Dennis G's questions

I have a similar problem to this post here, though I don't think my IP ranges collide: https://forums.docker.com/t/service-is-unreachable-on-host-ip-localhost-works/78515

I'm exposing a webserver via docker on port 443 and I can access it via 127.0.0.1:443 as well as from outside the host. I cannot access that webserver via the host IP and I am pulling my hair out why this may be.

To make things reproducible, let me fire up a netcat container (that is listening on all interfaces inside the container) - I have the same problem on port 443 obviously:

$ docker run -ti --rm -p 8182:8182 chilcano/netcat:jessie -vvl -p 8182
->>>>>> (Executing '/bin/netcat -vvl -p 8182') <<<<<<-
listening on [any] 8182 ...

Docker is listening on all local interfaces on 8182 ✅

$  lsof -i :8182
COMMAND     PID USER   FD   TYPE     DEVICE SIZE/OFF NODE NAME
docker-pr 11152 root    4u  IPv4 1183427772      0t0  TCP *:8182 (LISTEN)

Connecting to netcat in docker from the host works when using localhost ✅

$  nc -vz 127.0.0.1 8182
localhost [127.0.0.1] 8182 open

the problem starts when using the local host's IP and trying to reach the docker container like that ❌

$  nc -vz 192.168.176.111 8182
ramirez.domain.local [192.168.176.111] 8182: Network is unreachable

I can ping the host just fine and access other things that run on the host via its IP (e.g. running netcat -vvl -p 8182 directly on the host instead of the docker container everything works).

When calling the same IP from another device in the network, everything works ✅, so this is a local problem of the docker host

$  nc -vz 192.168.176.111 8182
Connection to 192.168.176.111 8182 port [tcp/*] succeeded!

The routing table as well as iptables looks fine to me, but I'm no expert.

$ ip a
# anonymized mac address
6: ovs_eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1
    link/ether xx:xx:xx:xx:xx:xx brd ff:ff:ff:ff:ff:ff
    inet 192.168.176.111/24 brd 192.168.176.255 scope global ovs_eth0
       valid_lft forever preferred_lft forever

route:

$  ip route
default via 192.168.176.1 dev ovs_eth0  src 192.168.176.111
169.254.0.0/16 dev ovs_eth1  proto kernel  scope link  src 169.254.106.154 dead linkdown
172.17.0.0/16 dev docker0  proto kernel  scope link  src 172.17.0.1
192.168.127.0/24 dev docker-976f9fbf  proto kernel  scope link  src 192.168.127.1
192.168.128.0/24 dev docker-bd2edfee  proto kernel  scope link  src 192.168.128.1
192.168.176.0/24 dev ovs_eth0  proto kernel  scope link  src 192.168.176.111
192.168.254.0/24 dev docker-2de11f77  proto kernel  scope link  src 192.168.254.1

iptables:

$  iptables -L -v -n
Chain INPUT (policy ACCEPT 78080 packets, 24M bytes)
 pkts bytes target     prot opt in     out     source               destination
 210M  299G DOS_PROTECT  all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination
 218M  241G DEFAULT_FORWARD  all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain OUTPUT (policy ACCEPT 76525 packets, 24M bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain DEFAULT_FORWARD (1 references)
 pkts bytes target     prot opt in     out     source               destination
 230K  276M DOCKER-USER  all  --  *      *       0.0.0.0/0            0.0.0.0/0
 231K  276M DOCKER-ISOLATION-STAGE-1  all  --  *      *       0.0.0.0/0            0.0.0.0/0
    0     0 ACCEPT     all  --  *      docker-8cfed06e  0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
    0     0 DOCKER     all  --  *      docker-8cfed06e  0.0.0.0/0            0.0.0.0/0
    0     0 ACCEPT     all  --  docker-8cfed06e !docker-8cfed06e  0.0.0.0/0            0.0.0.0/0
    0     0 ACCEPT     all  --  docker-8cfed06e docker-8cfed06e  0.0.0.0/0            0.0.0.0/0
7254K   23G ACCEPT     all  --  *      docker-f06ef418  0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
19005 1140K DOCKER     all  --  *      docker-f06ef418  0.0.0.0/0            0.0.0.0/0
4614K 1362M ACCEPT     all  --  docker-f06ef418 !docker-f06ef418  0.0.0.0/0            0.0.0.0/0
19005 1140K ACCEPT     all  --  docker-f06ef418 docker-f06ef418  0.0.0.0/0            0.0.0.0/0
2270K 2424M ACCEPT     all  --  *      docker-f95cea99  0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
1549K  101M DOCKER     all  --  *      docker-f95cea99  0.0.0.0/0            0.0.0.0/0
1814K 1273M ACCEPT     all  --  docker-f95cea99 !docker-f95cea99  0.0.0.0/0            0.0.0.0/0
1549K  101M ACCEPT     all  --  docker-f95cea99 docker-f95cea99  0.0.0.0/0            0.0.0.0/0
  14M 8442M ACCEPT     all  --  *      docker-45bb17c5  0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
14118  846K DOCKER     all  --  *      docker-45bb17c5  0.0.0.0/0            0.0.0.0/0
 7237  714K ACCEPT     all  --  docker-45bb17c5 !docker-45bb17c5  0.0.0.0/0            0.0.0.0/0
14118  846K ACCEPT     all  --  docker-45bb17c5 docker-45bb17c5  0.0.0.0/0            0.0.0.0/0
 5238   23M ACCEPT     all  --  *      docker0  0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
    0     0 DOCKER     all  --  *      docker0  0.0.0.0/0            0.0.0.0/0
 3332  216K ACCEPT     all  --  docker0 !docker0  0.0.0.0/0            0.0.0.0/0
    0     0 ACCEPT     all  --  docker0 docker0  0.0.0.0/0            0.0.0.0/0

Chain DOCKER (5 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 ACCEPT     tcp  --  !docker-45bb17c5 docker-45bb17c5  0.0.0.0/0            192.168.254.254      tcp dpt:2375
    0     0 ACCEPT     tcp  --  !docker-f95cea99 docker-f95cea99  0.0.0.0/0            192.168.127.127      tcp dpt:8888
    0     0 ACCEPT     tcp  --  !docker-f95cea99 docker-f95cea99  0.0.0.0/0            192.168.127.168      tcp dpt:8080
    0     0 ACCEPT     tcp  --  !docker-f95cea99 docker-f95cea99  0.0.0.0/0            192.168.127.168      tcp dpt:443
    0     0 ACCEPT     tcp  --  !docker-f95cea99 docker-f95cea99  0.0.0.0/0            192.168.127.168      tcp dpt:80
    0     0 ACCEPT     tcp  --  !docker0 docker0  0.0.0.0/0            172.17.0.2           tcp dpt:8182

Chain DOCKER-ISOLATION-STAGE-1 (1 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 DOCKER-ISOLATION-STAGE-2  all  --  docker-8cfed06e !docker-8cfed06e  0.0.0.0/0            0.0.0.0/0
4614K 1362M DOCKER-ISOLATION-STAGE-2  all  --  docker-f06ef418 !docker-f06ef418  0.0.0.0/0            0.0.0.0/0
1814K 1273M DOCKER-ISOLATION-STAGE-2  all  --  docker-f95cea99 !docker-f95cea99  0.0.0.0/0            0.0.0.0/0
 7237  714K DOCKER-ISOLATION-STAGE-2  all  --  docker-45bb17c5 !docker-45bb17c5  0.0.0.0/0            0.0.0.0/0
 3332  216K DOCKER-ISOLATION-STAGE-2  all  --  docker0 !docker0  0.0.0.0/0            0.0.0.0/0
 211M  239G RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain DOCKER-ISOLATION-STAGE-2 (5 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 DROP       all  --  *      docker-8cfed06e  0.0.0.0/0            0.0.0.0/0
    0     0 DROP       all  --  *      docker-f06ef418  0.0.0.0/0            0.0.0.0/0
    0     0 DROP       all  --  *      docker-f95cea99  0.0.0.0/0            0.0.0.0/0
    0     0 DROP       all  --  *      docker-45bb17c5  0.0.0.0/0            0.0.0.0/0
98306 8258K DROP       all  --  *      docker0  0.0.0.0/0            0.0.0.0/0
  38M   19G RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain DOCKER-USER (1 references)
 pkts bytes target     prot opt in     out     source               destination
 211M  239G RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain DOS_PROTECT (1 references)
 pkts bytes target     prot opt in     out     source               destination
   13   876 RETURN     icmp --  ovs_eth0 *       0.0.0.0/0            0.0.0.0/0            icmptype 8 limit: avg 1000/sec burst 5
    0     0 DROP       icmp --  ovs_eth0 *       0.0.0.0/0            0.0.0.0/0            icmptype 8
 270K   11M RETURN     tcp  --  ovs_eth0 *       0.0.0.0/0            0.0.0.0/0            tcp flags:0x17/0x04 limit: avg 1/sec burst 5
16881  675K DROP       tcp  --  ovs_eth0 *       0.0.0.0/0            0.0.0.0/0            tcp flags:0x17/0x04
 347K   20M RETURN     tcp  --  ovs_eth0 *       0.0.0.0/0            0.0.0.0/0            tcp flags:0x17/0x02 limit: avg 10000/sec burst 100
    0     0 DROP       tcp  --  ovs_eth0 *       0.0.0.0/0            0.0.0.0/0            tcp flags:0x17/0x02

So many questions and answers about PuTTY and UTF-8 encoding...

Let me summarize: I'm using a patched Nerd Font (https://github.com/ryanoasis/nerd-fonts). It displays fine for most special characters, but some just don't display correctly in PuTTY. They display fine via Windows Terminal, Notepad etc.

PuTTY (first symbol wrong, second ok):

Windows Terminal (both symbols correct):

Windows Charmap (look at the unicode):

As you can see unicode 0xF0E7 should be a flash-symbol, but PuTTY somehow displays a gothic character. Also when I copy&paste the character from the PuTTY window it is the þ, not the flash-icon. Somehow PuTTY changed the unicode codepoint? þ is 0x00FE not 0xF0E7! Also note that PuTTY does display other special characters just fine like the folder-symbol or the heart-symbol in the screenshots.

My settings:

Putty

• Window > Appearance > Font: Some Nerdfont & Allow selection of variable-pitch fonts
• Window > Appearance > Font Quality: ClearType
• Window > Translation > Remote charset: UTF-8
• Window > Translation > Drawing Characters: Use Unicode line drawings

Bash

• locale returns LANG=en_GB.UTF-8 (as well as LC_ALL=en_GB.UTF-8)

TMUX

• set -g default-terminal "screen-256color"
• setw -q -g utf8 on

When I ssh into the box via Windows Terminal everything is working as expected, also via tmux. Only when I use PuTTY some UTF-8 characters are replaced.

I have a problem with a NetApp file server with Windows XP clients.

The files are on a single SAN drive. The users regularly move files from \\storage\share to their personal folder at e.g. \\storage\myfolder. This is fine so far, but it becomes a problem when they move files from \\storage\share to \\storage\secretCompany and add some secret information to the file. The permissions for the file are still the same as they were in share, hence everyone with the permissions to share can now see this file in secretCompany.

Is there any way to prevent Windows from copying permissions and just always use the target permissions?

I've seen plenty of documentation of how to reset a user's password by running

net user <username> * /domain

or locally

net user <username> <new_password>

But I am not domain admin for the current domain, so I am not allowed to change the password via net user <my_username> * /domain (Access is denied).

What I can do though, is to hit CTRL+ALT+DEL and click on "Change Password", where I have to re-enter my current password and give a new password:

Question: How can I script that? I want to change my password via command line. Possible?

Bonus information: I'm on a Windows XP SP3 machine.

Note: Company policy is to make the user change their password every two weeks. And you cannot use your last 24 passwords... Since I don't want to always remember a new password I just iterate through "password1"..."password24" manually and in the end I am back to my old password. It would be great to do this with a small batch instead of the manual way.

I'm not knowledgeable at all about C-NAMES, A-RECORDS, name servers and the like, so just bear with me on this one:

I want to redirect subdomain.example.org to another domain somethingelse.com. I do own both domains and both domains run on shared hosting. When creating a subdomain, all I can do out-of-the-box is do a HTTP redirect (302, yuck!) or a frame redirect.
I also can set the DNS records on one host like nameserver, CNAME - but I would have know clue what I am doing.

Please explain to me how routing with nameservers works and how I should (even if not possible with my current host) redirect subdomain.example.org to somethingelse.com with the user-visible URL staying at "subdomain.example.org"

I'm working with RDP sessions quite frequently. As we work in teams and all use the same user account on a particular computer (I know...) I was wondering if there was a way to display from which computer (hostname, computername) the person is connecting.
The login screen I get when two users are already connected looks like this (german):

rdp login http://www.freeimagehosting.net/uploads/6f44b0fad1.png

I'd love it, if the screen would display from where the logged in user is connecting e.g. "COMPUTER\user connected from MYCOMPUTERNAME". This way I would know whom to ask to disconnect so I can hop onto the session.
If I remember correctly the login screen looked different for previous Windows versions including this connection information. Any way I can easily enable this or is this just standard windows behavior and there is no way to tell from where the user is connecting (btw: Task Manager shows the computername of the connected user).

I am connected via Ethernet (10.1.1.1, interface 11) as well as via Wireless LAN (172.22.12.1, interface 12). I trying to route just a certain host (140.239.191.10 - which is whatismyipaddress.com for testing purposes) via the wlan instead of the Ethernet card (which has the higher metric).

Let me give you my routing details:

Network Destination | Netmask         | Gateway     | Interface     | Metric
0.0.0.0             | 0.0.0.0         | 10.1.1.1    | 10.1.10.149   | 10
0.0.0.0             | 0.0.0.0         | 172.22.12.1 | 172.22.12.110 | 20

Now I tried the following:

route add 140.239.191.10 mask 255.255.255.255 172.22.12.1 metric 1 if 12

and I get this addition to the route table

140.239.191.10      | 255.255.255.255 | 172.22.12.1 | 172.22.12.110 | 31

And here lies the problem I think: The route is automatically assigned a metric of 31 and hence the traffic is not routed via my wlan interface, but via the ethernet (because of the lower metric). When surfing to the IP I still see the public IP address of my ethernet adapter and not the public IP address of the WLAN adapter (which are entire different networks - local DSL and UMTS).

I do not want to give the wlan the lower metric because I generally want to use the ethernet interface for all network traffic (it is faster and I can access my internal network shares) - I only want to route a single IP via the WLAN adapter.

Any suggestions appreciated!

Dennis