BRRABill's Field Report With Linux



  • Linux QOTD (Question Of The Day)

    My XO instance (Ubuntu 16.04) does not automatically grab an IP address on reboot.

    How do I remedy that?


  • Service Provider

    @BRRABill said in BRRABill's Field Report With Linux:

    Linux QOTD (Question Of The Day)

    My XO instance (Ubuntu 16.04) does not automatically grab an IP address on reboot.

    How do I remedy that?

    Do you want it to grab one (DHCP) or to have one (Static)?



  • @scottalanmiller said in BRRABill's Field Report With Linux:

    @BRRABill said in BRRABill's Field Report With Linux:

    Linux QOTD (Question Of The Day)

    My XO instance (Ubuntu 16.04) does not automatically grab an IP address on reboot.

    How do I remedy that?

    Do you want it to grab one (DHCP) or to have one (Static)?

    Grab one.

    I've never actually had this issue. It has always grabbed one.

    Not sure what happened to this instance.

    Stupid Linux.



  • @BRRABill said in BRRABill's Field Report With Linux:

    @scottalanmiller said in BRRABill's Field Report With Linux:

    @BRRABill said in BRRABill's Field Report With Linux:

    Linux QOTD (Question Of The Day)

    My XO instance (Ubuntu 16.04) does not automatically grab an IP address on reboot.

    How do I remedy that?

    Do you want it to grab one (DHCP) or to have one (Static)?

    Grab one.

    I've never actually had this issue. It has always grabbed one.

    Not sure what happened to this instance.

    Stupid Linux.

    Is the networking daemon starting when the system starts?

    What's your /etc/network/interfaces file look like?



  • @stacksofplates said

    Is the networking daemon starting when the system starts?

    What's your /etc/network/interfaces file look like?

    As a Linux noob, never been in that file before.

    But after going into it, I immediately know (I think) what the issue was.

    It has eth1 and ifconfig shows eth0.

    Yep, that was it. More knowledge, mmmmmm!

    # This file describes the network interfaces available on your system
    # and how to activate them. For more information, see interfaces(5).
    
    source /etc/network/interfaces.d/*
    
    # The loopback network interface
    auto lo
    iface lo inet loopback
    
    # The primary network interface
    auto eth1
    iface eth1 inet dhcp
    ~
    


  • I think you mean ip addr
    ifconfig is old-hat, apparently. I still in habit of using ifconfig myself.



  • @momurda said in BRRABill's Field Report With Linux:

    I think you mean ip addr
    ifconfig is old-hat, apparently. I still in habit of using ifconfig myself.

    I started way back in the day of using ifconfig and just haven't broken out of it it.

    Way back in the day meaning like July.



  • I'll likely keep typing it until it starts saying:

    "Command not found, use ip addr, ya idjit"


  • Service Provider

    @dafyre said in BRRABill's Field Report With Linux:

    I'll likely keep typing it until it starts saying:

    "Command not found, use ip addr, ya idjit"

    You can fix that with an alias.


  • Service Provider

    ifconfig is deal, long live ip addr



  • @scottalanmiller said in BRRABill's Field Report With Linux:

    ifconfig is deal, long live ip a

    FYFY - cause I'm lazy, and that's all I type out



  • @scottalanmiller said in BRRABill's Field Report With Linux:

    @dafyre said in BRRABill's Field Report With Linux:

    I'll likely keep typing it until it starts saying:

    "Command not found, use ip addr, ya idjit"

    You can fix that with an alias.

    True. But at that point, I'd likely just sigh and type the correct command.



  • QOTD:

    So I installed Ubuntu 16.10 yesterday to set up a Unifi cloud controller.

    I followed some pretty simple directions here which had me "setup the iptables" firewall.
    https://community.ubnt.com/t5/UniFi-Wireless/Step-by-Step-Walkthrough-Set-up-Unifi-Cloud-Controller-v-4-7-6/td-p/1324666

    But I have seen most articles reference ufw as the firewall in Ubuntu, a "front end" for iptables.

    So, can someone explain what the heck these two things are? Are they two separate things that should not be used together?

    ufw was installed but not enabled on my install. Is iptables enabled by default on fresh installs?



  • @BRRABill said in BRRABill's Field Report With Linux:

    QOTD:

    So I installed Ubuntu 16.10 yesterday to set up a Unifi cloud controller.

    I followed some pretty simple directions here which had me "setup the iptables" firewall.
    https://community.ubnt.com/t5/UniFi-Wireless/Step-by-Step-Walkthrough-Set-up-Unifi-Cloud-Controller-v-4-7-6/td-p/1324666

    But I have seen most articles reference ufw as the firewall in Ubuntu, a "front end" for iptables.

    So, can someone explain what the heck these two things are? Are they two separate things that should not be used together?

    ufw was installed but not enabled on my install. Is iptables enabled by default on fresh installs?

    iptables is the user-space application to configure the tables kernel firewall. Almost every Linux based firewall app uses iptables in the background to do it's work. So this ufw is just another way to manage the firewall. Leave it to Ubuntu to do something odd.

    I'd hope a firewall is enabled by default, that it's missing as default in CentOS7-1511 is super annoying.



  • @travisdh1 said in BRRABill's Field Report With Linux:

    @BRRABill said in BRRABill's Field Report With Linux:

    QOTD:

    So I installed Ubuntu 16.10 yesterday to set up a Unifi cloud controller.

    I followed some pretty simple directions here which had me "setup the iptables" firewall.
    https://community.ubnt.com/t5/UniFi-Wireless/Step-by-Step-Walkthrough-Set-up-Unifi-Cloud-Controller-v-4-7-6/td-p/1324666

    But I have seen most articles reference ufw as the firewall in Ubuntu, a "front end" for iptables.

    So, can someone explain what the heck these two things are? Are they two separate things that should not be used together?

    ufw was installed but not enabled on my install. Is iptables enabled by default on fresh installs?

    iptables is the user-space application to configure the tables kernel firewall. Almost every Linux based firewall app uses iptables in the background to do it's work. So this ufw is just another way to manage the firewall. Leave it to Ubuntu to do something odd.

    I'd hope a firewall is enabled by default, that it's missing as default in CentOS7-1511 is super annoying.

    The "odd" thing is that when I use ufw to list the rules in place (in iptables) nothing is listed.

    Which makes me wonder if they are separate things...



  • @BRRABill said in BRRABill's Field Report With Linux:

    @travisdh1 said in BRRABill's Field Report With Linux:

    @BRRABill said in BRRABill's Field Report With Linux:

    QOTD:

    So I installed Ubuntu 16.10 yesterday to set up a Unifi cloud controller.

    I followed some pretty simple directions here which had me "setup the iptables" firewall.
    https://community.ubnt.com/t5/UniFi-Wireless/Step-by-Step-Walkthrough-Set-up-Unifi-Cloud-Controller-v-4-7-6/td-p/1324666

    But I have seen most articles reference ufw as the firewall in Ubuntu, a "front end" for iptables.

    So, can someone explain what the heck these two things are? Are they two separate things that should not be used together?

    ufw was installed but not enabled on my install. Is iptables enabled by default on fresh installs?

    iptables is the user-space application to configure the tables kernel firewall. Almost every Linux based firewall app uses iptables in the background to do it's work. So this ufw is just another way to manage the firewall. Leave it to Ubuntu to do something odd.

    I'd hope a firewall is enabled by default, that it's missing as default in CentOS7-1511 is super annoying.

    The "odd" thing is that when I use ufw to list the rules in place (in iptables) nothing is listed.

    Which makes me wonder if they are separate things...

    Wait... Ubuntu.... and more crazy Ubuntu type things. I don't think they enable the firewall by default. They say "Just don't run a service you don't need." instead, don't they?



  • @travisdh1 said

    Wait... Ubuntu.... and more crazy Ubuntu type things. I don't think they enable the firewall by default. They say "Just don't run a service you don't need." instead, don't they?

    Well, that's part of m question as well.

    From a little reading, it appears there is no firewall by default, because no ports are open.

    But then all you have to do is add ports into iptables, and that enables it?

    This is why I am confused.



  • @BRRABill said in BRRABill's Field Report With Linux:

    @travisdh1 said

    Wait... Ubuntu.... and more crazy Ubuntu type things. I don't think they enable the firewall by default. They say "Just don't run a service you don't need." instead, don't they?

    Well, that's part of m question as well.

    From a little reading, it appears there is no firewall by default, because no ports are open.

    But then all you have to do is add ports into iptables, and that enables it?

    This is why I am confused.

    Nope. You want a web server on port 80, just install apache2. Done.



  • @BRRABill said in BRRABill's Field Report With Linux:

    @travisdh1 said

    Wait... Ubuntu.... and more crazy Ubuntu type things. I don't think they enable the firewall by default. They say "Just don't run a service you don't need." instead, don't they?

    Well, that's part of m question as well.

    From a little reading, it appears there is no firewall by default, because no ports are open.

    But then all you have to do is add ports into iptables, and that enables it?

    This is why I am confused.

    No adding ports to iptables doesn't not enable it - you'd have to start the service that enables it, and then open the required ports (I suppose you could do it either one first, but if you don't enable the service, then there is no firewall running)



  • @Dashrender said i

    No adding ports to iptables doesn't not enable it - you'd have to start the service that enables it, and then open the required ports (I suppose you could do it either one first, but if you don't enable the service, then there is no firewall running)

    Are you sure about that?

    iptables is just the interface to the firewall, which I think is always running.

    Now, by default, it is allowing everything.

    I set up another fresh droplet for testing, and this is what iptables -L gives me

    Chain INPUT (policy ACCEPT)
    Chain FORWARD (policy ACCEPT)
    Chain OUTPUT (policy ACCEPT)
    


  • yep, I'm sure IF the following is correct and the firewall is not enabled by default as mentioned below.

    @travisdh1 said in BRRABill's Field Report With Linux:

    Wait... Ubuntu.... and more crazy Ubuntu type things. I don't think they enable the firewall by default. They say "Just don't run a service you don't need." instead, don't they?



  • @Dashrender said in BRRABill's Field Report With Linux:

    yep, I'm sure IF the following is correct and the firewall is not enabled by default as mentioned below.

    @travisdh1 said in BRRABill's Field Report With Linux:

    Wait... Ubuntu.... and more crazy Ubuntu type things. I don't think they enable the firewall by default. They say "Just don't run a service you don't need." instead, don't they?

    I think maybe what @travisdh1 meant was that it is enabled, but be default allows everything.

    Hence, it seeming like it's not actually firewalling anything.

    @travisdh1 ???

    And where are all the Ubuntu experts here on ML???



  • So, in this fresh install, I tried adding a rule in ufw, and it added all sorts of stuff to iptables.

    So maybe it works the one way, but not the other?



  • @BRRABill said in BRRABill's Field Report With Linux:

    So, in this fresh install, I tried adding a rule in ufw, and it added all sorts of stuff to iptables.

    So maybe it works the one way, but not the other?

    that's completely possible. Unifi stuff is that way
    you can update the device with a json file, but it won't update the GUI.



  • @Dashrender said in BRRABill's Field Report With Linux:

    @BRRABill said in BRRABill's Field Report With Linux:

    So, in this fresh install, I tried adding a rule in ufw, and it added all sorts of stuff to iptables.

    So maybe it works the one way, but not the other?

    that's completely possible. Unifi stuff is that way
    you can update the device with a json file, but it won't update the GUI.

    Actually the Unifi installer made NO changes to iptables.



  • I mean that adding in one rule in ufw (allwing SSH) added all this to the output of iptables -L

    Chain INPUT (policy DROP)
    target     prot opt source               destination
    ufw-before-logging-input  all  --  anywhere             anywhere
    ufw-before-input  all  --  anywhere             anywhere
    ufw-after-input  all  --  anywhere             anywhere
    ufw-after-logging-input  all  --  anywhere             anywhere
    ufw-reject-input  all  --  anywhere             anywhere
    ufw-track-input  all  --  anywhere             anywhere
    
    Chain FORWARD (policy DROP)
    target     prot opt source               destination
    ufw-before-logging-forward  all  --  anywhere             anywhere
    ufw-before-forward  all  --  anywhere             anywhere
    ufw-after-forward  all  --  anywhere             anywhere
    ufw-after-logging-forward  all  --  anywhere             anywhere
    ufw-reject-forward  all  --  anywhere             anywhere
    ufw-track-forward  all  --  anywhere             anywhere
    
    Chain OUTPUT (policy ACCEPT)
    target     prot opt source               destination
    ufw-before-logging-output  all  --  anywhere             anywhere
    ufw-before-output  all  --  anywhere             anywhere
    ufw-after-output  all  --  anywhere             anywhere
    ufw-after-logging-output  all  --  anywhere             anywhere
    ufw-reject-output  all  --  anywhere             anywhere
    ufw-track-output  all  --  anywhere             anywhere
    
    Chain ufw-after-forward (1 references)
    target     prot opt source               destination
    
    Chain ufw-after-input (1 references)
    target     prot opt source               destination
    ufw-skip-to-policy-input  udp  --  anywhere             anywhere             udp dpt:netbios-ns
    ufw-skip-to-policy-input  udp  --  anywhere             anywhere             udp dpt:netbios-dgm
    ufw-skip-to-policy-input  tcp  --  anywhere             anywhere             tcp dpt:netbios-ssn
    ufw-skip-to-policy-input  tcp  --  anywhere             anywhere             tcp dpt:microsoft-ds
    ufw-skip-to-policy-input  udp  --  anywhere             anywhere             udp dpt:bootps
    ufw-skip-to-policy-input  udp  --  anywhere             anywhere             udp dpt:bootpc
    ufw-skip-to-policy-input  all  --  anywhere             anywhere             ADDRTYPE match dst-type BROADCAST
    
    
    


  • @BRRABill said in BRRABill's Field Report With Linux:

    @Dashrender said in BRRABill's Field Report With Linux:

    @BRRABill said in BRRABill's Field Report With Linux:

    So, in this fresh install, I tried adding a rule in ufw, and it added all sorts of stuff to iptables.

    So maybe it works the one way, but not the other?

    that's completely possible. Unifi stuff is that way
    you can update the device with a json file, but it won't update the GUI.

    Actually the Unifi installer made NO changes to iptables.

    considering the instructions you found that had you manually make iptables changes, I'm not surprised - not that the script couldn't include that, they don't so they remain simple to be used on any linux distro or nearly any.



  • @BRRABill said in BRRABill's Field Report With Linux:

    @Dashrender said i

    No adding ports to iptables doesn't not enable it - you'd have to start the service that enables it, and then open the required ports (I suppose you could do it either one first, but if you don't enable the service, then there is no firewall running)

    Are you sure about that?

    iptables is just the interface to the firewall, which I think is always running.

    Now, by default, it is allowing everything.

    I set up another fresh droplet for testing, and this is what iptables -L gives me

    Chain INPUT (policy ACCEPT)
    Chain FORWARD (policy ACCEPT)
    Chain OUTPUT (policy ACCEPT)
    

    That's the "tables is turned off" output.



  • @travisdh1 said

    That's the "tables is turned off" output.

    See, I think that is semantics.

    tables is turned on, but accepting everything.

    Because you don't have to issue any commands, simple add something to iptables



  • @BRRABill said in BRRABill's Field Report With Linux:

    @Dashrender said in BRRABill's Field Report With Linux:

    yep, I'm sure IF the following is correct and the firewall is not enabled by default as mentioned below.

    @travisdh1 said in BRRABill's Field Report With Linux:

    Wait... Ubuntu.... and more crazy Ubuntu type things. I don't think they enable the firewall by default. They say "Just don't run a service you don't need." instead, don't they?

    I think maybe what @travisdh1 meant was that it is enabled, but be default allows everything.

    Hence, it seeming like it's not actually firewalling anything.

    @travisdh1 ???

    And where are all the Ubuntu experts here on ML???

    Ubuntu does things so odd compared to the rest of the ecosystem (ufw), that many of us only touch it if when we have no other choice.


Log in to reply
 

Looks like your connection to MangoLassi was lost, please wait while we try to reconnect.