Simon Krenger

iptables ACCEPT [0:0] brackets

, by Simon Krenger

So lately I have been working a lot more with Linux networking. Consider an iptables configuration like this:

*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [7752:8249066]
[..]
-A RH-Firewall-1-FORWARD -p icmp -m icmp --icmp-type any -j ACCEPT 
-A RH-Firewall-1-FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT 
-A RH-Firewall-1-FORWARD -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT 
[..]
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited 
COMMIT
# Completed on Fri Nov 21 15:44:47 2014

Ever noticed the brackets right next to the chain? What are those? What do the numbers mean?

*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [7752:8249066]

The answer is pretty easy and pretty obvious in hindsight. These numbers report

  • packet counter for the chain
  • byte counter for the chain

So in our example above, the OUTPUT chain matched 7752 packets and 8249066 bytes.

Tags: , , ,

[FATAL] PRVF-0002 : Could not retrieve local nodename

, by Simon Krenger

During a silent Oracle 12c Release 1 database installation on a newly set up Oracle Enterprise Linux box, I encountered the following error when performing the installation:

[oracle@pandora database]$ ./runInstaller -silent -responseFile /home/oracle/database/response/kdb.rsp 
Starting Oracle Universal Installer...

Checking Temp space: must be greater than 500 MB.   Actual 45136 MB    Passed
Checking swap space: must be greater than 150 MB.   Actual 4031 MB    Passed
Preparing to launch Oracle Universal Installer from /tmp/OraInstall2013-06-27_12-11-01AM. Please wait ...
[oracle@pandora database]$ [FATAL] PRVF-0002 : Could not retrieve local nodename
A log of this session is currently saved as: [..]

But when I checked the hostname, everything seems to be just fine, I even get the FQDN:

Read the rest of this entry
Tags: , , , , , ,

NMAP through VPN

, by Simon Krenger

When I tried to run a scan with NMAP over my VPN connection, I received the following error:

PS C:\> nmap -sP 192.168.10.0/24
Starting Nmap 5.21 ( http://nmap.org ) at 2010-11-18 09:35 W. Europe Standard Time
nexthost: Failed to determine dst MAC address for target 192.168.10.0
QUITTING!

Alright… A quick search with Google revealed the following topic: http://seclists.org/nmap-dev/2008/q1/81.

Read the rest of this entry
Tags: , , , , ,

Hello world

My name is Simon Krenger, I am a Technical Account Manager (TAM) at Red Hat. I advise our customers in using Kubernetes, Containers, Linux and Open Source.

Blog Categories

  1. Kubernetes / OpenShift
  2. Linux
  3. MySQL
  4. Oracle
  5. Personal
  6. Windows

Elsewhere

  1. GitHub
  2. LinkedIn
  3. GitLab