Related to https://vyos.dev/T6080
- Queries
- All Stories
- Search
- Advanced Search
- Transactions
- Transaction Logs
All Stories
Apr 3 2024
Apr 2 2024
Upstream fix merged https://github.com/FRRouting/frr/pull/15649
You may only use this Speedtest software and information generated
from it for personal, non-commercial use, through a command line
interface on a personal computer. Your use of this software is subject
to the End User License Agreement, Terms of Use and Privacy Policy at
these URLs:
this new command was merge in order to solved this problem :
vyos@vrf-test:~$ show configuration commands | match disable set protocols bgp parameters disable-ebgp-connected-route-check
The original issue was resolved.
Apr 1 2024
Always exclude this address from any defined range. This address will never be assigned by the DHCP server.
Ok, it will exclude in any range.
Forget about it
The issue seems to be in zebra/interface.c:
This actually also happens without a reboot on my test system.
After the fix
Personally I dont think its a good idea to be able to use VyOS as a jumphost towards victims of scanning.
@ServerForge It is question for hsflowd
You can open the issue on their git repo
ok, i'll change a port list and nmap scenario
Its no longer failing to start, but it seems to be only capturing inbound traffic on the tunnel, no outbound. I'm also observing this behavior on vlan interfaces, IE bond0.10.
Mar 31 2024
Proposed CLI:
set nat cgnat pool external <external> range 192.0.2.0/30 seq 1 set nat cgnat pool external <external> range 192.0.2.128-192.0.2.132 seq 2 set nat cgnat pool external <external> per-user-limit port 1024 set nat cgnat pool external <external> global-port-range 1024-65535 set nat cgnat pool internal <internal> range 100.64.1.0/24
I'm not sure that a list of ports will be helpful in this way.
From time to time, we need to scan specific ports.
What about
force scan-port-host <x.x.x.x> proto <tcp|udp> port '8080-8081,9200' force port--discovery-host <x.x.x.x> proto <tcp|udp> port '8080' force port-scan host <x.x.x.x> proto <tcp|udp> port '8080'
And use native nmap binaries (as python3 nmap module is not installed by default)
Also, it has XML format if you want a custom table:
sudo nmap -oX - 127.0.0.1