delete protocols igmp-snooping
add the following line in the nginx config then restart
add_header 'Content-Security-Policy' 'upgrade-insecure-requests';
As the number of devices in my network has increased, so has the workload of performing maintenance on these systems. From time to time I need to use some rescue systems, such as WinPE and Linux LiveCD. Mounting boot images for them often requires the use of a corresponding management tool or out-of-band management, such as IPMI or BMC manager. The physical machine even needs to burn a USB boot disk.
Preboot eXecution Environment, the abbreviation is PXE, provides a mechanism for booting a computer using the NIC. This mechanism allows the computer to boot without relying on a local data storage device (such as a hard disk) or a locally installed operating system.
So I noticed that there is an open-source PXE firmware called iPXE. Building a customized iPXE firmware is simple according to the wiki page of iPXE.
sudo apt update sudo apt install git gcc binutils make perl liblzma-dev mtools git clone git://git.ipxe.org/ipxe.git cd ipxe/src make
I need the chain loading function, so I need to add some parameters during the building process like this.
make bin/nm-undionly-20211002-1a.kpxe EMBED=nmboot.ipxe make bin-x86_64-efi/nm-ipxe-20211002-1a.efi EMBED=nmboot.ipxe
Now I get both legacy BIOS and UEFI PXE firmware embedded my own chain loading script nmboot.ipxe. The script is quiet simple, just chaining the entry point from my HTTP server.
#!ipxe dhcp chain http://172.16.0.11/pxe/ipxe/boot.php
The advantage of this is that it minimizes the size of iPXE firmware for the NIC PXE to be downloaded from the TFTP Server, i.e., the Next Server that has been given by DHCP server. Because of the slow loading speed over TFTP.
My home lab use pfSense as my gateway and DHCP server, the DHCP server config is quite simple.
The next step is just to prepare the file on the http server. Refer here.
It’s done!阅读更多：Build a customized iPXE firmware and deploy a chain loading environment
I recently had a problem with my newly purchased Aruba AP-305 not being able to be added to the VC. The solution was discovered through research.
Firstly, use the following command to show the provisioning log:
show log provision
If you got something like “ADP info: CAP-only sku. Will set it as standalone mode“. This is due to the lack of CCODE (i.e. Country-Code) in this AP. The solution is also simple.
- Connect the serial cable to the console port of Aruba AP
- Reset the AP
- Hit any key to break into apboot >
proginv system ccode CCODE-[CC]-[SHA1]
(replace [SHA1] with the SHA-1 hash of “[CC]-[SN]” ([CC] is your AP’s Restricted Regulatory Domain, like RW, US, JP and IL), and [SN] is the serial number)
US – Restricted Regulatory Domain – US
JP – Restricted Regulatory Domain – Japan
IL – Restricted Regulatory Domain – Israel
RW or UNRST – Rest of the World (Unrestricted)
For example CCODE-RW-de6fdb363ff04c13ee261ec04fbb01bdd482d1cd
setenv serverip [TFTP_Server_IP]
upgrade os 0 [ArubaInstant_Firmware]
upgrade os 1 [ArubaInstant_Firmware]
Now it’s done.
If you are having trouble resolving a domain name with an A record as an intranet address when using pfSense, add the following field to the Custom options of your DNS Resolver settings.
server: private-domain: "example.com"
esxcli network firewall set --enabled false wget https://example.com/folder/file -P /vmfs/volumes/datastore/folder esxcli network firewall set --enabled true
The purpose of this article is to realize the local machine X can communicate over local router A running pfSense through the WAN gateway of the remote router B also with pfSense.
The lab environment
Local machine X: [IP_ADDR]=192.168.0.254 [Mask]=255.255.255.0 [GW]=192.168.0.1 Local router A: [IP_ADDR]=192.168.0.1 [Mask]=255.255.255.0 [GW]=Router_A_WAN_ADDR Remote router B: [IP_ADDR]=192.168.11.1 [Mask]=255.255.255.0 [GW]=Router_B_WAN_ADDR OpenVPN client on router A: [Mode]=TUN [Interface]=OVPN_A [IPv4 Tunnel Network]=192.168.30.49/30 OpenVPN server on router B: [Mode]=TUN [Interface]=OVPN_B [IPv4 Tunnel Network]=192.168.30.50/30
1. Establish an OpenVPN TUN tunnel between router A and B anyway. This is not the focus of this article.
2. Set a allow all rule for OVPN_B on router B
3. Set an Outbound NAT on the firewall of router B
4. Set a rule for routing traffic to OVPN_A on the LAN firewall table of router A
Result: (Tested on local machine X)
> tracert 192.168.11.1 Tracing route to 192.168.11.1 over a maximum of 30 hops 1 20 ms 20 ms 20 ms 192.168.30.49 2 30 ms 30 ms 30 ms 192.168.11.1 Trace complete.
1. apt install required paackages
$ sudo apt update $ sudo apt install doxygen dia graphviz
2. generate the Doxyfile
$ cd [SOME_PATH] $ doxygen -g
3. edit the Doxyfile
OUTPUT_DIRECTORY = [YOUR_OUTPUT_DIRECTORY] INPUT = [YOUR_SOURCE_CODE] RECURSIVE = YES EXTRACT_ALL = YES EXTRACT_PRIVATE = YES EXTRACT_STATIC = YES CLASS_DIAGRAMS = YES DIA_PATH = /usr/bin/dia HAVE_DOT = YES CLASS_GRAPH = YES COLLABORATION_GRAPH = YES
4. run doxygen
$ doxygen [YOUR_Doxyfile]
5. result examlple
socat tcp-listen:[LISTENING PORT],fork,reuseaddr tcp-connect:[TARGET ADDRESS]:[TARGET PORT]
Check swap file
# swapon -s
Create swap file
# dd if=/dev/zero of=/swap.img bs=1G count=8
Set swap file right
chmod 600 /swap.img
Check swap file right
# ll /swap.img
Format swap file
# mkswap /swap.img
Activate swap file
# swapon /swap.img
Deactivate swap file
# swapoff /swap.img
# swapon -s # free -h
Auto mount swap fs
# echo "/swap.img none swap sw 0 0" >> /etc/fstab