I recently had a problem where a Linux box with multiple NICs running a iptables firewall script was not accepting connections when it should. I ran tcpdump to find that ARP lookups received by the box were actually giving out the a MAC address from a different NIC. This seemed bizarre at first, but knowing Linux's networking strength I realised that I was missing something and that I probably needed to tweak the kernel to behave the way I wanted.
A quick Google found that I probably wanted to turn on arp_filter in the kernel. So I ran the following:
echo 1 > /proc/sys/net/ipv4/conf/all/arp_filter
Immediately tcpdump showed that the kernel was now behaving the way I wanted it to and handing out only the MAC address for the relevant NIC.
To make the change permanent (i.e. survive a reboot) you could add the above line to a init script or add the following line to /etc/sysclt.conf
net.ipv4.conf.all.arp_filter = 1
Friday 20 April 2012
Tuesday 17 April 2012
NTFS alternate data streams and zip files
If you download a zip file onto a NTFS partition Internet Explorer will store zone information in the file using something called alternate data streams. If the zone information is stored with the file it will be "blocked" within Windows. The file can easily be unblocked by clicking the "Unblock" button in the files properties (if your user account has the correct permissions).
We recently had a problem where we were downloading a zip file to a customer's machine, unzipping the archive and when we tried to run the executable that was in the archive it was failing. It seems that if you do not "unblock" the zip file then all of the files extracted from the archive will all be in the same blocked state. This was causing problems for our support team and it seems the answer to this problem is to simply unblock the zip before unpacking the archive (I suppose you could unblock each individual file after the extraction but we had a lot of files).
To see this behaviour download a file with IE and look at the properties. The alternate data stream is called Zone.Identifier, you can see the contents of the alternate data stream with the following command:
more < fullfilename:Zone.Identifier
 |
| File properties showing the unblock button |
To see this behaviour download a file with IE and look at the properties. The alternate data stream is called Zone.Identifier, you can see the contents of the alternate data stream with the following command:
more < fullfilename:Zone.Identifier
 |
| Seeing the zone information saved with the alternate data stream on a downloaded file |
Subscribe to:
Posts (Atom)