Category Archives: Geek Stuff

How hard can it be to find the correct IP

I guess for some of you this is somehow obvious, but for me it was a refreshing experience that everything is pretty straight forward in the networking world. I ran into an environment with NSX-t where I had a DMZ like network area which included a HTTPS web service. I had control of a stripped-down firewall configuration wizard with no other access to NSX-t or firewall areas. Simple things first:  “Source ANY” to “Destination <myservicePublicIP>” Port TCP443 worked as expected and I was able to access the service by his public IP. The goal was to only allow access to this service from another NSX-t network area which where somehow only connected with each other over public IP and NSX-t internal routing. OK so I googled whatismyip and to my surprise I was not able to connect to the service when I entered this IP in the firewall rule. There was no way to get any additional access to NSX-t management (blackbox) and no Admin accessible. The IPs shown by tracert and other such tools didn´t worked neither. So something “special” was configured within NSX-t. Dead end? Remembering in my head if you always half the IP addresses it will take only some tries to find out the correct IP address for the firewall rule source entry. So, I started to guess the class A subnet based on other IPs that I had tested above and where shown at the tracert output. Third try with class a Class Subnet 54.0.0.0/8 was a hit and it worked. From there I started to increase the subnet mask by 1 and tried to refresh the webpage. If the webpage was shown I increased again the subnet mask by one. If not, I had to switch to the other remaining subnet and try again. Example: If 54.0.0.0/9 worked I set the firewall rule to 54.0.0.0/10 If 54.0.0.0/10 did not worked anymore I had to switch to the other remaining subnet in that subnet mask scope. So, I continued by testing 54.64.0.0/10. This worked again and I increased the subnet mask again by 1 to 54.64.0.0/11. And so on … and so on… After only ~30 tries I had found the correct IP. Overall it took me just some minutes for the 30 connection tests and 30 firewall rule updates o filter out the single IP out of the 4.294.967.296 “possible” IPs (IPv4) in the world. I was lazy with the subnet calculation and just used a tool for it: http://www.ip-tools.net/ipcalc You can type in any IP address and a subnet mask and it will show you the subnet (“net”), broadcast IP and IP range, so it was easy to find the other remaining subnet if needed. I was just surprised how fast it was to manually track down the IP out of the possible amount of all Internet IPs. It is always refreshing that in the network world everything has it´s place and “just work”      ;-)

DNS Server repair for Windows VPN

It look like that Windows 10 gives VPN connections a higher or same priority as your standard network connections. This can end in the situation where you can not access your companies Server and Application anymore when you open a VPN connection. A good example is that you can not access DFS resources anymore. Root cause is a false DNS Server entry order because of wrong connection prioritization.

I created a small script that start a VPN connection and increase the VPN connection interface metric to a high value (lower priority), so that your other connections get priority when it comes to DNS Server entry selection.

Have fun.

#DNS Server order repair for Win VPN connection usage
#It start a VPN connection and change InterfaceMetric of this connection.
#V1.02
#Author: Andreas Neufert
#Website with most up to date version: andyandthevms.com
#################################
#Input
$vpnconnectionname = "Veeam VPN SPB"

#Start Powershell as Administrator (found at http://stackoverflow.com/questions/7690994/powershell-running-a-command-as-administrator)
if (!([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] “Administrator”)) { Start-Process powershell.exe “-NoProfile -ExecutionPolicy Bypass -File `”$PSCommandPath`”” -Verb RunAs; exit }

#Start VPN Connection
rasdial $vpnconnectionname

#Lookup which DNS Server is used
write-host “DNS Server”
$pinfo = New-Object System.Diagnostics.ProcessStartInfo
$pinfo.FileName = “nslookup.exe”
$pinfo.RedirectStandardError = $true
$pinfo.RedirectStandardOutput = $true
$pinfo.UseShellExecute = $false
$pinfo.Arguments = “www.google.de”
$p = New-Object System.Diagnostics.Process
$p.StartInfo = $pinfo
$p.Start() | Out-Null
$p.WaitForExit()
$stdout = $p.StandardOutput.ReadToEnd()
$stderr = $p.StandardError.ReadToEnd()
#Write-Host “stdout: $stdout”
#select-string -Pattern “Address” -InputObject $stdout
#$c = $stdout.split(‘:’) | % {iex $_}
[string]$a = $stdout
[array]$b = $a -split [environment]::NewLine
$b[1]
write-host “=============================================================================================================”

#change the Interface Metric to a high number so that the other connections and their DNS settings become higher priority.

write-host “Changed to:”
Set-NetIPInterface -InterfaceAlias “Veeam VPN SPB” -InterfaceMetric 100

#output the new DNS Server address
$pinfo = New-Object System.Diagnostics.ProcessStartInfo
$pinfo.FileName = “nslookup.exe”
$pinfo.RedirectStandardError = $true
$pinfo.RedirectStandardOutput = $true
$pinfo.UseShellExecute = $false
$pinfo.Arguments = “www.google.de”
$p = New-Object System.Diagnostics.Process
$p.StartInfo = $pinfo
$p.Start() | Out-Null
$p.WaitForExit()
$stdout = $p.StandardOutput.ReadToEnd()
$stderr = $p.StandardError.ReadToEnd()
#Write-Host “stdout: $stdout”
#select-string -Pattern “Address” -InputObject $stdout
#$c = $stdout.split(‘:’) | % {iex $_}
[string]$a = $stdout
[array]$b = $a -split [environment]::NewLine
$b[1]
pause

 

Windows 10 background and menue colors – We want the old menue options back!

Hi everybody,
if you are used to see a special color at menue bar and desktop background, you will be likely irritated by the reduced color selection options of Windows 10.

The following commands open the old menues where you can exactly set these colors the old way.

%windir%\system32\control.exe /name Microsoft.Personalization /page pageColorization
%windir%\system32\control.exe /name Microsoft.Personalization /page pageWallpaper

CU… Andy

This blog is live now!

Hello everybody,

welcome to my new blog. I will focus here round about Backup, Storage, Virtualization and tips from the field. Also I will open my blog activities to some new stuff (to be continued).

Thanks for reading and all of your support.

My old blog is still there (read only) and continue to deliver content to hundreds of visitors each day. You can find it under http://neufert-at-veeam.blogspot.com

All the best to you… have fun… Andy