warning: Creating default object from empty value in /data/web/1/000/027/003/273448/htdocs/ on line 33.


Check configuration
haproxy -c -f /etc/haproxy/haproxy.cfg

Check status
systemctl status haproxy

# prometheus


# unbound forward-zone output
for IP in $(consul catalog nodes | grep ctl | cut -d " " -f6); do
echo " forward-addr: ${IP}@53"
systemctl restart unbound


echo '["abcdef123458"]' /var/consul/serf/local.keyring
service consul restart

# config
cat /etc/consul/config.json

# log

# cli
consul catalog datacenters
consul catalog nodes
consul catalog services

# Redirect UI to localhost
ssh -L 8500:localhost:8500 -N

# UI listen on external

# checks

Enable UEFI / PXE boot on Mellanox ConnectX NIC

# Boot GRML iso

# Enable SSH daemon
service ssh start
ip a

# ssh root@GRML_IP

# Install Mellanox CLI tools (MFT)
apt update
apt install -y gcc make dkms linux-headers-$(uname -r)
wget -O- ${URL} | tar xvz -C /tmp
mst start

# show mellanox devices / state
mst status
flint -d /dev/mst/mt4119_pciconf0 q

# Enable UEFI and PXE boot
for MST in $(ls /dev/mst/* | egrep -v '\.1'); do

Ubuntu: Instlal lldpd (Link Layer Discovery Protocol)

sudo apt install -y lldpd

# optional: enable Cisco CDP protocol
cat < /etc/default/lldpd
service lldpd restart

# get info

Identify switch port to which the server is connected

# Show LLDP neighbors
networkctl lldp


for NIC in $(find /sys/class/net -type l -not -lname "*virtual*" -printf "%f\n" | sort); do
echo "NIC: ${NIC}"
echo "NIC MAC: $(ethtool -P ${NIC})"
timeout 300 tcpdump -nn -v -i ${NIC} -s 1500 -c 1 "ether[20:2] == 0x2000"

nmcli - NetworkManager command line tool

# list all connections
nmcli con

# show connection details
nmcli con show 'MY_CONNECTION_1'

# start vpn from command line (ubuntu)
nmcli con up id VPN_NAME

nmcli dev wifi list

# modify configuration
SSID="FRITZ!Box 5960"

nmcli con add con-name "${SSID}" ifname wlan0 type wifi ssid "${SSID}"
nmcli con modify "${SSID}" wifi-sec.key-mgmt wpa-psk
nmcli con modify "${SSID}" wifi-sec.psk "${PASS}"

nmcli con up "${SSID}"

Autostart delayed VPN connection
# /home/foo/.config/autostart/vpn.desktop
[Desktop Entry]



# dig
dig txt @
dig | grep -v ";" | grep A
dig -x | grep IN

Create IPfire DomU (firewall)

Check for latest IPFire version

wget -O - | bash -



# download
wget -q ${URL} -O - | tar -C /tmp -xjf -
bash /tmp/ipfire/

# copy data to lvm
mkdir -p /tmp/ipfire/mnt/

# copy boot filesystem
lvcreate --name fw-boot --size 256M vg0
mkfs.ext2 /dev/vg0/fw-boot
#mount /tmp/ipfire/ipfire-boot.img /tmp/ipfire/mnt/ -o loop
mount ipfire-boot.img /tmp/ipfire/mnt/ -o loop
mount /dev/vg0/fw-boot /mnt/
cp -a  /tmp/ipfire/mnt/* /mnt/
umount /tmp/ipfire/mnt/
umount /mnt/

# copy root filesystem
lvcreate --name fw-root --size 2G vg0
mkfs.ext4 /dev/vg0/fw-root
#mount /tmp/ipfire/ipfire-root.img /tmp/ipfire/mnt/ -o loop
mount ipfire-root.img /tmp/ipfire/mnt/ -o loop
mount /dev/vg0/fw-root /mnt/
cp -a  /tmp/ipfire/mnt/* /mnt/
umount /tmp/ipfire/mnt/
umount /mnt/

# copy var filesystem
lvcreate --name fw-var --size 2G vg0
mkfs.ext4 /dev/vg0/fw-var
#mount /tmp/ipfire/ipfire-var.img /tmp/ipfire/mnt/ -o loop
mount ipfire-var.img /tmp/ipfire/mnt/ -o loop
mount /dev/vg0/fw-var /mnt/
cp -a  /tmp/ipfire/mnt/* /mnt/
umount /tmp/ipfire/mnt/
umount /mnt/

# create swap
lvcreate --name fw-swap --size 1G vg0
mkswap /dev/vg0/fw-swap

# clean up
rm -r /tmp/ipfire*

# create xen config file
cat <<EOF> /etc/xen/fw
bootloader = '/usr/lib/xen-4.1/bin/pygrub'
memory = 512
name = 'fw'
acpi = 1
apic = 1
vif = [ 'mac=00:17:4e:be:b1:ba' ]
disk = [
pci = ['00:0c.0']
extra = 'iommu=soft'

# OPTIONAL: autostart
ln -s /etc/xen/fw /etc/xen/auto/01_fw

# TODO (automate)
rmmod e100
rmmod xen-pciback
modprobe xen-pciback 'hide=(00:0c.0)'
xm pci-list-assignable-devices

# start domU
xm create -c fw

sed -i 's|phy:/dev/vg0/fw-|file:/root/ipfire-|g' /etc/xen/fw
sed -i 's|,xvda|.img,xvda|g' /etc/xen/fw

# configure ipfire in terminal

# webinterface

# Links

Compile iPXE

wget -qO - | bash -


# install requirements
sudo apt-get install -y build-essential liblzma-dev

# get source
git clone git:// /tmp/ipxe
# create boot script
cat <<EOF> /tmp/ipxe/src/boot.ipxe
dhcp && chain http://\${next-server}/\${mac} || chain\${mac}
# OPTIONAL: enable HTTPS support
sed -i -e '/DOWNLOAD_PROTO_HTTPS/ s/#undef/#define/' /tmp/ipxe/src/config/general.h
# OPTIONAL: change product name
sed -i 's|PRODUCT_NAME ""|PRODUCT_NAME ""|g' /tmp/ipxe/src/config/general.h
cd /tmp/ipxe/src
# build CD image (/tmp/ipxe/src/bin/ipxe.iso)
make bin/ipxe.iso EMBED=boot.ipxe
# build USB image (/tmp/ipxe/src/bin/ipxe.usb)
make bin/ipxe.usb EMBED=boot.ipxe
# build PXE image (/tmp/ipxe/src/bin/ipxe.pxe)
make bin/ipxe.pxe EMBED=boot.ipxe
# build GRUB image (/tmp/ipxe/src/bin/ipxe.lkrn)
make bin/ipxe.lkrn EMBED=boot.ipxe
# build undionly image (/tmp/ipxe/src/bin/undionly.kpxe)
make bin/undionly.kpxe EMBED=boot.ipxe

# ToDo: https boot


Syndicate content