Written by Wayne Swart 2009-12-18 13:38:22
0 comments
Latest 20 entries
Written by Wayne Swart 2009-12-18 13:27:58
1 comment
As the world looks on in the hope that a deal will be reached on climate change at this year's Climate Change Summit inCopenhagen
According to weather experts the good rain fall we have seen so far this summer is about at an end as El Nino's effect becomes more apparent.
Today I was driving to a local shop close to our office, and was amazed to find that it was 36'C outside. Not fun.
1 comment
As the world looks on in the hope that a deal will be reached on climate change at this year's Climate Change Summit in
According to weather experts the good rain fall we have seen so far this summer is about at an end as El Nino's effect becomes more apparent.
Today I was driving to a local shop close to our office, and was amazed to find that it was 36'C outside. Not fun.
Written by Wayne Swart 2009-12-11 10:57:57
0 comments
0 comments
 |
There is only one thing in this world I hate more than SPAM and that is finger marks on my screen (Ok, and maybe Julius Malema). So over the years I have (in conjunction with many other anti Spam methods) maintained a database of blacklisted domains I reject email from on my mail server I run at home. This list includes some domains from other maintainers' web sites too. At the moment the database contains 338369 blacklisted domains. |
| I have decided to make this list available to whoever wants it, with a small HOWTO on getting it running on exim. First of all, download the MySQL file here. I take it you can find your way around MySQL and exim a bit :) To create your exim db run the following as root mysqladmin -p create exim Then, unpack the MySQL file you downloaded containing all the blacklisted domainstar zxvf domain.tgz This should leave you with the MySQL file called domains.sqlTo import it into the exim db run the following from the command line cat domain.sql |mysql -p exim OK, once this is done, you can edit your exim config as follows.NOTE: Your exim needs to be compiled with MySQL support in order for this to work. At the top of the exim configuration file add the following # MySQL configuration Replace the DABASE_USER and DATABASE_PASSWORD with a user name and password you chose for your exim.hide mysql_servers = localhost/exim/DATABASE_USER/DATABASE_PASSWORD Now, under the acl_check_rcpt: part of the exim config, right at the beginning, add the following few lines of configuration # our own blacklisted domains Save the configuration file and restart exim.deny message = Sorry, but your domain ($sender_address_domain) is not allowed to deliver mail on this server. condition = ${if or {{eq {${lookup mysql {SELECT domain FROM deny_domains WHERE domain = "$sender_address_domain"}}}{$sender_address_domain}}}} | |
Written by Wayne Swart 2009-12-10 09:17:15
0 comments
Having your mail server blacklisted can be an aweful experience. It's some times hard to know where it has been listed and why.
We recently found that our Firewall which also serves as a mail server for one of our domains was blacklisted. A colleague of mine discovered a site called MX Toolbox which we found was a very effective way to find out where your IP has been blacklisted.
The site also has other nice tools, like SMTP diagnostics, Header analysis, SPF checks and more.
0 comments
Having your mail server blacklisted can be an aweful experience. It's some times hard to know where it has been listed and why.
We recently found that our Firewall which also serves as a mail server for one of our domains was blacklisted. A colleague of mine discovered a site called MX Toolbox which we found was a very effective way to find out where your IP has been blacklisted.
The site also has other nice tools, like SMTP diagnostics, Header analysis, SPF checks and more.
Written by Wayne Swart 2009-12-04 14:39:51
0 comments
On our network at the company I work for, we have quite a few (until I started working here) unmaintained Linux servers, all with plenty shells, all permitting root logins etc etc.
One of the servers runs an old application called consoft that runs in a Unix terminal. For this the users on the machine does need shell accounts, so I set off on a quest to make sure these users can only run their application, and can not see anything else on the file system.
Since the release of openssh-4.9p1 it has (apparently) become a lot easier to build chrooted ssh connections.
Here is a step by step example of how I did it. It was done on a Fedora Core 12 box (which ships with the right version of openssh)
First of all you need to create a directory which you will be using for your jail environment
I chose /home/chroot
vi /etc/ssh/sshd_config and add these lines to the bottom of the config file. Restart your sshd after you made the changes to the config file (service sshd restart)
I downloaded jailkit from rpm.pbone.net.
I found that I needed to make one change to the jk_init.ini file located in /etc/jailkit in order for the jk_init script to create /dev/null when building the jailed environment.
Edit the file using your favorite editor and go down to the [ssh] block, and change it so that it also includes /dev/null
Create a default home directory where all user's home directories will be inside the jail now by issuing
mkdir /home/chroot/home
Next you need to add a devpts mount to /home/chroot/dev/pts. This is also needed by ssh.
useradd brian
passwd brian
We now have a new user brian on the system and need to make the changes to force him to be chrooted. For this he needs to be added to the users group (as mentioned above in the sshd_config part)
edit /etc/group and add the group called users if it isn't added yet, and add brian to it.
Here is an example of my entry in /etc/group
cat /etc/passwd|grep brian >> /home/chroot/etc/passwd
cat /etc/group|grep brian >> /home/chroot/etc/group
Then, the last thing you need to do, is make a copy of /bin/bash in the jailed environment. For this I use the jk_cp command which also copies all the necessary libraries over for bash to work.
See the example output below
Another thing you should consider is the user's terminal emulation which requires files in /usr/share/terminfo applications such as clear and vi etc need these. You can either copy over the whole directory to the jailed environment or you could just use null mounts to mount the directory into the jailed environment as in the example below
Special thanks to my friend on irc MrKen for his valuable advice on debugging and some of the other aspects in this HOWTO.
0 comments
On our network at the company I work for, we have quite a few (until I started working here) unmaintained Linux servers, all with plenty shells, all permitting root logins etc etc.
One of the servers runs an old application called consoft that runs in a Unix terminal. For this the users on the machine does need shell accounts, so I set off on a quest to make sure these users can only run their application, and can not see anything else on the file system.
Since the release of openssh-4.9p1 it has (apparently) become a lot easier to build chrooted ssh connections.
Here is a step by step example of how I did it. It was done on a Fedora Core 12 box (which ships with the right version of openssh)
First of all you need to create a directory which you will be using for your jail environment
I chose /home/chroot
mkdir /home/chroot
Then you have to setup your sshd configuration to tell it that all users in the users group should be jailed.vi /etc/ssh/sshd_config and add these lines to the bottom of the config file. Restart your sshd after you made the changes to the config file (service sshd restart)
Match Group users
ChrootDirectory /home/chroot
X11Forwarding no
AllowTcpForwarding no
OK, now that that is done you can install jailkit . This is a set of utilities to help you build and manage jails. The only two things we will use in this HOWTO is the jk_init script to copy all the initial directories and libraries into our jail environment and the jk_cp command which copies binaries and needed libraries to the jail.ChrootDirectory /home/chroot
X11Forwarding no
AllowTcpForwarding no
I downloaded jailkit from rpm.pbone.net.
I found that I needed to make one change to the jk_init.ini file located in /etc/jailkit in order for the jk_init script to create /dev/null when building the jailed environment.
Edit the file using your favorite editor and go down to the [ssh] block, and change it so that it also includes /dev/null
[ssh]
comment = ssh secure shell
executables = /usr/bin/ssh
includesections = netbasics, uidbasics
devices = /dev/urandom, /dev/tty, /dev/null
OK, now you can initiate the chroot enviroment using the jk_init command.comment = ssh secure shell
executables = /usr/bin/ssh
includesections = netbasics, uidbasics
devices = /dev/urandom, /dev/tty, /dev/null
jk_init -j /home/chroot/ ssh
As mentioned above, this will copy all the initial libraries and entries in /dev etc to /home/chrootCreate a default home directory where all user's home directories will be inside the jail now by issuing
mkdir /home/chroot/home
Next you need to add a devpts mount to /home/chroot/dev/pts. This is also needed by ssh.
mkdir /home/chroot/dev/pts
mount -t devpts -o gid=5,mode=620 /dev/pts /home/chroot/dev/pts
OK, we are now ready to add a user that will be chrooted in our jail environment, just add a user normally like you would. I am using the user brian in my examples.mount -t devpts -o gid=5,mode=620 /dev/pts /home/chroot/dev/pts
useradd brian
passwd brian
We now have a new user brian on the system and need to make the changes to force him to be chrooted. For this he needs to be added to the users group (as mentioned above in the sshd_config part)
edit /etc/group and add the group called users if it isn't added yet, and add brian to it.
Here is an example of my entry in /etc/group
users:x:100:brian
In order for our jailed environment to recognize the brian uid and gid we need to add his entries in /etc/group and /etc/passwd to the same files in the jail environment, to do this, issue the followingcat /etc/passwd|grep brian >> /home/chroot/etc/passwd
cat /etc/group|grep brian >> /home/chroot/etc/group
Then, the last thing you need to do, is make a copy of /bin/bash in the jailed environment. For this I use the jk_cp command which also copies all the necessary libraries over for bash to work.
jk_cp -j /home/chroot/ /bin/bash
The user brian should be able to log into the new jail but will only be allowed a very limited set of commands.See the example output below
wayne@wayne-work:~$ ssh brian@192.168.4.16
brian@192.168.4.16's password:
Last login: Fri Dec 4 14:40:33 2009 from 192.168.4.15
-bash-4.0$ ls
-bash: ls: command not found
-bash-4.0$ whoami
-bash: whoami: command not found
-bash-4.0$ pwd
/home/brian
-bash-4.0$
Lets say brian also needs access to the ssh command in order to make ssh connections to the outside world, this is how you should add ssh to your jailed environment.brian@192.168.4.16's password:
Last login: Fri Dec 4 14:40:33 2009 from 192.168.4.15
-bash-4.0$ ls
-bash: ls: command not found
-bash-4.0$ whoami
-bash: whoami: command not found
-bash-4.0$ pwd
/home/brian
-bash-4.0$
[root@devbox ~]# jk_cp -j /home/chroot/ `which ssh`
This will copy the ssh client binary along with all the libraries (if any) it needs to the jailed environment. You can use jk_cp to copy any applications needed by your jailed users environment.Another thing you should consider is the user's terminal emulation which requires files in /usr/share/terminfo applications such as clear and vi etc need these. You can either copy over the whole directory to the jailed environment or you could just use null mounts to mount the directory into the jailed environment as in the example below
mkdir -p /home/chroot/usr/share/terminfo/
mount -o bind /usr/share/terminfo/ /home/chroot/usr/share/terminfo/
Caution should be taken when using null mounts though. For example making a null mount of you're whole /dev directory into the jail environment could give user's access to your hd device nodes which could possible be a security risk.mount -o bind /usr/share/terminfo/ /home/chroot/usr/share/terminfo/
Special thanks to my friend on irc MrKen for his valuable advice on debugging and some of the other aspects in this HOWTO.
Written by Wayne Swart 2009-12-01 11:55:55
0 comments
This is rather old I know, but about 10 days ago a meteor entered the earth's atmosphere somewhere over the South African / Botswana skyline.
Here is what people saw, pretty amazing stuff. As far as I have heard on the radio a group of astronomers and other scientists have been looking for it in Botwsana. Pretty cool stuff
0 comments
This is rather old I know, but about 10 days ago a meteor entered the earth's atmosphere somewhere over the South African / Botswana skyline.
Here is what people saw, pretty amazing stuff. As far as I have heard on the radio a group of astronomers and other scientists have been looking for it in Botwsana. Pretty cool stuff
Written by Wayne Swart 2009-10-29 14:14:09
0 comments
I was asked by a client recently to investigate a backup solution that could backup their work stations (mostly laptops) and file (Microsoft) to a secure server.
My searches led me to BackupPC which seems to be a very popular and quite professional backup solution.
It as very clean web front end for managing backups and uses rsync with shared keys to backup Unix machines and smb to connect to NetBIOS shares on windows machines.
Since I am a CentOS user, I looked for a HOWTO and find this awesome step by step HOWTO for installing and using BackupPC on CentOS.
The installation went smooth without hassles and I started backing up my XP desktop and Linux Firewall in no time.
Here are some of the key features:
0 comments
I was asked by a client recently to investigate a backup solution that could backup their work stations (mostly laptops) and file (Microsoft) to a secure server.My searches led me to BackupPC which seems to be a very popular and quite professional backup solution.
It as very clean web front end for managing backups and uses rsync with shared keys to backup Unix machines and smb to connect to NetBIOS shares on windows machines.
Since I am a CentOS user, I looked for a HOWTO and find this awesome step by step HOWTO for installing and using BackupPC on CentOS.
The installation went smooth without hassles and I started backing up my XP desktop and Linux Firewall in no time.
Here are some of the key features:
- BackupPC supports compression (tar)
- Pooling system to reduce disk IO
- No client side software is required
- Easy to restore single files or full backup sets
- Supports mobile environments where laptops are only
intermittently connected to the network and have dynamic IP
addresses (DHCP).
- Users are sent periodic email reminders if their PC has not
recently been backed up. Email content, timing and policies
are configurable.
Written by Wayne Swart 2009-10-22 09:22:36
1 comment
After quitting World Of Warcraft for good a few months ago, I decided to to try look for a game with a similar style of game play.
My searches led me to Runes Of Magic, a free to play MMORPG developed by the Taiwanese developer Runewaker Entertainment.
The game features a lot of what World Of Warcraft has to offer and has been labeled as a WoW rip off by some of my friends. Indeed it might be a WoW rip off to some, but for people who like the type of game play WoW has to offer I can really suggest looking into RoM.
There are 8 different classes players can choose from. The dual class feature allows players to choose a secondary class once they hit level 10 which provides for a much richer game play experience at higher levels.
Below is an example video of the gameplay
1 comment
After quitting World Of Warcraft for good a few months ago, I decided to to try look for a game with a similar style of game play.
My searches led me to Runes Of Magic, a free to play MMORPG developed by the Taiwanese developer Runewaker Entertainment.
The game features a lot of what World Of Warcraft has to offer and has been labeled as a WoW rip off by some of my friends. Indeed it might be a WoW rip off to some, but for people who like the type of game play WoW has to offer I can really suggest looking into RoM.
There are 8 different classes players can choose from. The dual class feature allows players to choose a secondary class once they hit level 10 which provides for a much richer game play experience at higher levels.
Below is an example video of the gameplay
Written by Wayne Swart 2009-10-13 17:53:59
4 comments
According to an article on fin24.com today, Eskom requested from NerSA (The National Energy Regulator Of South Africa) to hike electricity in South Africa by 45% each year over the next 3 years.
This request was met with mass public outcry which is quite understandable. Lets look at the compounding effect of these tariff hikes:
Lets say (like me) you pay roughly R1000 per month for your electricity use per month. At the time of writing this article that boils down to about $137 USD or 92 Euros and taking in account the 34% tariff hike of last year.
In 2008 you were paying R1000 per month before the 34% hike.
Then after the first hike you were paying R1340 per month.
Then, after the first 45% increase you will be paying R1340 + 45% which boils down to R1943
Then, in 2011 the second 45% increase will come into effect leaving you with a monthly bill of R2817.35
And in 2012 just as you thought you might make it through the tough times, Eskom nails you with another 45% increase now totaling R4085.15
Shocking! And this in a country that uses interest rates to target inflation. Just imagine just after a recovery from the global recession what effect these hikes will have on our country's economy.
We can expect a ruling by NerSA in early 2010.
4 comments
According to an article on fin24.com today, Eskom requested from NerSA (The National Energy Regulator Of South Africa) to hike electricity in South Africa by 45% each year over the next 3 years.
This request was met with mass public outcry which is quite understandable. Lets look at the compounding effect of these tariff hikes:
Lets say (like me) you pay roughly R1000 per month for your electricity use per month. At the time of writing this article that boils down to about $137 USD or 92 Euros and taking in account the 34% tariff hike of last year.
In 2008 you were paying R1000 per month before the 34% hike.
Then after the first hike you were paying R1340 per month.
Then, after the first 45% increase you will be paying R1340 + 45% which boils down to R1943
Then, in 2011 the second 45% increase will come into effect leaving you with a monthly bill of R2817.35
And in 2012 just as you thought you might make it through the tough times, Eskom nails you with another 45% increase now totaling R4085.15
Shocking! And this in a country that uses interest rates to target inflation. Just imagine just after a recovery from the global recession what effect these hikes will have on our country's economy.
We can expect a ruling by NerSA in early 2010.
Written by Wayne Swart 2009-10-13 09:54:40
0 comments
I was asked a while back by my manager to find an IP management tool to keep track of of the hundreds of sub nets assigned to all our clients.
My searches lead me to an application called IP Plan or IPtrack as I think it has been formally known.
This is the description on the site:
IPplan is a free (GPL), web based, multilingual, TCP IP address management (IPAM) software and tracking tool written in php 4, simplifying the administration of your IP address space. IPplan goes beyond TCPIP address management including DNS administration, configuration file management, circuit management (customizable via templates) and storing of hardware information (customizable via templates). IPplan can handle a single network or cater for multiple networks and customers with overlapping address space. Makes managing ip addresses and managing ip address space simple and easy!
Here are some of the features I found pretty usefull:
The only thing I found annoying (or might have missed) was the fact that you can not view all the sub nets at once even though they are linked to different clients. So for our company's needs we will have to link all the sub nets to one client and use the notes for each sub net / host to keep track of who owns which IP's.
Apart from the above mentioned it is an awesome application.
0 comments
I was asked a while back by my manager to find an IP management tool to keep track of of the hundreds of sub nets assigned to all our clients.
My searches lead me to an application called IP Plan or IPtrack as I think it has been formally known.
This is the description on the site:
IPplan is a free (GPL), web based, multilingual, TCP IP address management (IPAM) software and tracking tool written in php 4, simplifying the administration of your IP address space. IPplan goes beyond TCPIP address management including DNS administration, configuration file management, circuit management (customizable via templates) and storing of hardware information (customizable via templates). IPplan can handle a single network or cater for multiple networks and customers with overlapping address space. Makes managing ip addresses and managing ip address space simple and easy!
Here are some of the features I found pretty usefull:
- You can use nmap to scan all the hosts that respond to ICMP requests as the sub net is created.
- Easy installation that is very well documented.
- PTR records get resolved as the sub net is created
- User / Group administration to permit only certain users to be able to create new sub nets
- Triggers. Triggers are used when something is added to the db it can call an external client script, for example for updating DNS records etc.
The only thing I found annoying (or might have missed) was the fact that you can not view all the sub nets at once even though they are linked to different clients. So for our company's needs we will have to link all the sub nets to one client and use the notes for each sub net / host to keep track of who owns which IP's.
Apart from the above mentioned it is an awesome application.
Written by Wayne Swart 2009-10-07 18:24:29
0 comments
This has to be the proof I always needed to see.
0 comments
This has to be the proof I always needed to see.
Written by Wayne Swart 2009-10-05 13:49:35
0 comments
Today a friend of mine invited me to give dropbox a try. dropbox is software that syncs data to an online storage platform and to multiple machines.
It has support for Ubuntu, Windows and MAC.
The free account gives you 2GB of online storage with an additional 256MB should you accept and invite from someone or successfully invite someone else to use it.
See the online demo video below.
0 comments
Today a friend of mine invited me to give dropbox a try. dropbox is software that syncs data to an online storage platform and to multiple machines.
It has support for Ubuntu, Windows and MAC.
The free account gives you 2GB of online storage with an additional 256MB should you accept and invite from someone or successfully invite someone else to use it.
See the online demo video below.
Written by Wayne Swart 2009-10-02 23:01:07
0 comments
And again it boils down to trying to maintain another blog, the only difference is I made this one from scratch. Only took a few hours to get a basic design going (one I believe won't be appealing to everyone).
It still needs a lot of stuff at the time of writing this, like a commenting system with captchas and so on, a file uploading feature etc, but for now its usable.
I already moved all (Of the staggering 7) entries from the old site to this one.
I got the idea for making this site when I tried out the jquery HTML box which works really great by the way.
I still need to add RSS to it, will do that during the cause of the week some time.
0 comments
And again it boils down to trying to maintain another blog, the only difference is I made this one from scratch. Only took a few hours to get a basic design going (one I believe won't be appealing to everyone).
It still needs a lot of stuff at the time of writing this, like a commenting system with captchas and so on, a file uploading feature etc, but for now its usable.
I already moved all (Of the staggering 7) entries from the old site to this one.
I got the idea for making this site when I tried out the jquery HTML box which works really great by the way.
I still need to add RSS to it, will do that during the cause of the week some time.
Written by Wayne Swart 2009-10-02 22:16:49
0 comments
# ethtool eth0
This should output something similar than this:
0 comments
# ethtool eth0
This should output something similar than this:
Basic Code
Settings for eth0:
Supported ports: [ TP ]
Supported link modes: 10baseT/Half 10baseT/Full
100baseT/Half 100baseT/Full
1000baseT/Full
Supports auto-negotiation: Yes
Advertised link modes: 10baseT/Half 10baseT/Full
100baseT/Half 100baseT/Full
1000baseT/Full
Advertised auto-negotiation: Yes
Speed: 1000Mb/s
Duplex: Full
Port: Twisted Pair
PHYAD: 0
Transceiver: internal
Auto-negotiation: on
Supports Wake-on: g
Wake-on: d
Current message level: 0x00000037 (55)
Link detected: yes
You could also use mii-toolSupported ports: [ TP ]
Supported link modes: 10baseT/Half 10baseT/Full
100baseT/Half 100baseT/Full
1000baseT/Full
Supports auto-negotiation: Yes
Advertised link modes: 10baseT/Half 10baseT/Full
100baseT/Half 100baseT/Full
1000baseT/Full
Advertised auto-negotiation: Yes
Speed: 1000Mb/s
Duplex: Full
Port: Twisted Pair
PHYAD: 0
Transceiver: internal
Auto-negotiation: on
Supports Wake-on: g
Wake-on: d
Current message level: 0x00000037 (55)
Link detected: yes
Basic Code
eth0: negotiated 100baseTx-FD, link ok
eth1: negotiated 100baseTx-FD, link ok
eth1: negotiated 100baseTx-FD, link ok
Written by Wayne Swart 2009-10-02 22:11:17
0 comments
Refer to http://www.cisco.com/en/US/products/hw/routers/ps259/products_tech_note09186a008015bf9e.shtml for more information
First, you must set ROMmon environment variables prior to the TFTP download. All variable names are case sensitive.
You can view the ROMmon environment variables by using the set command, as shown here:
0 comments
Refer to http://www.cisco.com/en/US/products/hw/routers/ps259/products_tech_note09186a008015bf9e.shtml for more information
First, you must set ROMmon environment variables prior to the TFTP download. All variable names are case sensitive.
You can view the ROMmon environment variables by using the set command, as shown here:
Basic Code
rommon 3 > set
PS1=rommon ! >
IP_ADDRESS=172.18.16.76
IP_SUBNET_MASK=255.255.255.192
DEFAULT_GATEWAY=172.18.16.65
TFTP_SERVER=172.18.16.2
TFTP_FILE=rel22_Jan_16/c2600-i-mz
You must use the sync command to save ROMmon environment variables to nonvolatile RAM (NVRAM).
PS1=rommon ! >
IP_ADDRESS=172.18.16.76
IP_SUBNET_MASK=255.255.255.192
DEFAULT_GATEWAY=172.18.16.65
TFTP_SERVER=172.18.16.2
TFTP_FILE=rel22_Jan_16/c2600-i-mz
Basic Code
rommon 16 > IP_ADDRESS=171.68.171.0
rommon 17 > IP_SUBNET_MASK=255.255.254.0
rommon 18 > DEFAULT_GATEWAY=171.68.170.3
rommon 19 > TFTP_SERVER=171.69.1.129
rommon 20 > TFTP_FILE=c2600-is-mz.113-2.0.3.Q
rommon 21 > tftpdnld
IP_ADDRESS: 171.68.171.0
IP_SUBNET_MASK: 255.255.254.0
DEFAULT_GATEWAY: 171.68.170.3
TFTP_SERVER: 171.69.1.129
TFTP_FILE: c2600-is-mz.113-2.0.3.Q
Invoke this command for disaster recovery only.
WARNING: all existing data in all partitions on flash will be lost!
Do you wish to continue? y/n: [n]: y
Receiving c2600-is-mz.113-2.0.3.Q from 171.69.1.129 !!!!!.!!!!!!!!!!!!!!!!!!!.!!
File reception completed.
Copying file c2600-is-mz.113-2.0.3.Q to flash.
Erasing flash at 0x607c0000
program flash location 0x60440000
rommon 22 >
rommon 17 > IP_SUBNET_MASK=255.255.254.0
rommon 18 > DEFAULT_GATEWAY=171.68.170.3
rommon 19 > TFTP_SERVER=171.69.1.129
rommon 20 > TFTP_FILE=c2600-is-mz.113-2.0.3.Q
rommon 21 > tftpdnld
IP_ADDRESS: 171.68.171.0
IP_SUBNET_MASK: 255.255.254.0
DEFAULT_GATEWAY: 171.68.170.3
TFTP_SERVER: 171.69.1.129
TFTP_FILE: c2600-is-mz.113-2.0.3.Q
Invoke this command for disaster recovery only.
WARNING: all existing data in all partitions on flash will be lost!
Do you wish to continue? y/n: [n]: y
Receiving c2600-is-mz.113-2.0.3.Q from 171.69.1.129 !!!!!.!!!!!!!!!!!!!!!!!!!.!!
File reception completed.
Copying file c2600-is-mz.113-2.0.3.Q to flash.
Erasing flash at 0x607c0000
program flash location 0x60440000
rommon 22 >
Written by Wayne Swart 2009-10-02 22:05:46
0 comments
This is an example of forwarding a whole range of ports on a Cisco router using pools.
http://slaptijack.com/networking/cisco-nat-and-port-range-resolution/
0 comments
This is an example of forwarding a whole range of ports on a Cisco router using pools.
http://slaptijack.com/networking/cisco-nat-and-port-range-resolution/
Basic Code
interface FastEthernet0/0
ip address 192.168.9.1 255.255.255.0
ip nat inside
!
interface FastEthernet0/1
ip address dhcp
ip nat outside
!
ip nat pool POOL1 192.168.9.10 192.168.9.10 netmask 255.255.255.0 type rotary
ip nat inside source list 1 interface FastEthernet0/1 overload
ip nat inside destination list MYPORTS pool POOL1
!
ip access-list extended MYPORTS
permit tcp any any eq 22
permit tcp any any range 1024 65535
ip address 192.168.9.1 255.255.255.0
ip nat inside
!
interface FastEthernet0/1
ip address dhcp
ip nat outside
!
ip nat pool POOL1 192.168.9.10 192.168.9.10 netmask 255.255.255.0 type rotary
ip nat inside source list 1 interface FastEthernet0/1 overload
ip nat inside destination list MYPORTS pool POOL1
!
ip access-list extended MYPORTS
permit tcp any any eq 22
permit tcp any any range 1024 65535
Written by Wayne Swart 2009-10-02 22:01:01
0 comments
This is a small howto for setting up out of office replies with Exim
It was tested on exim-4.63
There are several ways of doing this, I chose the router / transport and Exim filter combination method.
1. Setting up the router
2. Adding the transport (This was done in my default config already)
3. The Exim filter In this case /var/spool/mail/virtual/$domain/$local_part/.vacation.msg which in my case is interpreted by Exim as /var/spool/mail/virtual/fixx.co.za/wayne/.vacation.msg
4. The message to send to users - .vacation.msg.txt file
To disable the out office, just rename .vacation.msg to something else. Done.
This is an example of doing it from MySQL (Thanks to my friend Mark Bojara who gave me this MySQL HOWTO)
NOTE: You can use HTML code in the body since it adds the mime header part.
0 comments
This is a small howto for setting up out of office replies with Exim
It was tested on exim-4.63
There are several ways of doing this, I chose the router / transport and Exim filter combination method.
1. Setting up the router
Basic Code
OutOfOffice:
driver = redirect
allow_filter
hide_child_in_errmsg
ignore_eacces
ignore_enotdir
reply_transport = address_reply
no_verify
require_files = /var/spool/mail/virtual/$domain/$local_part/.vacation.msg
file = /var/spool/mail/virtual/$domain/$local_part/.vacation.msg
user = mailnull
group = mail
unseen
Notice the require_files and file lines these are the files that point to the Exim filter file to which we will get a little later on.
driver = redirect
allow_filter
hide_child_in_errmsg
ignore_eacces
ignore_enotdir
reply_transport = address_reply
no_verify
require_files = /var/spool/mail/virtual/$domain/$local_part/.vacation.msg
file = /var/spool/mail/virtual/$domain/$local_part/.vacation.msg
user = mailnull
group = mail
unseen
2. Adding the transport (This was done in my default config already)
Basic Code
address_reply:
driver = autoreply
driver = autoreply
3. The Exim filter In this case /var/spool/mail/virtual/$domain/$local_part/.vacation.msg which in my case is interpreted by Exim as /var/spool/mail/virtual/fixx.co.za/wayne/.vacation.msg
Basic Code
# Exim filter
if ($h_subject: does not contain "SPAM?" and personal) then
mail
##### This is the only thing that a user can set when they #####
##### decide to enable vacation messaging. The vacation.msg.txt #####
expand file /var/spool/mail/virtual/$domain/$local_part/.vacation.msg.txt
once /var/spool/mail/virtual/$domain/$local_part/.vacation.db
log /var/spool/mail/virtual/$domain/$local_part/.vacation.log
once_repeat 7d
to $reply_address
from $local_part\@$domain
subject "This is an autoreply...[Re: $h_subject:]"
endif
if ($h_subject: does not contain "SPAM?" and personal) then
##### This is the only thing that a user can set when they #####
##### decide to enable vacation messaging. The vacation.msg.txt #####
expand file /var/spool/mail/virtual/$domain/$local_part/.vacation.msg.txt
once /var/spool/mail/virtual/$domain/$local_part/.vacation.db
log /var/spool/mail/virtual/$domain/$local_part/.vacation.log
once_repeat 7d
to $reply_address
from $local_part\@$domain
subject "This is an autoreply...[Re: $h_subject:]"
endif
4. The message to send to users - .vacation.msg.txt file
Basic Code
Hi there, I am currently not here, blah blah blah....
Please direct any calls or correspondence to person X blah blah blah...
And that is in short how to do out of office with Exim. Please refer to the Exim documentation if you require any further information on any of the above.Please direct any calls or correspondence to person X blah blah blah...
To disable the out office, just rename .vacation.msg to something else. Done.
This is an example of doing it from MySQL (Thanks to my friend Mark Bojara who gave me this MySQL HOWTO)
NOTE: You can use HTML code in the body since it adds the mime header part.
Basic Code
## ROUTER ##
autorespond:
driver = accept
condition = ${if and { {eq {${lookup mysql {SELECT email_address FROM auto_responders where email_address =\
"$local_part@$domain" AND active = '1' }}}{$local_part@$domain}} } {1}{0}}
no_verify
no_expn
unseen
transport = auto_responder
autorespond:
driver = accept
condition = ${if and { {eq {${lookup mysql {SELECT email_address FROM auto_responders where email_address =\
"$local_part@$domain" AND active = '1' }}}{$local_part@$domain}} } {1}{0}}
no_verify
no_expn
unseen
transport = auto_responder
Basic Code
## TRANSPORTER ##
auto_responder:
driver = autoreply
reply_to = "${local_part}@${domain}"
from = "${local_part}@${domain}"
to = "${sender_address}"
once = "/var/spool/exim/autoreply/${domain}-${local_part}"
once_repeat = 500s
headers = "MIME-Version: 1.0\nContent-type: text/html; charset=iso-8859-1\n"
subject = ${lookup mysql{SELECT subject FROM auto_responders WHERE email_address = "$local_part@$domain"}}
text = ${lookup mysql{SELECT message FROM auto_responders WHERE email_address = "$local_part@$domain"}{$value}}
Here is the MySQL structure
for the aboveauto_responder:
driver = autoreply
reply_to = "${local_part}@${domain}"
from = "${local_part}@${domain}"
to = "${sender_address}"
once = "/var/spool/exim/autoreply/${domain}-${local_part}"
once_repeat = 500s
headers = "MIME-Version: 1.0\nContent-type: text/html; charset=iso-8859-1\n"
subject = ${lookup mysql{SELECT subject FROM auto_responders WHERE email_address = "$local_part@$domain"}}
text = ${lookup mysql{SELECT message FROM auto_responders WHERE email_address = "$local_part@$domain"}{$value}}
Basic Code
+---------------+--------------+------+-----+---------+----------------+
| Field | Type | Null | Key | Default | Extra |
+---------------+--------------+------+-----+---------+----------------+
| id | int(11) | NO | PRI | NULL | auto_increment |
| email_address | varchar(255) | NO | | | |
| subject | varchar(255) | YES | | NULL | |
| message | blob | YES | | NULL | |
| active | int(11) | NO | | 1 | |
+---------------+--------------+------+-----+---------+----------------+
| Field | Type | Null | Key | Default | Extra |
+---------------+--------------+------+-----+---------+----------------+
| id | int(11) | NO | PRI | NULL | auto_increment |
| email_address | varchar(255) | NO | | | |
| subject | varchar(255) | YES | | NULL | |
| message | blob | YES | | NULL | |
| active | int(11) | NO | | 1 | |
+---------------+--------------+------+-----+---------+----------------+
Written by Wayne Swart 2009-10-02 21:36:51
0 comments
Here is a one liner piece of code that sets up a web server using python, which serves the files in the current directory.
Very handy thing to know.
0 comments
Here is a one liner piece of code that sets up a web server using python, which serves the files in the current directory.
Very handy thing to know.
Python Code
python -c 'from SimpleHTTPServer import test;test()'