Cisco 1760 Config with CyberCity G.SHDSL Config

Udgivet den oktober 25, 2007 af mike

! To Apply this config, alter the following things:
! * CyberCity DSL Password
! * Telnet Password
! * Enable password
! * Access-list for telnet access.
!
! Then paste the commands into the console terminal,
! after going to terminal config mode
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname bgw.sk.mcn.dk
!
enable secret FooBar
!
ip subnet-zero
no ip finger
no ip source-route
no ip domain-lookup
!
ip dhcp excluded-address 85.82.26.160 85.82.26.179
!
ip dhcp pool 0
import all
origin ipcp
dns-server 212.242.40.3 212.242.40.51
exit
!
!NO IOSFW ENABLED
!
interface FastEthernet0/0
ip address pool 0
no ip route-cache
ip access-group 120 in
!No NAT overload with GlobalIP
!NO IOSFW ENABLED
no shutdown
exit
!
! NO EXTRA INTERFACES
interface Ethernet1/0
no ip address
no ip route-cache
shutdown
exit
!
interface ATM0/0
no ip address
no ip route-cache
no atm ilmi-keepalive
pvc 0/35
encapsulation aal5mux ppp dialer
dialer pool-member 1
exit
!
bundle-enable
dsl equipment-type CPE
dsl operating-mode GSHDSL symmetric annex B
dsl linerate AUTO
hold-queue 224 in
no shutdown
exit
!
interface Dialer0
no ip route-cache
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication chap callin optional
ppp chap hostname dsl123456
ppp chap password FooBarPass
ip unnumbered FastEthernet0/0
ppp ipcp mask request
!No NAT overload with GlobalIP
!NO ACL110
no shutdown
exit
!
!No NAT overload with GlobalIP
!
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer0 permanent
!No MPLS enabled
!
no access-list 1
no access-list 5
no access-list 10
no access-list 101
no access-list 110
no access-list 111
no access-list 120
!
! Addresses in RIP update
!NO ACL1
!
! Addresses allowed to access vty (telnet)
!access-list 5 permit 212.242.40.0 0.0.3.255
! LAN is allowed
access-list 5 permit 85.82.26.160 0.0.0.31
! Random host allow
! access-list 5 permit 10.20.30.40
!
! Special Java list
!NO ACL10
!
! Addresses to be NAT’ed.
!No NAT overload with GlobalIP
!
! Packets permited in on dialer0.
!NO ACL110
!
! Packets allowed in on the ethernet.
access-list 120 permit udp any any range bootps bootpc
access-list 120 permit ip 85.82.26.160 0.0.0.31 any
!
! Packets allowed to trigger a call.
dialer-list 1 protocol ip permit
!
line con 0
transport output none
stopbits 1
exit
line vty 0 4
password FooBar
access-class 5 in
login
exit
!
scheduler max-task-time 5000
!
config-register 0x2102
end
! After this, do a wri mem if the config works..

Udgivet i Knowledge Base, Networking, Old Base | Skriv en kommentar

Creating trusted certificate for Java JSSE

Udgivet den oktober 18, 2007 af mike

First, take the unencrypted file certificate.pfx (used on the server), and chop it up into key and PEM encoded certificate:

# openssl pkcs12 -in certificate.pfx -nodes -out certificate.key -nocerts
# openssl pkcs12 -in certificate.pfx -nodes -out certificate.pem -nokeys

Edit the certificate.key and certificate.pem files, remove the garbage before the actual key and cerfiticate.

Combine the key and certificate to a new encrypted pkcs12 file:

# openssl pkcs12 -export -in certificate.pem -inkey certificate.key -name “friendlyname” -out certificate.p12

Enter the new password.

Using Java Keytool, export the certificate from the pkcs12 file.

# keytool -export -keystore certificate.p12 -storetype pkcs12 -alias friendlyname -file server.cer

Import the certificate into a Java Key Store as a trusted certificate:

# keytool -import -keystore jssecacerts.jks -alias friendlyname -file server.cer

Enter something as keystore password and type “yes” to trust the certificate.

Udgivet i Knowledge Base, Old Base, Programmering | Skriv en kommentar

Configuring cisco catalyst / router

Udgivet den oktober 12, 2007 af Brian Lund Klint 
# Cisco configuration:
# Indendted commands are short forms of normal commands

# connect to the catalyst
telnet 192.168.200.250

# or connect console cable and fire up hyperterminal
bps:          9600
Databit:         8
Parity:       none
Stop Bit:        1
Flow control: none
# press enter a couple of times

# log in as 'root'
enable
    ena
# give enable pass

# To configure interfaces, go to terminal config mode:
configure terminal
    conf t

# Then enter interface config mode:
interface FastEthernet0/1
    in Fa0/1
# make changes and go back to general conf mode:
exit
end conf mode with:
end

# To setup passwords go to terminal config:
conf t
enable password <password>
# or
enable password 0 <password>
end

# to enable telnet access configure the VTY line
conf t
line vty 0 4
login
password <password>
end

# to change ip, go to interface config mode on vlan 1:
conf t
in vlan 1
# now enter the designated ip:
ip address 10.0.13.28 255.255.0.0
# exit to general conf and enter the gateway:
exit
ip default-gateway 10.0.0.1
end

# to enable or disable an interface, use the shutdown command

conf t
in Fa0/1
shutdown
no shutdown


# to setup new vlan instances:
# For catalyst:
# enter the vlan database:
vlan database
# add new vlans:
vlan <id> name <name>
# where ID = 2-68 and name = vlan name or VLAN00<ID>
# delete a vlan:
no vlan <id>
end

# to move a port to a vlan:
# enter interface configuration mode:
conf t
in Fa0/1
# define vlan membership for this port, and give static access to vlan id:
# (the port can only access one vlan)
switchport mode access
switchport access vlan <vlanid>
# define vlan membership for this port, and give multi access to vlan ids:
# (the port can access more vlans. conficts with 802.1Q trunks)
#  You cannot have multi-VLAN and trunk ports configured on the same switch
switchport mode multi
switchport multi vlan <vlanid>, <vlanid>
# define a trunk
switchport mode trunk
switchport trunk encapsulation (isl|dot1q)
# dot1q / 802.1Q is useable with linux / bsd
# disable some vlans over the trunk:
switchport trunk allowed vlan remove vlan-list
# setup the non-tagged traffic vlan:
switchport trunk native vlan <vlan id>
# non tagged traffic and tagged traffic can coexist nicely.
# disable a trunk:
no switchport mode
end

# Vlan for routers:
# Create first sub interface for FastEthernet0/0
conf t
interface FastEthernet0/0.1
# set vlan tag id to 10
encapsulation dot1q 10
# set ip address
ip address 10.1.1.1 255.255.255.0
exit
# repeat with fa0/0.2 and so forth...


# how to setup portfast (and disable STP)
# go to interface config mode for the port
# then do:
spanning-tree portfast
    sp portfast

# show spanning tree protocol details:
# all ports:
show spanning-tree
    sh sp

# per port:
show spanning-tree interface FastEthernet0/1
    sh sp in Fa0/1

# per vlan:
show spanning-tree vlan 1
    sh sp vl 1

# For each VLAN, the switch with the highest switch priority (the lowest
# numerical priority value) is elected as the root switch. If all switches are
# configured with the default priority (32768), the switch with the lowest MAC
# address in the VLAN becomes the root switch.

# show list of interfaces:
show interface
    sh in

# show list of vlans
show vlan
    sh vl

# save settings
copy runnin-config startup-config

#
# Important links:
#

Configuring STP (Spanning Tree Protocol):
http://www.cisco.com/univercd/cc/td/doc/product/lan/cat2950/1216ea2b/scg/swgstp.htm

Understanding and Tuning Spanning Tree Protocol Timers:
http://www.cisco.com/warp/public/473/122.html
Udgivet i Cisco, Knowledge Base, Networking | Skriv en kommentar

Tooltip javascript function

Udgivet den oktober 6, 2007 af zephid

tooltip.js:
// position of the tooltip relative to the mouse in pixel //
var offsetx = 12;
var offsety = 8;

function newelement(newid)
{
if(document.createElement)
{
var el = document.createElement(‘div’);
el.id = newid;
with(el.style)
{
display = ‘none’;
position = ‘absolute’;
}
el.innerHTML = ‘ ‘;
document.body.appendChild(el);
}
}
var ie5 = (document.getElementById && document.all);
var ns6 = (document.getElementById && !document.all);
var ua = navigator.userAgent.toLowerCase();
var isapple = (ua.indexOf(‘applewebkit’) != -1 ? 1 : 0);
function getmouseposition(e)
{
if(document.getElementById)
{
var iebody=(document.compatMode &&
document.compatMode != ‘BackCompat’) ?
document.documentElement : document.body;
pagex = (isapple == 1 ? 0:(ie5)?iebody.scrollLeft:window.pageXOffset);
pagey = (isapple == 1 ? 0:(ie5)?iebody.scrollTop:window.pageYOffset);
mousex = (ie5)?event.x:(ns6)?clientX = e.clientX:false;
mousey = (ie5)?event.y:(ns6)?clientY = e.clientY:false;

var lixlpixel_tooltip = document.getElementById(‘tooltip’);
lixlpixel_tooltip.style.left = (mousex+pagex+offsetx) + ‘px’;
lixlpixel_tooltip.style.top = (mousey+pagey+offsety) + ‘px’;
}
}
function tooltip(tip)
{
if(!document.getElementById(‘tooltip’)) newelement(‘tooltip’);
var lixlpixel_tooltip = document.getElementById(‘tooltip’);
lixlpixel_tooltip.innerHTML = tip;
lixlpixel_tooltip.style.display = ‘block’;
document.onmousemove = getmouseposition;
}
function exit()
{
document.getElementById(‘tooltip’).style.display = ‘none’;
}

Usage:
onmouseover=”tooltip(‘I am a tooltip !’);” onmouseout=”exit();”

Udgivet i Knowledge Base, Old Base, Programmering | Skriv en kommentar

Simple tunneling across weird networks

Udgivet den oktober 2, 2007 af mike

web01:~# ssh zennet.dk -p 2222 -L 8080:192.168.1.252:80 -g -f -N
root@zennet.dk’s password:
web01:~#

-f and -N make the process fork into background once loaded

-L 8080:192.168.1.252:80 , means that local port 8080 should be tunneled to remote ip 192.168.1.252 port 80

-g gives remote hosts access to connect to web01 port 8080

Udgivet i Knowledge Base, Networking, Old Base | Skriv en kommentar

Cisco Portforwarding (nat)

Udgivet den september 27, 2007 af mike

enable
conf t
ip nat inside source static tcp 192.168.1.254 22 10.1.0.128 22

Sends incomming connection on ip 10.1.0.128(the router) port 22 go to 192.168.1.254(the desired server to receive the connection) port 22

Udgivet i Knowledge Base, Networking, Old Base | Skriv en kommentar

Installing Nagios 2 on Debian 4

Udgivet den september 27, 2007 af mike

# apt-get install nagios2

# htpasswd -c /etc/nagios2/htpasswd.users mike
New password:
Re-type new password:
Adding password for user mike

Udgivet i Knowledge Base, Networking, Old Base | Skriv en kommentar

PCI Bus limitations

Udgivet den september 27, 2007 af mike

backup ~ # hdparm -tT /dev/md1

/dev/md1:
Timing cached reads: 2232 MB in 2.00 seconds = 1115.98 MB/sec
Timing buffered disk reads: 404 MB in 3.02 seconds = 133.93 MB/sec

backup ~ # df -H | grep md1
/dev/md1 2,0T 206M 2,0T 1% /store1

Udgivet i Knowledge Base, Linux, Old Base | Skriv en kommentar

Cisco 1760 config: NAT from 10mbit wan interface to 100mbit lan interface with DHCP Server

Udgivet den september 26, 2007 af mike

Using 1334 out of 29688 bytes
!
! Last configuration change at 08:57:51 UTC Sat Mar 4 2006
! NVRAM config last updated at 09:00:05 UTC Sat Mar 4 2006
!
version 12.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname bgw.sk.mcn.dk
!
logging queue-limit 100
enable secret 5 $1$S3CR3TSH1t
enable password SecretShit
!
ip subnet-zero
!
!
ip dhcp excluded-address 192.168.1.1 192.168.1.200
ip dhcp excluded-address 192.168.1.250 192.168.1.255
!
ip dhcp pool 192.168.1.0/24
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
dns-server 217.195.176.77 217.195.176.76
domain-name sk.mcn.dk
!
!
!
!
!
!
bridge irb
!
!
interface ATM0/0
no ip address
shutdown
no atm ilmi-keepalive
dsl equipment-type CPE
dsl operating-mode GSHDSL symmetric annex A
dsl linerate AUTO
!
interface FastEthernet0/0
ip address 192.168.1.1 255.255.255.0
ip nat inside
no ip mroute-cache
speed auto
full-duplex
!
interface Ethernet1/0
ip address dhcp
ip nat outside
full-duplex
!
ip nat inside source list 1 interface Ethernet1/0 overload
ip classless
no ip http server
no ip http secure-server
!
!
!
access-list 1 permit 192.0.0.0 0.255.255.255
!
bridge 1 protocol ieee
bridge 1 route ip
!
line con 0
line aux 0
line vty 0 4
password SecretShit
login
!
no scheduler allocate
en

Udgivet i Knowledge Base, Networking, Old Base | Skriv en kommentar

create a list of java source files from a recursive directory

Udgivet den september 20, 2007 af black

I use this to produce a list of all java source files I need to build.

(Need GnuWin32 grep and coreutils packages)

dir *.java /s /B | grep -i java | cut -d\ -f7- > srcfiles.txt

Udgivet i Knowledge Base, Old Base, Programmering | Skriv en kommentar