network

warning: Creating default object from empty value in /data/web/1/000/027/003/273448/htdocs/panticz.de/modules/taxonomy/taxonomy.pages.inc on line 33.

nmcli - NetworkManager command line tool

# list all connections
nmcli con

# show connection details
nmcli con show 'MY_CONNECTION_1'

# start vpn from command line (ubuntu)
nmcli con up id VPN_NAME

nmcli dev wifi list

nmcli con add con-name MY-WIFI ifname wlan0 type wifi ssid MY-WIFI
nmcli con modify MY-WIFI wifi-sec.key-mgmt wpa-psk
nmcli con modify MY-WIFI wifi-sec.psk 'pass1234'

Autostart delayed VPN connection
# /home/foo/.config/autostart/vpn.desktop
[Desktop Entry]
Type=Application
Exec=nmcli con up VPN1
Hidden=false
NoDisplay=false
X-GNOME-Autostart-Delay=3

DNS

# SPF
http://wiki.hetzner.de/index.php/DNS_SPF

# dig
dig txt example.com @8.8.8.8
dig example.com | grep -v ";" | grep A
dig -x 8.9.10.11 | grep IN

Create IPfire DomU (firewall)

Check for latest IPFire version
http://downloads.ipfire.org/

wget https://raw.githubusercontent.com/panticz/xen/master/domains/ipfire.sh -O - | bash -

#!/bin/bash

URL=http://downloads.ipfire.org/releases/ipfire-2.x/2.15-core79/ipfire-2.15.xen.i586-downloader-core79.tar.bz2

# download
wget -q ${URL} -O - | tar -C /tmp -xjf -
bash /tmp/ipfire/xen-image-maker.sh

# copy data to lvm
mkdir -p /tmp/ipfire/mnt/

# copy boot filesystem
lvcreate --name fw-boot --size 256M vg0
mkfs.ext2 /dev/vg0/fw-boot
#mount /tmp/ipfire/ipfire-boot.img /tmp/ipfire/mnt/ -o loop
mount ipfire-boot.img /tmp/ipfire/mnt/ -o loop
mount /dev/vg0/fw-boot /mnt/
cp -a  /tmp/ipfire/mnt/* /mnt/
umount /tmp/ipfire/mnt/
umount /mnt/

# copy root filesystem
lvcreate --name fw-root --size 2G vg0
mkfs.ext4 /dev/vg0/fw-root
#mount /tmp/ipfire/ipfire-root.img /tmp/ipfire/mnt/ -o loop
mount ipfire-root.img /tmp/ipfire/mnt/ -o loop
mount /dev/vg0/fw-root /mnt/
cp -a  /tmp/ipfire/mnt/* /mnt/
umount /tmp/ipfire/mnt/
umount /mnt/

# copy var filesystem
lvcreate --name fw-var --size 2G vg0
mkfs.ext4 /dev/vg0/fw-var
#mount /tmp/ipfire/ipfire-var.img /tmp/ipfire/mnt/ -o loop
mount ipfire-var.img /tmp/ipfire/mnt/ -o loop
mount /dev/vg0/fw-var /mnt/
cp -a  /tmp/ipfire/mnt/* /mnt/
umount /tmp/ipfire/mnt/
umount /mnt/

# create swap
lvcreate --name fw-swap --size 1G vg0
mkswap /dev/vg0/fw-swap


# clean up
rm -r /tmp/ipfire*

# create xen config file
cat <<EOF> /etc/xen/fw
bootloader = '/usr/lib/xen-4.1/bin/pygrub'
memory = 512
name = 'fw'
acpi = 1
apic = 1
vif = [ 'mac=00:17:4e:be:b1:ba' ]
disk = [
    'phy:/dev/vg0/fw-boot,xvda1,w',
    'phy:/dev/vg0/fw-swap,xvda2,w',
    'phy:/dev/vg0/fw-root,xvda3,w',
    'phy:/dev/vg0/fw-var,xvda4,w'
]
pci = ['00:0c.0']
extra = 'iommu=soft'
EOF

# OPTIONAL: autostart
ln -s /etc/xen/fw /etc/xen/auto/01_fw

# TODO (automate)
rmmod e100
rmmod xen-pciback
modprobe xen-pciback 'hide=(00:0c.0)'
xm pci-list-assignable-devices

# start domU
xm create -c fw

# OPTIONAL
sed -i 's|phy:/dev/vg0/fw-|file:/root/ipfire-|g' /etc/xen/fw
sed -i 's|,xvda|.img,xvda|g' /etc/xen/fw

# configure ipfire in terminal

# webinterface
https://YOUR_DOMU_IP:444

# Links
http://wiki.ipfire.org/de/addons/virtualisation/howto/debian_wheezy_xen_4.1?&#debian_wheezy_mit_xen_41_als_dom0
http://wiki.ipfire.org/de/addons/virtualisation/howto/debian_als_dom0_xen#xen_und_kernel_installieren
http://wiki.ipfire.org/de/addons/virtualisation/howto/debian_xen_4.x

Compile iPXE

wget https://raw.githubusercontent.com/panticz/preseed/master/ipxe/scripts/build_ipxe.sh -qO - | bash -

#!/bin/bash

# install requirements
sudo apt-get install -y build-essential liblzma-dev

# get source
git clone git://git.ipxe.org/ipxe.git /tmp/ipxe
 
# create boot script
cat <<EOF> /tmp/ipxe/src/boot.ipxe
#!ipxe
 
dhcp && chain http://\${next-server}/\${mac} || chain http://preseed.panticz.de/\${mac}
EOF
 
# OPTIONAL: enable HTTPS support
sed -i -e '/DOWNLOAD_PROTO_HTTPS/ s/#undef/#define/' /tmp/ipxe/src/config/general.h
 
# OPTIONAL: change product name
sed -i 's|PRODUCT_NAME ""|PRODUCT_NAME "preseed.panticz.de"|g' /tmp/ipxe/src/config/general.h
 
cd /tmp/ipxe/src
 
# build CD image (/tmp/ipxe/src/bin/ipxe.iso)
make bin/ipxe.iso EMBED=boot.ipxe
 
# build USB image (/tmp/ipxe/src/bin/ipxe.usb)
make bin/ipxe.usb EMBED=boot.ipxe
 
# build PXE image (/tmp/ipxe/src/bin/ipxe.pxe)
make bin/ipxe.pxe EMBED=boot.ipxe
 
# build GRUB image (/tmp/ipxe/src/bin/ipxe.lkrn)
make bin/ipxe.lkrn EMBED=boot.ipxe
 
# build undionly image (/tmp/ipxe/src/bin/undionly.kpxe)
make bin/undionly.kpxe EMBED=boot.ipxe

# ToDo: https boot
http://ipxe.org/cfg/crosscert
http://ipxe.org/cfg/trust

Links
http://ipxe.org
http://ipxe.org/download
http://www.coreboot.org/IPXE

TestServer - fully automated test system

  • iPXE netboot
  • Provisioning
  • Inventory
  • Hardware test
  • Monitoring
  • Automated system installation

IpFire

http://wiki.ipfire.org/de/addons/net-snmp/start - SNMP Daemon for IpFire

Edit Cron jobs on IpFire
fcrontab -e
/etc/init.d/fcron restart

# force update dyndns every day
#9 2 * * 0 [ -f "/var/ipfire/red/active" ] && /usr/local/bin/setddns.pl -f
0 19 * * * [ -f "/var/ipfire/red/active" ] && /usr/local/bin/setddns.pl -f

Upgrade
pakfire update
pakfire upgrade

Install Addons
pakfire install -y iftop

Update XEN VM
mount /dev/vg1/fw-boot /mnt/

# add XEN boot entry in GRUB configuration

Configure network bridge

#!/bin/bash
 
# backup original network config
mv /etc/network/interfaces /etc/network/interfaces.org
 
# configure network bridge for xen
cat <<EOF> /etc/network/interfaces
auto lo
iface lo inet loopback
 
# eth0 (internal lan)
auto eth0 eth1 xenbr1
iface eth0 inet static
        address 192.168.1.111
        netmask 255.255.255.0
        network 192.168.1.0
        broadcast 192.168.1.255
        gateway 192.168.1.5
        #post-up ethtool -K eth0 tx off
 
# eth1 (DSL)
iface eth1 inet manual
        up ifconfig eth1 0.0.0.0 promisc up
 
# xenbr1 (bridge between second nic

PXE Net Boot

http://www.netboot.me/ - Boot anything, anywhere, anytime
http://ipxe.org/cmd - iPXE Settings reference

OpenVPN connect to network with same ip range

#!/bin/bash
 
# delete routing for whole network
sudo route del -net 192.168.1.0 netmask 255.255.255.0 dev tap0
 
# add route to hosts
for ip in {30..50}; do
	sudo route add 192.168.1.${ip} dev tap0
done

wep

airmon-ng start wlan0 6
wesside-ng -i wlan0

#!/bin/sh

export BSSID=00:1A:4F:9A:6F:9D
export CHANNEL=11

rmmod ipw2200
modprobe ipw2200 rtap_iface=1
iwconfig eth1 mode managed channel $CHANNEL key s:password ap $BSSID
#ifconfig eth1 hw ether 00:a1:b2:c3:d4:e5
ifconfig eth1 up
ifconfig rtap0 up

#########
rmmod ipw2200
modprobe ipw2200 rtap_iface=1
iwconfig eth1 ap $BSSID
iwconfig eth1 key s:fakekey
iwconfig eth1 mode managed
ifconfig eth1 hw ether 00:19:3E:00:3E:36
iwconfig eth1 channel $CHANNEL
ifconfig eth1 up
ifconfig rtap0 up
#########

Syndicate content