Is there any way to setup a 'SPAN' or 'Mirror' port using VirtualBox so as to copy/mirror all network traffic from a particular virtual network to a promiscuous-mode adapter on a Virtual machine?
The use case is as follows - I need to teach a class on security and was figuring the easiest way for students to practise. The monitoring machine will likely have Zeek(Bro) installed and will be used to analyse packet metadata.
Related
I am planning to run an SSIS ETL job , which has a sql server as SOURCE db , this is on a physical on-premise machine and the DESTINATION db (postegres/patroni) is running on Openshift platform as pod/containers. The issue I am facing now is like, DB hosted on openshift cannot be exposed via tcp port. As per few articles online, openshift only allows HTTP traffic via “routes”. Is this assumption right? If yes, how in real world people run ETL or bulk data transfer or migration to a db on openshift from outside. I am worried to use HTTP since I feel , it’s not efficient for ETL. Few folks mentioned like, use OC PORT FORWARDING. But for a production app, how an open shift port forwarding be stable? Please throw your comments
In a production environment it is a little questionable if you want to expose your database to the public internet. Normally you probably rather want to go with a site-to-site VPN.
That left aside it is correct that OCP is using routes for most use cases, which are then exposing an http(s) endpoint. If you need plain TCP however, you can create a service of type loadbalancer.
The regular setup with a route is stacked like
route --> service --> pods where the service is commonly of type clusterIP.
with a service of type loadbalancer, you eliminate the route and directly expose a TCP service.
If you run on a public cloud, OCP takes care of the leftover requirements for you. Namely that is to create a Loadbalancer with your cloudprovider. In the case of AWS for example, OCP would create an ELB (Elastic Loadbalancer) for you.
You can find more information in the documentation
In my env variable there is host for MySQL database. But it is ip in local network (starts with 127...). How can I make MySQL available for external world via domain name for db?
This is not possible. Openshift is a Platform-as-a-Service (PaaS) that shields the internals of the implementation in a paradigm that allows access through an API connector such as PHP and a database cartidge. Or through SSH tunneling. It does not expose an IP Address of your mysql server sitting there as port 3306 for use in development with such db libraries a c#, java, python, etc. Or with Mysql Workbench or the like.
In fact, it is not your mysql server as much as it is a shared one.
Infrastruture-as-a-Service (IaaS) platforms such as AWS EC2 would allow for those native port 3306 connections and a public IP Address exposed if you opened up the firewall for them.
With Openshift, in order to achieve connections with such things as Mysql Workbench, you need a pki key pair and an SSH tunnel. Same for a native app, say, written in c#, which would need the likes of SSH.NET . these are all configurations that are bearable for a single developer, but don't scale for a rollout to your users, generally speaking. Unless you are up for the task of doing that. That is, key management.
It is one of the drawbacks, but also one of the security guarantees you can bank on. You can also enjoy its simplicity. But it has its shortcomings. I have converted some people away from Openshift once they have realized this. The same limitations exist with major shared hosts where SSH is the only way in.
I hope I have answered your question.
I have installed the Cloudera Quickstart VM on my windows 8 host machine. I would like to know if it is possible to use sqoop in the VM to import data from a mysql database running in the host machine. The VM runs centOS. If so, what would be the configuration changes that i'd have to make.
Thanks
It depends on how you have your VM setup. If your VM is just using an internal network for your network interface devices, then no.
If your network interface devices are setup to use NAT or bridged, then yes. Bridged network interfaces are the easiest to work with, as it involves no routing. If your network is set to bridged mode, then your VM will be getting a DCHP address from the same location as your Host. Connecting to the mysql database is just the usual <hostip>:3306.
If the network device is set to NAT, then you've got to figure out how to route between the two networks. It's probably just a lot easier to set your VM to bridged mode than cover how to route your NAT'd interface.
Just check if you are able to ping your local machine from VM. Try ping in vm. If it works then sqoop should be able to connect to your local mysql. I am using same configuration as you are using and it works fine for me.
This is my scenario,
I have a Ubuntu 12.10 host and a win 7 guest installed in the virtual box. The Network is configured to be NAT in the virtual box. I have a mysql sever installed in the Ubuntu with “bind_address” in my.cnf is commented out.
How can I access this mysql server from the windows 7 guest? I did some search in Google and came accross with this Host-Only Networking With VirtualBox but I cant get it work as I don't have statics IP with my internet vendor and my network knowledge is very bad. All I know is that I have DHCP enabled Internet connection. So if i do any IP's in the network settings I don't have Internet.
I know that there are plenty of solutions on the other way around (access the guest server from the host) but still cant figure it out.
So any help is appreciated.
Thanks
Your external IP being static or not has no bearing to accessing a virtualized server on your LAN.
Set VirtualBox to bridge mode.
Simply determine your computer's DHCP-selected internal IP (usually 192.168.1.SOMETHING) and replace the last number with another that is less than 250. For example, if your computer was 192.168.1.6, 192.168.1.70 would work fine on the VM(pick a high number to void conflicts).
Set it by using the control panel->adapter settings. Reboot the VM. Connect to MySQL at 192.168.1.70(or the address you picked earlier).
Note: If your computer's address is in a different subnet (192.168.0.XXX, 10.XX.XX.XX, etc) change the last number and keep the first numbers the same as on the host.
Is there a performance difference between TCP connections to:
localhost / 127.0.0.1
a domain which resolves to the local machine
Or more specifically, do the latter connections go through the loopback device, or over the actual network?
The reason I'm asking is I'm thinking about changing database settings in many PHP apps so they use a full domain instead of localhost. That way we could more easily move the database to a different server, if the need arises.
This is implementation and operating system dependent. On Windows, anything connecting to a local IP address, even if it is an outside-facing IP, will go over loopback. This is a documented problem for applications such as packet sniffers, because you can't sniff the loopback. (Windows doesn't treat loopback as a "device" -- it is handled at the network level.) However, in this case it would work in your favor.
Linux, in contrast, will follow whatever you have in your routing table, so packets that are destined to your local machine will go to your local machine over the network if the routing table isn't properly configured. However, in 99% of the cases the routing will be configured properly. Your packets won't go over the loopback device, but the TCP/IP stack will know that you are contacting a local IP and it will virtually go out and back in the proper ethernet device.
In a properly configured environment, the only bottleneck for using a domain name would be DNS resolution time. Contacting an outside DNS can add additional latency into your configuration. However, if you add in the domain name into your /etc/hosts file (C:\Windows\System32\drivers\etc\hosts on Windows), your system will skip the DNS resolution phase and obtain an IP directly, making this time cost moot.
That depends on how the names are resolved. The procedure is typically /etc/hosts first and then DNS if that fails. If localhost is in your /etc/hosts, putting whatever.wherever in the file as well will make it resolve with the same speed.