windows系统下使用ipmiutil操作IPMI备忘日志

要打开服务器的电源,请运行以下命令:ipmiutil power -u -N fsp_ip_address -P ipmi_password,其中,fsp_ip_ipaddress 是IPMI的 IP 地址,ipmi_password 是为 IPMI 设置的密码。

要激活 IPMI 控制台:ipmiutil sol -a -r -N fsp_ip_address -P ipmi_password
如果需要重新引导系统:
取消激活控制台:ipmiutil sol -d -N fsp_ip_address -P ipmi_password
关闭系统电源:ipmiutil power -d -N fsp_ip_address -P ipmi_password
打开系统电源:ipmiutil power -u -N fsp_ip_address -P ipmi_password

电源/启动/引导

重启BMC:ipmiutil reset -k
服务器加电:ipmiutil reset -u
硬重启服务器:ipmiutil reset -r
重启进入bios:ipmiutil reset -b
重启进入efi:ipmiutil reset -e
重启进入硬盘引导:ipmiutil reset -h
重启进入CD-ROM:ipmiutil reset -v


配置IP信息

更改为DHCP模式:ipmiutil lan set -l -D
   设置IP地址:ipmiutil lan -l -I 192.168.0.55
   设置网关地址:ipmiutil lan -l -G 192.168.0.1
   设置子网掩码:ipmiutil lan -l -S 255.255.255.0


重置用户密码

步骤1.得到所有的列表BMC的用户:

C:\ipmiutil\ipmiutil user list
   ipmiutil user ver 3.16User 1: chan=1 enabled Admin admin
User 2: chan=1 enabled User testuser1
User 3: chan=1 enabled User testuser2

步骤2.为了重置密码使用从上一个输出的用户编号:
   C:\ipmiutil\ipmiutil user set 1 password UserPassword
   ipmiutil user ver 3.16
   GET_USERNAME: 62 72 69, STATUS = 0, CCODE=0
   SETUSERNAME - 2 62 72 STATUS =0, CCODE=0
   SETUSER_ACCESS - inputData 91 2 12, status = 0 ccode=0
   ipmiutil user, completed successfully.


ipmiutil安装方法

 ipmiutil下载地址http://dl.kvm.la/windows/ipmiutil-3.0.8-win32.zip

解压后管理员身份运行启动cmd窗口
cd命令到ipmiutil的解压目录
执行install.cmd
然后就可以运行ipmiutil.exe命令了

更多使用还是参考官方说明 http://ipmiutil.sourceforge.net/docs/UserGuide

MACOS磁盘工具无法格式化U盘,用终端diskutil命令格式化

先使用diskutil list命令查看U盘代号

然后用下面的命令把它格式化:

sudo diskutil eraseDisk FAT32 usb_name MBRFormat /dev/disk2

其中usb_name是格式化后的卷标。
/dev/disk2是格式化的盘符
如下图所示:

阅读剩余部分...

PDU插头资料冰山一角

阅读剩余部分...

由于管理员设置的策略,该磁盘处于脱机状态

使用DISKPART.exe命令 解除策略

1.运行:cmd  

2.输入:

DISKPART.exe  
DISKPART> san  
DISKPART> san policy=onlineall  
DISKPART>list disk  
DISKPART> select disk 1  
DISKPART>attributes disk clear readonly  
DISKPART>online disk

阅读剩余部分...

windows server防火墙启用icmp

方法1:命令行模式

进入服务器后 点击 开始——运行 输入命令:

netsh advfirewall firewall set icmpsetting 8

这样就可以在外部ping到服务器了 非常简单实用!

同样道理,如果想禁止Ping,那运行如下命令即可实现:

netsh advfirewall firewall set icmpsetting 8 disable

 方法2:防火墙高级面板方式

1. 进入控制面板——>管理工具——>找到 “高级安全 Windows防火墙”

2. 点击 入站规则

3. 找到 回显请求-ICMPv4-In (Echo Request – ICMPv4-In)

4. 右键 点击规则 点击“启用规则(Enable)”

阅读剩余部分...

Centos7批量绑定IP

for I in $(seq 10 100); do nmcli con mod eth0 +ipv4.addresses 10.0.2.${I}; done
nmcli con up eth0




IPADDR_START=192.168.1.2
IPADDR_END=192.168.1.254
PREFIX=24
CLONENUM_STAR=0

主机管理面板cyberpanel安装

据说是巴基斯坦人写的,用litespeed在跑web服务,管理和放置一些小站不用操心安装环境。
   带vps.group修正部分问题后的中文语言包。

wget http://dl.kvm.la/cyberpanel/install.sh
sh install.sh

IPMI跳板搭建备忘记录

yum install  -y ipmitool epel-release openssh-clients wget
yum install  -y nodejs  npm
npm install forever -g
forever start /root/jnlp/main.js

各系列BGP路由配置实例

   转载自:http://www.team-cymru.org/bgp-examples.html

Cisco router traditional bogons

This page aggregates all of the examples referenced on the Bogon Route Server Project (Bogons via BGP) page.
Please see that page for full details of the Bogon Route Server Project, system requirements, caveats, etc.

Traditional Bogon Examples

router bgp <your asn>
  neighbor x.x.x.x remote-as 65333
  neighbor x.x.x.x ebgp-multihop 255
  neighbor x.x.x.x description <your description>
  neighbor x.x.x.x prefix-list cymru-out out
  neighbor x.x.x.x route-map CYMRUBOGONS in
  neighbor x.x.x.x password <your password>
  neighbor x.x.x.x maximum-prefix 100 threshold 90
! You'll need to increase the maximum to at least 50000 with an
! appropriate thresholds if you're receiving one or both fullbogons
! feeds.
!
! Depending on IOS version, you may need to configure your router
! for new-style community syntax.
ip bgp-community new-format
!
! Set a bogon next-hop on all routers that receive the bogons.
ip route 192.0.2.1 255.255.255.255 null0
!
! Configure a community list to accept the bogon prefixes into the
! route-map.
ip community-list 10 permit 65333:888
!
! Configure the route-map.  Remember to apply it to the proper
! peering sessions.
route-map CYMRUBOGONS permit 10
  description Filter bogons learned from cymru.com bogon route-servers
  match community 10
  set ip next-hop 192.0.2.1
!
ip prefix-list cymru-out seq 5 deny 0.0.0.0/0 le 32

Cisco peer-groups traditional bogons

With the advent of multiple bogon route-servers, the use of BGP peer-groups on Cisco routers is very convenient. Thanks to John Brown for the original example.

router bgp <your asn>
  neighbor cymru-bogon peer-group
  neighbor cymru-bogon ebgp-multihop 255
  neighbor cymru-bogon description <general description>
  neighbor cymru-bogon prefix-list cymru-out out
  neighbor cymru-bogon route-map CYMRUBOGONS in
  neighbor cymru-bogon maximum-prefix 100 threshold 90
! You'll need to increase the maximum to at least 50000 with an
! appropriate thresholds if you're receiving one or both fullbogons
! feeds.
!
  neighbor x.x.x.x remote-as 65333
  neighbor x.x.x.x peer-group cymru-bogon
  neighbor x.x.x.x description <specific description>
  neighbor x.x.x.x password <your password>

Juniper router traditional bogons

routing-options {
    static {
        route 192.0.2.1/32 {
            discard;
            no-readvertise;
            retain;
        }
    }

    /* If you have declared 192.0.2.0/24 as a bogon add this entry. */
    martians {
     192.0.2.1/32 exact allow;
    }

    autonomous-system <your AS here>;
}

protocols {
    bgp {
        group CYMRU {
            type external;
            description "peering to receive bogons from CYMRU";
            import CYMRU-bogons-in;
            authentication-key "secretkey"; # SECRET-DATA
            export deny-all;
            peer-as 65333;
            /* Below may also be expressed as "multihop 255;" depending on your version */
            multihop {
                ttl 255;
            }
            neighbor <bogon rs IP>;
            local-address <your IP we are peering with>;
            family inet {
                unicast {
                    /* You'll need to increase the prefix limit below to
                       at least 50000 if you're receiving one or both of 
                       the fullbogons feeds
                    */
                    prefix-limit {
                        maximum 100;
                        teardown 100;
                    }
                }   
            }
        }
    }
}

policy-options {
    policy-statement CYMRU-bogons-in {
        term 1 {
            from {
                protocol bgp;
                as-path CYMRU-private-asn;
                community CYMRU-bogon-community;
            }
            then {
      /* backup in case no-export is cleared internally */
                community add dont-announce;
                next-hop 192.0.2.1;
                accept;
            }
        }
        then reject;    #  default action
    }

    policy-statement deny-all {
        then reject;
    }

    community dont-announce members <your as here>:<some community that supresses anouncements outside your as>; 

    community CYMRU-bogon-community members [ no-export 65333:888 ];

    as-path CYMRU-private-asn 65333;
}

Force10 router traditional bogons

router bgp <your asn>
  neighbor IPV4_BOGONS peer-group
  neighbor IPV4_BOGONS route-map CYMRUBOGONS in
  neighbor IPV4_BOGONS distribute-list CYMRU-OUT out
  neighbor IPV4_BOGONS maximum-prefix 100 90
  neighbor IPV4_BOGONS soft-reconfiguration inbound
  neighbor IPV4_BOGONS no shutdown
  neighbor x.x.x.x remote-as 65333
  neighbor x.x.x.x peer-group IPV4_BOGONS
  neighbor x.x.x.x description <your description>
  neighbor x.x.x.x ebgp-multihop 255
  neighbor x.x.x.x password <your password>
  neighbor x.x.x.x no shutdown
! Set a bogon next-hop on all routers that receive the bogons.
ip route 192.0.2.1 255.255.255.255 null0
!
! Configure a community list to accept the bogon prefixes into the
! route-map.
ip community-list CYMRU_COMMUNITY
 permit 65333:888
!
! Configure the route-map.  Remember to apply it to the proper
! peering sessions.
route-map CYMRU_BOGONS permit 10
  description Filter bogons learned from cymru.com bogon route-servers
  match community CYMRU_COMMUNITY
  set next-hop 192.0.2.1
!
ip prefix-list CYMRU_OUT
  seq 5 deny any

OpenBSD bgpd traditional bogons

OpenBSD's bgpd project can also be used to peer with the bogon route-servers. Our thanks to Pete Vickers for this example.

# config snippet for /etc/bgpd.conf
#
# Based on config by Pete Vickers 05/2004.
#
# Modified slightly to intermingle with pf, and
#   also to apply policy to cymru-sourced routes
#   received from IBGP peers.
#
# Configure sessions with cymru reprobates
#
group "peering bogon" {
  remote-as 65333
  local-address <MY-ROUTER-IP>
  multihop 64
  announce none
  max-prefix 1000
  # You'll need to increase the max-prefix number above to at least
  # 50000 if you're receiving either or both of the fullbogons feeds
  tcp md5sig password <PASSWORD>
  neighbor <BOGON-ROUTE-SERVER-1-IP>
  neighbor <BOGON-ROUTE-SERVER-2-IP>
  # ... etc
}
#
#
# What to do with updates (can be used with updates from
# cymru peers, and also from IBGP peers if other routers
# in this AS also take a bogon feed). The "nexthop
# blackhole" is a little extraneous given the pf config,
# worth keeping in case the packet filter is disabled
# at any point.
#
allow from any community 65333:888 set pftable "bogons"
allow from any community 65333:888 set nexthop blackhole


# config snippet for /etc/pf.conf
#
table <bogons> persist
#
# no bogon sources or destinations
block quick from <bogons> to any
block quick from any to <bogons>

Mikrotik RouterOS traditional bogons

This example of how to configure a Mikrotik RouterOS box to use the Bogon Route Server Project is thanks to Ariel S. Weher.

# Config by Ariel S. Weher, based on Team Cymru's Cisco Template.
# Working in the 3.X version of Mikrotik RouterOS.
# 2009-02-06 Modified by Sam Norris, Fine Tuned.  Removed static routes
#              and used "set-type=blackhole". 

/routing bgp instance
set default as=<YOUR_ASN_NUMBER> router-id=<Your router wan ip address>

/ip firewall address-list
add address=<SESSION#1.Team-Cymru's.IP.Address> comment="TEAM-CYMRU BOGON Server #1" \
    disabled=no list=BGP-NEIGHBORS
add address=<SESSION#2.Team-Cymru's.IP.Address> comment="TEAM-CYMRU BOGON Server #2" \
    disabled=no list=BGP-NEIGHBORS

/ip firewall filter
add action=accept chain=input comment="BGP Neighbors" disabled=no dst-port=179 \
    protocol=tcp src-address-list=BGP-NEIGHBORS

# You'll need to increase the max-prefix-limit values in the lines below to
# at least 50000 if you're receiving either or both of the fullbogons feeds
/routing bgp peer
add comment="TEAM-CYMRU BOGON Server #1" hold-time=3m in-filter=BOGON-SERVER-IN \
    instance=default max-prefix-limit=50 multihop=yes name=CYMRU-1 nexthop-choice=default \
    out-filter=BGP-DROP remote-address=<SESSION#1.Team-Cymru's.IP.Address> \
    remote-as=65333 route-reflect=no tcp-md5-key=<Password_Received_From_Cymru> ttl=255

add comment="TEAM-CYMRU BOGON Server #2" hold-time=3m in-filter=BOGON-SERVER-IN \
    instance=default max-prefix-limit=50 multihop=yes name=CYMRU-1 nexthop-choice=default \
    out-filter=BGP-DROP remote-address=<SESSION#2.Team-Cymru's.IP.Address> \
    remote-as=65333 route-reflect=no tcp-md5-key=<Password_Received_From_Cymru> ttl=255

/routing filter
add action=accept bgp-communities=65333:888 chain=BOGON-SERVER-IN comment="" \
    disabled=no invert-match=no set-type=blackhole
add action=discard chain=BOGON-SERVER-IN comment="" disabled=no invert-match=no
add action=discard chain=BGP-DROP comment="" disabled=no invert-match=no 


Fullbogon Examples (IPv4 and IPv6)

Cisco fullbogons IPv4 and IPv6 (IPv4 transport)

router bgp <your asn>
 ! Session 1
 neighbor A.B.C.D remote-as 65332
 neighbor A.B.C.D description <your description>
 neighbor A.B.C.D ebgp-multihop 255
 neighbor A.B.C.D password <your password>
 ! Session 2
 neighbor E.F.G.H remote-as 65332
 neighbor E.F.G.H description <your description>
 neighbor E.F.G.H ebgp-multihop 255
 neighbor E.F.G.H password <your password>
!
 address-family ipv4
  ! Session 1
  neighbor A.B.C.D activate
  neighbor A.B.C.D soft-reconfiguration inbound
  neighbor A.B.C.D prefix-list cymru-out-v4 out
  neighbor A.B.C.D route-map CYMRUBOGONS-V4 in
  ! Session 2
  neighbor E.F.G.H activate
  neighbor E.F.G.H soft-reconfiguration inbound
  neighbor E.F.G.H prefix-list cymru-out-v4 out
  neighbor E.F.G.H route-map CYMRUBOGONS-V4 in
!
 address-family ipv6
  ! Session 1
  neighbor A.B.C.D activate
  neighbor A.B.C.D soft-reconfiguration inbound
  neighbor A.B.C.D prefix-list cymru-out-v6 out
  neighbor A.B.C.D route-map CYMRUBOGONS-V6 in
  ! Session 2
  neighbor E.F.G.H activate
  neighbor E.F.G.H soft-reconfiguration inbound
  neighbor E.F.G.H prefix-list cymru-out-v6 out
  neighbor E.F.G.H route-map CYMRUBOGONS-V6 in
!
! Depending on IOS version, you may need to configure your router
! for new-style community syntax.
ip bgp-community new-format
!
ip community-list 100 permit 65332:888
!
ip route 192.0.2.1 255.255.255.255 Null0
!
ip prefix-list cymru-out-v4 seq 5 deny 0.0.0.0/0 le 32
!
ipv6 route 2001:DB8:0:DEAD:BEEF::1/128 Null0
!
ipv6 prefix-list cymru-out-v6 seq 5 deny ::/0 le 128
!
route-map CYMRUBOGONS-V6 permit 10
description IPv6 Filter bogons learned from cymru.com bogon route-servers
match community 100
set ipv6 next-hop 2001:DB8:0:DEAD:BEEF::1
!
route-map CYMRUBOGONS-V4 permit 10
description IPv4 Filter bogons learned from cymru.com bogon route-servers
match community 100
set ip next-hop 192.0.2.1

Note: You can receive both IPv4 and IPv6 fullbogons over IPv4 transport.
If you only requested one set of fullbogons, simply remove all references to the other set from the example above.

Cisco fullbogons IPv4 and IPv6 (IPv6 transport)

Thanks to Thomas Brandstetter for this example of configuring a Cisco router to receive the IPv4 and IPv6 fullbogons over IPv6 transit.

router bgp <your asn>
 neighbor XXXX:XXX:XXXX::XXXX:XXXX remote-as 65332
 neighbor XXXX:XXX:XXXX::XXXX:XXXX description <your description>
 neighbor XXXX:XXX:XXXX::XXXX:XXXX ebgp-multihop 255
 neighbor XXXX:XXX:XXXX::XXXX:XXXX password <your password>
!
 address-family ipv4
  neighbor XXXX:XXX:XXXX::XXXX:XXXX activate
  neighbor XXXX:XXX:XXXX::XXXX:XXXX soft-reconfiguration inbound
  neighbor XXXX:XXX:XXXX::XXXX:XXXX prefix-list cymru-out-v4 out
  neighbor XXXX:XXX:XXXX::XXXX:XXXX route-map CYMRUBOGONS-V4 in
!
 address-family ipv6
  neighbor XXXX:XXX:XXXX::XXXX:XXXX activate
  neighbor XXXX:XXX:XXXX::XXXX:XXXX soft-reconfiguration inbound
  neighbor XXXX:XXX:XXXX::XXXX:XXXX prefix-list cymru-out-v6 out
  neighbor XXXX:XXX:XXXX::XXXX:XXXX route-map CYMRUBOGONS-V6 in
!
! Depending on IOS version, you may need to configure your router
! for new-style community syntax.
ip bgp-community new-format
!
ip community-list 100 permit 65332:888
!
ip route 192.0.2.1 255.255.255.255 Null0
!
ip prefix-list cymru-out-v4 seq 5 deny 0.0.0.0/0 le 32
!
ipv6 route 2001:DB8:0:DEAD:BEEF::1/128 Null0
!
ipv6 prefix-list cymru-out-v6 seq 5 deny ::/0 le 128
!
route-map CYMRUBOGONS-V6 permit 10
description IPv6 Filter bogons learned from cymru.com bogon route-servers
match community 100
set ipv6 next-hop 2001:DB8:0:DEAD:BEEF::1
!
route-map CYMRUBOGONS-V4 permit 10
description IPv4 Filter bogons learned from cymru.com bogon route-servers
match community 100
set ip next-hop 192.0.2.1

Note: You can receive both IPv4 and IPv6 fullbogons over IPv6 transport.
If you only requested one set of fullbogons, simply remove all references to the other set from the example above.

Juniper JunOS Fullbogons IPv4 and IPv6

Thanks to David Hill at Hostcentral for the below example!

/*
* Define BGP peer group
*/
delete protocols bgp group cymru-bogons
set protocols bgp group cymru-bogons type external
set protocols bgp group cymru-bogons description "cymru fullbogon bgp feed (ipv4 + 6)"
set protocols bgp group cymru-bogons multihop ttl 255
set protocols bgp group cymru-bogons import cymru-bogons-in
/*
* Define MD5 password in quotes
*/
set protocols bgp group cymru-bogons authentication-key "<YOUR PASSWORD>"
set protocols bgp group cymru-bogons export deny-all
set protocols bgp group cymru-bogons peer-as 65332
/*
* Replace values below as appropriate
*/
set protocols bgp group cymru-bogons neighbor A.B.C.D local-address <YOUR IP>
set protocols bgp group cymru-bogons neighbor A.B.C.D family inet unicast
set protocols bgp group cymru-bogons neighbor A.B.C.D family inet6 unicast
set protocols bgp group cymru-bogons neighbor E.F.G.H local-address <YOUR IP>
set protocols bgp group cymru-bogons neighbor E.F.G.H family inet unicast
set protocols bgp group cymru-bogons neighbor E.F.G.H family inet6 unicast
/*
* Define CYMRU import policy
*/
delete policy-options policy-statement cymru-bogons-in
set policy-options policy-statement cymru-bogons-in term 1 from family inet
set policy-options policy-statement cymru-bogons-in term 1 from community comm-cymru-bogon
set policy-options policy-statement cymru-bogons-in term 1 then community add no-export
set policy-options policy-statement cymru-bogons-in term 1 then next-hop discard
set policy-options policy-statement cymru-bogons-in term 1 then accept
set policy-options policy-statement cymru-bogons-in term 2 from family inet6
set policy-options policy-statement cymru-bogons-in term 2 from community comm-cymru-bogon
set policy-options policy-statement cymru-bogons-in term 2 then community add no-export
set policy-options policy-statement cymru-bogons-in term 2 then next-hop discard
set policy-options policy-statement cymru-bogons-in term 2 then accept
set policy-options policy-statement cymru-bogons-in then reject
/*
* Define deny-all export policy
*/
delete policy-options policy-statement deny-all
set policy-options policy-statement deny-all then reject
/*
* Define CYMRU Bogon community
*/
delete policy-options community comm-cymru-bogon
set policy-options community comm-cymru-bogon members no-export
set policy-options community comm-cymru-bogon members 65332:888
/*
* Define internal no-export community
*/
delete policy-options community comm-no-export
set policy-options community comm-no-export members no-export

Quagga fullbogons IPv6

The following example will import and null-route the IPv6 fullbogons, peered over IPv4 transit, using the Quagga software router package.

router bgp <your asn>
 no bgp default ipv4-unicast
 timers bgp 3600 10800
 neighbor cymru-bogon peer-group
 neighbor cymru-bogon remote-as 65332
 neighbor cymru-bogon ebgp-multihop 255
 neighbor cymru-bogon activate
 neighbor cymru-bogon soft-reconfiguration inbound
 neighbor cymru-bogon prefix-list cymru-out out
 neighbor cymru-bogon route-map CYMRUBOGONS in
 neighbor xx.xx.xx.xx peer-group cymru-bogon
!
 address-family ipv6
 neighbor cymru-bogon activate
 neighbor cymru-bogon prefix-list v6cymru-out out
 neighbor xx.xx.xx.xx peer-group cymru-bogon
 neighbor xx.xx.xx.xx soft-reconfiguration inbound
 exit-address-family
!
ip prefix-list cymru-except description Don't want to import these networks
ip prefix-list cymru-except seq 20 permit 0.0.0.0/0 ge 8
!
ipv6 prefix-list cymru-out seq 5 deny ::/0 le 128
ipv6 prefix-list v6cymru-out seq 5 deny any
!
ip community-list 10 permit 65332:888
!
route-map CYMRUBOGONS permit 10
 description Filter bogons learned from cymru.com bogon route-servers
 match community 10
 match ip address prefix-list cymru-except
 set ip next-hop 192.0.2.1
 set ipv6 next-hop global 2001:DB8:0:DEAD:BEEF::1

If you wish to receive both IPv4 and IPv6 fullbogons over the same peering session, you will typically need to replicate the statements in the above example's "address-family ipv6" section to an "address-family ipv4" section, with an appropriate change to the prefix-list applied to the peer-group.

Mikrotik RouterOS fullbogons

# Full Bogons Mikrotik Template
# Work on RouterOS 4.X
# 2010-11-01 by Ricardo Ozelo

# BGP instance setup

/routing bgp instance set default as=<YOUR_ASN> \
 router-id=<WAN_IP_ADDRESS>

# ROUTING FILTERS - Install these routes as blackholes,
# does NOT receive or announce anything else

/routing filter add action=accept bgp-communities=65332:888 \
 chain=cymru-in comment="" disabled=no invert-match=no \
 set-type=blackhole
/routing filter add action=discard chain=cymru-in comment="" \
 disabled=no invert-match=no
/routing filter add action=discard chain=cymru-out comment="" \
 disabled=no invert-match=no

# Peering #1

/routing bgp peer add address-families=ip,ipv6 disabled=no in-filter=cymru-in \
 instance=default multihop=yes name=FULLBOGONS-CYMRU-1 out-filter=cymru-out \
 remote-address=<CYMRU_IP_ADDRESS_1> remote-as=65332 tcp-md5-key=<CYMRU_MD5_PASSWORD>

# Peering #2

/routing bgp peer add address-families=ip,ipv6 disabled=no in-filter=cymru-in \
 instance=default multihop=yes name=FULLBOGONS-CYMRU-2 out-filter=cymru-out \
 remote-address=<CYMRU_IP_ADDRESS_2> remote-as=65332 tcp-md5-key=<CYMRU_MD5_PASSWORD>

BIRD Internet Routing Daemon fullbogons

Courtesy of Miłosz Oller.

PLEASE NOTE: As of version 1.3.11 Bird does not allow you to run IPv4            and IPv6 simultaneously.  Therefore you should use EITHER bgp_cymru_v4_1            and bgp_cymru_v4_2 OR bgp_cymru_v6_1 and bgp_cymru_v6_2 in your config.            x For dual-stack systems can run two instances of Bird with one peering            over IPv4 and the other over IPv6.

filter cymru_bogons_import
{
    bgp_community.add((65332,888));
    dest = RTD_BLACKHOLE;
    accept;
}

filter cymru_bogons_export
{
    reject;
}

protocol bgp bgp_cymru_v4_1 {
    description "Cymru Bogons RS1";
    import filter cymru_bogons_import;
    export filter cymru_bogons_export;
    multihop 255;
    password "pass_here";
    local as my_asn;
    neighbor 38.229.66.20 as 65332;
    source address IPv4_here;
}

protocol bgp bgp_cymru_v4_2 {
    description "Cymru Bogons RS2";
    import filter cymru_bogons_import;
    export filter cymru_bogons_export;
    multihop 255;
    password "pass_here";
    local as my_asn;
    neighbor 193.231.140.82 as 65332;
    source address IPv4_here;
}

protocol bgp bgp_cymru_v6_1 {
    description "Cymru Bogons RS1 v6";
    import filter cymru_bogons_import;
    export filter cymru_bogons_export;
    multihop 255;
    password "pass_here";
    local as my_asn;
    neighbor 2620:0:6B0::26E5:4207 as 65332;
    source address IPv6_here;
}

protocol bgp bgp_cymru_v6_2 {
    description "Cymru Bogons RS2 v6";
    import filter cymru_bogons_import;
    export filter cymru_bogons_export;
    multihop 255;
    password "pass_here";
    local as my_asn;
    neighbor 2001:B30:1000:19::2 as 65332;
    source address IPv6_here;
}


Cisco ASA Firewalls fullbogons

Courtesy of Abe Marji.

PLEASE NOTE: ASA Firewalls began supporting BGP as of version 9.2.

!
! ASA 55xx - IOS Version 9.2.1
!
conf terminal
!
! Prefix list used to BLOCK any route annoucement to Cymru Service
prefix-list CYMRU-OUT-V4 seq 1000 deny 0.0.0.0/0 le 32
!
! We like bgp new-format
bgp-community new-format

! create a new community list, 100, to validate Cymru ASN:Community 
community-list expanded 100 permit 65332:888
!
!
! Route map is used to set the next hop for any route being learned with a Cyrmu community tag to specific route which points to null0
route-map CYMRU-IN-V4 permit 10
 match community 100
 set ip next-hop 192.0.2.1
!

! Basic BGP Routing configuration
router bgp [your_ASN_here]
 bgp log-neighbor-changes
 timers bgp 15 45 0
 address-family ipv4 unicast
  neighbor [Cymru bgp peer1 IP] remote-as [Cymru ASN]
  neighbor [Cymru bgp peer1 IP] description Cymru Peer 1
  neighbor [Cymru bgp peer1 IP] ebgp-multihop 255
  neighbor [Cymru bgp peer1 IP] password [password]
  neighbor [Cymru bgp peer1 IP] version 4
  neighbor [Cymru bgp peer1 IP] activate
  neighbor [Cymru bgp peer1 IP] send-community
  neighbor [Cymru bgp peer1 IP] prefix-list CYMRU-OUT-V4 out
  neighbor [Cymru bgp peer1 IP] route-map CYMRU-IN-V4 in
  neighbor [Cymru bgp peer2 IP] remote-as [Cymru ASN]
  neighbor [Cymru bgp peer2 IP] description Cymru Peer 2
  neighbor [Cymru bgp peer2 IP] ebgp-multihop 255
  neighbor [Cymru bgp peer2 IP] password [password]
  neighbor [Cymru bgp peer2 IP] version 4
  neighbor [Cymru bgp peer2 IP] activate
  neighbor [Cymru bgp peer2 IP] send-community
  neighbor [Cymru bgp peer2 IP] prefix-list CYMRU-OUT-V4 out
  neighbor [Cymru bgp peer2 IP] route-map CYMRU-IN-V4 in
  maximum-paths 2
  default-information originate
  no auto-summary
  no synchronization
 exit-address-family
!
! Create a dummy route pointing to Null0
route Null0 192.0.2.1 255.255.255.255 1

! Route Cymru BGP Peer IP's 
route outside [Cymru bgp peer1 IP] 255.255.255.255 [Your Next Hop] 1
route outside [Cymru bgp peer2 IP] 255.255.255.255 [Your Next Hop] 1



Nokia SR OS IPv4 and IPv6 Classic CLI

Courtesy of Greg Hankins

# TiMOS-B-16.0.R3 both/hops64 Nokia 7750 SR Copyright (c) 2000-2018 Nokia.
# All rights reserved. All use subject to applicable license agreements.
# Built on Wed Aug 29 12:48:09 PDT 2018 by builder in /builds/160B/R3/panos/main

# Generated WED OCT 17 07:51:05 2018 UTC

exit all
configure
#--------------------------------------------------
echo "Router (Network Side) Configuration"
#--------------------------------------------------
    router Base
        autonomous-system <Your-ASN>
        router-id <Your_router_ID>
#--------------------------------------------------
echo "Static Route Configuration"
#--------------------------------------------------
        static-route-entry X.X.X.X
            black-hole
                no shutdown
            exit
        exit
        static-route-entry X:X:X:X
            black-hole
                no shutdown
            exit
        exit
#--------------------------------------------------
echo "Router (Service Side) Configuration"
#--------------------------------------------------
    router Base
#--------------------------------------------------
echo "Policy Configuration"
#--------------------------------------------------
        policy-options
            begin
            policy-statement "DENY_ALL"
                default-action drop
                exit
            exit
           policy-statement "RP_IMPORT_BOGONS"
                entry 10
                    from
                        protocol bgp
                        family ipv4
                    exit
                    action accept
                        next-hop X.X.X.X
                    exit
                exit
                entry 20
                    from
                        protocol bgp
                        family ipv6
                    exit
                    action accept
                        next-hop X:X:X:X
                    exit
                exit
                default-action drop
                exit
            exit
#--------------------------------------------------
echo "BGP Configuration"
#--------------------------------------------------
        bgp
            group "BOGONS"
                description "Team Cymru Bogons"
                multihop 255
                import "RP_IMPORT_BOGONS"
                export "DENY_ALL"
                neighbor X.X.X.X
                    description "Team Cymru Bogons IPv4 Session #1"
                    family ipv4
                    authentication-key <Password>
                    prefix-limit ipv4 10000
                    peer-as 65332
                exit
                neighbor X.X.X.X
                    description "Team Cymru Bogons IPv4 Session #2"
                    family ipv4
                    authentication-key <Password>
                    prefix-limit ipv4 10000
                    peer-as 65332
                exit
                neighbor X:X:X:X
                    description "Team Cymru Bogons IPv6 Session #1"
                    family ipv6
                    authentication-key <Password>
                    prefix-limit ipv6 150000
                    peer-as 65332
                exit
                neighbor X:X:X:X
                    description "Team Cymru Bogons IPv6 Session #2"
                    family ipv6
                    authentication-key <Password>
                    prefix-limit ipv6 150000
                    peer-as 65332
                exit
            exit
            no shutdown
        exit
    exit
exit all

Nokia SR OS IPv4 and IPv6 MD-CLI

Courtesy of Greg Hankins

# TiMOS-B-16.0.R3 both/hops64 Nokia 7750 SR Copyright (c) 2000-2018 Nokia.
# All rights reserved. All use subject to applicable license agreements.
# Built on Wed Aug 29 12:48:09 PDT 2018 by builder in /builds/160B/R3/panos/main

# Generated THU OCT 18 01:47:26 2018 UTC

configure {
    policy-options {
        policy-statement "DENY_ALL" {
            default-action {
                action-type reject
            }
        }
        policy-statement "RP_IMPORT_BOGONS" {
            entry 10 {
                from {
                    family [ipv4]
                    protocol {
                        name [bgp]
                    }
                }
                action {
                    action-type accept
                    next-hop "X.X.X.X"
                }
            }
            entry 20 {
                from {
                    family [ipv6]
                    protocol {
                        name [bgp]
                    }
                }
                action {
                    action-type accept
                    next-hop "X:X:X:X"
                }
            }
            default-action {
                action-type reject
            }
        }
    router "Base" {
        autonomous-system <Your-ASN>
        router-id <Your_router_ID>
        bgp {
            group "BOGONS" {
                description "Team Cymru Bogons"
                multihop 255
                import {
                    policy ["RP_IMPORT_BOGONS"]
                }
                export {
                    policy ["DENY_ALL"]
                }
            }
            neighbor "X.X.X.X" {
                description "Team Cymru Bogons IPv4 Session #1"
                group "BOGONS"
                peer-as 65332
                family {
                    ipv4 true
                }
                authentication-key {
                    authentication-key-hash <Password>
                }
                prefix-limit ipv4 {
                    maximum 10000
                }
            }
            neighbor "X.X.X.X" {
                description "Team Cymru Bogons IPv4 Session #2"
                group "BOGONS"
                peer-as 65332
                family {
                    ipv4 true
                }
                authentication-key {
                    authentication-key-hash <Password>
                }
                prefix-limit ipv4 {
                    maximum 10000
                }
            }
            neighbor "X:X:X:X" {
                description "Team Cymru Bogons IPv6 Session #1"
                group "BOGONS"
                peer-as 65332
                family {
                    ipv6 true
                }
                authentication-key {
                    authentication-key-hash <Password>
                }
                prefix-limit ipv6 {
                    maximum 150000
                }
            }
            neighbor "X:X:X:X" {
                description "Team Cymru Bogons IPv6 Session #2"
                group "BOGONS"
                peer-as 65332
                family {
                    ipv6 true
                }
                authentication-key {
                    authentication-key-hash <Password>
                }
                prefix-limit ipv6 {
                    maximum 150000
                }
            }
        static-routes {
            route X.X.X.X route-type unicast {
                blackhole {
                    admin-state enable
                }
            }
            route X:X:X:X route-type unicast {
                blackhole {
                    admin-state enable
                }
            }
        }
    }
}

Cisco IOS-XR Fullbogons

Courtesy of Fulvio Picecchi

PLEASE NOTE: For traditional bogons you only need to update the remote-as directive.

!!!!!!!!!!!!!!!
router bgp <Your-ASN>
 neighbor x.x.x.x
  remote-as 65332
  ebgp-multihop 255
  password clear <Password>
  description Team CYMRU full bogons
! Establish BGP session from local IP address 
  update-source Loopback0
  address-family ipv4 unicast
   route-policy CYMRU-IN in
! You may need to adjust depending to actual levels
   maximum-prefix 5000 85
   route-policy CYMRU-OUT out
   soft-reconfiguration inbound always
  !
 !
 neighbor XXXX:XXX:XXXX::XXXX:XXXX
  remote-as 65332
  ebgp-multihop 255
  password clear <Password>
  description Team CYMRU full bogons
! Establish BGP session from local IP address 
  update-source Loopback0
  address-family ipv6 unicast
   route-policy CYMRU-IN in
! You may need to adjust depending to actual levels
   maximum-prefix 100000 90
   route-policy CYMRU-OUT out
   soft-reconfiguration inbound always
  !
 !
!
interface Loopback0
 ipv4 address x.x.x.x 255.255.255.255
 ipv6 address XXXX:XXX:XXXX::XXXX:XXXX/128
!
! set next-hop discard has been introduced in Cisco IOS XR Version 4.3.0 
! if not available you may need to configure your router with local route to
Null0
route-policy CYMRU-IN
  if community matches-every (65332:888, no-export) then
    set next-hop discard
  pass
  endif
end-policy
!
route-policy CYMRU-OUT
! Don't export anything to Team Cymru
  drop
end-policy
!
!!!!!!!!!!!!!!!

Huawei NE20E

#
bgp <ASN number>

peer A.B.C.D as-number 65332

peer A.B.C.D description CYMRU_BOGONS.v4  
 peer A.B.C.D ebgp-max-hop 255 

 peer A.B.C.D password cipher <password>  
 peer XXXX:XXXX::XXXX:XXXX as-number 65332  
 peer XXXX:XXXX::XXXX:XXXX description CYMRU_BOGONS.v6  
 peer XXXX:XXXX::XXXX:XXXX ebgp-max-hop 255  
 peer XXXX:XXXX::XXXX:XXXX password cipher <password> 
# 
ipv4-family unicast

  peer A.B.C.D enable

  peer A.B.C.D route-policy CYMRU_BOGONS-in import

  peer A.B.C.D route-policy CYMRU_BOGONS-out export # ipv6-family unicast

  peer XXXX:XXXX::XXXX:XXXX enable

  peer XXXX:XXXX::XXXX:XXXX route-policy CYMRU_BOGONS_v6-in import

  peer XXXX:XXXX::XXXX:XXXX route-policy CYMRU_BOGONS_v6-out export 

# 

route-policy CYMRU_BOGONS-in permit node 10

  if-match community-filter 2  
 apply ip-address next-hop 192.0.2.1 
# 
route-policy CYMRU_BOGONS-out deny node 10  
  if-match ip-prefix CYMRU_BOGONS-out 
#
route-policy CYMRU_BOGONS_v6-in permit node 10  
  if-match community-filter 2  
  apply ipv6 next-hop 2001:DB8:0:DEAD:BEEF::1 
# 
route-policy CYMRU_BOGONS_v6-out deny node 10  
    if-match ipv6 address prefix-list CYMRU_BOGONS_v6-out 
# 
ip ip-prefix CYMRU_BOGONS-out index 10 deny 0.0.0.0 0 less-equal 32 
# 
ip community-filter 2 permit 888 
ip community-filter 2 permit 65332:888 
ip community-filter 2 permit no-advertise 
ip community-filter 2 permit no-export 
#
ip route-static 192.0.2.1 255.255.255.255 NULL0 description
BLACKHOLE_BOGONS 
#

ipv6 route-static 2001:DB8:0:DEAD:BEEF::1 128 NULL0 description
BLACKHOLE_BOGONS 
#
ip ipv6-prefix CYMRU_BOGONS_v6-out index 10 deny :: 0 less-equal 128 
#

Note: You can receive both IPv4 and IPv6 fullbogons over IPv4 transport. If you only requested one set of fullbogons, simply remove all references to the other set from the example above.

Linux安装配置samba

yum  -y  -q update
yum install -y -q samba samba-client samba-common cifs-utils

smb.conf的配置例子如下

 cat>/etc/samba/smb.conf<<EOF
 [global]
 workgroup = WORKGROUP
 server string = x200
 dns proxy = no
# interfaces = eth0
 syslog = 0
 browsable = yes
 map to guest = bad user
 nt pipe support = no
 encrypt passwords = true
 passdb backend = tdbsam
 obey pam restrictions = yes
 unix password sync = no
 netbios name = MY_SHARE_SERVER

#== Share Definitions ===
[share]  
path = /opt/share_folder
valid users=share_user
directory mask = 0755
create mask = 0664
writable = yes
guest ok = no
read only = no
public = no
EOF

配置好smb.conf后需要创建目录和设置用户密码

useradd share_user #创建Linux用户
mkdir /opt/share_folder #创建目录
chown -R share_user:share_user  /opt/share_folder #设置文件夹归属权限
chmod 755 /opt/share_folder    #设置文件夹读写权限
smbpasswd -a share_user #设置密码

最后启动smb后测试。


建立一个无home目录最低权限隶属于www组的用户myshare (一些面板或者脚本已有www, www-data之类的可以跳过)

useradd  -M myshare  -g www -s /sbin/nologin

使用tdbsam管理samba帐号

pdbedit -a username    #新建Samba账户
pdbedit -x username    #删除Samba账户
pdbedit -v username    #显示账户详细信息
pdbedit -L             #列出Samba用户列表,读取passdb.tdb数据库文件
pdbedit -Lv            #列出Samba用户列表详细信息


Linux挂载Samba

默认情况直接个mount -t cifs进行挂载,如使用mount.cifs的需要先安装cifs-utils

yum install cifs-utils -y
mount -t cifs -o username="Username",password="Password" //IP/share /mnt/
umount /mnt/

使用mount.cifs挂载

mount.cifs -o username="Username",password="Password" //IP/share /mnt/
umount.cifs /mnt/

加入fstab开机自动挂载需要将账号密码等参数写入一个文件

#cat /opt/pass.txt
username=YOURusername
password=YOURpassword  

然后写入fstab的格式大致如下的最后一行

cat /etc/fstab
/dev/sda1/                       ext4    defaults        1 1
/dev/sda2               swap                    swap    defaults        0 0
tmpfs                   /dev/shm                tmpfs   defaults        0 0
devpts                  /dev/pts                devpts  gid=5,mode=620  0 0
sysfs                   /sys                    sysfs   defaults        0 0
proc                    /proc                   proc    defaults        0 0
//IP/share    /mnt        cifs    credenials=/opt/pass.txt    0 0

  匿名登陆也是需要带username参数的,否则会报错。


Nginx location的匹配规则


   ~      波浪线表示执行一个正则匹配,区分大小写
   ~*    表示执行一个正则匹配,不区分大小写
   ^~    ^~表示普通字符匹配,如果该选项匹配,只匹配该选项,不匹配别的选项,一般用来匹配目录
   =      进行普通字符精确匹配
   @    #"@" 定义一个命名的 location,使用在内部定向时,例如 error_page, try_files

location 匹配优先级

   = 精确匹配会第一个被处理。如果发现精确匹配,nginx停止搜索其他匹配。
   普通字符匹配,正则表达式规则和长的块规则将被优先和查询匹配,也就是说如果该项匹配还需去看有没有正则表达式匹配和更长的匹配。
   ^~ 则只匹配该规则,nginx停止搜索其他匹配,否则nginx会继续处理其他location指令。
   最后匹配理带有"~"和"~*"的指令,如果找到相应的匹配,则nginx停止搜索其他匹配;当没有正则表达式或者没有正则表达式被匹配的情况下,那么匹配程度最高的逐字匹配指令会被使用。

示例

location  = / {
 # 只匹配"/".
 [ configuration A ]
}
location  / {
 # 匹配任何请求,因为所有请求都是以"/"开始
 # 但是更长字符匹配或者正则表达式匹配会优先匹配
 [ configuration B ]
}
location ^~ /images/ {
 # 匹配任何以 /images/ 开始的请求,并停止匹配 其它location
 [ configuration C ]
}
location ~* \.(gif|jpg|jpeg)$ {
 # 匹配以 gif, jpg, or jpeg结尾的请求.
 # 但是所有 /images/ 目录的请求将由 [Configuration C]处理.  
 [ configuration D ]
}


URL 重写
仅是URL重写,不需要用location匹配,直接在server里写rewrite即可。

Linux下chkconfig命令详解

chkconfig命令主要用来更新(启动或停止)和查询系统服务的运行级信息。谨记chkconfig不是立即自动禁止或激活一个服务,它只是简单的改变了符号连接,在rhel7系后采用systemctl进行来管理。

使用语法:
chkconfig [--add][--del][--list][系统服务] 或 chkconfig [--level <等级代号>][系统服务][on/off/reset]

chkconfig在没有参数运行时,显示用法。如果加上服务名,那么就检查这个服务是否在当前运行级启动。如果是,返回true,否则返回false。如果在服务名后面指定了on,off或者reset,那么chkconfi 会改变指定服务的启动信息。on和off分别指服务被启动和停止,reset指重置服务的启动信息,无论有问题的初始化脚本指定了什么。on和off开关,系统默认只对运行级3,4,5有效,但是reset可以对所有运行级有效。

参数用法:
 

阅读剩余部分...

ssh跳板登录服务器

该篇内容仅适用于*nix环境,不适用windows。

有时候一些后端服务器或者设备没有开放直接对外登录的服务。
往往需要使用到代理或者从堡垒机转二次登录。
在使用过程中遇上需要直接拷贝传输文件会觉得非常蛋疼,这时候ProxyCommand就派上用场了

前景约定:  10.0.0.1 是我们的堡垒机  10.10.10.1是没有对外开放网络的后端服务器,登录凭证则最好是禁用密码使用rsa进行登录
普通情况,先在终端下运行 ssh 用户@10.0.0.1 登录成功后再次运行 ssh 用户@10.10.10.1 进行管理。
使用ProxyCommand的设置方法后登录则 ssh 用户@10.10.10.1 直接进入后端。

本地环境设置的内容大致如下:

cat ~/.ssh/config
Host 10.10.10.1
ProxyCommand ssh -p 22 用户@10.0.0.1 -W %h:%p 2>/dev/null

Host 10.10.10.2
ProxyCommand ssh -p 22 用户@10.0.0.1 -W %h:%p 2>/dev/null

centos编译nginx

以下是自用的nginx编译归纳

yum安装常用包

yum -y update
yum -y install epel-release -y
yum install lua-devel luajit git -y
yum -y --skip-broken install gcc  vim-enhanced gcc-c++ libtool-libs libtool autoconf subversion zip unzip  wget crontabs iptables file bison patch mlocate flex diffutils automake imake make cmake kernel-devel cpp zlib-devel

编译安装pcre

cd /tmp
wget -c http://sourceforge.net/projects/pcre/files/pcre/8.21/pcre-8.21.tar.gz/download -O -|tar xz
cd pcre-8.21
./configure
make && make install
if [ `uname -i` == x86_64 ]; then ln -s /usr/lib64/{libpcre.*,libjpeg.so,libpng.so,libXpm.so,libc-client.so,libkrb5.so,libexpat.so,libevent.so} /usr/lib/;fi

编译安装sregex

阅读剩余部分...