Networking

Hauwei dongle AT commad

AT^U2DIAG=0 Modem Mode
AT^U2DIAG=1 Modem and CD-Rom Mode
AT^U2DIAG=255 Modem+CD-Rom+Card-Reader Modem+ Factory Defaults Setting
AT^U2DIAG=256 Modem+Card-Reader Mode
AT^U2DIAG=257 Disable Application Port
AT^U2DIAG=276 Reset to factory Defaults

AT^CVOICE=? Gives Status of your modems voice..
AT^CVOICE=0 Enable Voice
AT^CVOICE=1 Disable Voice

ATI  Gives Manufacture Information of Modem
AT+CGMR  Gives firmware version of Modem
AT+CGSN  Gives IMEI of Modem
AT+CIMI  Gives IMSI of Modem

JunOS – Update with low space CF

dmesg tail:

umass0: SanDisk Cruzer Micro, rev 2.00/2.00, addr 2
da0 at umass-sim0 bus 0 target 0 lun 0
da0: <SanDisk Cruzer Micro 6.51> Removable Direct Access SCSI-0 device
da0: 1.000MB/s transfers
da0: 988MB (2025471 512 byte sectors: 64H 32S/T 988C)

root@amnesyac% dd if=/dev/zero of=/dev/da0 bs=128k

2435+0 records in
2434+0 records out
319029248 bytes transferred in 352.314078 secs (905525 bytes/sec)
root@amnesyac% disklabel -R -w da0 auto
root@amnesyac% newfs -U /dev/da0
/dev/da0: 989.0MB (2025468 sectors) block size 16384, fragment size 2048
using 6 cylinder groups of 183.69MB, 11756 blks, 23552 inodes.
with soft updates
super-block backups (for fsck -b #) at:
32, 376224, 752416, 1128608, 1504800, 1880992
root@amnesyac% mkdir /var/tmp/usb
root@amnesyac% mount /dev/da0 /var/tmp/usb
root@amnesyac% mv junos-jsr-12.1R5.5-export.tgz /cf/var/tmp/usb/
root@amnesyac% cli
root@amnesyac> file list detail /var/tmp/usb

/var/tmp/usb:
total 406474
drwxrwxr-x  2 root  operator       512 Feb 28 04:52 .snap/
-rw-r--r--  1 root  wheel  208012563 Feb 27 19:33 junos-jsr-12.1R5.5-export.tgz

root@amnesyac> request system software add junos-jsr-12.1R5.5-export.tgz
ERROR: Missing package: /cf/root/junos-jsr-12.1R5.5-export.tgz

root@amnesyac> request system software add /var/tmp/usb/junos-jsr-12.1R5.5-export.tgz
NOTICE: Validating configuration against junos-jsr-12.1R5.5-export.tgz.
NOTICE: Use the 'no-validate' option to skip this if desired.
Checking compatibility with configuration
Initializing...
Verified manifest signed by PackageProduction_9_6_0
Using /var/tmp/usb/junos-jsr-12.1R5.5-export.tgz
Checking junos requirements on /
Available space: 80793 require: 4688
Saving boot file package in /var/sw/pkg/junos-boot-jsr-12.1R5.5.tgz
Verified manifest signed by PackageProduction_12_1_0
Hardware Database regeneration succeeded
Validating against /config/juniper.conf.gz
cp: /cf/var/validate/chroot/var/etc/resolv.conf and /etc/resolv.conf are identical (not copied).
cp: /cf/var/validate/chroot/var/etc/hosts and /etc/hosts are identical (not copied).
[edit system services ssh]
'ssh'
warning: daemon binary /usr/sbin/sshd not found
mgd: commit complete
Validation succeeded
Installing package '/var/tmp/usb/junos-jsr-12.1R5.5-export.tgz' ...
Verified junos-boot-jsr-12.1R5.5.tgz signed by PackageProduction_12_1_0
Verified junos-jsr-12.1R5.5-export signed by PackageProduction_12_1_0
Available space: 81388 require: 4688
WARNING: JUNOS edition export != domestic, need to regenerate ssh host keys
Saving boot file package in /var/sw/pkg/junos-boot-jsr-12.1R5.5.tgz
JUNOS 12.1R5.5 will become active at next reboot
WARNING: A reboot is required to load this software correctly
WARNING:     Use the 'request system reboot' command
WARNING:         when software installation is complete
Saving package file in /var/sw/pkg/junos-12.1R5.5.tgz ...
cp: /var/sw/pkg/junos-12.1R5.5.tgz: No space left on device
Saving state for rollback ...

root@amnesyac> request system reboot
Reboot the system ? [yes,no] (no) yes

Shutdown NOW!
[pid 1988]

root@amnesyac>
*** FINAL System shutdown message from root@amnesyac ***
System going down IMMEDIATELY

Timeout, server not responding.

IPv6 prefix delegation – Cisco IOS

DRAFT

ipv6 unicast-routing
ipv6 cef

interface FastEthernet0/0
ipv6 address NODE-PD ::1/64
ipv6 enable

interface Dialer0
ipv6 address NODE-PD ::1/128
ipv6 enable
ipv6 dhcp client pd NODE-PD rapid-commit

ipv6 route ::/0 Dialer0

DRAFT

Telecom Italia – IPv6 Pilot on Cisco

To my amazement, Telecom Italia released a pilot project of IPv6 deployment on residential/dynamic ip only adsl internet access, but on theirs support site there’s configuration only for some useless systems. So, I’ve decided to write a configuration for Cisco platform.

Usually the typical Telecom Italia PPPoE or PPPoA ADSL connection with dynamic IPv4 only was authenticated with “aliceadsl” as user and password, now with bran new credential along IPv4 the endpoint router advertise a IPv6 /64 class (always dynamic).

username: adsl@alice6.it
password: IPV6@alice6

And now IOS configuration:

– ATM inteface:

interface ATM0/0/0
no ip address
atm restart timer 300
no atm ilmi-keepalive
dsl operating-mode auto
hold-queue 100 in
!
interface ATM0/0/0.1 point-to-point
pvc 8/35
vbr-nrt 380 380
oam-pvc manage
encapsulation aal5mux ppp dialer
dialer pool-member 1

– Dialer inteface:

interface Dialer0
mtu 1492
ip address negotiated
ip nbar protocol-discovery
ip flow ingress
ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer-group 1
ipv6 address autoconfig
ipv6 enable
no cdp enable
ppp authentication chap callin
ppp chap hostname adsl@alice6.it
ppp chap password 0 IPV6@alice6
ppp pap sent-username adsl@alice6.it password 0 IPV6@alice6

– Route configuration:

ip route 0.0.0.0 0.0.0.0 Dialer0
ipv6 route 2000::/3 Dialer0

You can check with following command:

route01#sh ip int brief | sec Dialer0
Dialer0                    XXX.XXX.XXX.XXX    YES IPCP   up                    up
route01#sh ipv6 int brief | sec Dialer0
Dialer0                    [up/up]
FE80::1
2A01:2003:xxxx:xxxx::1

You can discover your /64 assigned class with:

route01#sh ipv6 int di0 | sec Global
Global unicast address(es):
2A01:2003:xxxx:xxxx::1, subnet is 2A01:2003:xxxx:xxxx::/64 [PRE]
valid lifetime 2591993 preferred lifetime 604793
route01#

I’ve left out NAT and other further configuration.

Update: prefix delegation

Juniper – Netscreen upgrade via TFTP

fw01-> save software from tftp 10.255.4.210 ns50ns25.5.4.0r21.0 to flash
Load software from TFTP 10.255.4.210 (file: ns50ns25.5.4.0r21.0).
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
tftp received octets = 5994268
tftp success!

TFTP Succeeded
Save to flash. It may take a few minutes ...platform = 14, cpu = 10, version = 18
update new flash image (01e97ddc,5994268)
platform = 14, cpu = 10, version = 18
offset = 20, address = 3060000, size = 5994189
date = 4062f3e0, sw_version = 4062f3e4, cksum = f7522c46
Program flash (5994268 bytes) ...
sec_size :131072 align_support 1 , mode 96028
++++++++++++++++++++++++++++++++++++++++++++++done
Done
fw01-> reset
System reset, are you sure? y/[n] y
In reset ...

Netmask Conversion

Bitmask (Bits) Dotted Decimal Hexadecimal Binary
/0 0.0.0.0 0x00000000 00000000 00000000 00000000 00000000
/1 128.0.0.0 0x80000000 10000000 00000000 00000000 00000000
/2 192.0.0.0 0xc0000000 11000000 00000000 00000000 00000000
/3 224.0.0.0 0xe0000000 11100000 00000000 00000000 00000000
/4 240.0.0.0 0xf0000000 11110000 00000000 00000000 00000000
/5 248.0.0.0 0xf8000000 11111000 00000000 00000000 00000000
/6 252.0.0.0 0xfc000000 11111100 00000000 00000000 00000000
/7 254.0.0.0 0xfe000000 11111110 00000000 00000000 00000000
/8 255.0.0.0 0xff000000 11111111 00000000 00000000 00000000
/9 255.128.0.0 0xff800000 11111111 10000000 00000000 00000000
/10 255.192.0.0 0xffc00000 11111111 11000000 00000000 00000000
/11 255.224.0.0 0xffe00000 11111111 11100000 00000000 00000000
/12 255.240.0.0 0xfff00000 11111111 11110000 00000000 00000000
/13 255.248.0.0 0xfff80000 11111111 11111000 00000000 00000000
/14 255.252.0.0 0xfffc0000 11111111 11111100 00000000 00000000
/15 255.254.0.0 0xfffe0000 11111111 11111110 00000000 00000000
/16 255.255.0.0 0xffff0000 11111111 11111111 00000000 00000000
/17 255.255.128.0 0xffff8000 11111111 11111111 10000000 00000000
/18 255.255.192.0 0xffffc000 11111111 11111111 11000000 00000000
/19 255.255.224.0 0xffffe000 11111111 11111111 11100000 00000000
/20 255.255.240.0 0xfffff000 11111111 11111111 11110000 00000000
/21 255.255.248.0 0xfffff800 11111111 11111111 11111000 00000000
/22 255.255.252.0 0xfffffc00 11111111 11111111 11111100 00000000
/23 255.255.254.0 0xfffffe00 11111111 11111111 11111110 00000000
/24 255.255.255.0 0xffffff00 11111111 11111111 11111111 00000000
/25 255.255.255.128 0xffffff80 11111111 11111111 11111111 10000000
/26 255.255.255.192 0xffffffc0 11111111 11111111 11111111 11000000
/27 255.255.255.224 0xffffffe0 11111111 11111111 11111111 11100000
/28 255.255.255.240 0xfffffff0 11111111 11111111 11111111 11110000
/29 255.255.255.248 0xfffffff8 11111111 11111111 11111111 11111000
/30 255.255.255.252 0xfffffffc 11111111 11111111 11111111 11111100
/31 255.255.255.254 0xfffffffe 11111111 11111111 11111111 11111110
/32 255.255.255.255 0xffffffff 11111111 11111111 11111111 11111111

CentOS – IPv6 interface

You need to update and configure following files for IPv6 configuration:

1. Edit: /etc/sysconfig/network

And append following line, to enable in systemwide the ipv6 protocol:

NETWORKING_IPV6=yes

2. Edit: /etc/sysconfig/network-scripts/ifcfg-eth1 (or your interface number)

And append following line, to enable ipv6 on interface and the address/gateway if you use static routing:

IPV6INIT=yes
IPV6ADDR=2001:1418:0193:000B::210
IPV6_DEFAULTGW=2001:1418:0193:000B::251

Save, close and restart network service:

# service network restart

MSTSC – Admin session

Memo per il Giaco:

Syntax
MSTSC option
MSTSC /Edit"ConnectionFile"
MSTSC /migrate

Options
ConnectionFile The name of an RDP file for connection

/v: The remote computer to connect to

/console Connect to the console of a server (NT/XP)
/Admin Connect to a session for administering the server(Vista/2008)

/f Start in Full Screen mode

/w:width Width of the RDP screen
/h:height Height of the RDP screen

/span Match the Remote Desktop width and height with the local virtual
desktop, spanning across multiple monitors if necessary.(Vista/2008)

/public Run Remote Desktop in public mode. (Vista/2008)
In public mode, passwords and bitmaps are not cached.

/edit Open the RDP file for editing.
/migrate Convert a legacy Client connection file into an .RDP file

ProFTP(D) – listen on single ip

I don’t use ftp, but wordpress comes with this nice feature to upgrade plugins automatically from the web admin interface that needs ftp.

the problem is I don’t want to enable the ftp service and make it available to the rest of the world just for that.

So I needs the following two options in proftpd.conf:

DefaultAddress 127.0.0.1
SocketBindTight on

Now restart proftpd and you’re done.

Auto Check – OpenVPN

Su connessioni fastweb usando openvpn è in caso di restart dei router di destinazione spesso le sessioni restano appese e non viene ristabilito il tunnel, in teoria questo bug è stato risolto nelle ultime release, per non rischiare 4 righe di script:

#!/bin/bash
if ! ping -c 1 -w 5 "xxx.xxx.xxx.xxx" &>/dev/null ; then
/etc/init.d/openvpn restart
fi

Eseguite ogni 5 minuti come da cron:

*/5 * * * * /root/yeahup

IIS Socket Pooling

C’è una cosa brutta da sapere e si scopre quando per caso proviamo ad installare un servizio in ascolto sulla porta 80 su windows che ha già attivo per sfortuna nostra IIS, si chiama socket pooling, infatti automaticamente iis decide di essere in ascolto su tutti i socket quindi ogni indirizzo configurato sulla macchina, impedendo l’avvio di qualsiasi altro servizio (es. apache) anche se apparentemente configurato correttamente.

Per ovviare a questo problema ecco come fare:
-Prima di tutto installate i support tools, dove sono? Inserite il cd nella directory \Support\Tools trovate un pacchetto suptools.msi
-Ora potete procedere:

Definizione dello scenario in questo caso un server con windows con i seguenti ip:
xxx.xxx.xxx.xxx (destinato a iis)
yyy.yyy.yyy.yyy (destinato ad altro webserver)

from cmd (support tool shell):


#settiamo l'ip in ascolto di iis
httpcfg set iplisten -i xxx.xxx.xxx.xxx
#eliminiamo l'ascolto di iis su questo ip
httpcfg delete iplisten -i yyy.yyy.yyy.yyy

#verifichiamo di non aver fatto errori
httpcfg query iplisten

#riavviamo il tutto per rendere effettive le modifiche
net stop http /y
net start w3svc

Nota: queste operazioni sono testate su IIS6 quindi sulle piattaforme Windows 2003 (tutte le versioni) non posso garantire il funzionamento identico su 2008

RIPE Handle

Sicuramente se si lavora a stretto contatto con im mondo IP vi capiterà prima o poi di avere bisogno di un handle presso il database whois del RIPE.

Ogni oggetto specifico del RIPE ha necessità di avere un mantainer dell’oggetto stesso, dopo questa breve premessa possiamo andare sul sito del ripe nella sezione whois e iniziare le operazioni:

https://www.db.ripe.net/fcgi-bin/webupdates.pl

1. Person object

Create a new object: person
person: Leonardo Rizzi (nome completo)
address: Via 100 (via e numero civico)
address: 00000 Cità (CAP e paese)
address: Italy (stato)
phone: +39 00 000 000 (numero di telefono)
e-mail: lr@deepreflect.net (email)
nic-hdl: AUTO-1 (con questo permette di generare automaticamente l’handle)
changed: lr@deepreflect.net 19780225 (email e data di modifica anno mese giorno)
source: RIPE (sorgente dei dati)

Se tutto è corretto riceverete un messaggio simile: “Create SUCCEEDED: [person] LR1000-RIPE Leonardo Rizzi”

2. Maintainer object

Create a new object: mntner
mntner: LR-MNT (nome-MNT)
description: Maintainer for LR1000-RIPE (qui server una descrizione)
admin-c: LR1000-RIPE (la persona creata)
auth: MD5-PW password-criptata-md5 (se siete pigri usate webcrypt per generare l’hash)
mnt-by: LR-MNT (uguale a mntner)
referral-by: LR-MNT (uguale a mntner)
upd-to: lr@deepreflect.net (email)
changed: lr@deepreflect.net 19780225 (email e data di modifica anno mese giorno)
source: RIPE

Which should result in the following: [mntner] LR-MNT

3. Proteggere il person object

sempre da webupdate cercate -> LR1000-RIPE

aggiungete questi due elementi

mnt-by: LR-MNT
password: password (qui dovete inserire la vostra password in chiaro non l’hash)

A questo punto se non ci sono errore siete presenti nel ripe come persone e mantainer di vuoi stessi.

Cisco – Catalyst Shaping/Ratelimit

Questo è il metodo per fare un sorta di shaping/ratelimit sui catalyst 29xx sul traffico in ingresso su una determinata porta dello switch questo è utile c’è la necessità di limitare la banda in upload di un server, su questa serie c’è però un limite di step di 1Mbit/s nonstante l’immagine Lite o Lanbase il discorso non cambia. Questo sistema non permette di avere una situazione simmetrica quindi il traffico in uscita si può molto molto grezzamente limitare con un’altro sistema che descriverò in seguito.

Prima cosa creare una classmap con associata un acl:

class-map match-all M_P00
match access-group name A_P00

Seconda cosa definire la policy, che contiene l’associazione alla classmap:

policy-map P_P00
class M_P00
police 3000000 64000 exceed-action drop

La sintassi è “police” numero di banda allocata espressa in Bits/s, numero di burst espresso in Bytes poi l’azione in caso il limite venga superato nel mio caso sono 3Mbit/s con bust di 62 Kbyte

Terza cosa associamo la policy alla porta specifica dello switch:

interface FastEthernet0/1
service-policy input P_P00

Ultima cosa, l’acl ne mio caso seleziona tutto il traffico:

ip access-list extended A_P00
permit ip any any

Questo è un sistema grezzo per fare un ratelimit del traffico in uscita dallo switch:

interface FastEthernet0/1
srr-queue bandwidth limit 10

La parte numerica della sintassi è espressa in % sulla velocità della porta.

Linux – IPv6 Tunnel Broker

Come definire il link ad un tunnel broker i questo esempio HE.net da sistema operativo linux utilizzando i net tools

Prima parte crea l’interfaccia di tunneling sull’ipv4:

ifconfig sit0 up
ifconfig sit0 inet6 tunnel ::216.66.84.42

Seconda parte genera l’endpoint del tunnel in ipv6:

ifconfig sit1 up
ifconfig sit1 inet6 add 2001:470:1f12:11c::2/64

Terza parte definisce la rotta sul device relativo all’endpoing del tunnel per tutto il traffico ipv6:

route -A inet6 add ::/0 dev sit1