Сообщения darksmoke

IPSec и Windows Server 2003

Форум — Admin

Добрый день Не могу настроить сервер IPSecчто бы могли подключаться Windows Server 2003 и современные OS (Windows 10, macOS). Получается настроить или вин. сервер 2003 или современные ОС. Подскажите пожалуйста, как это обойти?

Сервер Debian 10. Который находиться в интернете и надо что бы к нему все подключались и заходили по RDP на Windows Server 2003.

/etc# cat /etc/ipsec.conf
version 2.0

config setup
  virtual-private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:!192.168.42.0/24,%v4:!192.168.43.0/24
  uniqueids=no

conn shared
  left=%defaultroute
  leftid=195.189.226.225
  right=%any
  encapsulation=yes
  authby=secret
  pfs=no
  rekey=no
  keyingtries=5
  dpddelay=30
  dpdtimeout=300
  dpdaction=clear
  ikev2=never
##  ike=aes256-sha2;modp2048,aes128-sha2;modp2048,aes256-sha1;modp2048,aes128-sha1;modp2048;modp1024
  ike=3des-sha1,3des-sha1;modp1024,3des-sha2,aes-sha1,aes-sha1;modp1024,aes-sha2,aes-sha2;modp1024,aes256-sha2_512
##  phase2alg=aes_gcm-null,aes128-sha1,aes256-sha1,aes256-sha2_512,aes128-sha2,aes256-sha2
  phase2alg=3des-sha1,aes-sha1,aes-sha2,3des-sha2,aes_gcm-null,aes128-sha1,aes256-sha1,aes256-sha2_512,aes128-sha2,aes256-sha2
  ikelifetime=24h
  salifetime=24h
  sha2-truncbug=no

conn l2tp-psk
  auto=add
  leftprotoport=17/1701
  rightprotoport=17/%any
  type=transport
  also=shared

conn xauth-psk
  auto=add
  leftsubnet=0.0.0.0/0
  rightaddresspool=192.168.43.101-192.168.43.199
  modecfgdns="8.8.8.8 8.8.4.4"
  leftxauthserver=yes
  rightxauthclient=yes
  leftmodecfgserver=yes
  rightmodecfgclient=yes
  modecfgpull=yes
  cisco-unity=yes
  also=shared

include /etc/ipsec.d/*.conf

/etc/ppp# cat options.xl2tpd
+mschap-v2
ipcp-accept-local
ipcp-accept-remote
noccp
auth
mtu 1280
mru 1280
proxyarp
lcp-echo-failure 4
lcp-echo-interval 30
connect-delay 5000
ms-dns 8.8.8.8
ms-dns 8.8.4.4

grep -vE "#|^$" pptpd-options
name pptpd
refuse-pap
refuse-chap
refuse-mschap
require-mschap-v2
proxyarp
nodefaultroute
lock
nobsdcomp
novj
nologfd
ms-dns 8.8.8.8
nobsdcomp
noipx
mtu 1490
mru 1490

route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         195.189.227.248 0.0.0.0         UG    0      0        0 eth0
0.0.0.0         195.189.227.248 0.0.0.0         UG    0      0        0 eth0
10.8.8.0        0.0.0.0         255.255.255.0   U     0      0        0 tun0
192.168.42.10   0.0.0.0         255.255.255.255 UH    0      0        0 ppp0
195.189.226.0   0.0.0.0         255.255.254.0   U     0      0        0 eth0

iptables -L -n -v
Chain INPUT (policy ACCEPT 10501 packets, 5715K bytes)
 pkts bytes target     prot opt in     out     source               destination
 1273 88901 f2b-sshd   tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            multiport dports 22
 4530  611K ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:1194
    0     0 DROP       udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:1701 policy match dir in pol none
  319 12843 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate INVALID
 1536  118K ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
   20  2899 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0            multiport dports 500,4500
    1   140 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:1701 policy match dir in pol ipsec
    0     0 DROP       udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:1701

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            state RELATED,ESTABLISHED
    0     0 ACCEPT     all  --  *      *       10.8.0.0/24          0.0.0.0/0
    0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate INVALID
    0     0 ACCEPT     all  --  eth0   ppp+    0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
    0     0 ACCEPT     all  --  ppp+   eth0    0.0.0.0/0            0.0.0.0/0
    0     0 ACCEPT     all  --  ppp+   ppp+    0.0.0.0/0            0.0.0.0/0
    0     0 ACCEPT     all  --  eth0   *       0.0.0.0/0            192.168.43.0/24      ctstate RELATED,ESTABLISHED
    0     0 ACCEPT     all  --  *      eth0    192.168.43.0/24      0.0.0.0/0
    0     0 ACCEPT     all  --  *      ppp+    192.168.43.0/24      0.0.0.0/0
 4505  369K DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain OUTPUT (policy ACCEPT 3108 packets, 1229K bytes)
 pkts bytes target     prot opt in     out     source               destination

Когда подключается Windows 10, то лог выглядит так:

tail -f /var/log/auth.log
Nov  5 21:02:14 unassigned-hostname pluto[1859]: "l2tp-psk"[7] 46.98.146.113 #14: responding to Main Mode from unknown peer 46.98.146.113:9407
Nov  5 21:02:14 unassigned-hostname pluto[1859]: "l2tp-psk"[7] 46.98.146.113 #14: Oakley Transform [AES_CBC (256), HMAC_SHA1, DH20] refused
Nov  5 21:02:14 unassigned-hostname pluto[1859]: "l2tp-psk"[7] 46.98.146.113 #14: Oakley Transform [AES_CBC (128), HMAC_SHA1, DH19] refused
Nov  5 21:02:14 unassigned-hostname pluto[1859]: "l2tp-psk"[7] 46.98.146.113 #14: sent Main Mode R1
Nov  5 21:02:14 unassigned-hostname pluto[1859]: "l2tp-psk"[7] 46.98.146.113 #14: sent Main Mode R2
Nov  5 21:02:14 unassigned-hostname pluto[1859]: "l2tp-psk"[7] 46.98.146.113 #14: Peer ID is ID_IPV4_ADDR: '192.168.11.8'
Nov  5 21:02:14 unassigned-hostname pluto[1859]: "l2tp-psk"[7] 46.98.146.113 #14: switched to "l2tp-psk"[8] 46.98.146.113
Nov  5 21:02:14 unassigned-hostname pluto[1859]: "l2tp-psk"[7] 46.98.146.113: deleting connection instance with peer 46.98.146.113 {isakmp=#0/ipsec=#0}
Nov  5 21:02:14 unassigned-hostname pluto[1859]: "l2tp-psk"[8] 46.98.146.113 #14: IKE SA established {auth=PRESHARED_KEY cipher=AES_CBC_256 integ=HMAC_SHA1 group=MODP2048}
Nov  5 21:02:14 unassigned-hostname pluto[1859]: "l2tp-psk"[8] 46.98.146.113 #14: Configured DPD (RFC 3706) support not enabled because remote peer did not advertise DPD support
Nov  5 21:02:14 unassigned-hostname pluto[1859]: "l2tp-psk"[8] 46.98.146.113 #14: the peer proposed: 195.189.226.225/32:1701 -UDP-> 192.168.11.8/32:1701
Nov  5 21:02:14 unassigned-hostname pluto[1859]: |   checking hostpair 195.189.226.225/32:1701 -> 46.98.146.113/32:0
Nov  5 21:02:14 unassigned-hostname pluto[1859]: "l2tp-psk"[8] 46.98.146.113 #14: NAT-Traversal: received 2 NAT-OA. Using first; ignoring others
Nov  5 21:02:14 unassigned-hostname pluto[1859]: "l2tp-psk"[8] 46.98.146.113 #15: responding to Quick Mode proposal {msgid:00000001}
Nov  5 21:02:14 unassigned-hostname pluto[1859]: "l2tp-psk"[8] 46.98.146.113 #15:     us: 195.189.226.225/32:UDP/1701===195.189.226.225  them: 46.98.146.113[192.168.11.8]===46.98.146.113/32:UDP/1701
Nov  5 21:02:14 unassigned-hostname pluto[1859]: "l2tp-psk"[8] 46.98.146.113 #15: sent Quick Mode reply, inbound IPsec SA installed, expecting confirmation transport mode {ESPinUDP=>0x509c8732 <0xeb51c015 xfrm=AES_CBC_256-HMAC_SHA1_96 NATOA=192.168.11.8 NATD=46.98.146.113:50350 DPD=unsupported}
Nov  5 21:02:14 unassigned-hostname pluto[1859]: "l2tp-psk"[8] 46.98.146.113 #15: IPsec SA established transport mode {ESPinUDP=>0x509c8732 <0xeb51c015 xfrm=AES_CBC_256-HMAC_SHA1_96 NATOA=192.168.11.8 NATD=46.98.146.113:50350 DPD=unsupported}
Nov  5 21:02:14 unassigned-hostname pluto[1859]: "l2tp-psk"[8] 46.98.146.113 #14: the peer proposed: 195.189.226.225/32:1701 -UDP-> 192.168.11.8/32:1701
Nov  5 21:02:14 unassigned-hostname pluto[1859]: |   checking hostpair 195.189.226.225/32:1701 -> 46.98.146.113/32:1701
Nov  5 21:02:14 unassigned-hostname pluto[1859]: "l2tp-psk"[8] 46.98.146.113 #14: NAT-Traversal: received 2 NAT-OA. Using first; ignoring others
Nov  5 21:02:14 unassigned-hostname pluto[1859]: "l2tp-psk"[8] 46.98.146.113 #16: responding to Quick Mode proposal {msgid:00000002}
Nov  5 21:02:14 unassigned-hostname pluto[1859]: "l2tp-psk"[8] 46.98.146.113 #16:     us: 195.189.226.225/32:UDP/1701===195.189.226.225  them: 46.98.146.113[192.168.11.8]===46.98.146.113/32:UDP/1701
Nov  5 21:02:14 unassigned-hostname pluto[1859]: "l2tp-psk"[8] 46.98.146.113 #16: sent Quick Mode reply, inbound IPsec SA installed, expecting confirmation transport mode {ESPinUDP=>0x85f5dea4 <0x4aef7b38 xfrm=AES_CBC_256-HMAC_SHA1_96 NATOA=192.168.11.8 NATD=46.98.146.113:50350 DPD=unsupported}
Nov  5 21:02:14 unassigned-hostname pluto[1859]: "l2tp-psk"[8] 46.98.146.113 #16: IPsec SA established transport mode {ESPinUDP=>0x85f5dea4 <0x4aef7b38 xfrm=AES_CBC_256-HMAC_SHA1_96 NATOA=192.168.11.8 NATD=46.98.146.113:50350 DPD=unsupported}
Nov  5 21:02:14 unassigned-hostname pluto[1859]: "l2tp-psk"[8] 46.98.146.113 #14: received Delete SA(0x509c8732) payload: deleting IPsec State #15
Nov  5 21:02:14 unassigned-hostname pluto[1859]: "l2tp-psk"[8] 46.98.146.113 #15: deleting state (STATE_QUICK_R2) aged 0.099591s and sending notification
Nov  5 21:02:14 unassigned-hostname pluto[1859]: "l2tp-psk"[8] 46.98.146.113 #15: ESP traffic information: in=0B out=0B
Nov  5 21:02:17 unassigned-hostname pluto[1859]: "l2tp-psk"[8] 46.98.146.113 #14: the peer proposed: 195.189.226.225/32:1701 -UDP-> 192.168.11.8/32:1701
Nov  5 21:02:17 unassigned-hostname pluto[1859]: |   checking hostpair 195.189.226.225/32:1701 -> 46.98.146.113/32:1701
Nov  5 21:02:17 unassigned-hostname pluto[1859]: "l2tp-psk"[8] 46.98.146.113 #14: NAT-Traversal: received 2 NAT-OA. Using first; ignoring others
Nov  5 21:02:17 unassigned-hostname pluto[1859]: "l2tp-psk"[8] 46.98.146.113 #17: responding to Quick Mode proposal {msgid:00000003}
Nov  5 21:02:17 unassigned-hostname pluto[1859]: "l2tp-psk"[8] 46.98.146.113 #17:     us: 195.189.226.225/32:UDP/1701===195.189.226.225  them: 46.98.146.113[192.168.11.8]===46.98.146.113/32:UDP/1701
Nov  5 21:02:17 unassigned-hostname pluto[1859]: "l2tp-psk"[8] 46.98.146.113 #17: sent Quick Mode reply, inbound IPsec SA installed, expecting confirmation transport mode {ESPinUDP=>0x3e824638 <0xb467e989 xfrm=AES_CBC_256-HMAC_SHA1_96 NATOA=192.168.11.8 NATD=46.98.146.113:50350 DPD=unsupported}
Nov  5 21:02:17 unassigned-hostname pluto[1859]: "l2tp-psk"[8] 46.98.146.113 #17: IPsec SA established transport mode {ESPinUDP=>0x3e824638 <0xb467e989 xfrm=AES_CBC_256-HMAC_SHA1_96 NATOA=192.168.11.8 NATD=46.98.146.113:50350 DPD=unsupported}
Nov  5 21:02:17 unassigned-hostname pluto[1859]: "l2tp-psk"[8] 46.98.146.113 #14: received Delete SA(0x85f5dea4) payload: deleting IPsec State #16
Nov  5 21:02:17 unassigned-hostname pluto[1859]: "l2tp-psk"[8] 46.98.146.113 #16: deleting state (STATE_QUICK_R2) aged 2.990805s and sending notification
Nov  5 21:02:17 unassigned-hostname pluto[1859]: "l2tp-psk"[8] 46.98.146.113 #16: ESP traffic information: in=0B out=0B
Nov  5 21:02:21 unassigned-hostname pluto[1859]: "l2tp-psk"[8] 46.98.146.113 #14: the peer proposed: 195.189.226.225/32:1701 -UDP-> 192.168.11.8/32:1701
Nov  5 21:02:21 unassigned-hostname pluto[1859]: |   checking hostpair 195.189.226.225/32:1701 -> 46.98.146.113/32:1701
Nov  5 21:02:21 unassigned-hostname pluto[1859]: "l2tp-psk"[8] 46.98.146.113 #14: NAT-Traversal: received 2 NAT-OA. Using first; ignoring others
Nov  5 21:02:21 unassigned-hostname pluto[1859]: "l2tp-psk"[8] 46.98.146.113 #18: responding to Quick Mode proposal {msgid:00000004}
Nov  5 21:02:21 unassigned-hostname pluto[1859]: "l2tp-psk"[8] 46.98.146.113 #18:     us: 195.189.226.225/32:UDP/1701===195.189.226.225  them: 46.98.146.113[192.168.11.8]===46.98.146.113/32:UDP/1701
Nov  5 21:02:21 unassigned-hostname pluto[1859]: "l2tp-psk"[8] 46.98.146.113 #18: sent Quick Mode reply, inbound IPsec SA installed, expecting confirmation transport mode {ESPinUDP=>0x1ea3460a <0x23146ec5 xfrm=AES_CBC_256-HMAC_SHA1_96 NATOA=192.168.11.8 NATD=46.98.146.113:50350 DPD=unsupported}
Nov  5 21:02:21 unassigned-hostname pluto[1859]: "l2tp-psk"[8] 46.98.146.113 #18: IPsec SA established transport mode {ESPinUDP=>0x1ea3460a <0x23146ec5 xfrm=AES_CBC_256-HMAC_SHA1_96 NATOA=192.168.11.8 NATD=46.98.146.113:50350 DPD=unsupported}
Nov  5 21:02:21 unassigned-hostname pluto[1859]: "l2tp-psk"[8] 46.98.146.113 #14: received Delete SA(0x3e824638) payload: deleting IPsec State #17
Nov  5 21:02:21 unassigned-hostname pluto[1859]: "l2tp-psk"[8] 46.98.146.113 #17: deleting state (STATE_QUICK_R2) aged 4.024323s and sending notification
Nov  5 21:02:21 unassigned-hostname pluto[1859]: "l2tp-psk"[8] 46.98.146.113 #17: ESP traffic information: in=0B out=0B

ipsec, windows

darksmoke
(05.11.22 21:58:03 MSK)

Что-то с железом? Ошибки в dmesg

Форум — General

Добрый день. Подскажите, пожалуйста, что это за ошибка, как ее побороть. Это лог с dmesg

 $ lsb_release -a
No LSB modules are available.
Distributor ID:	Debian
Description:	Debian GNU/Linux 11 (bullseye)
Release:	11
Codename:	bullseye

[   32.499110] DMAR: [DMA Read] Request device [05:00.0] PASID ffffffff fault addr ffbee000 [fault reason 06] PTE Read access is not set
[   33.148122] DMAR: DRHD: handling fault status reg 2
[   33.148155] DMAR: [DMA Read] Request device [05:00.0] PASID ffffffff fault addr ffbec000 [fault reason 06] PTE Read access is not set
[   33.148196] DMAR: [DMA Read] Request device [05:00.0] PASID ffffffff fault addr ffbf0000 [fault reason 06] PTE Read access is not set
[   34.906653] DMAR: DRHD: handling fault status reg 2
[   34.906699] DMAR: [DMA Read] Request device [05:00.0] PASID ffffffff fault addr ffbeb000 [fault reason 06] PTE Read access is not set
[   37.904461] DMAR: DRHD: handling fault status reg 2
[   37.904490] DMAR: [DMA Read] Request device [05:00.0] PASID ffffffff fault addr ffbe9000 [fault reason 06] PTE Read access is not set
[   43.770041] DMAR: DRHD: handling fault status reg 2
[   43.770115] DMAR: [DMA Read] Request device [05:00.0] PASID ffffffff fault addr ffbd9000 [fault reason 06] PTE Read access is not set
[   44.556676] DMAR: DRHD: handling fault status reg 2
[   44.556757] DMAR: [DMA Read] Request device [05:00.0] PASID ffffffff fault addr ffbd4000 [fault reason 06] PTE Read access is not set
[   47.844493] DMAR: DRHD: handling fault status reg 2
[   47.844564] DMAR: [DMA Read] Request device [05:00.0] PASID ffffffff fault addr ffbcd000 [fault reason 06] PTE Read access is not set
[   49.116140] DMAR: DRHD: handling fault status reg 2
[   49.116204] DMAR: [DMA Read] Request device [05:00.0] PASID ffffffff fault addr ffbcc000 [fault reason 06] PTE Read access is not set
[   51.010226] DMAR: DRHD: handling fault status reg 2
[   51.010273] DMAR: [DMA Read] Request device [05:00.0] PASID ffffffff fault addr ffbcb000 [fault reason 06] PTE Read access is not set
[   51.352063] DMAR: DRHD: handling fault status reg 2
[   51.352144] DMAR: [DMA Read] Request device [05:00.0] PASID ffffffff fault addr ffbcf000 [fault reason 06] PTE Read access is not set
[   56.396686] DMAR: DRHD: handling fault status reg 2
[   56.396774] DMAR: [DMA Read] Request device [05:00.0] PASID ffffffff fault addr ffbc7000 [fault reason 06] PTE Read access is not set
[   56.509279] DMAR: DRHD: handling fault status reg 2
[   56.509365] DMAR: [DMA Read] Request device [05:00.0] PASID ffffffff fault addr ffbbd000 [fault reason 06] PTE Read access is not set
[   60.761133] DMAR: DRHD: handling fault status reg 2
[   60.761209] DMAR: [DMA Read] Request device [05:00.0] PASID ffffffff fault addr ffbca000 [fault reason 06] PTE Read access is not set
[   61.164030] DMAR: DRHD: handling fault status reg 2

железо

darksmoke
(04.03.22 11:12:41 MSK)

6 комментариев

Как забирать логи с роутера

Форум — General

Добрый день Подскажите, пожалуйста, чем можно собирать логи с разных роутеров. Задача получать логи, парсить dhcp клиентов. Если это сервер, то тут все понятно. А вот если это роутер, то не знаю в какую сторону смотреть.

dhcp, log analyze

darksmoke
(15.01.22 18:04:51 MSK)

3 комментария

Трафик идет через другой интерфейс

Форум — Admin

Добрый день Подскажите, пожалуйста, реализовал схему https://docs.google.com/drawings/d/103CDDg39ZK4vDCkxXTNuLmP8FkTCsXrkOrJQLXJCo9A/edit?usp=sharing Вопрос в том что трафик попадает на сервер А1, а вот назад уходит через сервер В, сетевуху которая в инет смотрит, а не через tun0. Никак не могу заставить ходить трафик через тун0 (((((

Сервер А

 $ ip -br a
lo               UNKNOWN        127.0.0.1/8 ::1/128
enp3s0           UP
enp4s0           UP             fe80::523e:aaff:fe0f:b42e/64
br0              UP             192.168.1.250/24 fe80::523e:aaff:fe0f:5b3a/64
tun0             UNKNOWN        192.168.37.6 peer 192.168.37.5/32 fe80::8e28:78a4:5790:69d/64
ppp0             UNKNOWN        10.102.212.208 peer 212.115.225.252/32


cat /root/iptables-save
# Generated by xtables-save v1.8.2 on Mon Aug  2 13:27:21 2021
*filter
:INPUT ACCEPT [224462:89460370]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [1891438:17633064469]
-A INPUT -i lo -j ACCEPT
-A INPUT -i br0 -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type 0 -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type 3 -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type 11 -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A INPUT -i ppp+ -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -j ACCEPT
-A FORWARD -p gre -j ACCEPT
-A FORWARD -i ppp+ -p tcp -m tcp --dport 1723 -j ACCEPT
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -o br0 -j ACCEPT
-A OUTPUT -o ppp+ -j ACCEPT
COMMIT
# Completed on Mon Aug  2 13:27:21 2021
# Generated by xtables-save v1.8.2 on Mon Aug  2 13:27:21 2021
*mangle
:PREROUTING ACCEPT [109308441:89142826756]
:INPUT ACCEPT [18379765:5806615294]
:FORWARD ACCEPT [90724716:83285475718]
:OUTPUT ACCEPT [18242790:44296639842]
:POSTROUTING ACCEPT [108967461:127582111444]
-A FORWARD -o ppp0 -p tcp -m tcp --tcp-flags SYN,RST SYN -m tcpmss --mss 1400:65495 -j TCPMSS --clamp-mss-to-pmtu
COMMIT
# Completed on Mon Aug  2 13:27:21 2021
# Generated by xtables-save v1.8.2 on Mon Aug  2 13:27:21 2021
*nat
:PREROUTING ACCEPT [613300:96555373]
:INPUT ACCEPT [50547:3531885]
:POSTROUTING ACCEPT [11702:712235]
:OUTPUT ACCEPT [49777:3344265]
-A PREROUTING -p tcp -m tcp --dport 8080 -j DNAT --to-destination 192.168.1.212:80
-A PREROUTING -p tcp -m tcp --dport 4113 -j DNAT --to-destination 192.168.1.213:3389
-A POSTROUTING -o ppp+ -j MASQUERADE
COMMIT
# Completed on Mon Aug  2 13:27:21 2021
# Generated by xtables-save v1.8.2 on Mon Aug  2 13:27:21 2021
*raw
:PREROUTING ACCEPT [109308441:89142826756]
:OUTPUT ACCEPT [18242790:44296639842]
COMMIT
# Completed on Mon Aug  2 13:27:21 2021

Сервер В

$ ip -br a
lo               UNKNOWN        127.0.0.1/8
enp1s0           UP
enp2s0           UP
enp5s0           UP
br0              UP             192.168.88.250/24
tun0             UNKNOWN        192.168.37.1 peer 192.168.37.2/32
virbr0           DOWN           192.168.122.1/24
virbr0-nic       DOWN
ppp0             UNKNOWN        178.215.163.222 peer 212.115.225.247/32


cat /root/iptables-save
# Generated by xtables-save v1.8.2 on Mon Aug  2 13:30:02 2021
*filter
:INPUT ACCEPT [13175311:18281448869]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [6478397:343261269]
:f2b-ssh - [0:0]
:f2b-sshd - [0:0]
-A INPUT -i virbr0 -p udp -m udp --dport 53 -j ACCEPT
-A INPUT -i virbr0 -p tcp -m tcp --dport 53 -j ACCEPT
-A INPUT -i virbr0 -p udp -m udp --dport 67 -j ACCEPT
-A INPUT -i virbr0 -p tcp -m tcp --dport 67 -j ACCEPT
-A INPUT -p tcp -m multiport --dports 22 -j f2b-sshd
-A INPUT -p tcp -m multiport --dports 22 -j f2b-ssh
-A INPUT -i lo -j ACCEPT
-A INPUT -i br0 -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type 0 -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type 3 -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type 11 -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A INPUT -i ppp+ -j ACCEPT
-A FORWARD -d 192.168.122.0/24 -o virbr0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -s 192.168.122.0/24 -i virbr0 -j ACCEPT
-A FORWARD -i virbr0 -o virbr0 -j ACCEPT
-A FORWARD -o virbr0 -j REJECT --reject-with icmp-port-unreachable
-A FORWARD -i virbr0 -j REJECT --reject-with icmp-port-unreachable
-A FORWARD -j ACCEPT
-A OUTPUT -o virbr0 -p udp -m udp --dport 68 -j ACCEPT
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -o br0 -j ACCEPT
-A OUTPUT -o ppp+ -j ACCEPT
-A f2b-ssh -s 190.52.34.43/32 -j REJECT --reject-with icmp-port-unreachable
-A f2b-ssh -s 111.93.214.67/32 -j REJECT --reject-with icmp-port-unreachable
-A f2b-ssh -s 160.119.100.188/32 -j REJECT --reject-with icmp-port-unreachable
-A f2b-ssh -s 40.115.79.44/32 -j REJECT --reject-with icmp-port-unreachable
-A f2b-ssh -s 118.69.55.101/32 -j REJECT --reject-with icmp-port-unreachable
-A f2b-ssh -s 49.233.196.120/32 -j REJECT --reject-with icmp-port-unreachable
-A f2b-ssh -j RETURN
-A f2b-sshd -s 190.52.34.43/32 -j REJECT --reject-with icmp-port-unreachable
-A f2b-sshd -s 111.93.214.67/32 -j REJECT --reject-with icmp-port-unreachable
-A f2b-sshd -s 160.119.100.188/32 -j REJECT --reject-with icmp-port-unreachable
-A f2b-sshd -s 40.115.79.44/32 -j REJECT --reject-with icmp-port-unreachable
-A f2b-sshd -s 118.69.55.101/32 -j REJECT --reject-with icmp-port-unreachable
-A f2b-sshd -s 49.233.196.120/32 -j REJECT --reject-with icmp-port-unreachable
-A f2b-sshd -j RETURN
COMMIT
# Completed on Mon Aug  2 13:30:02 2021
# Generated by xtables-save v1.8.2 on Mon Aug  2 13:30:02 2021
*mangle
:PREROUTING ACCEPT [885207781:629345695425]
:INPUT ACCEPT [34007551:37639326371]
:FORWARD ACCEPT [849792347:591467489037]
:OUTPUT ACCEPT [21225980:16299778485]
:POSTROUTING ACCEPT [871019988:607767611018]
-A FORWARD -o ppp0 -p tcp -m tcp --tcp-flags SYN,RST SYN -m tcpmss --mss 1400:65495 -j TCPMSS --clamp-mss-to-pmtu
-A POSTROUTING -o virbr0 -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill
COMMIT
# Completed on Mon Aug  2 13:30:02 2021
# Generated by xtables-save v1.8.2 on Mon Aug  2 13:30:02 2021
*nat
:PREROUTING ACCEPT [7669950:996289342]
:INPUT ACCEPT [3030301:201364782]
:POSTROUTING ACCEPT [24907:1747289]
:OUTPUT ACCEPT [44874:3417857]
-A PREROUTING -p tcp -m tcp --dport 8443 -j DNAT --to-destination 192.168.88.200:443
-A PREROUTING -p tcp -m tcp --dport 8080 -j DNAT --to-destination 192.168.88.200:80
-A PREROUTING -p tcp -m tcp --dport 3030 -j DNAT --to-destination 192.168.88.241:3389
-A PREROUTING -i ppp+ -p tcp -m tcp --dport 9191 -j DNAT --to-destination 192.168.1.212:22
-A POSTROUTING -s 192.168.122.0/24 -d 224.0.0.0/24 -j RETURN
-A POSTROUTING -s 192.168.122.0/24 -d 255.255.255.255/32 -j RETURN
-A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p tcp -j MASQUERADE --to-ports 1024-65535
-A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p udp -j MASQUERADE --to-ports 1024-65535
-A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -j MASQUERADE
-A POSTROUTING -o ppp+ -j MASQUERADE
COMMIT
# Completed on Mon Aug  2 13:30:02 2021

forward, iptables

darksmoke
(02.08.21 21:11:24 MSK)

4 комментария

iptables SNAT ругается на имя сетевухи

Форум — General

Добрый день Помогите разобраться почему выдает ошибку, пожалуйста. Я учу iptables и пытаюсь разобраться как он работает. Просто маскарад не хочу делать, мне надо в учебных целях. Спасибо.

/etc/iptables.sh
Bad argument `enp4s0'
Try `iptables -h' or 'iptables --help' for more information.

строка в файле

$IPT -A POSTROUTING -t nat -s ${LAN_IP_RANGE} -o enp4s0 -j SNAT --to-source ppp0

br0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.1.250  netmask 255.255.255.0  broadcast 192.168.1.255
        inet6 fe80::523e:aaff:fe0f:5b3a  prefixlen 64  scopeid 0x20<link>
        ether 50:3e:aa:0f:5b:3a  txqueuelen 1000  (Ethernet)
        RX packets 120150  bytes 139394294 (132.9 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 83120  bytes 33720973 (32.1 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

enp3s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        ether 50:3e:aa:0f:5b:3a  txqueuelen 1000  (Ethernet)
        RX packets 120631  bytes 141108082 (134.5 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 84396  bytes 33804317 (32.2 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

enp4s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet6 fe80::523e:aaff:fe0f:b42e  prefixlen 64  scopeid 0x20<link>
        ether 50:3e:aa:0f:b4:2e  txqueuelen 1000  (Ethernet)
        RX packets 81788  bytes 31500986 (30.0 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 115957  bytes 141345917 (134.7 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 1  bytes 88 (88.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 1  bytes 88 (88.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

ppp0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST>  mtu 1492
        inet 10.102.246.170  netmask 255.255.255.255  destination 212.115.225.252
        ppp  txqueuelen 3  (Point-to-Point Protocol)
        RX packets 8741  bytes 8688793 (8.2 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 5448  bytes 825297 (805.9 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

tun0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST>  mtu 1500
        inet 192.168.37.6  netmask 255.255.255.255  destination 192.168.37.5
        inet6 fe80::f3a8:7e7b:9b8b:2903  prefixlen 64  scopeid 0x20<link>
        unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  txqueuelen 100  (UNSPEC)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 9  bytes 432 (432.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

vnet0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet6 fe80::fc54:ff:fe17:58a  prefixlen 64  scopeid 0x20<link>
        ether fe:54:00:17:05:8a  txqueuelen 1000  (Ethernet)
        RX packets 200  bytes 10672 (10.4 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 866  bytes 128108 (125.1 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

 $ cat /etc/iptables.sh
#!/usr/bin/env bash

export IPT="iptables"

# WAN 1
export WAN=ppp0
export WAN_IP=91.225.234.208

# Local
export LAN1=br0
export LAN1_IP_RANGE=192.168.0.250/24

# Flush rules
$IPT -F
$IPT -F -t nat
$IPT -F -t mangle
$IPT -F -t filter
#$IPT -F -t conntrack
$IPT -F -t raw
$IPT -X
$IPT -X -t nat
$IPT -X -t mangle
$IPT -X -t filter
#$IPT -X -t conntrack
$IPT -X -t raw


$IPT -P INPUT ACCEPT
$IPT -P FORWARD ACCEPT
$IPT -P OUTPUT ACCEPT

$IPT -A INPUT -i lo -j ACCEPT
$IPT -A INPUT -i $LAN1 -j ACCEPT
$IPT -A OUTPUT -o lo -j ACCEPT
$IPT -A OUTPUT -o $LAN1 -j ACCEPT



$IPT -A POSTROUTING -t nat -s ${LAN_IP_RANGE} -o enp4s0 -j SNAT --to-source ppp0

iptables, snat

darksmoke
(24.07.21 13:42:47 MSK)

3 комментария

Помогите с маршрутизацией

Форум — General

Добрый день Есть два сервера. Объединены между собой опенвпном. Друг друга прингуют. А вот компьютеры за сервером не пингуются :(

openvp-server


route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         0.0.0.0         0.0.0.0         U     0      0        0 ppp0
192.168.37.0    192.168.37.2    255.255.255.0   UG    0      0        0 tun0
192.168.37.2    0.0.0.0         255.255.255.255 UH    0      0        0 tun0
192.168.88.0    0.0.0.0         255.255.255.0   U     0      0        0 br0
192.168.122.0   0.0.0.0         255.255.255.0   U     0      0        0 virbr0
212.115.225.247 0.0.0.0         255.255.255.255 UH    0      0        0 ppp0


ip -br a
lo               UNKNOWN        127.0.0.1/8
enp1s0           UP
enp2s0           UP
enp3s0           DOWN
enp5s0           UP
br0              UP             192.168.88.250/24
virbr0           DOWN           192.168.122.1/24
virbr0-nic       DOWN
vnet0            UNKNOWN
ppp0             UNKNOWN        178.215.122.122 peer 212.115.225.247/32
tun0             UNKNOWN        192.168.37.1 peer 192.168.37.2/32

openvpn-client


route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         0.0.0.0         0.0.0.0         U     0      0        0 ppp0
192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 br0
192.168.37.1    192.168.37.5    255.255.255.255 UGH   0      0        0 tun0
192.168.37.5    0.0.0.0         255.255.255.255 UH    0      0        0 tun0
212.115.225.252 0.0.0.0         255.255.255.255 UH    0      0        0 ppp0


ip -br a
lo               UNKNOWN        127.0.0.1/8 ::1/128
enp3s0           UP
enp4s0           UP             fe80::523e:aaff:fe0f:b42e/64
enp5s0           DOWN
br0              UP             192.168.1.250/24 fe80::523e:aaff:fe0f:5b3a/64
vnet0            UNKNOWN        fe80::fc54:ff:fe17:58a/64
ppp0             UNKNOWN        10.102.205.17 peer 212.115.225.252/32
tun0             UNKNOWN        192.168.37.6 peer 192.168.37.5/32 fe80::5e05:e341:850c:9fbd/64

Вот за openvpn-client есть еще компы которые в сети 192.168.1.0. Не могу заставить openvpn-server видеть компы в сети 192.168.1.0. Помогите, пожалуйста.

openvpn, routing

darksmoke
(15.07.21 00:48:01 MSK)

10 комментариев

KVM как спрятать mac адрес?

Форум — General

Добрый день Купил я выделенный сервер у hetzner с одним IP. Развернул там KVM. Сделал VLAN на него повесил bridge что бы организовать локальную сеть для виртуалок, а виртуалки через NAT выпустил в мир. И тут мне приходит письмо от hetzner

you can use virtualization, but you may only use MAC that we have authorized. The hardware MAC is always authorized, additional MAC can be request by buying single IP in robot. The cost neutral solution is to use a routed setup, so only 1 MAC is used for all VM when communicating with our network.

Мол нельзя светить mac адреса на их IP и предлагают как-то организовать маршрутизацию. Я не понимаю как и как это поможет убрать мак адрес с IP адреса?

~$ ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: enp8s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether a8:a1:59:68:98:df brd ff:ff:ff:ff:ff:ff
    inet 147.252.47.91/27 brd 147.252.47.95 scope global enp8s0
       valid_lft forever preferred_lft forever
3: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether a8:a1:59:68:98:df brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.250/24 brd 192.168.1.255 scope global br0
       valid_lft forever preferred_lft forever
    inet6 fe80::aaa1:59ff:fe68:98df/64 scope link
       valid_lft forever preferred_lft forever
4: enp8s0.100@enp8s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br0 state UP group default qlen 1000
    link/ether a8:a1:59:68:98:df brd ff:ff:ff:ff:ff:ff
8: vnet0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br0 state UNKNOWN group default qlen 1000
    link/ether fe:54:00:f3:04:0d brd ff:ff:ff:ff:ff:ff
    inet6 fe80::fc54:ff:fef3:40d/64 scope link
       valid_lft forever preferred_lft forever
19: vnet1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br0 state UNKNOWN group default qlen 1000
    link/ether fe:54:00:84:63:70 brd ff:ff:ff:ff:ff:ff
    inet6 fe80::fc54:ff:fe84:6370/64 scope link
       valid_lft forever preferred_lft forever
20: vnet2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br0 state UNKNOWN group default qlen 1000
    link/ether fe:55:01:f3:04:1d brd ff:ff:ff:ff:ff:ff
    inet6 fe80::fc55:1ff:fef3:41d/64 scope link
       valid_lft forever preferred_lft forever
21: vnet3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br0 state UNKNOWN group default qlen 1000
    link/ether fe:54:00:7f:90:5b brd ff:ff:ff:ff:ff:ff
    inet6 fe80::fc54:ff:fe7f:905b/64 scope link
       valid_lft forever preferred_lft forever

Как сделать эту маршрутизацию о которой они говорят?

hetzner, kvm

darksmoke
(04.07.21 11:49:40 MSK)

12 комментариев

Samba 4 и доступ по IP

Форум — General

Добрый день никак не получается настроить доступ к сетевым папкам на основе IP. С таким конфигом любой компьютер может зайти в любую папку. Помогите, пожалуйста, где не так делаю?

[global]
   workgroup = WORKGROUP
    dns proxy = no
    log file = /var/log/samba/log.%m
    netbios name = NFS-SERVER
    max log size = 1000
    syslog = 0
    panic action = /usr/share/samba/panic-action %d
    server role = standalone server
   passdb backend = tdbsam
   obey pam restrictions = yes
   unix password sync = yes
   passwd program = /usr/bin/passwd %u
   passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
   pam password change = yes
   map to guest = bad user
   usershare allow guests = yes
   time server = no
    bind interfaces only = yes
    interfaces = 192.168.88.250/24


[folder1]
    path = /tank/samba/folder1
    browseable = Yes
    guest ok = Yes
    writeable = Yes
    public = yes
    reate mask = 666
    directory mask = 777
    host allow = 192.168.88.0/255.255.255.0

[folder2]
    path = /tank/samba/folder2
    browseable = Yes
    guest ok = Yes
    writeable = Yes
    public = yes
    reate mask = 666
    directory mask = 777
    host allow = 192.168.88.101,192.168.88.110,192.168.88.111

[folder3]
    path = /tank/samba/folder3
    browseable = Yes
    guest ok = Yes
    writeable = Yes
    public = yes
    reate mask = 666
    directory mask = 777
    host allow = 192.168.88.0.101,192.168.88.0.102,192.168.88.0.103

samba

darksmoke
(31.05.21 21:12:55 MSK)

3 комментария

Bridg для KVM

Форум — General

Добрый день. Раньше когда я настраивал KVM у меня всегда было два сетевых интерфейса (внешний ппое, и внутренний локалка). А сейчас я купил выделенный сервер и там один интерфейс с белым IP, а мне надо развернуть несколько витруалок с доступом из мира. Не могу понять как мне сделать локальный интерфейс, что бы раздать ИП адреса виртуалкам? Зарание спасибо.

bridge, kvm

darksmoke
(29.03.21 09:37:15 MSK)

9 комментариев

IPTables для Squid

Форум — Admin

Помогите, пожалуйста, разобраться почему не перенаправляются запросы в Squid. Если ручками прописываю проксю в браузере, то все работает, а прозрачно не работает :(

#!/usr/bin/env bash

export IPT="iptables"

# WAN 1
export WAN=ppp0
export WAN_IP=ххх.ххх.ххх.ххх

# Local
export LAN1=br0
export LAN1_IP_RANGE=192.168.88.0/24

# Flush rules
$IPT -F
$IPT -X
$IPT -t nat -F
$IPT -t nat -X
$IPT -t mangle -F
$IPT -t mangle -X
$IPT -P INPUT ACCEPT
$IPT -P FORWARD ACCEPT
$IPT -P OUTPUT ACCEPT

# Deny all
#$IPT -P INPUT DROP
#$IPT -P OUTPUT DROP
#$IPT -P FORWARD DROP

# Allow local
$IPT -A INPUT -i lo -j ACCEPT
$IPT -A INPUT -i $LAN1 -j ACCEPT
$IPT -A OUTPUT -o lo -j ACCEPT
$IPT -A OUTPUT -o $LAN1 -j ACCEPT

# Allow ping
$IPT -A INPUT -p icmp --icmp-type echo-reply -j ACCEPT
$IPT -A INPUT -p icmp --icmp-type destination-unreachable -j ACCEPT
$IPT -A INPUT -p icmp --icmp-type time-exceeded -j ACCEPT
$IPT -A INPUT -p icmp --icmp-type echo-request -j ACCEPT

$IPT -t nat -I PREROUTING 1 -p tcp --dport 3030 -j DNAT --to-destination 192.168.88.241:3389

$IPT -A INPUT -i ppp+ -j ACCEPT
$IPT -A OUTPUT -o ppp+ -j ACCEPT

$IPT -F FORWARD
$IPT -A FORWARD -j ACCEPT

iptables -t nat -A PREROUTING -i $LAN1 -p tcp --dport 80 -j REDIRECT --to-ports 3128
iptables -t nat -A PREROUTING -i $LAN1 -p tcp --dport 443 -j REDIRECT --to-ports 3129

$IPT -A POSTROUTING -t nat -o ppp+ -j MASQUERADE

На всякий случай конфиг Squid 4.6

acl all src all
acl office src 192.168.88.1-192.168.88.200/255.255.255.0
acl serv2019 src 192.168.1.241/32

acl SSL_ports port 443
acl CONNECT method CONNECT

acl Safe_ports port 80
acl Safe_ports port 21 # http
acl Safe_ports port 443 # ftp
acl Safe_ports port 70 # https
acl Safe_ports port 210 # gopher
acl Safe_ports port 1025-65535 # wais
acl Safe_ports port 280 # unregistered ports
acl Safe_ports port 488 # http-mgmt
acl Safe_ports port 591 # gss-http
acl Safe_ports port 777 # filemaker

http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports

http_access allow localhost
http_access allow office
http_access allow serv2019

http_access deny all

http_port 192.168.88.250:3128
#http_port 192.168.88.250:3129 intercept
http_port 192.168.88.250:3129 ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/etc/squid/ssl/squidca.pem


#acl nosslintercept ssl::server_name "/etc/squid/sites_nossl.txt"
acl step1 at_step SslBump1

ssl_bump peek step1
ssl_bump bump all

sslcrtd_program /usr/lib/squid/security_file_certgen -s /var/lib/ssl_db -M 4MB

dns_nameservers 8.8.8.8

refresh_pattern ^ftp:		1440	20%	10080
refresh_pattern ^gopher:	1440	0%	1440
refresh_pattern -i (/cgi-bin/|\?) 0	0%	0
refresh_pattern .		0	20%	4320

iptables, squid

darksmoke
(11.01.21 23:26:42 MSK)

6 комментариев

Как понять состояния HDD

Форум — General

Добрый день Переживаю, что могу потерять данные. Скажите, пожалуйста, как понять что диск уже надо менять?

#smartctl -a /dev/sda
smartctl 6.6 2016-05-31 r4324 [x86_64-linux-4.9.0-9-amd64] (local build)
Copyright (C) 2002-16, Bruce Allen, Christian Franke, www.smartmontools.org

=== START OF INFORMATION SECTION ===
Model Family:     Western Digital Caviar Green (AF)
Device Model:     WDC WD10EARS-00Y5B1
Serial Number:    WD-WCAV5N163253
LU WWN Device Id: 5 0014ee 25ac63cfc
Firmware Version: 80.00A80
User Capacity:    1 000 204 886 016 bytes [1,00 TB]
Sector Size:      512 bytes logical/physical
Device is:        In smartctl database [for details use: -P show]
ATA Version is:   ATA8-ACS (minor revision not indicated)
SATA Version is:  SATA 2.6, 3.0 Gb/s
Local Time is:    Wed Oct  9 09:50:29 2019 EEST
SMART support is: Available - device has SMART capability.
SMART support is: Enabled

=== START OF READ SMART DATA SECTION ===
SMART overall-health self-assessment test result: PASSED

General SMART Values:
Offline data collection status:  (0x84)	Offline data collection activity
					was suspended by an interrupting command from host.
					Auto Offline Data Collection: Enabled.
Self-test execution status:      (   0)	The previous self-test routine completed
					without error or no self-test has ever 
					been run.
Total time to complete Offline 
data collection: 		(20880) seconds.
Offline data collection
capabilities: 			 (0x7b) SMART execute Offline immediate.
					Auto Offline data collection on/off support.
					Suspend Offline collection upon new
					command.
					Offline surface scan supported.
					Self-test supported.
					Conveyance Self-test supported.
					Selective Self-test supported.
SMART capabilities:            (0x0003)	Saves SMART data before entering
					power-saving mode.
					Supports SMART auto save timer.
Error logging capability:        (0x01)	Error logging supported.
					General Purpose Logging supported.
Short self-test routine 
recommended polling time: 	 (   2) minutes.
Extended self-test routine
recommended polling time: 	 ( 240) minutes.
Conveyance self-test routine
recommended polling time: 	 (   5) minutes.
SCT capabilities: 	       (0x3035)	SCT Status supported.
					SCT Feature Control supported.
					SCT Data Table supported.

SMART Attributes Data Structure revision number: 16
Vendor Specific SMART Attributes with Thresholds:
ID# ATTRIBUTE_NAME          FLAG     VALUE WORST THRESH TYPE      UPDATED  WHEN_FAILED RAW_VALUE
  1 Raw_Read_Error_Rate     0x002f   200   200   051    Pre-fail  Always       -       0
  3 Spin_Up_Time            0x0027   130   128   021    Pre-fail  Always       -       6458
  4 Start_Stop_Count        0x0032   100   100   000    Old_age   Always       -       214
  5 Reallocated_Sector_Ct   0x0033   200   200   140    Pre-fail  Always       -       0
  7 Seek_Error_Rate         0x002e   200   200   000    Old_age   Always       -       0
  9 Power_On_Hours          0x0032   047   047   000    Old_age   Always       -       39144
 10 Spin_Retry_Count        0x0032   100   100   000    Old_age   Always       -       0
 11 Calibration_Retry_Count 0x0032   100   100   000    Old_age   Always       -       0
 12 Power_Cycle_Count       0x0032   100   100   000    Old_age   Always       -       212
192 Power-Off_Retract_Count 0x0032   200   200   000    Old_age   Always       -       145
193 Load_Cycle_Count        0x0032   001   001   000    Old_age   Always       -       1910083
194 Temperature_Celsius     0x0022   120   100   000    Old_age   Always       -       27
196 Reallocated_Event_Count 0x0032   200   200   000    Old_age   Always       -       0
197 Current_Pending_Sector  0x0032   200   200   000    Old_age   Always       -       0
198 Offline_Uncorrectable   0x0030   200   200   000    Old_age   Offline      -       0
199 UDMA_CRC_Error_Count    0x0032   200   200   000    Old_age   Always       -       0
200 Multi_Zone_Error_Rate   0x0008   200   200   000    Old_age   Offline      -       0

SMART Error Log Version: 1
No Errors Logged

SMART Self-test log structure revision number 1
No self-tests have been logged.  [To run self-tests, use: smartctl -t]

SMART Selective self-test log data structure revision number 1
 SPAN  MIN_LBA  MAX_LBA  CURRENT_TEST_STATUS
    1        0        0  Not_testing
    2        0        0  Not_testing
    3        0        0  Not_testing
    4        0        0  Not_testing
    5        0        0  Not_testing
Selective self-test flags (0x0):
  After scanning selected spans, do NOT read-scan remainder of disk.
If Selective self-test is pending on power-up, resume after 0 minute delay.

hdd, smart

darksmoke
(09.10.19 09:54:11 MSK)

14 комментариев

PPTP из локальной сети. IPTABLES.

Форум — General

Добрый день Подскажите, как побороть, из локальной сети не могу подключится к VPN PPTP серверу который находится в другом месте.

# Generated by iptables-save v1.6.0 on Mon Sep 30 23:50:13 2019
*mangle
:PREROUTING ACCEPT [4899905:5488213642]
:INPUT ACCEPT [2121079:3031077122]
:FORWARD ACCEPT [2776542:2456460297]
:OUTPUT ACCEPT [1451601:85050313]
:POSTROUTING ACCEPT [4228143:2541510610]
-A FORWARD -o ppp0 -p tcp -m tcp --tcp-flags SYN,RST SYN -m tcpmss --mss 1400:65495 -j TCPMSS --clamp-mss-to-pmtu
COMMIT
# Completed on Mon Sep 30 23:50:13 2019
# Generated by iptables-save v1.6.0 on Mon Sep 30 23:50:13 2019
*nat
:PREROUTING ACCEPT [42:3044]
:INPUT ACCEPT [14:1079]
:OUTPUT ACCEPT [3:221]
:POSTROUTING ACCEPT [0:0]
-A POSTROUTING -o ppp+ -j MASQUERADE
COMMIT
# Completed on Mon Sep 30 23:50:13 2019
# Generated by iptables-save v1.6.0 on Mon Sep 30 23:50:13 2019
*filter
:INPUT ACCEPT [11:3834]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [69:9064]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i ppp+ -j ACCEPT
-A INPUT -p tcp -m tcp --dport 1723 -j ACCEPT
-A INPUT -p gre -j ACCEPT
-A FORWARD -i ppp+ -o ppp+ -j ACCEPT
-A FORWARD -j ACCEPT
-A OUTPUT -o ppp+ -j ACCEPT
-A OUTPUT -p gre -j ACCEPT
COMMIT
# Completed on Mon Sep 30 23:50:13 2019

23:56:25.513179 IP 233.82.PPPoE.fregat.ua.45700 > xxx.xxx.xxx.xxx: Flags [S], seq 3863674686, win 29200, options [mss 1452,sackOK,TS val 3677442620 ecr 0,nop,wscale 7], length 0
23:56:25.514018 IP xxx.xxx.xxx.xxx > 233.82.PPPoE.fregat.ua.45700: Flags [S.], seq 91726336, ack 3863674687, win 14280, options [mss 1440,sackOK,TS val 1180006 ecr 3677442620,nop,wscale 3], length 0
23:56:25.518400 IP 233.82.PPPoE.fregat.ua.45700 > xxx.xxx.xxx.xxx: Flags [.], ack 1, win 229, options [nop,nop,TS val 3677442624 ecr 1180006], length 0
23:56:25.518980 IP 233.82.PPPoE.fregat.ua.45700 > xxx.xxx.xxx.xxx: Flags [P.], seq 1:157, ack 1, win 229, options [nop,nop,TS val 3677442624 ecr 1180006], length 156: pptp CTRL_MSGTYPE=SCCRQ PROTO_VER(1.0) FRAME_CAP(AS) BEARER_CAP(DA) MAX_CHAN(65535) FIRM_REV(1) HOSTNAME(local) VENDOR(cananian)
23:56:25.519781 IP xxx.xxx.xxx.xxx > 233.82.PPPoE.fregat.ua.45700: Flags [.], ack 157, win 1919, options [nop,nop,TS val 1180007 ecr 3677442624], length 0
23:56:25.521458 IP xxx.xxx.xxx.xxx > 233.82.PPPoE.fregat.ua.45700: Flags [P.], seq 1:157, ack 157, win 1919, options [nop,nop,TS val 1180007 ecr 3677442624], length 156: pptp CTRL_MSGTYPE=SCCRP PROTO_VER(1.0) RESULT_CODE(1) ERR_CODE(0) FRAME_CAP(S) BEARER_CAP() MAX_CHAN(0) FIRM_REV(1) HOSTNAME(MikroTik) VENDOR(MikroTik)
23:56:25.529323 IP 233.82.PPPoE.fregat.ua.45700 > xxx.xxx.xxx.xxx: Flags [.], ack 157, win 237, options [nop,nop,TS val 3677442635 ecr 1180007], length 0
23:56:26.517852 IP 233.82.PPPoE.fregat.ua.45700 > xxx.xxx.xxx.xxx: Flags [P.], seq 157:325, ack 157, win 237, options [nop,nop,TS val 3677443625 ecr 1180007], length 168: pptp CTRL_MSGTYPE=OCRQ CALL_ID(33460) CALL_SER_NUM(0) MIN_BPS(2400) MAX_BPS(10000000) BEARER_TYPE(Any) FRAME_TYPE(E) RECV_WIN(3) PROC_DELAY(0) PHONE_NO_LEN(0) PHONE_NO() SUB_ADDR()
23:56:26.519382 IP xxx.xxx.xxx.xxx > 233.82.PPPoE.fregat.ua.45700: Flags [P.], seq 157:189, ack 325, win 2053, options [nop,nop,TS val 1180107 ecr 3677443625], length 32: pptp CTRL_MSGTYPE=OCRP CALL_ID(16) PEER_CALL_ID(33460) RESULT_CODE(1) ERR_CODE(0) CAUSE_CODE(0) CONN_SPEED(100000) RECV_WIN(100) PROC_DELAY(0) PHY_CHAN_ID(0)
23:56:26.520811 IP 233.82.PPPoE.fregat.ua.45700 > xxx.xxx.xxx.xxx: Flags [.], ack 189, win 237, options [nop,nop,TS val 3677443628 ecr 1180107], length 0
23:56:26.521374 IP 233.82.PPPoE.fregat.ua > xxx.xxx.xxx.xxx: GREv1, call 16, seq 1, length 36: LCP, Conf-Request (0x01), id 1, length 22
23:56:26.522476 IP xxx.xxx.xxx.xxx > 233.82.PPPoE.fregat.ua: GREv1, call 33460, seq 1, ack 1, length 39: LCP, Conf-Request (0x01), id 1, length 21
23:56:26.522686 IP xxx.xxx.xxx.xxx > 233.82.PPPoE.fregat.ua: GREv1, call 33460, seq 2, ack 1, length 34: LCP, Conf-Reject (0x04), id 1, length 16
23:56:27.534097 IP xxx.xxx.xxx.xxx > 233.82.PPPoE.fregat.ua: GREv1, call 33460, seq 3, ack 1, length 39: LCP, Conf-Request (0x01), id 2, length 21
23:56:29.115886 IP xxx.xxx.xxx.xxx > 233.82.PPPoE.fregat.ua: GREv1, call 33460, seq 4, ack 1, length 39: LCP, Conf-Request (0x01), id 3, length 21
23:56:29.525868 IP 233.82.PPPoE.fregat.ua > xxx.xxx.xxx.xxx: GREv1, call 16, seq 2, length 36: LCP, Conf-Request (0x01), id 1, length 22
23:56:29.527026 IP xxx.xxx.xxx.xxx > 233.82.PPPoE.fregat.ua: GREv1, call 33460, seq 5, ack 2, length 34: LCP, Conf-Reject (0x04), id 1, length 16
23:56:31.159066 IP xxx.xxx.xxx.xxx > 233.82.PPPoE.fregat.ua: GREv1, call 33460, seq 6, ack 2, length 39: LCP, Conf-Request (0x01), id 4, length 21
23:56:32.512611 IP 233.82.PPPoE.fregat.ua > xxx.xxx.xxx.xxx: GREv1, call 16, seq 3, length 36: LCP, Conf-Request (0x01), id 1, length 22
23:56:32.513654 IP xxx.xxx.xxx.xxx > 233.82.PPPoE.fregat.ua: GREv1, call 33460, seq 7, ack 3, length 34: LCP, Conf-Reject (0x04), id 1, length 16
23:56:34.215789 IP xxx.xxx.xxx.xxx > 233.82.PPPoE.fregat.ua: GREv1, call 33460, seq 8, ack 3, length 39: LCP, Conf-Request (0x01), id 5, length 21
23:56:35.521959 IP 233.82.PPPoE.fregat.ua > xxx.xxx.xxx.xxx: GREv1, call 16, seq 4, length 36: LCP, Conf-Request (0x01), id 1, length 22
23:56:35.523054 IP xxx.xxx.xxx.xxx > 233.82.PPPoE.fregat.ua: GREv1, call 33460, seq 9, ack 4, length 34: LCP, Conf-Reject (0x04), id 1, length 16
23:56:38.519547 IP 233.82.PPPoE.fregat.ua > xxx.xxx.xxx.xxx: GREv1, call 16, seq 5, length 36: LCP, Conf-Request (0x01), id 1, length 22
23:56:38.520676 IP xxx.xxx.xxx.xxx > 233.82.PPPoE.fregat.ua: GREv1, call 33460, seq 10, ack 5, length 34: LCP, Conf-Reject (0x04), id 1, length 16
23:56:38.751233 IP xxx.xxx.xxx.xxx > 233.82.PPPoE.fregat.ua: GREv1, call 33460, seq 11, ack 5, length 39: LCP, Conf-Request (0x01), id 6, length 21
23:56:41.523676 IP 233.82.PPPoE.fregat.ua > xxx.xxx.xxx.xxx: GREv1, call 16, seq 6, length 36: LCP, Conf-Request (0x01), id 1, length 22
23:56:41.524722 IP xxx.xxx.xxx.xxx > 233.82.PPPoE.fregat.ua: GREv1, call 33460, seq 12, ack 6, length 34: LCP, Conf-Reject (0x04), id 1, length 16
23:56:44.529746 IP 233.82.PPPoE.fregat.ua > xxx.xxx.xxx.xxx: GREv1, call 16, seq 7, length 36: LCP, Conf-Request (0x01), id 1, length 22
23:56:44.530793 IP xxx.xxx.xxx.xxx > 233.82.PPPoE.fregat.ua: GREv1, call 33460, seq 13, ack 7, length 34: LCP, Conf-Reject (0x04), id 1, length 16
23:56:45.492165 IP xxx.xxx.xxx.xxx > 233.82.PPPoE.fregat.ua: GREv1, call 33460, seq 14, ack 7, length 39: LCP, Conf-Request (0x01), id 7, length 21
23:56:47.525199 IP 233.82.PPPoE.fregat.ua > xxx.xxx.xxx.xxx: GREv1, call 16, seq 8, length 36: LCP, Conf-Request (0x01), id 1, length 22
23:56:47.526390 IP xxx.xxx.xxx.xxx > 233.82.PPPoE.fregat.ua: GREv1, call 33460, seq 15, ack 8, length 34: LCP, Conf-Reject (0x04), id 1, length 16
23:56:50.558649 IP 233.82.PPPoE.fregat.ua > xxx.xxx.xxx.xxx: GREv1, call 16, seq 9, length 36: LCP, Conf-Request (0x01), id 1, length 22
23:56:50.559676 IP xxx.xxx.xxx.xxx > 233.82.PPPoE.fregat.ua: GREv1, call 33460, seq 16, ack 9, length 34: LCP, Conf-Reject (0x04), id 1, length 16
23:56:53.536624 IP 233.82.PPPoE.fregat.ua > xxx.xxx.xxx.xxx: GREv1, call 16, seq 10, length 36: LCP, Conf-Request (0x01), id 1, length 22
23:56:53.537743 IP xxx.xxx.xxx.xxx > 233.82.PPPoE.fregat.ua: GREv1, call 33460, seq 17, ack 10, length 34: LCP, Conf-Reject (0x04), id 1, length 16
23:56:56.190911 IP xxx.xxx.xxx.xxx > 233.82.PPPoE.fregat.ua: GREv1, call 33460, seq 18, ack 10, length 39: LCP, Conf-Request (0x01), id 8, length 21
23:56:56.566375 IP 233.82.PPPoE.fregat.ua.45700 > xxx.xxx.xxx.xxx: Flags [P.], seq 325:341, ack 189, win 237, options [nop,nop,TS val 3677473658 ecr 1180107], length 16: pptp CTRL_MSGTYPE=CCRQ CALL_ID(33460)
23:56:56.567396 IP xxx.xxx.xxx.xxx > 233.82.PPPoE.fregat.ua.45700: Flags [F.], seq 189, ack 341, win 2053, options [nop,nop,TS val 1183112 ecr 3677473658], length 0
23:56:56.638968 IP 233.82.PPPoE.fregat.ua.45700 > xxx.xxx.xxx.xxx: Flags [F.], seq 341, ack 189, win 237, options [nop,nop,TS val 3677473658 ecr 1180107], length 0
23:56:56.639523 IP 233.82.PPPoE.fregat.ua.45700 > xxx.xxx.xxx.xxx: Flags [.], ack 190, win 237, options [nop,nop,TS val 3677473688 ecr 1183112], length 0
23:56:56.639696 IP xxx.xxx.xxx.xxx > 233.82.PPPoE.fregat.ua.45700: Flags [.], ack 342, win 2053, options [nop,nop,TS val 1183119 ecr 3677473658], length 0

iptables, pptp

darksmoke
(01.10.19 00:02:12 MSK)

5 комментариев

Поулчить максимальное значение Item в Zabbix

Форум — Development

Добрый день Скажите, пожалуйста, гуру Zabbix. Как можно получить максимальное значение item'а за сутки? Это надо для того что бы взять это значение и записать в БД и будет отдельная аналитика по максимальным значениям в разрезе годов.

P.S. Думаю что можно использовать API Zabbix, авторизоваться получилось, а вытянуть максимальное значение конкретного итема не знаю как :(

api, zabbix

darksmoke
(27.06.19 13:55:48 MSK)

2 комментария

Nginx + Lua вернуть JSON, как?

Форум — Development

Добрый день Подскажите пожалуйста, как вернуть JSON в response? Есть сам JSON

{"1_sign_level":"0200200","2_sign_level":"0200300"}

Пробовал ngx.say и cjson.encodeНо ничего не получается. Помогите, пожалуйста, с кодом.

lua, nginx

darksmoke
(21.06.19 13:00:37 MSK)

7 комментариев

Iptables не пускает PPTP

Форум — Admin

Добрый день Сто раз поднималась тема. И я понимаю, что вся проблема в том что я не совсем понимаю как работает iptables.

Имею шлюз и локальную сеть. Из локальной сети никто не может подключится vpn (pptp) :(

Т.е. Подключаемся, но РДП например не работает ((

$ iptables-save                
# Generated by iptables-save v1.6.0 on Mon Mar 25 21:03:15 2019
*mangle
:PREROUTING ACCEPT [99735008:95246975054]
:INPUT ACCEPT [14636800:14821707894]
:FORWARD ACCEPT [84958743:80395462970]
:OUTPUT ACCEPT [11669896:14310889844]
:POSTROUTING ACCEPT [96628639:94706352814]
-A FORWARD -o ppp0 -p tcp -m tcp --tcp-flags SYN,RST SYN -m tcpmss --mss 1400:65495 -j TCPMSS --clamp-mss-to-pmtu
COMMIT
# Completed on Mon Mar 25 21:03:16 2019
# Generated by iptables-save v1.6.0 on Mon Mar 25 21:03:16 2019
*nat
:PREROUTING ACCEPT [40154:4961309]
:INPUT ACCEPT [13637:1279019]
:OUTPUT ACCEPT [1219:86586]
:POSTROUTING ACCEPT [0:0]
-A POSTROUTING -o enp5s0 -j MASQUERADE
-A POSTROUTING -o ppp+ -j MASQUERADE
COMMIT
# Completed on Mon Mar 25 21:03:16 2019
# Generated by iptables-save v1.6.0 on Mon Mar 25 21:03:16 2019
*filter
:INPUT ACCEPT [8775:3272507]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [1191:342246]
-A INPUT -i ppp+ -j ACCEPT
-A INPUT -p tcp -m tcp --dport 1723 -j ACCEPT
-A INPUT -p gre -j ACCEPT
-A FORWARD -j ACCEPT
-A OUTPUT -o ppp+ -j ACCEPT
-A OUTPUT -p gre -j ACCEPT
COMMIT

$ ifconfig 
enp2s0: flags=4099<UP,BROADCAST,MULTICAST>  mtu 1500
        ether 90:e6:ba:d6:dd:52  txqueuelen 1000  (Ethernet)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

enp5s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.1.250  netmask 255.255.255.0  broadcast 192.168.1.255
        inet6 fe80::204:75ff:fefb:5745  prefixlen 64  scopeid 0x20<link>
        ether 00:04:75:fb:57:45  txqueuelen 1000  (Ethernet)
        RX packets 72219044  bytes 12696633100 (11.8 GiB)
        RX errors 0  dropped 0  overruns 1  frame 0
        TX packets 147793060  bytes 198508703763 (184.8 GiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
        device interrupt 16  base 0xdc00  

enp5s1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet6 fe80::202:44ff:fea5:68e3  prefixlen 64  scopeid 0x20<link>
        ether 00:02:44:a5:68:e3  txqueuelen 1000  (Ethernet)
        RX packets 168648170  bytes 217096073146 (202.1 GiB)
        RX errors 3  dropped 10  overruns 3  frame 0
        TX packets 92139194  bytes 29318985423 (27.3 GiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1  (Local Loopback)
        RX packets 135  bytes 10252 (10.0 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 135  bytes 10252 (10.0 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

ppp0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST>  mtu 1492
        inet 46.98.77.189  netmask 255.255.255.255  destination 212.115.225.252
        ppp  txqueuelen 3  (Point-to-Point Protocol)
        RX packets 168516961  bytes 213379342513 (198.7 GiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 91208448  bytes 27256542028 (25.3 GiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

modprobe nf_conntrack_pptp && modprobe nf_conntrack && modprobe $ ip_gre && modprobe ip_nat_pptp
# sysctl net.netfilter.nf_conntrack_helper=1

Дамп с сервера впн куда подключаемся

21:52:58.252366 IP 192.168.2.99.39690 > 192.168.2.241.rdp: Flags [S], seq 1970325240, win 27200, options [mss 1360,sackOK,TS val 2665118510 ecr 0,nop,wscale 7], length 0
21:52:59.268949 IP 192.168.2.99.39690 > 192.168.2.241.rdp: Flags [S], seq 1970325240, win 27200, options [mss 1360,sackOK,TS val 2665119524 ecr 0,nop,wscale 7], length 0
21:53:01.281724 IP 192.168.2.99.39690 > 192.168.2.241.rdp: Flags [S], seq 1970325240, win 27200, options [mss 1360,sackOK,TS val 2665121540 ecr 0,nop,wscale 7], length 0
21:53:05.315796 IP 192.168.2.99.39690 > 192.168.2.241.rdp: Flags [S], seq 1970325240, win 27200, options [mss 1360,sackOK,TS val 2665125572 ecr 0,nop,wscale 7], length 0

iptables, vpn

darksmoke
(25.03.19 22:14:20 MSK)

3 комментария

Erlang. Параметры в vm.args

Форум — Development

Добрый день подскажите где прочесть или что значит, в документации Erlangdf есть параметр

+K true
+zdbbl

Смотрю настройки RabbitMQ, там тоже есть эти параметры но со знаком минус

-K true
-zdbbl

Не могу найти, что означает параметр с +, а что с -. Точнее с знаком плюс есть на сайте Эрлланга http://erlang.org/doc/man/erl.html# zdbbl а вот с минусом нет :(

Подскажите, пожалуйста.

erlang

darksmoke
(27.12.18 11:25:29 MSK)

1 комментарий

Ansible. Два hosts в playbook

Форум — Admin

Добрый день Не могу побороть ошибку, помогите пожалуйста

---
- name: Preparation for deploy 
  hosts: "{{ from }}"
  gather_facts: false

  tasks:
    - name: Copy curent app version
      command: "cp -r {{ path_src }}/. {{ path_dst }}"

- name: Sync 
  hosts: app-all
  tasks:
    include: ../shell/rsync.yml

Выдает ошибку

ERROR! A malformed block was encountered while loading tasks

The error appears to have been in line 66, column 3, but may
be elsewhere in the file depending on the exact syntax problem.

The offending line appears to be:


- name: Sync 
  ^ here

ansible, playbook

darksmoke
(18.10.18 14:47:58 MSK)

5 комментариев

Erlang Heap Memory

Форум — Development

Добрый день Досталось Эрланг приложение. И при большой нагрузки оно падает с ошибкой

Slogan: eheap_alloc: Cannot allocate 49515520 bytes of memory (of type «heap»).

как можно указать лимит этой памяти при запуске приложения?
Кто то имеет опыт мониторинга забиксом эрланг приложения?

erlang, heap

darksmoke
(03.09.18 11:19:42 MSK)

14 комментариев

Как подключится к уже запущеной ноде Erlang'a?

Форум — Development

Как подключится к уже запущеной ноде Erlang'a?

Делаю так: erl -sname my_app -setcookie COOKE

Получаю: Protocol 'inet_tcp': the name my_app@my_comp seems to be in use by another Erlang node

erlang

darksmoke
(06.08.18 17:29:28 MSK)

2 комментария

Два pppoe канала, как настроить?

Форум — Admin

Добрый день Как настроить два pppoe канала:

Задача минимум. Два одновременно работающих канала, но пользователи ходят через один канал, если один отваливается, то второй работает и пользователи ходят через рабочий канал.
Так как хотелось бы. Два рабочих одновременно канала. Пользователи одновременно работают с двумя каналами, тем самым разгрузить канал.

С помощью чего это можно сделать?

lsb_release -a
No LSB modules are available.
Distributor ID:	Debian
Description:	Debian GNU/Linux 9.3 (stretch)
Release:	9.3

debian, network, pppoe

darksmoke
(31.01.18 23:28:01 MSK)

2 комментария

следующие →

RSS подписка на новые темы