j DNAT --to-destination $DESTIP
iptables -A POSTROUTING -t nat -o eth0 -s $ORIGIP -d $DESTIP -j MASQUERADE
iptables -A POSTROUTING -t nat -o eth0 -s $DESTIP -d $ORIGIP -j MASQUERADE
Simply run the commands above on the server in Japan setting SERVERIP to the address of the server in Japan, DESTIP to the address of the server in Singapore and ORIGIP to the address of the server in the UK.
Once that's done send the traffic to SERVIP rather than DESTIP and it will be redirsted to DESTIP and appear to be from ORIGIP.
Bear in mind you won't be able to send traffic to SERVERIP on the port specified so it's probably not a good idea to redirect port 22!
Subscribe to:
Posts (Atom)