- Queries
- All Stories
- Search
- Advanced Search
- Transactions
- Transaction Logs
All Stories
Apr 2 2024
Apr 1 2024
Always exclude this address from any defined range. This address will never be assigned by the DHCP server.
Ok, it will exclude in any range.
Forget about it
The issue seems to be in zebra/interface.c:
This actually also happens without a reboot on my test system.
After the fix
Personally I dont think its a good idea to be able to use VyOS as a jumphost towards victims of scanning.
@ServerForge It is question for hsflowd
You can open the issue on their git repo
ok, i'll change a port list and nmap scenario
Its no longer failing to start, but it seems to be only capturing inbound traffic on the tunnel, no outbound. I'm also observing this behavior on vlan interfaces, IE bond0.10.
Mar 31 2024
Proposed CLI:
set nat cgnat pool external <external> range 192.0.2.0/30 seq 1 set nat cgnat pool external <external> range 192.0.2.128-192.0.2.132 seq 2 set nat cgnat pool external <external> per-user-limit port 1024 set nat cgnat pool external <external> global-port-range 1024-65535 set nat cgnat pool internal <internal> range 100.64.1.0/24
I'm not sure that a list of ports will be helpful in this way.
From time to time, we need to scan specific ports.
What about
force scan-port-host <x.x.x.x> proto <tcp|udp> port '8080-8081,9200' force port--discovery-host <x.x.x.x> proto <tcp|udp> port '8080' force port-scan host <x.x.x.x> proto <tcp|udp> port '8080'
And use native nmap binaries (as python3 nmap module is not installed by default)
Also, it has XML format if you want a custom table:
sudo nmap -oX - 127.0.0.1