Skip to content

Category: Networking

How to remove default route to vpn

Published February 10, 2023

Quite often especially on corporate networks, once connected to company VPN, all your traffic starts going via your company VPN, meaning – they watching what you do.
Most people may not even suspect that but it is quite simple to find out.
So I am gonna show how to do that on Mac with few commands everyone can run.

OK, lets check out routing tables when connected to VPN:

netstat -nr | grep '0/1\'
0/1                10.225.222.129     UGSc           70        0   utun3
default            192.168.0.1        UGSc           12       11     en0
128.0/1            10.225.222.129     UGSc            0        0   utun3
Continue readingHow to remove default route to vpn
Comments closed

How to use echo or cat when nc, ss, netstat, curl, etc not available on the host to check if the port is listening

Published February 4, 2023

I came across this amazing way of testing if I could reach a port on the host, when literally nothing I tried was available:

vagrant@ ~ () $ echo hi |  nc -l -p  8089 &
[1] 13651
vagrant@ ~ () $ cat < /dev/tcp/127.0.0.1/8089
hi
[1]+  Done                    echo hi | nc -l -p 8089
vagrant@ ~ () $
vagrant@ ~ () $ cat < /dev/tcp/127.0.0.1/8089
-bash: connect: Connection refused
-bash: /dev/tcp/127.0.0.1/8089: Connection refused
Continue readingHow to use echo or cat when nc, ss, netstat, curl, etc not available on the host to check if the port is listening
Comments closed
Supernetting explained easy

Supernetting explained easy

Published June 15, 2019

I have recently been configuring squid proxy behind loadbalancer, in order for squid to allow incoming PROXY protocol connections from loadbalancer, I quickly decided easiest option would be either whole vpc CIDR range:

acl loadbalancer src 10.139.0.0/17
proxy_protocol_access allow loadbalancer

or list of subnets from 3 AZs where loadbalancer is running:

acl loadbalancer src 10.139.64.64/28 10.139.64.96/28 10.139.64.80/28
proxy_protocol_access allow loadbalancer

Even though both configurations are valid, my pull request quickly caught attention of more experienced in networking(in fact ex CCNP guy) colleague of mine. But that is the beauty of modern operations teams working in devops fashion, while he may catch this sort of issues, I (ex developer guy) for instance can easily spot how duplication in piece of bash or python code could be avoided by refactoring it into a reusable function/template.

So back to our problem, as I said, while both ranges are valid, first in fact is much wider than actually required, and second is too redundant.


Enter supernetting.

So what is that?

Continue readingSupernetting explained easy
Comments closed