Archive for the ‘Networking’ Category.
SSH into pfsense box
Install Flashrom
pkg install -y flashromGet firmware from https://pcengines.github.io/
fetch https://3mdeb.com/open-source-firmware/pcengines/apu#/apu#_v#.#.##.romFlash firmware
flashrom -p internal -w apu#_v#.#.#.#.romReboot pfsense
Goal is to access inside network port, e.g a web UI to switch or firewall, within a protected network. SSH client could be any device that can run SSH client. I’ve done this trick with SBCs, Switches, AP, and other low end devices. Also assume you have access to SSH server that is publicly accessible. Please consider the security implementation of this before comiting. In my case this was temporary to recovery access to remote devices.
Example Diagram:
Run the follow command on SSH Client
ssh -f -N -T -p 222 -R 2215:10.1.10.1:443 username@1.2.3.4-f : run ssh client in background
-N : Do not execute remote command (port forward only)
-T : Disable TTY allocation
-p : port on remote endpoint. standard port is 22
-R : Port forward on remote host. [Port on remote endpoint]:[Destination host]:[Destination port]
user@ip ssh remote endpoint
After connection has been established, user at SSH server 1.2.3.4 can access firewall at https://localhost:2215
To add iSCSI disk to already made VirtualBox machine do the following from a terminal/Command Prompt
VBoxManage storageattach MyVirtualMachineNameOrUUID --storagectl "SATA" --port 0 --device 0 --type hdd --medium iscsi --server 10.10.10.7 --target "iqn.2004-04.com.nas:target-name" --tport 3260
MyVirtualMachineNameOrUUID = The Name of your Virtual Machine. Use quotes if your VM name has spaces
–storagectl “SATA” = Name of the controller under the storage tab in VirtualBox
–port 0 = Port Number. If you already created a virtual disk connected to the SATA controller, probably want to select a different virtual sata port.
–server 10.10.10.7 = ip address of the iSCSI server
–target “iqn.2004-04.com.nas:target-name” = Full target name
–tport 3260 = iSCSI server port number.
I use PeerGuardian Linux to block IPs as extra layer of protection my servers. Because I block more than I need, I wanted a way to quickly add IPs to the allow.p2p file by their hostname. Below is the contents of my “Add_Allow_IPs” script.
nslookup $1 | sed -e '1,4 d' -e '$ d' -e 'N;s/\n/ /' -e 's/ Address: /:/g' -e 's/Name:\t//g' >> /etc/pgl/allow.p2p
sudo pglcmd reload
sudo pglcmd restart
So now if I run:
./Add_Allow_IPs google.com
It will take out all the google.com ipv4 addresses from nslookup output and make them line items in the allow.p2p file. It dose not work for IPV6 and CNAME results.
When I first put together my home ESXi box, I used a Intel Pro/1000 PT quad port NIC. All was great until I wanted to pass-through individual ports to specific virtual machines. So I purchased a newer Intel I350 quad port NIC that supported what I wanted to do. Then I gave my old Pro/1000 quad port to a friend that needed it for his home ESXi box. Months down the road, my friends ESXi box came to live next to mine. With both machines running, connecting to the vSphere management or SSH was terrible. Connection was unreliable but guest OS’s networking seemed to work fine. On my workstation I would ping each ESXi box and neither would respond at the same time. I launched wireshark and noticed there were constant ARP requests for each ESXi management IP. These ARP requests were getting the same MAC for each IP. Doh! Little research on google and found this VMware KB.To sum it up, once you create a ESXi management interface it uses the physical mac address. If you replace the physical hardware it will keep the old mac address. It required me to remove the management interface and re-create it. Now the management interface has the physical address of my newer I350 NIC. In VMwares’s KB they have this work around.
esxcfg-advcfg -s 1 /Net/FollowHardwareMac
Above command in ESXi Shell should update the Management interface mac to the physical mac address if the underlying hardware changes.
At work we had an issue where two Windows 7 Home Pre clients would not show newly created files on mapped network drive. Normal refresh wouldn’t cut it, but unmount and remount or a pc reboot would. After little of googling I found I wasn’t alone.
Even though this topic’s setup was a windows server and here at my office we use Samba 3.6.3 with SMB2.0 enabled. But the symptoms were very similar. The finger was pointed at the new caching abilities in the SMB2.0 client. The solution was to disable DirectoryCacheLifetime on the client via a registry entry. Here is Microsoft link for description of DirectoryCacheLifetime http://technet.microsoft.com/en-us/library/ff686200(WS.10).aspx
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters]
“DirectoryCacheLifetime”=dword:00000000
In my experience it seems that only Windows 7 Home Pre clients are effected, our Windows 7 Pro clients have no issues. I applied the registry entry to the Windows 7 Pro machines as well with no side effects.
Hello World! This will be the most boring post ever. For who ever reads this post, my goal with the website is to store notes, steps on how I solved problems, tips, and other computer related things. There has been many times blogs have shown me the way to fix complicated computer issues. So now on I will try to post every computer issues I have with a solution so maybe I can help someone with the same issue.