sometime, one have to access to old and legacy devices. they may do not support the current ciphers and key algorithms, so, we have to modify the “.ssh/config” File or provide some additional cli arguments.
If you have todo this regualary, you may wanna extend the current parameters with the legacy ones like this:
you never know ;)
mv /etc/ssh/ssh_config /etc/ssh/ssh_config-$(date "+%s")
you have to copy/paste as root
Let’s assume you have an APU2/3/4 and you wanna Bridge some of it’s Interfaces, em0/em1/em2
cat << 'EOF' > /etc/hostname.bridge0
add vether0
add em0
add em1
add em2
up
EOF
echo "up" >> /etc/hostname.em0
echo "up" >> /etc/hostname.em1
echo "up" >> /etc/hostname.em2
cat << 'EOF' > /etc/hostname.vether0
inet autoconf
inet6 autoconf -temporary -soii
up
EOF
sh /etc/netstart
or do a simpy reload
pkg_add smokeping
cat << 'EOF' >/etc/smokeping/config
*** General ***
owner = YOUR NAME
contact = YOUR@EMAIL.NET
mailhost = localhost
sendmail = /usr/sbin/sendmail
# NOTE: do not put the Image Cache below cgi-bin
# since all files under cgi-bin will be executed ... this is not
# good for images.
imgcache = /var/www/htdocs/smokeping/cache
imgurl = cache
datadir = /var/db/smokeping
piddir = /var/run
cgiurl = https://YOUR.URL.NET/smokeping/smokeping.cgi
smokemail = /etc/smokeping/smokemail
tmail = /etc/smokeping/tmail
# specify this to get syslog logging
syslogfacility = local0
# each probe is now run in its own process
# disable this to revert to the old behaviour
# concurrentprobes = no
*** Alerts ***
to = YOUR@EMAIL.NET
from = smokealert@localhost
+someloss
type = loss
# in percent
pattern = >0%,*12*,>0%,*12*,>0%
comment = loss 3 times in a row
*** Database ***
step = 300
pings = 20
# consfn mrhb steps total
AVERAGE 0.5 1 28800
AVERAGE 0.5 12 9600
MIN 0.5 12 9600
MAX 0.5 12 9600
AVERAGE 0.5 144 2400
MAX 0.5 144 2400
MIN 0.5 144 2400
*** Presentation ***
template = /etc/smokeping/basepage.html
htmltitle = yes
graphborders = no
+ charts
menu = Charts
title = The most interesting destinations
++ stddev
sorter = StdDev(entries=>4)
title = Top Standard Deviation
menu = Std Deviation
format = Standard Deviation %f
++ max
sorter = Max(entries=>5)
title = Top Max Roundtrip Time
menu = by Max
format = Max Roundtrip Time %f seconds
++ loss
sorter = Loss(entries=>5)
title = Top Packet Loss
menu = Loss
format = Packets Lost %f
++ median
sorter = Median(entries=>5)
title = Top Median Roundtrip Time
menu = by Median
format = Median RTT %f seconds
+ overview
width = 600
height = 50
range = 10h
+ detail
width = 600
height = 200
unison_tolerance = 2
"Last 3 Hours" 3h
"Last 30 Hours" 30h
"Last 10 Days" 10d
"Last 360 Days" 360d
#+ hierarchies
#++ owner
#title = Host Owner
#++ location
#title = Location
*** Probes ***
+ FPing
binary = /usr/local/sbin/fping
*** Targets ***
probe = FPing
menu = Top
title = Network Latency Grapher
remark = Welcome to the SmokePing
+ Remote
menu= Remote
title= Remote hosts
+ DNS
menu = DNS
title = DNS
++ cf
menu = 1.1.1.1
title = 1.1.1.1
host = 1.1.1.1
++ google
menu = 8.8.8.8
title = 8.8.8.8
host = 8.8.8.8
++ quad9
menu = 9.9.9.9
title = 9.9.9.9
host = 9.9.9.9
EOF
don’t like to set permission to 777. but it does not work without :(
you’re using anycast every day. all public resolvers (1.1.1.1, 8.8.8.8, 9.9.9.9) for example are anycast ip’s and hence, many servers distributed around the world which listen and announce the same ip address.
we can build a proof of concept, how to build such a network, for a few $.
Anycast heavily depends on BGP. So, you need a own AS Number. I got my for 15 CHF/Year from Securebit.ch. You should also keep in mind that you will not get any IPv4 addresses without buying them for the market. So, your Setup will be based on IPv6 only.
that’s a question i was asked recently. As LTNN (Long Term Networking Nerd), i’m aware of Unicast, Multicast, Broadcast and also Anycast. so, let’s have a look into this.
hint: this article is not about how to setup your own anycast network. this may follow soon ?!?
Sending a message from one sender to one recipient
Sending a message from one sender to multiple recipients
I was wondering if you can have Wildcart Certs for certain Subdomain. Idea is to provide a Service with “myservice.auth.your.domain” which automatically requests Authentication, while the same Service “myservice.whitelist.your.domain” is reachable through some Whitelisted IP only.
As Traefik can Chain Middleware, but not implements some logic (If Whitelist -> ok, else do Basic Auth …), i have to build another solution.
let’s have a look
cd /your/traffic/rootfolder
mkdir -p config/dynamic
we need two variables, so let’s put them in the .env File
Let’s assume you have a URL “https://whoami.your.domain.de/removeme" and you wanna get rid of the “removeme” before passing the Request to the Webserver. Stripprefix is your friend …
whoami:
image: containous/whoami
labels:
- "traefik.enable=true"
- "traefik.http.middlewares.test-stripprefix.stripprefix.prefixes=/wegdamit,/removeme"
- "traefik.http.routers.whoami.middlewares=test-stripprefix@docker"
- "traefik.http.routers.whoami.rule=Host(`whoami.your.domain.de`)"
- "traefik.http.routers.whoami.tls.certresolver=letsencrypt"
- "traefik.http.routers.whoami.tls=true"
sha256: 0620c0c2d7ae033f2536f6797a048772e52a09119367f4864f8bb2a754d2ea57
If you have Docker running somehwere … bring up your Smoke Instance within Seconds ;)
docker run --name smoke --restart always -d -p 80:80 linuxserver/smokeping
docker ps
docker-test:~# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
8f8b872ac1c3 linuxserver/smokeping "/init" 6 minutes ago Up 6 minutes 0.0.0.0:80->80/tcp, :::80->80/tcp smoke
docker exec -it smoke /bin/sh
root@8f8b872ac1c3:/# netstat -an
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN
Active UNIX domain sockets (servers and established)
Proto RefCnt Flags Type State I-Node Path
unix 2 [ ACC ] STREAM LISTENING 406670 s
unix 2 [ ACC ] STREAM LISTENING 406078 /run/apache2/fcgidsock/137.0
Assume you got a fresh Machine with DHCP …
cat /etc/netplan/01-netcfg.yaml
# This is the network config written by 'subiquity'
network:
ethernets:
ens192:
dhcp4: true
version: 2
and you’d like to switch to Static IP, ask google how todo it an give try:
# This is the network config written by 'subiquity'
network:
version: 2
ethernets:
ens192:
addresses:
- 1.2.3.4/24
gateway4: 1.1.1.1
nameservers:
addresses:
- 8.8.8.8
- 8.8.4.4
search:
- world.net
then reboot … and the machine is gone. ok, not really gone, but from IP perspective definitly. it just reboots and come back without default gateway :(
something I’ve wanted to do for a long time and never got around to it …
Just give a try, it’s public available: https://bgp.stoege.net/
OpenBSD got their own HTTP Daemon in Base System. Let’s enable and configure it.