rrdtool dump filename.rrd rrdtool info filename.rrd   rrdtool graph /dev/null -s 3600 DEF:ierr=filename.rrd:ds1:AVERAGE VDEF:ioct_a=ierr,AVERAGE PRINT:ierr:%lf this command will get the avg value of ds1 (ds1 is the dataset – you can see it in rrdtool info )  , assign it to variable ierr  and print out #3600 => one hourRead More →

Create a service: sudo vi /etc/systemd/system/rc-local.service Add your code there: [Unit] Description=/etc/rc.local Compatibility ConditionPathExists=/etc/rc.local [Service] Type=forking ExecStart=/etc/rc.local start TimeoutSec=0 StandardOutput=tty RemainAfterExit=yes SysVStartPriority=99 [Install] WantedBy=multi-user.target Create and make sure /etc/rc.local is executable and add this code inside it: sudo chmod +x /etc/rc.local #!/bin/sh -e # # rc.local # # This script is executed at the end of each multiuser runlevel. # Make sure that the script will “exit 0” on success or any other # value on error. # # In order to enable or disable this script just change the execution # bits. # # By default this script does nothing. exit 0 Enable the service: sudoRead More →

My Strongswan : Local IP: 172.30.0.37 Elastic IP: 19.215.188.2 OS: Ubuntu My WAN: Customer grade broadband Internet Public IP:28.77.250.17 – connect to my fiber optics Local gateway IP: 192.168.1.100 we need to setup porftforwarding : UDP port 4500,500, to our router interface 192.16.1.108 My Cisco: Cisco 1841 fa0/1 : 192.168.1.108  – connect to My WAN router local interface fa0/0: 172.16.8.254 – connect to my local switch / pc My Strongswan config: /etc/ipsec.conf config setup # strictcrlpolicy=yes # uniqueids = no conn %default ikelifetime=1440m keylife=60m rekeymargin=3m keyingtries=1 keyexchange=ikev1 authby=secret conn myremoteoffice left=172.30.0.37 #strongswan outside address leftsubnet=172.30.0.0/24,0.0.0.0/0 #network behind strongswan leftid=19.215.188.2 #IKEID sent by strongswan leftfirewall=yes right=28.77.250.17Read More →

i have 2 sites vpn between Strongswan and Cisco 1841 , the vpn works well , but there is a problem , some of ssl website could not open , after some research it turned out that’s the mtu issue. this is how i fix: conf t int fa0/1 ip mtu 1500 int fa0/0 ip mtu 1500 In case of yahoo, i need to update this on strongswan server: $ iptables -t mangle -A FORWARD -o eth0 \ -p tcp -m tcp –tcp-flags SYN,RST SYN \ -m tcpmss –mss 1361:1536 \ -j TCPMSS –set-mss 1360 $ echo 1 >/proc/sys/net/ipv4/ip_no_pmtu_disc For your reference: MTU woes inRead More →

When we apply an access-list to our router/switch, take this note: To apply an access list to a virtual terminal interface we must use the “access-class” command.  This is used when we want to limit the access to our management interface. To apply an access list to a physical interface, we must use the “access-group” command.Read More →

Let say we have a router , it’s connected to internet via interface Fa0/1.  For security reason, we don’t want internet use to ping our router. We need to disable icmp , this could be done through access list. Router#conf t Router(config)#ip access-list extended acl-internet-in Router(config)#deny icmp any any echo Router(config)#permit ip any any Router(config)#end Then we need to apply this access list to our internet interface : Fa/01 Router#conf t Router(config)#int fa0/1 Router(config)#ip access-list acl-internet-in in Router(config)#end  Read More →

#add this line in Type 3 – ^${VLAN}\s+${DESTINATION_ADDRESS}\s+${TYPE}\s+\S+\s+${DESTINATION_PORT} -> Record Value DESTINATION_ADDRESS (\w+.\w+.\w+) Value TYPE (\w+) Value VLAN (\w+) Value DESTINATION_PORT (\S+) Start ^Destination\s+Address\s+Address\s+Type\s+VLAN\s+Destination\s+Port -> TYPE1 ^\s+vlan\s+mac address\s+type\s+learn\s+age\s+ports -> TYPE2 ^\s+vlan\s+mac address\s+type\s+protocols\s+port -> TYPE3 ^Vlan\s+Mac Address\s+Type\s+Ports -> TYPE4 TYPE1 ^${DESTINATION_ADDRESS}\s+${TYPE}\s+${VLAN}\s+${DESTINATION_PORT} -> Record TYPE2 ^[*|\s]\s+${VLAN}\s+${DESTINATION_ADDRESS}\s+${TYPE}\s+\S+\s+\S+\s+${DESTINATION_PORT} -> Record TYPE3 ^\s+${VLAN}\s+${DESTINATION_ADDRESS}\s+${TYPE}\s+\S+\s+${DESTINATION_PORT} -> Record ^${VLAN}\s+${DESTINATION_ADDRESS}\s+${TYPE}\s+\S+\s+${DESTINATION_PORT} -> Record TYPE4 ^\s+${VLAN}\s+${DESTINATION_ADDRESS}\s+${TYPE}\s+${DESTINATION_PORT} -> Record  Read More →