jueves, 23 de diciembre de 2021

Multiple clients l2tp behind the same ip Mikrotik

 L2TP tiene sus limitantes con la direccion ip de origen, para esto hay una solucion de crear un bridge, unas reglas de firewall y crear un script.

 

 # Create a bridge without any member ports so that we'd have something to attach the additional local IP address to.
# Actually the address could be added to an existing interface, but a member-less bridge never fails.
/interface bridge
add name=aux-lo protocol-mode=none

# Add another local address - just to have this part independent from the rest of the configuration.
/ip address
add address=127.0.1.1 interface=aux-lo network=127.0.1.1

# Add a firewall rule permitting local traffic - currently, default firewall rules drop traffic from in-interface-list=!LAN which
# includes local traffic
/ip firewall filter
add chain=input src-address=127.0.0.0/8 dst-address=127.0.0.0/8 action=accept place-before=right after the "accept established,related" rule

# Create the two ends of the local tunnel
/interface ipip
add local-address=127.0.0.1 mtu=1500 name=ipip-inner remote-address=127.0.1.1
add local-address=127.0.1.1 mtu=1500 name=ipip-outer remote-address=127.0.0.1

# Add routes for the addresses used for the solution
/ip route
add distance=1 dst-address=10.0.2.0/24 gateway=ipip-inner
add distance=1 dst-address=10.0.2.254/32 gateway=ipip-outer

# Add the chain of firewall rules preventing newer connections from killing an older one before the cleaner script changes the src-nat address
/ip firewall filter
add chain=udp-4500-in src-address-list=src-addresses-in-use action=drop
add chain=udp-4500-in action=add-src-to-address-list address-list=src-addresses-in-use address-list-timeout=1m
add chain=udp-4500-in action=accept

# Add the firewall rule sending new packets to UDP 4500 coming from the tunnel to the chain above
/ip firewall filter
add action=jump chain=input connection-state=new dst-port=4500 in-interface=ipip-inner jump-target=udp-4500-in protocol=udp place-before=right after the "accept established,related" rule

# The usual IPsec- and L2TP-related firewall rules must be there as well, usually they already exist
add action=accept chain=input connection-state=new dst-port=500,4500 protocol=udp
add action=accept chain=input connection-state=new dst-port=1701 ipsec-policy=in,ipsec protocol=udp

# Add the firewall rule permitting forwarding of dst-nated packets in the first pass
/ip firewall filter
add action=accept chain=forward connection-state=new dst-address=10.0.15.254

# Add the NAT rules
/ip firewall nat
# Restore our public IP address on packets after they've passed through the tunnel
add action=dst-nat chain=dstnat dst-address=10.0.15.254 in-interface=ipip-inner to-addresses=1.2.3.4
# src-nat the packets before sending them to the tunnel
add action=src-nat chain=srcnat out-interface=ipip-outer protocol=udp to-addresses=10.0.0.1
# Redirect packets to port 4500 to the auxiliary destination address to give them the special treatment;
# for testing that it works with only two client devices, remove the "src-port=!4500"
add action=dst-nat chain=dstnat dst-port=4500 src-port=!4500 dst-address=1.2.3.4 protocol=udp to-addresses=10.0.15.254

# Add the cleaner script
/system script
add name=l2tp-helper owner=admin policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=\
":local cntr 0; \\\
    \n:local auxip [/ip firewall nat get [find chain=\"srcnat\" && out-interface=\"ipip-outer\"] to-addresses]; \\\
    \n:while ([/ip firewall connection print count-only where src-address~\"^\$auxip\" && dst-address~\":4500\" && seen-reply]=1) \
    do={\
    \n  :set auxip (\$auxip+1); \\\
    \n  :if (\$auxip>10.0.2.253) do={:set auxip 10.0.2.1};:set cntr (\$cntr+1)\
    \n}\
    \n:if (\$cntr>0) do={\
    \n  /ip firewall nat set [find chain=\"srcnat\" && out-interface=\"ipip-outer\"] to-addresses=\"\$auxip\"; \\\
    \n  /ip firewall connection remove [find dst-address~\":4500\" && !seen-reply]\
    \n}\
    \n"

# Schedule the cleaner script to run every 3 seconds right from the restart
/system scheduler
add interval=3s name=l2tp-scheduler on-event=l2tp-helper policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
    start-time=startup



Fuente:

https://forum.mikrotik.com/viewtopic.php?f=2&t=132823#

No hay comentarios:

miércoles, 8 de diciembre de 2021

Ovftool

 An excelent tool to export virtual machines. You can indicate the server with the credencials and the destiny of the virtual machine. For example:

ovftool.exe --X:logLevel=trivia  --datastore=Datastore vi://root:PASSWORDOFROOT@172.18.18.18/VMTOEXPORT  E:\VMTOEXPORT.ovf

ovftool vi://172.18.18.18/VMTOEXPORT e:\VMTOEXPORT.ovf

No hay comentarios:
Etiquetas:

jueves, 14 de octubre de 2021

Bacula extract files from a volume with bls and bextract

Have you got a volume in bacula and isn't on the catalog? 

You can see what jobs are in the volume, and extract with these tools.

[root@baculaanexo ~]# bls -j -V Local-1067 /mnt/storage
bls: butil.c:287-0 Using device: "/mnt/storage" for reading.
14-oct 14:30 bls JobId 0: Ready to read from volume "Local-1067" on device "Storage" (/mnt/storage).
Volume Record: File:blk=0:205 SessId=539 SessTime=1563562196 JobId=0 DataLen=170
Begin Job Session Record: File:blk=0:64717 SessId=539 SessTime=1563562196 JobId=5355
   Job=SGE_Prodbd_Auditoria.2019-10-26_12.10.00_59 Date=26-oct-2019 12:10:05 Level=F Type=B
End Job Session Record: File:blk=0:2259408898 SessId=539 SessTime=1563562196 JobId=5355
   Date=26-oct-2019 12:16:52 Level=F Type=B Files=2 Bytes=2,257,729,623 Errors=0 Status=T
Begin Job Session Record: File:blk=0:2259473410 SessId=541 SessTime=1563562196 JobId=5357
   Job=SGE_Prodbd_Auditoria.2019-10-27_12.10.00_01 Date=27-oct-2019 12:10:04 Level=F Type=B
End Job Session Record: File:blk=1:223850295 SessId=541 SessTime=1563562196 JobId=5357
   Date=27-oct-2019 12:17:06 Level=F Type=B Files=2 Bytes=2,257,729,623 Errors=0 Status=T
Begin Job Session Record: File:blk=1:223914807 SessId=543 SessTime=1563562196 JobId=5359
   Job=SGE_Prodbd_Auditoria.2019-10-28_12.10.00_03 Date=28-oct-2019 12:10:03 Level=F Type=B
End Job Session Record: File:blk=1:2483258988 SessId=543 SessTime=1563562196 JobId=5359
   Date=28-oct-2019 12:17:45 Level=F Type=B Files=2 Bytes=2,257,729,623 Errors=0 Status=T
Begin Job Session Record: File:blk=1:2483323500 SessId=550 SessTime=1563562196 JobId=5366
   Job=SGE_Prodbd_Auditoria.2019-10-29_12.10.00_10 Date=29-oct-2019 12:10:04 Level=F Type=B
End Job Session Record: File:blk=2:447700385 SessId=550 SessTime=1563562196 JobId=5366
   Date=29-oct-2019 12:17:41 Level=F Type=B Files=2 Bytes=2,257,729,623 Errors=0 Status=T
Begin Job Session Record: File:blk=2:447764897 SessId=559 SessTime=1563562196 JobId=5375
   Job=SGE_Prodbd_Auditoria.2019-10-30_12.10.00_31 Date=30-oct-2019 12:10:03 Level=F Type=B
End Job Session Record: File:blk=2:2452864311 SessId=559 SessTime=1563562196 JobId=5375
   Date=30-oct-2019 12:17:12 Level=F Type=B Files=2 Bytes=2,003,674,996 Errors=0 Status=T
14-oct 14:32 bls JobId 0: End of Volume at file 2 on device "Storage" (/mnt/storage), Volume "Local-1067"
14-oct 14:32 bls JobId 0: End of all volumes.


[root@baculaanexo ~]# bextract -V Local-1067 /mnt/storage /home/usuario99/restauracion
bextract: butil.c:287-0 Using device: "/mnt/storage" for reading.
14-oct 14:40 bextract JobId 0: Ready to read from volume "Local-1067" on device "Storage" (/mnt/storage).
bextract JobId 0: -rw-r--r--   1 root     root      2282063806 2019-10-25 17:49:18  /home/usuario99/restauracion/bacula/backup/sgecfe_dump_20190906hora1722.sql.gz
bextract JobId 0: drwxr-xr-x   2 root     root            4096 2019-10-25 17:49:11  *none*
bextract JobId 0: -rw-r--r--   1 root     root      2282063806 2019-10-25 17:49:18  /home/usuario99/restauracion/bacula/backup/sgecfe_dump_20190906hora1722.sql.gz
bextract JobId 0: drwxr-xr-x   2 root     root            4096 2019-10-25 17:49:11  *none*
bextract JobId 0: -rw-r--r--   1 root     root      2282063806 2019-10-25 17:49:18  /home/usuario99/restauracion/bacula/backup/sgecfe_dump_20190906hora1722.sql.gz
bextract JobId 0: drwxr-xr-x   2 root     root            4096 2019-10-25 17:49:11  *none*
bextract JobId 0: -rw-r--r--   1 root     root      2282063806 2019-10-25 17:49:18  /home/usuario99/restauracion/bacula/backup/sgecfe_dump_20190906hora1722.sql.gz
bextract JobId 0: drwxr-xr-x   2 root     root            4096 2019-10-25 17:49:11  *none*
bextract JobId 0: -rw-r--r--   1 root     root      2018304477 2019-10-29 13:56:52  /home/usuario99/restauracion/bacula/backup/sgecfe-dump-20191029.sql.gz
bextract JobId 0: drwxr-xr-x   2 root     root            4096 2019-10-29 13:56:45  *none*
14-oct 14:44 bextract JobId 0: End of Volume at file 2 on device "Storage" (/mnt/storage), Volume "Local-1067"
14-oct 14:44 bextract JobId 0: End of all volumes.
10 files restored.
[root@baculaanexo ~]#

No hay comentarios:
Etiquetas: , ,

martes, 31 de agosto de 2021

Servidor ftp para apache

yum -y install vsftpd

systemctl status vsftpd

getenforce

vim /etc/vsftpd/vsftpd.conf

local_enable=YES

anonymous_enable=NO

anon_root=/home/pmb7
local_root=/var/www/html/PMB7
chroot_local_user=YES
allow_writeable_chroot=YES

 

cat /etc/group |grep ftp

useradd -g ftp -d /home/pmb7 pmb7

passwd pmb7 

systemctl restart vsftpd

getfacl /var/www/html/PMB7 

# file: PMB7/
# owner: apache
# group: apache
user::rwx
group::r-x
other::r-x

 

setfacl -m "u:pmb7:rwx" PMB7/

getfacl PMB7/
# file: PMB7/
# owner: apache
# group: apache
user::rwx
user:pmb7:rwx
group::r-x
mask::rwx
other::r-x

 

find PMB7/ -type d -exec chmod 2775 {} \;

find PMB7/ -type f -exec chmod ug+rw {} \;

getfacl PMB7/
# file: PMB7/
# owner: apache
# group: apache
# flags: -s-
user::rwx
user:pmb7:rwx
group::r-x
mask::rwx
other::r-x

find PMB7 -type f -exec chmod 644 {} \;

 

usermod -s /sbin/nologin pmb7

 vim  /etc/pam.d/vsftpd

Comentar la linea

 #auth       required     pam_shells.so

 

systemctl restart vsftpd

 

Fuente:

https://dimitar.me/how-to-create-an-ftp-user-and-allow-write-to-the-apache-root-directory-with-proper-permissions/

https://wiki.archlinux.org/title/Access_Control_Lists_(Espa%C3%B1ol)

https://comoinstalar.me/como-instalar-ftp-en-centos-7/

https://www.muylinux.com/2014/10/15/servidor-ftp-centos-7/



 

No hay comentarios:

miércoles, 18 de agosto de 2021

how to see your hard disk i/o performance? iotop

iotop -oPa

 Total DISK READ :       0.00 B/s | Total DISK WRITE :     105.77 K/s
Actual DISK READ:       0.00 B/s | Actual DISK WRITE:      52.89 K/s
  PID  PRIO  USER     DISK READ  DISK WRITE  SWAPIN     IO>    COMMAND                                                                                                                                     
 2269 be/4 postgres      0.00 B    120.00 K  0.00 %  0.48 % postgres: wal writer process
  991 be/3 root          0.00 B     44.00 K  0.00 %  0.06 % [jbd2/dm-1-8]
  877 be/4 root          0.00 B      0.00 B  0.00 %  0.01 % [kworker/0:2]
 3072 be/4 postgres      0.00 B     56.00 K  0.00 %  0.00 % postgres: odoo sgecfe [local] idle in transaction
 2070 be/4 root          0.00 B      4.00 K  0.00 %  0.00 % rsyslogd -n 


You can execute dd to write one file and see iotop

dd if=/dev/zero of=diskbench bs=1M count=1024 conv=fdatasync


Funte: 

https://haydenjames.io/linux-server-performance-disk-io-slowing-application/

No hay comentarios:

jueves, 29 de julio de 2021

Aumentar particion en Centos

 

If you are running a virtual server and need to extend a disk you can resize a partition and volume group without rebooting the server. If done correctly this process is non destructive to existing data.

Assuming your disk is /dev/sda and standard RHEL/CentOS partitioning:

Extend partition

fdisk /dev/sda

Enter p to print your initial partition table.

Enter d (delete) followed by 2 to delete the existing partition definition (partition 1 is usually /boot and partition 2 is usually the root partition).

Enter n (new) followed by p (primary) followed by 2 to re-create partition number 2 and enter to accept the start block and enter again to accept the end block which is defaulted to the end of the disk.

Enter t (type) then 2 then 8e to change the new partition type to "Linux LVM".

Enter p to print your new partition table and make sure the start block matches what was in the initial partition table printed above.

Enter w to write the partition table to disk. You will see an error about device or resource busy which you can ignore.

Update kernel in-memory partition table

After changing your partition table, run the following command to update the kernel in-memory partition table:

partx -u /dev/sda

Resize physical volume

Use this command to resize the PV to recognize the extra space

pvresize /dev/sda2

Resize LV and filesystem

In this command centos is the PV, root is the LV and /dev/sda2 is the partition that was extended. Use pvs and lvs commands to see your physical and logical volume names if you don't know them. The -r option in this command resizes the filesystem appropriately so you don't have to call resize2fs or xfs_growfs separately.

lvextend -r centos/root /dev/vda2
 

La fuente:

https://community.webcore.cloud/tutorials/linux_specific_articles/how_to_extend_partition_with_unallocated_space_cen/

No hay comentarios:

jueves, 28 de enero de 2021

Guardar credenciales con GIT

 Se pueden guardar las credenciales del git para siempre ejecutando este comando:

git config credential.helper store

No hay comentarios:
Suscribirse a: Entradas (Atom)