Posts Tagged ‘Networking’

How to filter dhcp traffic between two networks running separate DHCP servers to prevent IP assignment issues and MAC duplicate addresses

Tuesday, February 8th, 2022

Tracking the Problem of MAC duplicates on Linux routers

If you have two networks that see each other and they're not separated in VLANs but see each other sharing a common netmask lets say or, it might happend that there are 2 dhcp servers for example (isc-dhcp-server running on and dhcpd running on can broadcast their services to both LANs (netmask and Local Net LAN The result out of this is that some devices might pick up their IP address via DHCP from the wrong dhcp server.

Normally if you have a fully controlled little or middle class home or office network (10 – 15 electronic devices nodes) connecting to the LAN in a mixed moth some are connected via one of the Networks via connected Wifi to others are LANned and using static IP adddresses and traffic is routed among two ISPs and each network can see the other network, there is always a possibility of things to go wrong. This is what happened to me so this is how this post was born.

The best practice from my experience so far is to define each and every computer / phone / laptop host joining the network and hence later easily monitor what is going on the network with something like iptraf-ng / nethogs  / iperf – described in prior  how to check internet spepeed from console and in check server internet connectivity speed with speedtest-cliiftop / nload or for more complex stuff wireshark or even a simple tcpdump. No matter the tools network monitoring is only part on solving network issues. A very must have thing in a controlled network infrastructure is defining every machine part of it to easily monitor later with the monitoring tools. Defining each and every host on the Hybrid computer networks makes administering the network much easier task and  tracking irregularities on time is much more likely. 

Since I have such a hybrid network here hosting a couple of XEN virtual machines with Linux, Windows 7 and Windows 10, together with Mac OS X laptops as well as MacBook Air notebooks, I have followed this route and tried to define each and every host based on its MAC address to pick it up from the correct DHCP1 server (that is distributing IPs for Internet Provider 1 (ISP 1), that is mostly few computers attached UTP LAN cables via LiteWave LS105G Gigabit Switch as well from DHCP2 – used only to assigns IPs to servers and a a single Wi-Fi Access point configured to route incoming clients via Linux NAT gateway server.

To filter out the unwanted IPs from the DHCPD not to propagate I've so far used a little trick to  Deny DHCP MAC Address for unwanted clients and not send IP offer for them.

To give you more understanding,  I have to clear it up I don't want to have automatic IP assignments from DHCP2 / LAN2 to DHCP1 / LAN1 because (i don't want machines on DHCP1 to end up with IP like or DHCP2 (to have, as such a wrong IP delegation could potentially lead to MAC duplicates IP conflicts. MAC Duplicate IP wrong assignments for those older or who have been part of administrating large ISP network infrastructures  makes the network communication unstable for no apparent reason and nodes partially unreachable at times or full time …

However it seems in the 21-st century which is the century of strangeness / computer madness in the 2022, technology advanced so much that it has massively started to break up some good old well known sysadmin standards well documented in the RFCs I know of my youth, such as that every electronic equipment manufactured Vendor should have a Vendor Assigned Hardware MAC Address binded to it that will never change (after all that was the idea of MAC addresses wasn't it !). 
Many mobile devices nowadays however, in the developers attempts to make more sophisticated software and Increase Anonimity on the Net and Security, use a technique called  MAC Address randomization (mostly used by hackers / script kiddies of the early days of computers) for their Wi-Fi Net Adapter OS / driver controlled interfaces for the sake of increased security (the so called Private WiFi Addresses). If a sysadmin 10-15 years ago has seen that he might probably resign his profession and turn to farming or agriculture plant growing, but in the age of digitalization and "cloud computing", this break up of common developed network standards starts to become the 'new normal' standard.

I did not suspected there might be a MAC address oddities, since I spare very little time on administering the the network. This was so till recently when I accidently checked the arp table with:

Hypervisor:~# arp -an     5c:89:b5:f2:e8:d8      (Unknown)    00:15:3e:d3:8f:76       (Unknown)


and consequently did a network MAC Address ARP Scan with arp-scan (if you never used this little nifty hacker tool I warmly recommend it !!!)
If you don't have it installed it is available in debian based linuces from default repos to install

Hypervisor:~# apt-get install –yes arp-scan

It is also available on CentOS / Fedora / Redhat and other RPM distros via:

Hypervisor:~# yum install -y arp-scan



Hypervisor:~# arp-scan –interface=eth1    00:16:3e:0f:48:05       Xensource, Inc.    00:16:3e:04:11:1c       Xensource, Inc.    00:15:3e:bb:45:45       Xensource, Inc.    00:15:3e:59:96:8e       Xensource, Inc.    00:15:3e:d3:8f:77       Xensource, Inc.    8c:89:b5:f2:e8:d8       Micro-Star INT'L CO., LTD     5c:89:b5:f2:e8:d8      (Unknown)    00:15:3e:d3:8f:76       (Unknown)

192.168.x.91     02:a0:xx:xx:d6:64        (Unknown)
192.168.x.91     02:a0:xx:xx:d6:64        (Unknown)  (DUP: 2)

N.B. !. I found it helpful to check all available interfaces on my Linux NAT router host.

As you see the scan revealed, a whole bunch of MAC address mess duplicated MAC hanging around, destroying my network topology every now and then 
So far so good, the MAC duplicates and strangely hanging around MAC addresses issue, was solved relatively easily with enabling below set of systctl kernel variables.

1. Fixing Linux ARP common well known Problems through disabling arp_announce / arp_ignore / send_redirects kernel variables disablement


Linux answers ARP requests on wrong and unassociated interfaces per default. This leads to the following two problems:

ARP requests for the loopback alias address are answered on the HW interfaces (even if NOARP on lo0:1 is set). Since loopback aliases are required for DSR (Direct Server Return) setups this problem is very common (but easy to fix fortunately).

If the machine is connected twice to the same switch (e.g. with eth0 and eth1) eth2 may answer ARP requests for the address on eth1 and vice versa in a race condition manner (confusing almost everything).

This can be prevented by specific arp kernel settings. Take a look here for additional information about the nature of the problem (and other solutions): ARP flux.

To fix that generally (and reboot safe) we  include the following lines into


Hypervisor:~# cp -rpf /etc/sysctl.conf /etc/sysctl.conf_bak_07-feb-2022
Hypervisor:~# cat >> /etc/sysctl.conf

# LVS tuning


Press CTRL + D simultaneusly to Write out up-pasted vars.

To read more on Load Balancer using direct routing and on LVS and the arp problem here

2. Digging further the IP conflict / dulicate MAC Problems

Even after this arp tunings (because I do have my Hypervisor 2 LAN interfaces connected to 1 switch) did not resolved the issues and still my Wireless Connected devices via network (ISP2) were randomly assigned the wrong range IPs 192.168.0.XXX/24 as well as the wrong gateway (ISP1).
After thinking thoroughfully for hours and checking the network status with various tools and thanks to the fact that my wife has a MacBook Air that was always complaining that the IP it tried to assign from the DHCP was already taken, i"ve realized, something is wrong with DHCP assignment.
Since she owns a IPhone 10 with iOS and this two devices are from the same vendor e.g. Apple Inc. And Apple's products have been having strange DHCP assignment issues from my experience for quite some time, I've thought initially problems are caused by software on Apple's devices.
I turned to be partially right after expecting the logs of DHCP server on the Linux host (ISP1) finding that the phone of my wife takes IP in 192.168.0.XXX, insetad of IP from (which has is a combined Nokia Router with 2.4Ghz and 5Ghz Wi-Fi and LAN router provided by ISP2 in that case Vivacom). That was really puzzling since for me it was completely logical thta the iDevices must check for DHCP address directly on the Network of the router to whom, they're connecting. Guess my suprise when I realized that instead of that the iDevices does listen to the network on a wide network range scan for any DHCPs reachable baesd on the advertised (i assume via broadcast) address traffic and try to connect and take the IP to the IP of the DHCP which responds faster !!!! Of course the Vivacom Chineese produced Nokia router responded DHCP requests and advertised much slower, than my Linux NAT gateway on ISP1 and because of that the Iphone and iOS and even freshest versions of Android devices do take the IP from the DHCP that responds faster, even if that router is not on a C class network (that's invasive isn't it??). What was even more puzzling was the automatic MAC Randomization of Wifi devices trying to connect to my ISP1 configured DHCPD and this of course trespassed any static MAC addresses filtering, I already had established there.

Anyways there was also a good think out of tthat intermixed exercise 🙂 While playing around with the Gigabit network router of vivacom I found a cozy feature SCHEDULEDING TURNING OFF and ON the WIFI ACCESS POINT  – a very useful feature to adopt, to stop wasting extra energy and lower a bit of radiation is to set a swtich off WIFI AP from 12:30 – 06:30 which are the common sleeping hours or something like that.

3. What is MAC Randomization and where and how it is configured across different main operating systems as of year 2022?

Depending on the operating system of your device, MAC randomization will be available either by default on most modern mobile OSes or with possibility to have it switched on:

  • Android Q: Enabled by default 
  • Android P: Available as a developer option, disabled by default
  • iOS 14: Available as a user option, disabled by default
  • Windows 10: Available as an option in two ways – random for all networks or random for a specific network

Lately I don't have much time to play around with mobile devices, and I do not my own a luxury mobile phone so, the fact this ne Androids have this MAC randomization was unknown to me just until I ended a small mess, based on my poor configured networks due to my tight time constrains nowadays.

Finding out about the new security feature of MAC Randomization, on all Android based phones (my mother's Nokia smartphone and my dad's phone, disabled the feature ASAP:

4. Disable MAC Wi-Fi Ethernet device Randomization on Android

MAC Randomization creates a random MAC address when joining a Wi-Fi network for the first time or after “forgetting” and rejoining a Wi-Fi network. It Generates a new random MAC address after 24 hours of last connection.

Disabling MAC Randomization on your devices. It is done on a per SSID basis so you can turn off the randomization, but allow it to function for hotspots outside of your home.

  1. Open the Settings app
  2. Select Network and Internet
  3. Select WiFi
  4. Connect to your home wireless network
  5. Tap the gear icon next to the current WiFi connection
  6. Select Advanced
  7. Select Privacy
  8. Select "Use device MAC"

5. Disabling MAC Randomization on MAC iOS, iPhone, iPad, iPod

To Disable MAC Randomization on iOS Devices:

Open the Settings on your iPhone, iPad, or iPod, then tap Wi-Fi or WLAN


  1. Tap the information button next to your network
  2. Turn off Private Address
  3. Re-join the network

Of course next I've collected their phone Wi-Fi adapters and made sure the included dhcp MAC deny rules in /etc/dhcp/dhcpd.conf are at place.

The effect of the MAC Randomization for my Network was terrible constant and strange issues with my routings and networks, which I always thought are caused by the openxen hypervisor Virtualization VM bugs etc.

That continued for some months now, and the weird thing was the issues always started when I tried to update my Operating system to the latest packetset, do a reboot to load up the new piece of software / libraries etc. and plus it happened very occasionally and their was no obvious reason for it.


6. How to completely filter dhcp traffic between two network router hosts
IP / to stop 2 or more configured DHCP servers
on separate networks see each other

To prevent IP mess at DHCP2 server side (which btw is ISC DHCP server, taking care for IP assignment only for the Servers on the network running on Debian 11 Linux), further on I had to filter out any DHCP UDP traffic with iptables completely.
To prevent incorrect route assignments assuming that you have 2 networks and 2 routers that are configurred to do Network Address Translation (NAT)-ing Router 1:, Router 2:

You have to filter out UDP Protocol data on Port 67 and 68 from the respective source and destination addresses.

In firewall rules configuration files on your Linux you need to have some rules as:

# filter outgoing dhcp traffic from to
-A INPUT -p udp -m udp –dport 67:68 -s -d -j DROP
-A OUTPUT -p udp -m udp –dport 67:68 -s -d -j DROP
-A FORWARD -p udp -m udp –dport 67:68 -s -d -j DROP

-A INPUT -p udp -m udp –dport 67:68 -s -d -j DROP
-A OUTPUT -p udp -m udp –dport 67:68 -s -d -j DROP
-A FORWARD -p udp -m udp –dport 67:68 -s -d -j DROP

-A INPUT -p udp -m udp –sport 67:68 -s -d -j DROP
-A OUTPUT -p udp -m udp –sport 67:68 -s -d -j DROP
-A FORWARD -p udp -m udp –sport 67:68 -s -d -j DROP

You can download also with above rules from here

Applying this rules, any traffic of DHCP between 2 routers is prohibited and devices from Net: will no longer wrongly get assinged IP addresses from Network range: as it happened to me.

7. Filter out DHCP traffic based on MAC completely on Linux with arptables

If even after disabling MAC randomization on all devices on the network, and you know physically all the connecting devices on the Network, if you still see some weird MAC addresses, originating from a wrongly configured ISP traffic router host or whatever, then it is time to just filter them out with arptables.

## drop traffic prevent mac duplicates due to vivacom and bergon placed in same network –
dchp1-server:~# arptables -A INPUT –source-mac 70:e2:83:12:44:11 -j DROP

To list arptables configured on Linux host

dchp1-server:~# arptables –list -n

If you want to be paranoid sysadmin you can implement a MAC address protection with arptables by only allowing a single set of MAC Addr / IPs and dropping the rest.

dchp1-server:~# arptables -A INPUT –source-mac 70:e2:84:13:45:11 -j ACCEPT
dchp1-server:~# arptables -A INPUT  –source-mac 70:e2:84:13:45:12 -j ACCEPT

dchp1-server:~# arptables -L –line-numbers
Chain INPUT (policy ACCEPT)
1 -j DROP –src-mac 70:e2:84:13:45:11
2 -j DROP –src-mac 70:e2:84:13:45:12

Once MACs you like are accepted you can set the INPUT chain policy to DROP as so:

dchp1-server:~# arptables -P INPUT DROP

If you later need to temporary, clean up the rules inside arptables on any filtered hosts flush all rules inside INPUT chain, like that

dchp1-server:~#  arptables -t INPUT -F

Fix staled NFS on server with dmesg error log nfs: server nfs-server not responding, still trying

Saturday, March 16th, 2019


On a server today I've found to have found a number of NFS mounts mounted through /etc/fstab file definitions that were hanging;

nfs-server:~# df -hT

 command kept hanging as well as any attempt to access the mounted NFS directory was not possible.
The server with the hanged Network File System is running SLES (SuSE Enterprise Linux 12 SP3) a short investigation in the kernel logs (dmesg) as well as /var/log/messages reveales following errors:


nfs-server:~# dmesg
[3117414.856995] nfs: server nfs-server OK
[3117595.104058] nfs: server nfs-server not responding, still trying
[3117625.032864] nfs: server nfs-server OK
[3117805.280036] nfs: server nfs-server not responding, still trying
[3117835.209110] nfs: server nfs-server OK
[3118015.456045] nfs: server nfs-server not responding, still trying
[3118045.384930] nfs: server nfs-server OK
[3118225.568029] nfs: server nfs-server not responding, still trying
[3118255.560536] nfs: server nfs-server OK
[3118435.808035] nfs: server nfs-server not responding, still trying
[3118465.736463] nfs: server nfs-server OK
[3118645.984057] nfs: server nfs-server not responding, still trying
[3118675.912595] nfs: server nfs-server OK
[3118886.098614] nfs: server nfs-server OK
[3119066.336035] nfs: server nfs-server not responding, still trying
[3119096.274493] nfs: server nfs-server OK
[3119276.512033] nfs: server nfs-server not responding, still trying
[3119306.440455] nfs: server nfs-server OK
[3119486.688029] nfs: server nfs-server not responding, still trying
[3119516.616622] nfs: server nfs-server OK
[3119696.864032] nfs: server nfs-server not responding, still trying
[3119726.792650] nfs: server nfs-server OK
[3119907.040037] nfs: server nfs-server not responding, still trying
[3119936.968691] nfs: server nfs-server OK
[3120117.216053] nfs: server nfs-server not responding, still trying
[3120147.144476] nfs: server nfs-server OK
[3120328.352037] nfs: server nfs-server not responding, still trying
[3120567.496808] nfs: server nfs-server OK
[3121370.592040] nfs: server nfs-server not responding, still trying
[3121400.520779] nfs: server nfs-server OK
[3121400.520866] nfs: server nfs-server OK

It took me a short while to investigate and check the NetApp remote NFS storage filesystem and investigate the Virtual Machine that is running on top of OpenXen Hypervisor system.
The NFS storage permissions of the exported file permissions were checked and they were in a good shape, also a reexport of the NFS mount share was re-exported and on the Linux
mount host the following commands ran to remount the hanged Filesystems:


nfs-server:~# umount -f /mnt/nfs_share
nfs-server:~# umount -l /mnt/nfs_share
nfs-server:~# umount -lf /mnt/nfs_share1
nfs-server:~# umount -lf /mnt/nfs_share2
nfs-server:~# mount -t nfs -o remount /mnt/nfs_share

that fixed one of the hanged mount, but as I didn't wanted to manually remount each of the NFS FS-es, I've remounted them all with:

nfs-server:~# mount -a -t nfs

This solved it but, the fix seemed unpermanent as in a time while the issue started reoccuring and I've spend some time
in further investigation on the weird NFS hanging problem has led me to the following blog post where the same problem was described and it was pointed the root cause of it lays
in parameter for MTU which seems to be quite high MTU 9000 and this over the years has prooven to cause problems with NFS especially due to network router (switches) configurations
which seem to have a filters for MTU and are passing only packets with low MTU levels and using rsize / wzise custom mount NFS values in /etc/fstab could lead to this strange NFS hangs.

Below is a list of Maximum Transmission  Unit (MTU) for Media Transport excerpt taken from wikipedia as of time of writting this article.

In my further research on the issue I've come across this very interesting article which explains a lot on "Large Internet" and Internet Performance

I've used tracepath command which is doing basicly the same as traceroute but could be run without root user and discovers hops (network routers) and shows MTU between path -> destionation.

Below is a sample example

nfs-server:~# tracepath
 1?: [LOCALHOST]                      pmtu 1500
 1:                                           0.909ms
 1:                                           0.966ms
 2:                                         0.859ms
 3:                              1.138ms reached
     Resume: pmtu 1500 hops 3 back 3


Optiomal pmtu for this connection is to be 1500 .traceroute in some cases might return hops with 'no reply' if there is a router UDP  packet filtering implemented on it.

The high MTU value for the Storage network connection interface on eth1 was evident with a simple:


 nfs-server:~# /sbin/ifconfig |grep -i eth -A 2
eth0      Link encap:Ethernet  HWaddr 00:16:3E:5C:65:74
          inet addr:  Bcast:  Mask:

eth1      Link encap:Ethernet  HWaddr 00:16:3E:5C:65:76
          inet addr:  Bcast:  Mask:

The fix was as simple to lower MTU value for eth1 Ethernet interface to 1500 which is the value which most network routers are configured too.

To apply the new MTU to the eth1 interface without restarting the SuSE SLES networking , I first used ifconfig one time with:


 nfs-server:~# /sbin/ifconfig eth1 mtu 1500
 nfs-server:~# ip addr show

To make the setting permanent on next  SuSE boot:

I had to set the MTU=1500 value in


nfs-server:~#  ip address show eth1
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 8c:89:a5:f2:e8:d8 brd ff:ff:ff:ff:ff:ff
    inet brd scope global eth1
       valid_lft forever preferred_lft forever


Then to remount the NFS mounted hanged filesystems once again ran:

nfs-server:~# mount -a -t nfs

Many network routers keeps the MTU to low as 1500 also because a higher values causes IP packet fragmentation when using NFS over UDP where IP packet fragmentation and packet
reassembly requires significant amount of CPU at both ends of the network connection.
Packet fragmentation also exposes network traffic to greater unreliability, since a complete RPC request must be retransmitted if a UDP packet fragment is dropped for any reason.
Any increase of RPC retransmissions, along with the possibility of increased timeouts, are the single worst impediment to performance for NFS over UDP.
This and many more is very well explained in Optimizing NFS Performance page (which is a must reading) for any sys admin that plans to use NFS frequently.

Even though lowering MTU (Maximum Transmission Union) value does solved my problem at some cases especially in a modern local LANs with Jumbo Frames, allowing and increasing the MTU to 9000 bytes
might be a good idea as this will increase the amount of packet size.and will raise network performance, however as always on distant networks with many router hops keeping MTU value as low as 1492 / 5000 is always a good idea.


FreeBSD post install configuration steps to make on fresh FreeBSD install to make ready for server and Desktop use

Saturday, October 28th, 2017


1. Update binary packages

First thing to do just like on any new operating system install is to update / patch the server

# freebsd-update fetch
# freebsd-update install


2. Update FreeBSD port packages

As a FreeBSD administrator you will need ports every now and then so make sure you have them at their latest release for your FBSD release


# pkg update
# pkg upgrade


3. Install editors and bash


# pkg install nano vim joe bash bash_completion


4. Install sudo

To be able to run commands without becoming superuser root just like on any Linux you will probably want to have sudo package installed

# pkg install sudo


Sudo config file is under /usr/local/etc/sudoers

To edit it with syntax check enabled use visudo


# visudo

# sudo pkg update


If you want a regular account to have root superuser edit / modify and do things permissions


# pw groupmod wheel -M your_user_name


Then to make the wheel permissions work add to sudoers:


%wheel    ALL=(ALL=ALL)    ALL

5. FreeBSD modify personal information for account


# chpass your_user_name

To change your account and others to use bash instead of default freebsd csh


# csh -s /bin/bash your_user_name


7. Set a Static IP address for a FreeBSD server and configure DNS

Edit /etc/rc.local to look something like so


ifconfig_em0="inet netmask"
# default gateway


/etc/rc.conf is also the file where you can easily enable / disable freebsd startup scripts

To restart network interafaces just like Debian Linux's /etc/init.d/networking restart type


# service netif restart
# service routing restart


To set Google DNS in FreeBSD just like in Linux add the IPs with nameserver prefix to /etc/resolv.conf


# echo 'nameserver' >> /etc/resolv.conf
# echo 'nameserver' >> /etc/resolv.conf
# echo 'search your-domain-name' >> /etc/resolv.conf


– If you need to change the hostname of the FreeBSD server change in /etc/rc.conf


– To add multiple IP addresses to a network interface on FBSD add line like below to /etc/rc.conf

ifconfig_em0_alias0=" netmask"
ifconfig_em0_alias1=" netmask"

To apply changes and bring up the newly set multiple IPs

# service netif restart

8. Setting up proper timezone

If for some reason the Time zone is improperly set during FreeBSD install, you can later set that with

# tzsetup

9. Set up ntp time server synchronization daemon

# vim /etc/rc.conf


First command will bring up NTP server at start up and second make it synchroniza with Internet NTP servers, to restart ntp so it set proper time

# service ntpd start

10. Add additional SWAP space to FreeBSD server after install

– First we need to create the swap file with command and then set up proper permissions for it

# truncate -S 3G /swapf
# chmod 0600 /swapf

– Then to make the swapf being used on boot we need to add it to /etc/fstab

# echo "md99 none swap sw,file=/swapf,late 0 0" >> /etc/fstab

To immediately apply the new added swap to be used by the system run:

# swapon -aqL

To check various things on how swap is configured use

# swapinfo -g

11. Configure Firewall in FreeBSD

# vim /etc/rc.conf


A very basic firewall to add to ipfw.rules file would be something like so:

    $IPF 70 allow all from any to any out keep-state
    $IPF 80 allow icmp from any to any
    # open port ftp

    $IPF 110 allow tcp from any to any 21 in
    $IPF 120 allow tcp from any to any 21 out

    # 22 for ssh
    $IPF 130 allow tcp from any to any 22 in
    $IPF 140 allow tcp from any to any 22 out

    # mail port 25

    $IPF 150 allow tcp from any to any 25 in
    $IPF 160 allow tcp from any to any 25 out

    # dns (53) udp and tcp in
    $IPF 170 allow udp from any to any 53 in
    $IPF 175 allow tcp from any to any 53 in

    # dns (53) udp and tcp out
    $IPF 180 allow udp from any to any 53 out
    $IPF 185 allow tcp from any to any 53 out

    # http (80),
    $IPF 200 allow tcp from any to any 80 in
    $IPF 210 allow tcp from any to any 80 out
    # deny and log everything
    $IPF 500 deny log all from any to any

To launch the firewall

# service ipfw start

To list current FreeBSD Firewall rules use

# ipfw list

Finally if you need to check your connections to the server just like Linux's netstat you might consider using sockstat comand

# sockstat -4 -6

– 4 -6 will list you network connections for ipv4 and ipv6 both tcp and udp

How to delete “Temporary Internet Files”/Content.IE5 with DEL and RD commands on Windows 7 / 8 folder contents – Clean Up Temporary files and folders to speed up and free disk space

Tuesday, February 3rd, 2015

've been called urgently today by miss Jenia Pencheva who is the president of Christian Air Ticket Agency GoodFaithAir, her personal computer caused her quite a lot of headache, I've previously fixed it once and she was happy with that thus when she experienced problems she give me a call for remote IT support :).

She explahed her PC was unable to boot normally and in order to have some Windows she ended in Safe-Mode with Networking state. This problems caused her business losses as during PC in Safe mode the screen resolution even though with networking and she couldn't use the flight ticket ordering systems  to purchase her customers new tickets.  I've earlier installed TeamViewr on her PC so after Logging on the PC, I've immediately realized the Hard Disk was almost full (less than 1Giga free on C: Drive – where Windows install lived)

After a thorough investigation on which directory is occupying most of disk space (110GB) with a nice program called SpaceSniffer which is perfect for finding lost space on your hard disks, I've found System for ticket reservation Amadeus CRS (Computer Reservation System) was causing the disk full-full troubles.


I've found troubling directory  was:

C:Users\goodfaithair\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5

To solve it I first tried to Clean up Internet Explorer Cache (I've checked ticks Temporary Internet files, Cookies, History, Download History, Form Data, InPrivate Filtering Data).


Then I used Microsoft Windows embedded clean manager (cleanmgr.exe) to run disk clean up, however Desk Clean Up managed to clear up only about 1Giga and on the computer HDD which is 150Gb still on Windows installation drive C: only 1.5GB were free.
Besides that the system was having a second trouble as there were some failed updates (Computer was not shutdown properly but shutdown during Windows Update) and this was making the machine to enter Safe-Mode, I was fixing the system over TeamViewer session so after restart I had no way to see if Windows boots Normal or Safe-Mode after restart, thus to find out whether Windows was in Safe-Mode after another restart I've used below PowerShell one-liner script:


PS C:> gwmi win32_computersystem | select BootupState

Fail-safe with network boot

Note that possible return results from above command are:

Normal boot
Fail-safe boot
Fail-safe with network boot

I've been struggling for a while (had to restart it multiple times) until finally I managed to make it boot in normal mode. Because PC was failing to apply some Windows Update, thus dropping by in Safe-Mode each time. To solve that I had to go and Delete two of the last Applied updates (KB2979xxxx files).

Control Panel ->  Program and Features -> View Installed Updates

I've restarted and since I couldn't see the screen on Windows boot-time, I don't know what really happened but the PC booted again in Safe-Mode, and I thought the classical way to fix PC booting in Safe-Mode with SFC command will help:

C:> sfc /scannow

but for my surprise this helped not as the system continuously booted in Safe-Mode, to fix the Windows PC always booting to Safe-Mode, I had to change it running msconfig and unticking Safe Mode field

C:> msconfig


Then I tried to delete Temporary Internet Files with below DEL cmd line

C:> del "C\:Users\MyName\AppData\Local\Microsoft\Windows\Temporary Internet Files*.*"

To finally succeeding in manually delete huge Temporary Internet FilesContent.IE5 folder, I had to use good old RD (Remove Directory) command.


C:> RD "C:Users\username\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5" /Q /S

I used also following dels command to delete other common locations where Windows stores temporary files

For those who like to batch DeletingTemporary Internet Files and most common Temp locations to be cleaned on Windows boot I recommend you schedule a start of (clean-temporary-internet-files-content_ie5_folder.bat) on every PC boot.

To Clean-up other common Temporary file locations that could take you disk space the command line way run in new Administarator privileged command prompt:

cleanmgr /sageset:99
del /F /S /Q "%systemroot%temp*.*"
del /F /S /Q "%systemroot%Prefetch*.*"
del /F /S /Q "C:Documents and SettingsDefault UserLocal SettingsTemporary Internet FilesContent.IE5*.*"
del /F /S /Q "C:Documents and SettingsDefault UserLocal SettingsTemp*.*"
del /F /S /Q "C:Documents and SettingsDefault UserLocal SettingsHistory*.*"
del /F /S /Q "C:Documents and Settings%UserName%Local SettingsTemporary Internet FilesContent.IE5*.*"
del /F /S /Q "C:Documents and Settings%UserName%Local SettingsTemp*.*"
del /F /S /Q "C:Documents and Settings%UserName%Local SettingsHistory*.*"
del /F /S /Q "C:Documents and Settings%UserName%Local SettingsApplication DataTemp*.*"
del /F /S /Q "C:Documents and Settings%UserName%Local SettingsApplication DataTemporary Internet FilesContent.IE5
del /F /S /Q "C:AppDataLocalMicrosoftWindowsHistory*. *"
del /F /S /Q "C:AppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE5*.*"
del /F /S /Q "C:AppDataLocalMicrosoftWindowsTemporary Internet FilesLowContent.IE5*.*"
del /F /S /Q "C:AppDataLocalMicrosoftWindowsTemporary Internet FilesTemporary Internet FilesContent.IE5*.*"
del /F /S /Q "C:AppDataLocalMicrosoftWindowsTemporary Internet FilesTemporary Internet FilesLowContent.IE5*.*"
del /F /S /Q "C:Users%UserName%AppDataLocalTemp*.*"
del /F /S /Q "C:Temp*.*"
del /F /S /Q "C:Users%UserName%AppDataLocalMicrosoftW indo wsTemporary Internet FilesLowContent.IE5*.*
del /F /S /Q "C:Users%UserName%AppDataLocalMicrosoftW indo wsHistory*.*
::Rem: No need to duplicate the following section for each registered User
del /F /S /Q "%homepath%Cookies*.*"
del /F /S /Q "%homepath%recent*.*"
del /F /S /Q "%homepath%Local Settingscookies*.*"
del /F /S /Q "%homepath%Local SettingsHistory*.*"
del /F /S /Q "%homepath%Local SettingsTemp*.*"
del /F /S /Q "%homepath%Local SettingsTemporary Internet FilesContent.IE5*.*"
cleanmgr /sagerun:99

Note that in some cases running above commands might left you loose some sensitive data and in case where Internet is slow cleaning temporary files, might have impact on surfing also you will loose your history so be sure you know what you're doing as you might loose sensitive data.

Finally I've run MalwareBytes to clean up the PC slowness caused by Spyware and other left Malware I've run MalwareBytes, RogueKiller, AdwCleaner, RKill, TDSSKiller in order and I found and removed few Malwares as well.

That's all, hope you learned something new. Enjoy!

ping “General Failure” no internet connection Windows 7 on HP work computer – Reasons for general failure and solution

Monday, May 26th, 2014

Out of a sudden today after running Malware Bytes – Free Anti-Malware & Internet Security Software, and after it found some Malware (Pup.Optional.Opencandy) and removed it it WI-FI internet on my work computer HP Elitebook 8470p mysteriously stopped working.

That's quite nasty because today I'm working from Home – well known among Hewlett Packard employees under WFH abbreviation. I couldn't connect normally to my home Access Point and tried pinging Google from command line just to get an error:

Transmit Failed: General Failure

and first I thought it is a wi-fi router related problem and restarted my WIFI RouterD-Link DI524. As I could normally connect to the WIFI and I see there is an internet IP assigned running:

ipconfig /all
Wireless LAN adapter Wireless Network Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) Centrino(R) Ultimate-N 6300 AGN
Physical Address. . . . . . . . . : 3C-A9-F4-4C-E7-98
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::5d2f:97b8:9e1a:2b13%63(Preferred)
IPv4 Address. . . . . . . . . . . :
Subnet Mask . . . . . . . . . . . :
Lease Obtained. . . . . . . . . . : May 23, 2014 14:19:01 PM
Lease Expires . . . . . . . . . . : May 30, 2014 14:32:49 PM
Default Gateway . . . . . . . . . :
DHCP Server . . . . . . . . . . . :
DHCPv6 IAID . . . . . . . . . . . : 1094494708
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-19-CB-1A-5D-A4-5D-36-5A-EB-84
DNS Servers . . . . . . . . . . . :
NetBIOS over Tcpip. . . . . . . . : Enabled

As you see in above output I have notebook IP, default gateway and DNS IP assigned – i.e. all seems fine, so as I got General Failure from pinging the Internet in order to make sure my Linux router is not the bottleneck I tried pinging Default GW

C:UsersGeorgi> ping Pinging with 32 bytes of data:
PING: transmit failed. General failure.
PING: transmit failed. General failure.
PING: transmit failed. General failure.
PING: transmit failed. General failure.
Ping statistics for
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss)

Just to realize I'm continually getting General Failure error

I tried trying to renew IPs, to make sure there is no some kind of IP assignment conflict with my other WIFI connected devices,reflushing DNS and resetting WinSock stack, hoping this could help:

> ipconfig /renew
> ipconfig /flushdns
> netsh winsock reset

Then I tried restarting the PC a couple of times, but unfortunately none of those helped the shitty error:

PING: Transmit failed. General Failure

continued …

I was totally out of idea .. and red some people managed to fix the issue after booting Windows into Safe mode with Networking. I tried booting in Safe mode, but as Hard Drive data is encrypted with Bitlocker encryption I was asked about some kinf of Serial Key – which I don't have at hand – hence I couldn't boot into Safe mode …

Here is moment to say even loopback device was returning "General Failure"!

I tried even connecting the laptop directly into my homelan with UTP cable, but though everything got connected, there was no local network and internet. I tried even connecting via Vivacom's mobile network 3G modem and even there I got the "General Failure" error …

Running out of options, I decided it might be that Malware Bytes broke something during Malware removal hence I put out back Quarantined Malware files – but this didn't solve it either.


Finally I found this post and this thread talking that reason for "General Failure" might be firewall related. After checking my firewall settings in Windows Firewall and Advanced Security, surprisingly I realized everything related to firewall – e.g. Default Profile, Inbound, Outbound connections are Turned off!!!


I switched everything back and my Internet and local connection came back! THANKS GOD! Pfuu, now I can continue working. It seems HP work computers are patched with software / configured to not allow Internet connection in case if Firewall is Off. If you happen to be an HP Employee and you get the PING: Transmit failed. General Failure, be sure the first place to check is whether Windows Firewall is enabled? – if not enable it and this will solve your connectivity issues. Cheers ! 🙂

How to disable IPv6 on Debian / Ubuntu / CentOS and RHEL Linux

Friday, December 9th, 2011

I have few servers, which have automatically enabled IPv6 protocols (IPv6 gets automatically enabled on Debian), as well as on most latest Linux distribituions nowdays.

Disabling IPv6 network protocol on Linux if not used has 2 reasons:

1. Security (It’s well known security practice to disable anything not used on a server)
Besides that IPv6 has been known for few criticil security vulnerabilities, which has historically affected the Linux kernel.
2. Performance (Sometimes disabling IPv6 could have positive impact on IPv4 especially on heavy traffic network servers).
I’ve red people claiming disabling IPv6 improves the DNS performance, however since this is not rumors and did not check it personally I cannot positively confirm this.

Disabling IPv6 on all GNU / Linuces can be achieved by changing the kernel sysctl settings net.ipv6.conf.all.disable_ipv6 by default net.ipv6.conf.all.disable_ipv6 equals 1 which means IPv6 is enabled, hence to disable IPv6 I issued:

server:~# sysctl net.ipv6.conf.all.disable_ipv6=0

To set it permanently on system boot I put the setting also in /etc/sysctl.conf :

server:~# echo 'net.ipv6.conf.all.disable = 1 >> /etc/sysctl.conf

The aforedescribed methods should be working on most Linux kernels version > 2.6.27 in that number it should work 100% on recent versions of Fedora, CentOS, Debian and Ubuntu.

To disable IPv6 protocol on Debian Lenny its necessery to blackist the ipv6 module in /etc/modprobe.d/blacklist by issuing:

echo 'blacklist ipv6' >> /etc/modprobe.d/blacklist

On Fedora / CentOS there is a another universal “Redhat” way disable IPv6.

On them disabling IPv6 is done by editting /etc/sysconfig/network and adding:


I would be happy to hear how people achieved disabling the IPv6, since on earlier and (various by distro) Linuxes the way to disable the IPv6 is probably different.

Alto to stop Iptables IPV6 on CentOS / Fedora and RHEL issue:

# service ip6tables stop

# service ip6tables off

How to configure manually static IP address on Debian GNU/Linux / How to fix eth0 interface not brought up with error (networking restart is deprecated)

Friday, July 29th, 2011

I’ve recently had to manually assign a static IP address on one of the servers I manage, here is how I did it:             

debian:~# vim /etc/network/interfaces

Inside the file I placed:

# The primary network interface
allow-hotplug eth0
auto eth0
iface eth0 inet static address netmask broadcast gateway dns-nameservers

The broadcast and gateway configuration lines are not obligitory.
dns-nameservers would re-create /etc/resolv.conf file with the nameserver values specified which in these case are Google Public DNS servers and OpenDNS servers.

Very important variable is allow-hotplug eth0
If these variable with eth0 lan interface is omitted or missing (due to some some weird reason), the result would be the output you see from the command below:

debian:~# /etc/init.d/networking restart
Running /etc/init.d/networking restart is deprecated because it may not enable again some interfaces ... (warning).
Reconfiguring network interfaces...

Besides the /etc/init.d/networking restart is deprecated because it may not enable again some interfaces … (warning). , if the allow-hotplug eth0 variable is omitted the eth0 interface would not be brough up on next server boot or via the networking start/stop/restart init script.

My first reaction when I saw the message was that probably I’ll have to use invoke-rc.d, e.g.:
debian:~# invoke-rc.d networking restart
Running invoke-rc.d networking restart is deprecated because it may not enable again some interfaces ... (warning).

However as you see from above’s command output, running invoke-rc.d helped neither.

I was quite surprised with the inability to bring my network up for a while with the networking init script.
Interestingly using the command:

debian:~# ifup eth0

was able to succesfully bring up the network interface, whether still invoke-rc.d networking start failed.

After some wondering I finally figured out that the eth0 was not brought up by networking init script, because auto eth0 or allow-hotplug eth0 (which by the way are completely interchangable variables) were missing.

I added allow-hotplug eth0 and afterwards the networking script worked like a charm 😉

How to add a range of virtual IPs to a CentOS and Fedora Linux server

Monday, July 18th, 2011

Recently I had the task to add a range of few IP addresses to as a virtual interface IPs.

The normal way to do that is of course using the all well known ifconfig eth0:0, ifconfig eth0:1 or using a tiny shell script which does it and set it up to run through /etc/rc.local .

However the Redhat guys could omit all this mambo jambo and do it The Redhat way TM 😉 by using a standard method documented in CentOS and RHEL documentation.
Here is how:

# go to network-script directory[root@centos ~]# cd /etc/sysconfig/network-scripts
# create ifcfg-eth0-range (if virtual ips are to be assigned on eth0 lan interface[root@centos network-scripts]# touch ifcfg-eth0-range

Now inside ifcfg-eth0-range, open up with a text editor or use the echo command to put inside:


Now save the /etc/sysconfig/network-scripts/ifcfg-eth0-range file and finally restart centos networking via the network script:

[root@centos network-scripts]# service network restart

That’s all now after the network gets reinitialized all the IPs starting with and ending in< will get assigned as virtual IPs for eth0 interface
Cheers 😉

How to configure networking in CentOS, Fedora and other Redhat based distros

Wednesday, June 1st, 2011

On Debian Linux I’m used to configure the networking via /etc/network/interfaces , however on Redhat based distributions to do a manual configuration of network interfaces is a bit different.

In order to configure networking in CentOS there is a special file for each interface and some values one needs to fill in to enable networking.

These network adapters configuration files for Redhat based distributions are located in the files:


Just to give you and idea on the content of this network configuration file, here is how it looks like:

[root@centos:~ ]# cat /etc/sysconfig/network-scripts/ifcfg-eth0
# Broadcom Corporation NetLink BCM57780 Gigabit Ethernet PCIe

This configuration is of course just for eth0 for other network card names and devices, one needs to look up for the proper file name which corresponds to the network interface visible with the ifconfig command.
For instance to list all network interfaces via ifconfig use:

[root@centos:~ ]# /sbin/ifconfig |grep -i 'Link encap'|awk '{ print $1 }'

In this case there are only two network cards on my host.
The configuration files for the ethernet network devices eth0 and eth1 from below example are located in files /etc/sysconfig/network-scripts/ifcfg-eth{1,2}

/etc/sysconfig/network-scripts/ directory contains plenty of shell scripts related to Fedora networking.
This directory contains actually the networking boot time load up rules for fedora and CentOS hosts.

The complete list of options available which can be used in /etc/sysconfig/network-scripts/ifcfg-ethx is located in:

, to quickly observe the documentation:

[root@centos:~ ]# less /usr/share/doc/initscripts-*/sysconfig.txt

One typical example of configuring a CentOS based host to possess a static IP address ( and a gateway (, which will be assigned in boot time during the /etc/init.d/network is loaded is:

[root@centos:~ ]# cat /etc/sysconfig/network-scripts/ifcfg-eth0
# Broadcom Corporation NetLink BCM57780 Gigabit Ethernet PCIe

After some changes to the network configuration files are made, to load up the new rules a /etc/init.d/network script restart is necessery with the command:

[root@centos:~ ]# /etc/init.d/network restart

Of course one can always use /etc/rc.local script as universal way to configure network rules on a Redhat based host, however using methods like rc.local to load up, ifconfig or route rules in a Fedora would break the distribution logic and therefore is not recommended.

There is also a serious additional reason against using /etc/rc.local post init commands load up script.
If one uses rc.local to load up and configure the networing, the network will get initialized only after all the other scripts in /etc/init.d/ gets started.

Therefore using /etc/rc.local might also be DANGEROUS!, if used remotely via (ssh), supposedly it might completely fail to load the networking, if all bringing the server interfaces relies on it.

Here is an example, imagine that some of the script set in to load up during a CentOS boot up hangs and does continue to load forever (for example after some crucial software upate), as a consequence the /etc/rc.local script will never get executed as it only starts up after all the rest init scripts had succesfully completed execution.

A network eth1 interface configuration for a Fedora host which has to fetch it’s network settings automatically via DHCP is as follows:

[root@fedora:/etc/network:]# cat /etc/sysconfig/network-scripts/ifcfg-eth1
# Intel Corporation 82557/8/9 [Ethernet Pro 100]DEVICE=eth1

To sum it up I think Fedora’s /etc/sysconfig/network-scripts methodology to configure ethernet devices is a way inferior if compared to Debian.

In GNU/Debian Linux configuration of all networking is (simpler)!, everything related to networking is in one single file ( /etc/network/interfaces ), moreover getting all the thorough documentation for the network configurations options for the interfaces is available as a system wide manual (e.g. man interfaces).

Partially Debian interfaces configuration is a bit more complicated in terms of syntax if matched against Redhat’s network-scripts/ifcfg-*, lest that generally I still find Debian’s manual network configuration interface to be easier to configure networking manually vicommand line.