Cara migrasi VM copy disk proxmox

 Tips cara migrasi VM ke proxmox / pve lain.

- pertama tama, login ke VM anda, tentunya sebagai root

- kemudian lakukan perintah berikut

dd if=dev/sda | ssh root@172.20.20.2 dd of=/root/cati.raw

172.20.20.2 = adalah target PVE proxmox anda, tunggu hingga selesai.
cacti.raw adalah sampel service yang hendak dipindah, kasih sembarang gpp.

- kalau sudah, silahkan bikin VM di PVE target, lalu di detach hdd nya

- jika sudah, tadi kan tersimpan di /root/cacti.raw, lalu eksekusi perintah

# qm importdisk 1001 /root/cacti.raw local-lvm

1001 = adalah id yang akan dibuat, bebas silahkan tentukan
/root/cacti.raw = adalah file dump yang tadi anda transfer
local-lvm = adalah storage yang hendak dimasuki VM tadi.

- jangan lupa hapus mac-address pada bagian networking

- jangan lupa check mount CDROM, silahkan dibikin none, kalau sudah, silahkan di start pasti bisa

Continue

Fix Proxmox Cluster Not Ready - No Quorum (500)

 Tips mengatasi Cluster Not Ready - No Qorum (500)

- login ke server proxmox

- stop corosync dan pve-cluster services dengan cara :

# systemctl stop pve-cluster

# systemctl stop corosync

- Lalu start lagi cluster file system dalam local mode dengan menggunakan perintah:

# pmxcfs -l

- Terakhir hapus sisa file konfigurasi corosync, dengan menggunakan perintah:

# rm /etc/pve/corosync.conf

# rm /etc/corosync/* 

 

Continue

Install XTREAM-UI Ubuntu 18.04

/etc/apt/sources.list

deb http://kartolo.sby.datautama.net.id/ubuntu/ bionic main restricted universe multiverse

deb http://kartolo.sby.datautama.net.id/ubuntu/ bionic-updates main restricted universe multiverse

deb http://kartolo.sby.datautama.net.id/ubuntu/ bionic-security main restricted universe multiverse

deb http://kartolo.sby.datautama.net.id/ubuntu/ bionic-backports main restricted universe multiverse

deb http://kartolo.sby.datautama.net.id/ubuntu/ bionic-proposed main restricted universe multiverse

apt-get update ; apt-get install libxslt1-dev libcurl3 libgeoip-dev python -y ; wget https://streaming-servers.com/downloads/install.py ; sudo python install.py

apt-get install unzip e2fsprogs python-paramiko -y

chattr -i /home/xtreamcodes/iptv_xtream_codes/GeoLite2.mmdb

rm -rf /home/xtreamcodes/iptv_xtream_codes/admin

rm -rf /home/xtreamcodes/iptv_xtream_codes/pytools 

wget "https://streaming-servers.com/downloads/update.zip" -O /tmp/update.zip -o /dev/null && unzip /tmp/update.zip -d /tmp/update/

cp -rf /tmp/update/XtreamUI-master/* /home/xtreamcodes/iptv_xtream_codes/

rm -rf /tmp/update/XtreamUI-master && rm /tmp/update.zip 

rm -rf /tmp/update

chattr +i /home/xtreamcodes/iptv_xtream_codes/GeoLite2.mmdb

chown -R xtreamcodes:xtreamcodes /home/xtreamcodes/

chmod u+x /home/xtreamcodes/iptv_xtream_codes/nginx_rtmp/sbin/nginx_rtmp

chmod u+x /home/xtreamcodes/iptv_xtream_codes/nginx/sbin/nginx

/home/xtreamcodes/iptv_xtream_codes/start_services.sh

Continue

Script AutoUpdate GRE Tunnel Mikrotik

Hai sobat, kali ini saya akan share tips cara untuk membuat auto update tunneling menggunakan protocol GRE.

skema :

[ Server Tunnel ] <> INET BROADBAND <> [ Tunnel Client IP Public ]

jika menggunakan GRE-TUNNEL maka membutuhkan tiktok ip public yang dituangkan dalam remote-address

mekanismenya :

• selalu update ip public
• selalu update remote-address pada gre tunnel

# Start

:global currentIP

# ubah di sini

:global iface "PPPOE200"

:global ifacegre "gre-soni"

# validasi file script

:if ([:len [/file find name~"$ifacegre"]] = 0 ) do={

/in gre export file=$ifacegre

}

:if ($currentIP  in 10.0.0.0/8) do={

:log error "re-dial...";

/in pppoe-client disable $iface

:delay 2

/in pppoe-client enable $iface

}

/in pppoe-client monitor $iface once do={:set currentIP $"local-address" }

:global p2p  [/ip address get [:pick [find interface=$ifacegre] 0] network ] 

:global target [/in gre get $ifacegre remote-address ]

:global statusgre [/in gre get $ifacegre running ];

:if ($statusgre != true) do={

/in gre set $ifacegre local-address=$currentIP

:log error "$ifacegre error, kirim file"

/file set contents="/in gre set $ifacegre remote-address=$currentIP" [find name~"$ifacegre"]

:delay 2

/tool fetch mode=ftp upload=yes src-path="$ifacegre.rsc" dst-path="$ifacegre.rsc" user=ftp password=ftp port=2121 address="$target"

}

Continue

Ethernet Monitor Telegram

:global identity [/system identity get name ]

:global perulangan

:global statusEth

:global iface "ether1"

/int eth monitor $iface once do={

   :if ($"rate" = "100Mbps") do={:set statusEth 0; :set perulangan ($perulangan +1)}

   :if ($"rate" = "100Mbps" && $perulangan =3) do={

       :local pesan "[$identity] %0A$iface = 100Mbps"

       :log error "$iface 100Mbps";

       /tool fetch url="https://api.telegram.org/bot380921546:AAFNlaaxhI063wPAZC-3oNJlefBHz3XgyfI/sendMessage?chat_id=-203533762&text=$pesan" keep-result=no

       /tool fetch url="https://api.telegram.org/bot478500121:AAGnvRMmFHjV25Otf-iUbuN9R1RwjAAM5s8/sendMessage?chat_id=445109932&text=$pesan" keep-result=no

       }

   :if ($"rate" = "1Gbps") do={:set statusEth 1; :set perulangan ($perulangan +1)}

   :if ($"rate" = "1Gbps" && $perulangan =3) do={

       :local pesan "[$identity] %0A$iface = 1Gbps"

       :log warning "$iface 1Gbps"

       /tool fetch url="https://api.telegram.org/bot380921546:AAFNlaaxhI063wPAZC-3oNJlefBHz3XgyfI/sendMessage?chat_id=-203533762&text=$pesan" keep-result=no

       /tool fetch url="https://api.telegram.org/bot478500121:AAGnvRMmFHjV25Otf-iUbuN9R1RwjAAM5s8/sendMessage?chat_id=445109932&text=$pesan" keep-result=no

       }

   :if ($perulangan = 1000 && $statusEth =0 ) do={

       :local pesan "[$identity] %0ACuma Ngabari aja boss%0A$iface = 100Mbps"

       :log warning "Cuma Ngabari, $iface = 100Mbps"

       /tool fetch url="https://api.telegram.org/bot380921546:AAFNlaaxhI063wPAZC-3oNJlefBHz3XgyfI/sendMessage?chat_id=-203533762&text=$pesan" keep-result=no

       /tool fetch url="https://api.telegram.org/bot478500121:AAGnvRMmFHjV25Otf-iUbuN9R1RwjAAM5s8/sendMessage?chat_id=445109932&text=$pesan" keep-result=no

       :set perulangan 1

       }

   }

Continue

Trafik Logging Mikrotik

:global iface ether5.WAN-ISP
:global trafikawal
:global trafik
# reset tanggal 1
#/system ntp client set primary-ntp=[:resolve id.pool.ntp.org] enabled=yes
#/system clock set time-zone-name="Asia/Jakarta"
:local date [/system clock get date]
:local tanggal [ :pick $date 4 6 ]
#:log warning $tanggal
:if ($tanggal = 1) do={:set trafikawal 0}
:set trafikawal [/interface get [find name=$iface] rx-byte]
:if ($trafikawal > 1073741824) do={
:set trafik ($trafikawal / 1073741824)
:set trafik ($trafik." GB")
} else={
:set trafik ($trafikawal / 1048576)
:set trafik ($trafik." MB")
}
:log warning "trafik $iface = $trafik"
/in ethernet set $iface comment="$trafikawal"

Continue

Memanage IP Public Menggunakan PHPIPAM

Kali ini saya akan share bagaimana caranya install phpipam.
phpipam adalah tool untuk me-manage ip public secara web-base. Aplikasi ini canggih sekali dan memudahkan dalam me-manage ip. Check This Out

# install apache

apt install ca-certificates apt-transport-https
apt-get install apache2

# install mysql-server

apt-get install mysql-server

# install php terbaru

wget -q https://packages.sury.org/php/apt.gpg -O- | apt-key add -
echo "deb https://packages.sury.org/php/ jessie main" | tee /etc/apt/sources.list.d/php.list

# update dependensi

apt update

# install php-mysql biar konek PHP<>MYSQL

apt-get install php php-mysql libapache2-mod-php

# cek dulu php yg terinstall versi berapa

root@filter1:/var/www/html/phpipam# php -v
PHP 7.4.6 (cli) (built: May 14 2020 10:54:20) ( NTS )
Copyright (c) The PHP Group
Zend Engine v3.4.0, Copyright (c) Zend Technologies
    with Zend OPcache v7.4.6, Copyright (c), by Zend Technologies

# ok disitu tertera versi 7.4.6 maka yang dianggap adalah versi 7.4 saja

# install modul yang diperlukan

apt-get install libgmp-dev php7.4-gmp php7.4-gd php7.4-curl php7.4-mbstring
apt-get install php-pear

# enable modul php mbstring

phpenmod -v 7.4 mbstring

# enable modul apache2

a2enmod rewrite

# restart service apache

/etc/init.d/apache2 restart

ok sudah jadi, kemudian ikuti tutorial sebagaimana link berikut :
https://phpipam.net/documents/installation/

# git clone phpipam

git clone --recursive https://github.com/phpipam/phpipam.git /var/www/html/phpipam
cd /var/ww/html/phpipam/
mv config.dist.php config.php

# kemudian edit config.php
# jangan lupa define('BASE', "/"); diganti define('BASE', "/phpipam/.");
# karena path nya http://ip-server/phpipam/
# jika sudah lakukan instalasi
# selesai

Continue

PortChannel LACP CISCO3048TP

WI-131(config-if)# int e1/35
WI-131(config-if)# switchport
WI-131(config-if)# channel-group 1 mode active
WI-131(config-if)# int e1/36
WI-131(config-if)# switchport
WI-131(config-if)# channel-group 1 mode active
WI-131(config-if)# int port-channel 1
WI-131(config-if)# switchport
WI-131(config-if)# switchport mode trunk
WI-131(config-if)# switchport trunk allowed vlan 2011
WI-131(config-if)# no sh
WI-131(config-if)# sh port-channel summary
Flags:  D - Down        P - Up in port-channel (members)
        I - Individual  H - Hot-standby (LACP only)
        s - Suspended   r - Module-removed
        S - Switched    R - Routed
        U - Up (port-channel)
        M - Not in use. Min-links not met
--------------------------------------------------------------------------------
Group Port-       Type     Protocol  Member Ports
      Channel
--------------------------------------------------------------------------------
1     Po1(SU)     Eth      LACP      Eth1/35(P)   Eth1/36(P)

ether03 = e1/35

ether04 = e1/36

Continue

Lock IP Public PPPOE Indihome

:local IFACE
:set IFACE INDIHOME

:local WANIP [/ip address get [find where interface=$IFACE] address];
:set WANIP [:pick $WANIP 0 ([:len $WANIP]-3) ];

:if ($WANIP ~"^10[.]") do={
:log warning "Private ip address found !!!"
/interface pppoe-client enable $IFACE
:delay 1
} else={

:if ($WANIP ~"^172.") do={
:log warning "Private ip address found !!!"
/interface pppoe-client enable $IFACE
:delay 1
} else={
:if ($WANIP ~"^192.") do={
:log warning "Private ip address found !!!"
/interface pppoe-client enable $IFACE
:delay 1
} else={
:log warning "Public IP - $WANIP - Found, OK ! No action required"
}
}
}
:delay 10
/ip cloud force-update

Continue

auto update gre mikrotik

:global currentIP
# ubah di sini
:global iface "PPPOE"
/in pppoe-client monitor $iface once do={:set currentIP $"local-address" }
:if ($currentIP in 10.0.0.0/8) do={
:log error "re-dial...";
/in pppoe-client disable $iface
:delay 2
/in pppoe-client enable $iface
}
# ubah di sini
:global ifacegre "gre-dewo"
:global p2p [/ip address get [find interface=$ifacegre] network  ]
:global target [/in gre get $ifacegre remote-address ]
# cek berdasarkan running interface gre
#:if ($statusgre != true) do={
#/in gre export file=$ifacegre
#:delay 1
# cek berdasarkan ping target
:if ([/ping $p2p count=2] = 0 ) do={
/in gre export file=$ifacegre
:delay 1
/in gre set $ifacegre local-address=$currentIP
:log error "$ifacegre error, kirim file"
/file set contents="/in gre set $ifacegre remote-address=$currentIP" [find name~"$ifacegre"]
:delay 2
/tool fetch mode=ftp upload=yes src-path="$ifacegre.rsc" dst-path="$ifacegre.rsc" user=ftp password=ftp port=21 address="$target"
}

Continue

set timezone centos

berikut ini cara update timezone pada centos7

[root@id ~]# date
Mon Apr 20 17:18:54 UTC 2020
[root@id ~]# timedatectl set-timezone 'Asia/Jakarta'
[root@id ~]# timedatectl
      Local time: Tue 2020-04-21 00:19:35 WIB
  Universal time: Mon 2020-04-20 17:19:35 UTC
        RTC time: n/a
       Time zone: Asia/Jakarta (WIB, +0700)
     NTP enabled: n/a
NTP synchronized: yes
 RTC in local TZ: no
      DST active: n/a
[root@id ~]# date
Tue Apr 21 00:19:36 WIB 2020
[root@id ~]# 

Continue

BIRD on DEBIAN

# wget -O - http://bird.network.cz/debian/apt.key | apt-key add -
# apt-get install lsb-release
# echo "deb http://bird.network.cz/debian/ $(lsb_release -sc) main" > /etc/apt/sources.list.d/bird.list
# apt-get update
kalo error lakukan seperti berikut
# wget -O /etc/apt/trusted.gpg.d/php.gpg https://packages.sury.org/php/apt.gpg
# apt-get update
# apt-get install bird

Continue

Update Script Mikrotik

OK, kali ini saya akan share script mentah untuk update ip list yang nantinya bikin script lagi buat dijalanin di mikrotik.

#!/bin/bash
wget -O all.txt https://lists.blocklist.de/lists/all.txt
sleep 2
rm -rf blocked.rsc
touch blocked.rsc
DATE=$(date '+%d/%m/%Y %H:%M:%S')
LINE=$(wc -l all.txt | awk '{print $1}')
echo -e "# Generated at $DATE ... $LINE lines\n# Sumber: https://lists.blocklist.de/lists/all.txt\n# Silahkan bisa ditambahkan di router masing-masing\n# Supported by: https://yam.net.id\n\n# Add scheduler\n:if ([:len [/system scheduler find name=\"autoupdate\"]]=0) do={\n/system scheduler add name=autoupdate on-event=\"/tool fetch url=http://103.146.184.12/dump/blocked.rsc;:delay 1;/import blocked.rsc\" interval=\"2d 00:00:00\" start-time=04:00:00}\n\n# Start blocking now\n:if ([:len [/ip fi fi find comment=BLOCKED]]=0) do={\n/ip fi fi add chain=input src-address-list=BLOCKED protocol=udp dst-port=!80,443 action=drop comment=BLOCKED\n/ip fi fi add chain=input src-address-list=BLOCKED protocol=tcp dst-port=!80,443 action=reject reject-with=icmp-network-unreachable comment=BLOCKED\n/ip fi fi add chain=forward src-address-list=BLOCKED protocol=tcp dst-port=!80,443 action=reject reject-with=icmp-network-unreachable comment=BLOCKED\n/ip fi fi add chain=forward src-address-list=BLOCKED protocol=udp dst-port=!80,443 action=drop comment=BLOCKED}\n\n# Clearing address-list\n/ip firewall address-list\nadd list=BLOCKED address=1.2.3.4\nremove [find list=BLOCKED]\n# Kasih jeda\n:delay 2\n" > blocked.rsc
cat all.txt | grep "[0-9][0-9]*\.[0-9][0-9]*\.[0-9][0-9]*\.[0-9][0-9]$" | awk '{print "/ip firewall address-list add list=BLOCKED address="$1 }' >> blocked.rsc

reference :

https://deadc0de.re/articles/unbound-blocking-ads.html

Download the list you're interested to block (for example ads+malwares+social networks)

$ wget https://raw.githubusercontent.com/StevenBlack/hosts/master/alternates/social/hosts

Entries in the host file are in the form 0.0.0.0 <domain> and unbound needs something like this:

local-zone: "<domain>" redirect
local-data: "<domain> A 0.0.0.0"

Following awk command will transform the list into something that unbound understands:

$ cat hosts | grep '^0\.0\.0\.0' | awk '{print "local-zone: \""$2"\" redirect\nlocal-data: \""$2" A 0.0.0.0\""}' > ads.conf 

Finally copy the resulting file to pfsense (or to your DNS resolver running unbound).

Continue

jitsi

You can also use our Ubuntu/Debian repository:

• First install the Jitsi repository key onto your system:

  wget -qO - https://download.jitsi.org/jitsi-key.gpg.key | sudo apt-key add -
  

• Create a sources.list.d file with the repository:

  sudo sh -c "echo 'deb https://download.jitsi.org stable/' > /etc/apt/sources.list.d/jitsi-stable.list"
  

• Update your package list:

  sudo apt-get -y update
  

• Install the full suite:

  sudo apt-get -y install jitsi-meet
  

  or only the packages you need like for example:

  sudo apt-get -y install jitsi-videobridge
  sudo apt-get -y install jicofo
  sudo apt-get -y install jigasi
  
  Important: Read the quick-install guide and its advanced section for further configuration (Firewall, Port Forwarding 
             or for Running jitsi-videobridge behind NAT)!!!

/usr/share/jitsi-meet/scripts/install-letsencrypt-cert.sh

Continue

Install Xtream-UI IPTV

apt-get update
apt install docker.io -y
apt-get install libxslt1-dev libcurl3 libgeoip-dev python python3 python-minimal unzip e2fsprogs python-paramiko -y

wget https://xtream-ui.com/install/install.py

python ./install.py

chattr -i /home/xtreamcodes/iptv_xtream_codes/GeoLite2.mmdb
rm -rf /home/xtreamcodes/iptv_xtream_codes/admin
rm -rf /home/xtreamcodes/iptv_xtream_codes/pytools
wget http://tools.yam.net.id/iptv/xtream-ui-release_22.zip -O /tmp/update.zip -o /dev/null
unzip /tmp/update.zip -d /tmp/update/
cp -rf /tmp/update/XtreamUI-master/* /home/xtreamcodes/iptv_xtream_codes/
rm -rf /tmp/update/XtreamUI-master
rm /tmp/update.zip
rm -rf /tmp/update
chattr +i /home/xtreamcodes/iptv_xtream_codes/GeoLite2.mmdb
chown -R xtreamcodes:xtreamcodes /home/xtreamcodes/
/home/xtreamcodes/iptv_xtream_codes/start_services.sh

kemudian login user : admin pass: admin

Continue

Port Channel DELL Force10

Halo
kali ini mau share tips bikin LAG / Port Channel. Yakni menggabungkan beberapa port menjadi satu dengan tujuan untuk memperbesar troughput dan bisa dilewati vlan-vlan. Langsung aja.
Skema kali ini port 5 & 6 digabung menjadi port-channel 1

MMR-WiFian#conf t
MMR-WiFian(conf)#int gi0/5
MMR-WiFian(conf-if-gi-0/5)#no switchport
MMR-WiFian(conf-if-gi-0/5)#port-channel-protocol lacp
MMR-WiFian(conf-if-gi-0/5-lacp)#port-channel 1 mode active
MMR-WiFian(conf-if-gi-0/5-lacp)#no sh
MMR-WiFian(conf-if-gi-0/5)#int gi0/6
MMR-WiFian(conf-if-gi-0/6)#no switchport
MMR-WiFian(conf-if-gi-0/6)#port-channel-protocol lacp
MMR-WiFian(conf-if-gi-0/6-lacp)#port-channel 1 mode active
MMR-WiFian(conf-if-gi-0/6-lacp)#no sh

jika sudah terbentuk, lalu kita buat vlan id kemudian di-tag pada port-channel 1

MMR-WiFian(conf-if-gi-0/6)#int vlan 115
MMR-WiFian(conf-if-vl-115)#tagged port-channel 1
MMR-WiFian(conf-if-vl-115)#no sh
MMR-WiFian(conf-if-vl-115)#

Sekian

Continue

Dell Force10 Part 1: Initial Configuration

When it comes to networking Dell has two main series of switches. PowerConnect/N-series, which run DNOS 6.x operating system. And S/Z-series switches, which run on DNOS 9.x derived from Force10 OS (FTOS). In this series of blogs we will go through the configuration of Force10 switch series and use Dell S4048-ON top of the rack switch as an example.

Interesting to note, that unlike other S-series switches S4048-ON is an Open Networking switch. Dell is one of the first companies which apart from its own OS lets customers run other operating systems on its network switches, such as Cumulus Linux OS and Big Switch Networks Switch Light OS. While Cumulus and Big Switch has its own use cases, in this blog we will look specifically at configuring FTOS.

Boot process

S4048-ON comes from the factory pre-configured for bare metal provisioning (BMP). This is what you will see when you boot the switch for the first time:

If you just want to boot FTOS, simply skip the BMP by choosing A and switch will boot the OS.

After some time BMP will time out. If you’ve missed the above wizard, you can also disable BMP from CLI using the following commands:

> enable
# stop bmp
# config
# reload-type normal-reload
# exit
# reload

When prompted choose to save the configuration and proceed with reload. After the switch has rebooted check that the next boot is set to normal reload:

# show reload-type

Initial configuration

First steps of any switch installation is assigning a hostname and management interface settings:

# hostname DELL4048-SWITCH
# int managementethernet 1/1
# ip address 172.10.10.2/24
# no shut
# management route 0.0.0.0/0 172.10.10.10

Then set admin / enable passwords and allow remote management via SSH:

# enable password 123456
# username admin password 123456
# ip ssh server enable

Configure time zone and NTP:

# clock timezone UTC 11
# ntp server 172.10.10.20
# show ntp associations
# show ntp status
# show clock

Firmware upgrade

Force10 switches have two boot banks A: and B:. It’s a good practice to upload new firmware into one boot bank and keep the old firmware in the other in case you need to roll back.

The easiest way to upgrade is via TFTP using Tftpd64, which you can download for free from here. If you’re upgrading an existing switch, make sure to save the running config and make a backup. If it’s an initial install you can skip this step.

# copy run start
# copy start tftp://10.0.0.1/FORCE10_SWITCH_01.01.16.conf

Then upload new firmware to image B:, change active boot bank to B: and reload:

# show version
# show boot system stack-unit 1
# upgrade system tftp://10.0.0.1/FTOS-SK-9.9.0.0P9.bin b:
# conf t
# boot system stack-unit 1 primary system b:
# exit
# reload

You will be prompted to save the configuration and reboot. After the reboot you may be asked to enable SupportAssist. SuppotAssist helps to automatically open Dell service tickets if there is a switch fault. You can enable SupportAssist by running the following commands and answering prompts:

# conf t
# support-assist activate
# support-assist activity full-transfer start now
# show support-assist status

My pair of switches were configured in a Virtual Link Trunking (VLT) domain. I’ll explain how VLT works later in the series. But from the upgrade point of view, each switch in a VLT domain is treated as a separate switch and has to be upgraded separately. If you decided to use a stack instead of VLT, you can find the upgrade process for a Force10 stack in my other post about Dell MXL switches here.

Spanning tree

Spanning Tree Protocol (STP) helps to prevent network topology loops and is highly recommended for use in any network. Switches connected in an actual loop topology in today’s networks are rare. But STP can save you from consequences of a potential human error, such as port channel misconfiguration. If instead of creating one port channel with two links, you by mistake create two port channels with one link each and both carry the same VLANs, you’ve accidentally created a loop, which will bring your whole network to an immediate halt.

It’s a good practice to enable STP as a safeguard mechanism from such configuration errors. S4048-ON supports STP, RSTP, MSTP and PVST+. In my case S4048s were uplinked into HP core, which supported STP, RSTP and MSTP. If you have Cisco switches in your network core you can use PVST+. In my case I used RSTP, which is a good choice if you don’t require enhancements of MSTP and PVST+ in your network. Just make sure to not use the basic STP protocol, as it provides the slowest convergence.

# protocol spanning-tree rstp
# no disable
# show spanning-tree rstp

In every STP topology there is also a root switch, which by default is selected automatically. For a more deterministic STP behaviour it’s recommended to select the root switch manually, by assigning the lowest STP priority to it. Typically your core switch should be your root switch. In my case it was a HP core switch, which was assigned priority of “0”.

When configuring server and storage facing ports make sure to enable EdgePort mode to minimize the time it takes for the port to come online:

# int range Te1/45-1/48
# spanning-tree rstp edge-port
# switchport
# no shut

If you want to know more about how STP works, you can read a few of my previous blog posts on STP here and here.

Flow control

To avoid dropped packets on 10Gb switch ports at times of potential heavy utilization it is also a best practice to as a minimum enable bi-directional Flow Control on the storage array ports. I enabled it on the iSCSI links connected from the Dell Compellent storage array:

# int range Te1/17-1/18
# flowcontrol rx on tx on

If you specifically interested in switch best practices for Compellent and EqualLogic storage arrays, Dell has a full list of guides for various switches at communitites wiki here.

Port channels and VLANs

Port channels and VLANs are configured similarly to any other switch, but I include them here in case you want to know the syntax. In this example we have two access ports 1/46 and 1/47 and an uplink to the core configured as port channel 1:

# interface port-channel 1
# switchport
# no shutdown

# interface range Te1/1-1/2
# port-channel-protocol LACP
# port-channel 1 mode active
# no shutdown

# int vlan 254
# untagged Te1/46-1/47
# tagged po 1

Keep in mind, that port channels are used either in one switch configurations or when two or more switches are stacked together. If you’re using Virtual Link Trunking (VLT), you will need to create Virtual Link Trunks (VLTs). Which are similar to port channels, but have a slightly different syntax. We will talk about VLT in much more detail in the following Force10 blogs.

Conclusion

One feature which I didn’t specifically mentioned in this blog post was Jumbo Frames. I tend not to use it in my deployments until I see convincing evidence of it making a difference for iSCSI/NFS storage implementations. I did a post about Jumbo Frames long time ago here and hasn’t changed my opinion ever since. Interested to here your thoughts if have a different take on that.

source : https://niktips.wordpress.com/2016/07/03/dell-force10-part-1-initial-configuration/

Continue

fail2ban debian

:: Tutorial install fail2ban ::

#> tujuan : mengamankan server dari bruteforce ssh

apt install fail2ban -y

nano /etc/fail2ban/jail.local

[DEFAULT]

# "ignoreip" can be an IP address, a CIDR mask or a DNS host. Fail2ban will not
# ban a host which matches an address in this list. Several addresses can be
# defined using space separator.
ignoreip = 127.0.0.1

# "bantime" is the number of seconds that a host is banned.
bantime  = 600

# A host is banned if it has generated "maxretry" during the last "findtime"
# seconds.
findtime  = 600

# "maxretry" is the number of failures before a host get banned.
maxretry = 3

[ssh]
enabled = true
port = ssh
filter = sshd
logpath = /var/log/auth.log
maxretry = 5

/etc/init.d/fail2ban restart

untuk monitor :

root@jitsi:~# fail2ban-client status 
Status
|- Number of jail:      2
`- Jail list:   ssh, sshd

root@jitsi:~# fail2ban-client status ssh
Status for the jail: ssh
|- Filter
|  |- Currently failed: 12
|  |- Total failed:     290
|  `- File list:        /var/log/auth.log
`- Actions
   |- Currently banned: 2
   |- Total banned:     2
   `- Banned IP list:   54.37.71.235 103.75.100.106

Continue

understanding bgp regex

Hi Brian,

Can you explain the easiest way to construct a regular expression in BGP?

Thanks,

Rowan

Hi Rowan,

Regular expressions are strings of special characters that can be used to search and find character patterns. Within the scope of BGP in Cisco IOS regular expressions can be used in show commands and AS-Path access-lists to match BGP prefixes based on the information contained in their AS-Path.

In order to understand how to build regular expressions we first need to know what the character definitions are for the regex function of IOS. The below table illustrates the regex characters and their usage. This information is contained in the Cisco IOS documentation under the Appendix of Cisco IOS Terminal Services Configuration Guide, Release 12.2.

+------------------------------------------------------+

| CHAR | USAGE                                         |

+------------------------------------------------------|

|  ^   | Start of string                               |

|------|-----------------------------------------------|

|  $   | End of string                                 |

|------|-----------------------------------------------|

|  []  | Range of characters                           |

|------|-----------------------------------------------|

|  -   | Used to specify range ( i.e. [0-9] )          |

|------|-----------------------------------------------|

|  ( ) | Logical grouping                              |

|------|-----------------------------------------------|

|  .   | Any single character                          |

|------|-----------------------------------------------|

|  *   | Zero or more instances                        |

|------|-----------------------------------------------|

|  +   | One or more instance                          |

|------|-----------------------------------------------|

|  ?   | Zero or one instance                          |

|------|-----------------------------------------------|

|  _   | Comma, open or close brace, open or close     |

|      | parentheses, start or end of string, or space |

+------------------------------------------------------+

Some commonly used regular expressions include:

+-------------+---------------------------+

| Expression  | Meaning                   |

|-------------+---------------------------|

| .*          | Anything                  |

|-------------+---------------------------|

| ^$          | Locally originated routes |

|-------------+---------------------------|

| ^100_       | Learned from AS 100       |

|-------------+---------------------------|

| _100$       | Originated in AS 100      |

|-------------+---------------------------|

| _100_       | Any instance of AS 100    |

|-------------+---------------------------|

| ^[0-9]+$    | Directly connected ASes   |

+-------------+---------------------------+

Let’s break some of the above expressions down step-by-step. The first one “.*” says to match any single character (“.”), and then find zero or more instances of that single character (“*”). This means zero or more instances or any character, which effectively means anything.

The next string “^$” says to match the beginning of the string (“^”), and then immediately match the end of the string (“$”). This means that the string is null. Within the scope of BGP the only time that the AS-Path is null is when you are looking at a route within your own AS that you or one of your iBGP peers has originated. Hence this matches locally originated routes.

The next string “^100_” says to match the beginning of the string (“^”), the literal characters 100, and then a comma, an open or close brace, an open or close, a parentheses, the start or end of the string, or a space (“_”). This means that the string must start with the number 100 followed by any non-alphanumeric character. In the scope of BGP this means that routes which are learned from the AS 100 will be matched, as 100 will be the first AS in the path when AS 100 is sending us routes.

The next string “_100$” is the exact opposite of the previous one. This string says to start with any non-alphanumeric character (“_”), followed by the literal characters 100, followed by the end of the string (“$”). This means that AS 100 is the last AS in the path, or in other words that the prefix in question was originated by AS 100.

The next string “_100_” is the combination of the two previous strings with some extra matches. This string means that the literal characters 100 are set between any two non-alphanumeric characters. The first of these could be the start of the string, which would match routes learned from AS 100, while the second of these could be the end of the string, which would match routes originated in AS 100. Another case could be that the underscores represent spaces, in which the string would match any other AS path information as long as “ 100 ” is included somewhere. This would match any routes which transit AS 100, and therefore “_ASN_” is generally meant to match routes that transit a particular AS as defined by the number “ASN”.

The final string “^[0-9]+$” is a little more complicated match. Immediately we can see that the string starts (“^”), and we can see later that it ends (“$”). In the middle we see a range of numbers 0-9 in brackets, followed by the plus sign. The numbers in brackets mean that any number from zero to nine can be matched, or in other words, any number. Next we have the plus sign which means one or more instances. This string “[0-9]+” therefore means one or more instance of any number, or in other words any number including numbers with multiple characters (i.e. 1, 12, 123, 1234, 12345678, etc.). When we combine these all together this string means routes originated in any directly connected single AS, or in other words, the routes directly originated by the peers of your AS.

Now let’s look at a more complicated match, and using the above character patterns we will see how we can construct the expression step by step. Suppose we have the following topology below, where we are looking at the network from the perspective of AS 100.

+--------+ +--------+ +--------+ +--------+

| AS 200 |-| AS 201 |-| AS 202 |-| AS 203 |\

+--------+ +--------+ +--------+ +--------+ \

                                             \

           +--------+ +--------+ +--------+\  \

           | AS 300 |-| AS 301 |-| AS 302 | \  \

           +--------+ +--------+ +--------+  \  -+--------+

                                              >--| AS 100 |

                      +--------+ +--------+  /  -+--------+

                      | AS 400 |-| AS 401 | /  /

                      +--------+ +--------+/  /

                                             /

                                 +--------+ /

                                 | AS 500 |/

                                 +--------+

AS 100 peers with ASes 203, 302, 401, and 500, who each have peers as diagramed above. AS 100 wants to match routes originated from its directly connected customers (ASes 203, 302, 401, and 500) in addition to routes originated from their directly connected customers (ASes 202, 301, and 400). The easiest way to create this regular expression would be to think about what we are first trying to match, and then write out all possibilities of these matches. In our case these possibilities are:

203

203 202

302

302 301

401

401 400

500

Now we could simply create an expression with multiple lines (7 lines to be exact) that would match all of the possible AS paths, but suppose that AS 100 wants to keep this match as flexible as possible so that it will apply to any other ASes in the future. Now let’s try to generalize the above AS-Path information into a regex.

First off we know that each of the matches is going to start and going to end. This means that the first character we will have is “^” and the last character is “$”. Next we know that between the “^” and “$” there will be either one AS or two ASes. We don’t necessarily know what numbers these ASes will be, so for the time being let’s use the placeholder “X”. Based on this our new possible matches are:

^X$

^X X$

Next let’s reason out what X can represent. Since X is only one single AS, there will be no spaces, commas, parentheses, or any other special type characters. In other words, X must be a number. However, since we don’t know what the exact path is, we must take into account that X may be a number with more than one character (i.e. 10, 123, or 10101). This essentially equates to one or more instance of any number zero through nine. In regular expression syntax our two matches would therefore now read:

^[0-9]+$

^[0-9]+ [0-9]+$

This expressions reads that we either have a number consisting of one or more characters zero through nine, or a number consisting of one or more characters zero through nine followed by a space and then another number consisting of one or more characters zero through nine. This brings our expression down to two lines as opposed to our original seven, but let’s see how we can combine the above two as well. To combine them, first let us compare what is different between them.

^[0-9]+$

^[0-9]+ [0-9]+$

From looking at the expressions it is evident that the sequence “ [0-9]+” is the difference. In the first case “ [0-9]+” does not exist in the expression. In the second case “ [0-9]+” does exist in the expression. In other words, “ [0-9]+” is either true or false. True or false (0 or 1) is represented by the character “?” in regex syntax. Therefore we can reduce our expression to:

^[0-9]+ [0-9]+?$

At this point we run into a problem with the order of operations of the regex. As denoted above the question mark will apply only to the plus sign, and not to the range [0-9]. Instead, we want the question mark to apply to the string “ [0-9]+” as a whole. Therefore this string needs to be grouped together using parentheses. Parentheses are used in regular expressions as simply a logical grouping. Therefore our final expression reduces to:

^[0-9]+( [0-9]+)?$

Note that to match a question mark in IOS, the escape sequence CTRL-V or ESC-Q must be entered first, otherwise the IOS parser will interpret the question mark as an attempt to invoke the context sensitive help.

Continue

bash completion pada centos7

Kali ini saya akan nyimpen catetan enable bash-completion di centos7. Sebagaimana kita tahu, untuk mencari file itu menggunakan perintah locate namafile
Tapi sebelumnya harus install locate pada debian, kl di centos namanya mlocate.
Baiklah, langsung saja begini caranya

[root@server ~]# yum install bash-completion bash-completion-extras -y
[root@server ~]# yum install mlocate -y
[root@server ~]# updatedb
[root@server ~]# locate bash_completion.sh
[root@server ~]# locate bash_completion.sh
/etc/profile.d/bash_completion.sh
[root@server ~]# source /etc/profile.d/bash_completion.sh 
[root@server ~]# logout 

jika sudah, coba lakukan yum install [tab]
disana tertera semua perintah lanjutan.

Continue

install mysql-server di centos

install mysql-server di centos

wget https://dev.mysql.com/get/mysql80-community-release-el7-1.noarch.rpm
rpm -Uvh mysql80-community-release-el7-1.noarch.rpm
yum install mysql-server -y
systemctl start mysqld
systemctl status mysqld
clear
grep 'temporary password' /var/log/mysqld.log | awk '{print "password mysql: " $13}'
echo "silahkan diganti dengan command mysql_secure_installation"

Continue

prepare frr

    1  ip addr

    2  nano /etc/network/interfaces

    3  nano /etc/apt/sources.list

#deb cdrom:[Debian GNU/Linux 10.0.0 _Buster_ - Official amd64 xfce-CD Binary-1 20190706-10:24]/ buster main
deb http://deb.debian.org/debian/ buster main contrib non-free
deb-src http://deb.debian.org/debian/ buster main contrib non-free
deb http://security.debian.org/debian-security buster/updates main contrib non-free
deb-src http://security.debian.org/debian-security buster/updates main contrib non-free
deb http://deb.debian.org/debian/ buster-backports main contrib non-free
deb-src http://deb.debian.org/debian/ buster-backports main contrib non-free
# buster-updates, previously known as 'volatile'
# A network mirror was not selected during install.  The following entries
# are provided as examples, but you should amend them as appropriate
# for your mirror of choice.
#
# deb http://deb.debian.org/debian/ buster-updates main
# deb-src http://deb.debian.org/debian/ buster-updates main
# This system was installed using small removable media
# (e.g. netinst, live or single CD). The matching "deb cdrom"
# entries were disabled at the end of the installation process.
# For information about how to configure apt package sources,
# see the sources.list(5) manual.

    4  apt update

    5  ping 1.1.1.1

    6  nano /etc/resolv.conf

    7  apt update

    8  apt dist-upgrade

    9  tasksel

   10  clear

   11  apt install intel-microcode

   12  apt install sudo

   13  apt dist-upgrade

   14  clear

   15  apt install build-essentials

   16  apt install build-essential

   17  apt-cache search bird

   18  apt-cache search bird | more

   19  apt install tuned

   20  apt install iftop iptraf htop bwm-ng

   21  apt install strace

   22  nano /etc/sysctl.conf

   23  nano /etc/apt/sources.list

   24  apt update

   25  nano /etc/apt/sources.list

   26  apt update

   27  nano /etc/apt/sources.list

   28  apt update

   29  nano /etc/apt/sources.list

   30  apt update

   31  apt dist-upgrade

   32  apt install linux-image

   33  apt cache search kernel

   34  apt-cache search kernel

   35  apt-cache search linux-image

   36  apt-cache search linux-image-amd64

   37  apt-cache search linux-image-5.3.0-amd64

   38  apt install linux-image-amd64

   39  apt install linux-image-5.6.0-0.bpo.2-amd64

   40  apt install linux-image-5.3.0-0.bpo.2-amd64

   41  apt install linux-headers-5.3.0-0.bpo.2-amd64

   42  adduser bitbox sudo

   43  cd /home/bitbox/

   44  ls

   45  cp -R * /etc/systemd/network/

   46  cd /etc/systemd/network/

   47  ls

   48  nano 11-sfplus1.link

   49  update-initramfs -c -k all

   50  reboot

   51  ip addr

   52  nano /etc/network/interfaces

   53  reboot

   54  apt install ifenslave

   55  apt install bridge-utils

   56  nano /etc/resolv.conf

   57  ping 1.1.1.1

   58  ip r

   59  ip route replace default via 192.168.99.254

   60  ip r

   61  apt update

   62  apt dist-upgrade

   63  ip r

   64  apt install bridge-utils

   65  brctl show

   66  apt update

   67  apt install ifupdown2

   68  apt install vlan

   69  vconfig

   70  ip link

   71  nano /etc/network/interfaces

   72  apt update

   73  apt update

   74  nano /etc/network/interfaces

   75  nano /etc/ssh/sshd_config

   76  systemctl restart sshd

   77  reboot

   78  ip addr

   79  ip addr

   80  nano /etc/network/interfaces

   81  ip addr

   82  ip addr add 192.168.99.1/24 dev ge1

   83  ip r

   84  ip r

   85  ip addr

   86  ip link ge1 up

   87  ip link set ge1 up

   88  ip addr

   89  ip r

   90  ip route add default via 192.168.99.1

   91  apt update

   92  apt dist-upgrade

   93  apt install bird

   94  bird -c

   95  apt autoremove bird

   96  apt install bird2

   97  apt-cache search bird2

   98  apt-cache search bird

   99  apt install bird-bgp

  100  apt autoremove bird-bgp

  101  apt autoremove bird-bgp

  102  wget -O - http://bird.network.cz/debian/apt.key | apt-key add -

  103  apt-get install lsb-release

  104  echo "deb http://bird.network.cz/debian/ $(lsb_release -sc) main" > /etc/apt/sources.list.d/bird.list

  105  apt update

  106  wget -O - http://bird.network.cz/debian/apt.key |

  107  apt-secure

  108  apt-key add

  109  ls

  110  ls

  111  wget -c ftp://bird.network.cz/pub/bird/debian/apt.key

  112  lls

  113  ls

  114  apt-key add apt.key

  115  apt update

  116  apt install debian-keyring

  117  apt-key add apt.key

  118  apt update

  119  apt-key adv --keyserver ha.pool.sks-keyservers.net --recv-keys B188E2B695BD4743

  120  apt update

  121  apt upgrade

  122  apt install bird

  123  bird -c

  124  bird --version

  125  apt-cache search bird2

  126  apt autoremove bird

  127  apt install bird2

  128  clear

  129  bird --version

  130  clear

  131  tuned-adm profile

  132  tuned-adm profile network-latency

  133  tuned-adm profile network-troughput

  134  tuned-adm profile network-throughput

  135  htop

  136  clear

  137  apt dist-upgrade

  138  free -m

  139  vgs

  140  lvs

  141  swapoff -a

  142  swapon -a

  143  free -m

  144  clear

  145  bwm-ng

  146  apt install ifupdown2

  147  ip addr

  148  nano /etc/network/on

  149  nano /etc/network/interfaces

  150  reboot

  151  iperf3 -c localhost

  152  tuned-adm profile network-latency

  153  iperf3 -c localhost

  154  htop

  155  iperf3 -c localhost

  156  ping localhost

  157  tuned-adm profile network-throughput

  158  ping localhost

  159  brctl show

  160  vlan

  161  vconfig

  162  ip addr

  163  ethtool -m sfplus4

  164  ethtool -i sfplus4

  165  apt update

  166  apt dist-upgrade

  167  cd /usr/src/

  168  ls

  169  tar -xzvf i40e-2.10.19.30.tar.gz

  170  ls

  171  cd i40e-2.10.19.30/

  172  ls

  173  cd src/

  174  ls

  175  make

  176  make install

  177  htop

  178  bwm-ng

  179  bwm-ng

  180  iperf3 -c

  181  iperf3 -c localhost

  182  apt install python3 pip

  183  apt install python3-pip

  184  pip3-install speedtest-cli

  185  pip3 install speedtest-cli

  186  speedtest-cli

  187  ip addr

  188  ip link set add ge1

  189  ip link add link ge1 name ge1.100 type vlan id 100

  190  ip addr

  191  lsmod

  192  lsmod | grep 802

  193  exit

  194  vconfig show

  195  vconfig show

  196  vconfig

  197  apt update

  198  ip addr

  199  ifquery --all

  200  ifquery

  201  ifquery -a

  202  ifquery --help

  203  ifquery -ra

  204  ifquery -r

  205  ip addr add 192.168.100.1/24 dev ge1.100

  206  ifquery -ra

  207  ifquery -r

  208  ip add

  209  htop

  210  top

  211  ip addr

  212  ethtool -m sfplus4

  213  ethtool -i sfplus4

  214  reboot

  215  apt install iperf3

  216  lksctp-tools

  217  iperf3 localhost

  218  iperf3 -s

  219  ethtool -i sfplus4

  220  ethtool -m sfplus4

  221  ethtool -m sfplus3

  222  ethtool -i sfplus3

  223  ethtool -i sfplus4

  224  ethtool -m sfplus4

  225  ethtool -m sfplus4

  226  ethtool -m sfplus3

  227  apt dist-upgrade

  228  nano /etc/default/grub

  229  nano /etc/default/grub

  230  update-grub

  231  nano /etc/motd

  232  reboot

  233  clear

  234  ip addr

  235  nano /etc/motd

  236  apt update

  237  tuned-adm

  238  tuned-adm profile

  239  tuned-adm active

  240  clear

  241  apt install intel-microcode

  242  free -m

  243  df -mh

  244  htop

  245  date

  246  dpkg-reconfigure tzdata

  247  clear

  248  update

  249  upate

  250  apt install command-not-found

  251  apt-file update

  252  update-command-not-found

  253  apt install lldpd

  254  lm-sensors snmp-mibs-downloader snmpd

  255  apt install lm-sensors snmp-mibs-downloader snmpd

  256  apt install unzip

  257  apt install zip

  258  clear

  259  dig

  260  apt install dns-utils

  261  apt update

  262  ps ax | more

  263  ip addr

  264  lldpc

  265  lldpcli

  266  debugfs

  267  poweroff

  268  ip addr

  269  poweroff

  270  poweroff

  271  vtysh

  272  exit

  273  vtysh

  274  ip addr | more

  275  ping 10.146.146.6

  276  ping 10.146.146.5

  277  ping 10.146.146.5

  278  ping 10.146.146.6

  279  arp -a

  280  apt install net-tools

  281  arp -a

  282  arp -a

  283  ifconfig ge8

  284  clear

  285  ip addr

  286  ip addr

  287  ip addr | more

  288  ip addr add 192.168.0.15/24 dev ge8

  289  ping 192.168.0.2

  290  ip link set ge8 up

  291  ping 192.168.0.2

  292  ping 192.168.0.15

  293  ping 192.168.0.8

  294  ping 192.168.0.2

  295  ip r

  296  ip route replace default via 192.168.0.2

  297  cat /etc/resolv.conf

  298  apt update

  299  apt dist-upgrade

  300  apt instal frr

  301  apt install frr

  302  systemctl stop bird

  303  systemctl stop bird6

  304  systemctl disable bird

  305  systemctl disable bird6

  306  frr --version

  307  vtysh

  308  apt autoremove frr

  309  cd /

  310  curl -s https://deb.frrouting.org/frr/keys.asc | sudo apt-key add -

  311  apt install curl

  312  apt install dudo

  313  apt install sudo

  314  curl -s https://deb.frrouting.org/frr/keys.asc | sudo apt-key add -

  315  FRRVER="frr-stable"

  316  echo deb https://deb.frrouting.org/frr $(lsb_release -s -c) $FRRVER | sudo tee -a /etc/apt/sources.list.d/frr.list

  317  sudo apt update && sudo apt install frr frr-pythontools

  318  vtysh

  319  nano /etc/frr/daemons

  320  nano /etc/sysctl.conf

  321  clear

  322  systemctl restart frr

  323  vtysh

  324  bwm-ng

  325  vtysh

  326  lldpcli

  327  vtysh

  328  vtysh

  329  uname -a

  330  apt install ffr

  331  apt install frr

  332  nano /etc/frr/daemons

  333  systemctl restart frr

  334  nano /etc/frr/vtysh.conf

  335  nano /etc/frr/frr.conf

  336  vtysh

  337  ifconfig

  338  ifconfig

  339  ip addr

  340  nano /etc/network/interfaces

  341  vytsh

  342  vtysh

  343  bwm-ng

  344  iftop -i ge8

  345  clear

  346  iftop -i ge8

  347  bwm-ng

  348  iptraf-ng

  349  sh run

  350  ip addr

  351  ip link add ge8 name ge8.100 type vlan vlan id 100

  352  ip link add ge8 name ge8.100 type vlan id 100

  353  ip link add name ge8.100 type vlan id 100

  354  modprobe 8021q

  355  ip link add name ge8.100 type vlan id 100

  356  vconfig

  357  vconfig add ge8 100

  358  vconfig show

  359  ip addr

  360  ifquery --show

  361  ifquery --running

  362  ifquery --running -a

  363  ifquery --running -a

  364  nano /etc/network/interfaces

  365  vconfig

  366  vconfig add ge8 101

  367  ip addr

  368  ifquery --running -a

  369  vtysh

  370  ip r

  371  ip r | wc -l

  372  exit

  373  vytsh

  374  vtysh

  375  do sh run

  376  vtysh

  377  vconfig

  378  vconfig rem ge8.100

  379  vconfig rem ge8.101

  380  vconfig show

  381  ip addr

  382  ifquery -a --running

  383  cat /etc/frr/frr.conf

  384  nano /etc/network/interfaces

  385  cat /etc/frr/frr.conf

  386  vytsh

  387  vtysh

  388  nano /etc/network/interfaces

  389  vtysh

  390  ip addr

  391  ip addr del 192.168.0.15/24 dev ge8

  392  vtysh

  393  ip addr del 192.168.0.15/24 dev ge7

  394  nano /etc/network/interfaces

  395  nano /etc/frr/frr.conf

  396  vtysh

  397  exit

  398  exit

  399  shutdown now

  400  nano /etc/frr/frr.conf

  401  nano /etc/network/interfaces

  402  vtysh

  403  exit

  404  cat /etc/frr/frr.conf

  405  exit

  406  shutdown now

  407  htop

  408  cat /proc/cpuinfo

  409  lscpu

  410  htop

  411  exit

  412  history

Continue

looking glass mikrotik

apt install graphviz
apt install php-pear
pear install Image_GraphViz
https://git.dev.hsdn.org/pub/lg
masukkan file nya dan ubah pada file lg_config.php

Continue

virtualhost apache pada ip vps

Hai, kali ini saya akan share cara bikin virtual host ke vps kita.
Yang pertama, pastikan buat record IN A dulu ke ip public vps kita, kemudian kita login ke vps dan tambahkan file /etc/apache2/sites-enabled/lg.yam.net.id.conf

<VirtualHost *:80>
    ServerAdmin noc@yam.net.id
    ServerName lg.yam.net.id
    ServerAlias www.lg.yam.net.id
    DocumentRoot /var/www/html/lg
    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>

kemudian lakukan perintah a2ensite lg.yam.net.id.conf
lalu restart apachenya service apache2 restart

Continue

smokeping with sendmail gmail relay

Halo, jumpa lagi,

Kita akan belajar bagaimana caranya bikin smokeping latency grapher, semacem ping monitoring gitu lah, yang tujuannya biar monitor berapa sih ping dari server ke target remote dan disertakan dengan log nya, jam sekian intermittent, dlsb.

Baiklah, pertama tama, install dahulu 

apt install sendmail sendmail-bin mailutils

lalu

mkdir -m 700 /etc/mail/authinfo 

lalu edit file gmail-smtp-auth

 /etc/mail/authinfo/gmail-smtp-auth

 kemudian isikan

AuthInfo: "U:root" "I:USER@gmail.com" "P:GMAIL_USER_PASSWORD"

sesuaikan dengan email gmail anda dan passwordnya

sekarang generate sendmail gmail authentication

makemap hash /etc/mail/authinfo/gmail-smtp-auth < /etc/mail/authinfo/gmail-smtp-auth

jika sudah akan terbentuk file /etc/mail/authinfo/gmail-smtp-auth.db

kemudian edit file /etc/mail/sendmail.mc

di baris paling bawah, ubah setingan seperti berikut ini

dnl #
dnl # Defining Gmail Smarthost for sendmail
define(`SMART_HOST',`[smtp.gmail.com]')dnl
define(`RELAY_MAILER_ARGS', `TCP $h 587')dnl
define(`ESMTP_MAILER_ARGS', `TCP $h 587')dnl
define(`confAUTH_OPTIONS', `A p')dnl
TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
FEATURE(`authinfo',`hash -o /etc/mail/authinfo/gmail-smtp-auth.db')dnl
dnl #
dnl # Default Mailer setup
MAILER_DEFINITIONS
MAILER(`local')dnl
MAILER(`smtp')dnl

kemudian eksekusi

make -C /etc/mail
...
Creating /etc/mail/relay-domains
# Optional file...
Updating Makefile ...
Reading configuration from /etc/mail/sendmail.conf.
Validating configuration.
Creating /etc/mail/Makefile...
Updating sendmail.cf ...
The following file(s) have changed:
  /etc/mail/relay-domains /etc/mail/sendmail.cf
** ** You should issue `/etc/init.d/sendmail reload` ** **
make: Leaving directory '/etc/mail'

DONE!

jangan lupa reload sendmailnya /etc/init.d/sendmail reload
untuk testnya silahkan bisa lakukan seperti berikut :

echo "This is a test for sendmail gmail relay" | sendmail test-user@gmail.com

Continue

locate freebsd

begini cara install locate di freebsd

root@sync:/var/named # pkg search locate
p5-File-Locate-0.62            Search the locate(1)-database from Perl
root@sync:/var/named # pkg install p5-File-Locate-0.62
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
All repositories are up to date.
Checking integrity... done (0 conflicting)
The most recent versions of packages are already installed
root@sync:/var/named # /usr/libexec/locate.updatedb
>>> WARNING
>>> Executing updatedb as root.  This WILL reveal all filenames
>>> on your machine to all login users, which is a security risk.
root@sync:/var/named # locate bind

Continue

filter porn unbound

Kali ini akan saya share script untuk blokir unbound berdasarkan list porn StevenBlack.
Syarat penggunaan script ini adalah jika unbound telah berhasil diinstall dan berjalan dengan baik tanpa error. Jangan lupa install dahulu dos2unix jika belum terinstall, caranya

apt install dos2unix -y

Baiklah, silahkan buat file convert.sh, kemudian chmod 777 convert.sh

# list of ads domain names
array=( https://raw.githubusercontent.com/StevenBlack/hosts/master/alternates/fakenews-gambling-porn/hosts )
for i in "${array[@]}"
do
wget $i -O w
grep -v " #\|<td>\|<p>\|<meta>\|<link>\|<title>\|href\|title=\|=\|<" w > adsList.txt
rm w
dos2unix adsList.txt
# remove host syntax and clean file
sed -i 's/0.0.0.0//g' adsList.txt
sed -i 's/127.0.0.1//g' adsList.txt
sed -i 's/localhost//g' adsList.txt
sed -i 's/.localdomain//g' adsList.txt
# remove commentary after domain name
sed -i 's/#.*//' adsList.txt
# remove tabulation character and carriage return
sed -i "s/\t//g" adsList.txt
sed -i "s/\r//g" adsList.txt
# remove useless space
sed -i 's/ //g' adsList.txt
# remove empty lines
sed -i '/^\s*$/d' adsList.txt
# add prefix and suffix for unbound
sed -i "s/.*/local-zone: \"&\" static/" adsList.txt
cat adsList.txt >> adsListFinal.txt
done
# order list by name, it didn't cost a lot and could maybe increase unbound performance
sort adsListFinal.txt -o adsListFinal.txt
# remove duplicate ads domain in order to avoid warning with Unbound
uniq adsListFinal.txt > adslist.txt
# remove tempory files
rm adsListFinal.txt adsList.txt

kemudian eksekusi ./convert.sh 
dari hasil script di atas akan muncul file adsList.txt, kemudian pindahkan ke /etc/unbound/unbound.conf.d/
kemudian laukan pengecekan

root@DNS-20-10:/home/rahox # unbound-checkconf
unbound-checkconf: no errors in /etc/unbound/unbound.conf

jika dipastikan tidak error silahkan reload atau restart unbound dengan cara

unbound-control reload 

atau

unbound-control restart

Jika sudah, lakukan pengecekan seperti berikut, pastikan /etc/resolv.conf sudah diarahkan ke 127.0.0.1

root@DNS-20-10:/home/rahox # nslookup xnxx.com
Server:         127.0.0.1
Address:        127.0.0.1#53
** server can't find xnxx.com: NXDOMAIN

source :https://blog.mirabellette.eu/index.php?article17/block-advertise-domain-name-with-unbound

Continue