Wednesday, October 10, 2018

Linux Mint Install VNC server

1. Disable firewall
sudo ufw disable
sudo apt-get -y remove vino

 2. removing the default Vino server (desktop sharing) in Linux Mint

sudo apt-get -y install x11vnc
3.  create a directory to store a file that will contain the password used for VNC authentication:
sudo mkdir /etc/x11vnc

4. create an encrypted password file and save it in /etc/x11vnc/. You will be prompted to type and verify the password:

sudo x11vnc --storepasswd /etc/x11vnc/vncpwd
VNC Server encrypted password file

5. create the systemd service file for the x11vnc service:

sudo xed /lib/systemd/system/x11vnc.service
Copy & paste the code below into xed:

[Unit]
Description=VNC Server for X11
Requires=display-manager.service
After=display-manager.service
[Service]
Type=forking
ExecStart=/usr/bin/x11vnc -dontdisconnect -auth guess -forever -shared -noxdamage -repeat -rfbauth /etc/x11vnc/vncpwd -rfbport 5900 -bg -o /var/log/x11vnc.log
ExecStop=/usr/bin/killall x11vnc
Restart=on-failure
Restart-sec=5

[Install]
WantedBy=multi-user.target

Save and close the file. Then copy /lib/systemd/system/x11vnc.service to /etc/systemd/system/

6. edit /lib/systemd/system/graphical.target

sudo xed /lib/systemd/system/graphical.target
Edit graphical.target file as following:

# This file is part of systemd.
#
# systemd is free software; you can redistribute it and/or modify it
# under the terms of the GNU Lesser General Public License as published by
# the Free Software Foundation; either version 2.1 of the License, or
# (at your option) any later version.
[Unit]
Description=Graphical Interface
Documentation=man:systemd.special(7)
Requires=multi-user.target
Wants=display-manager.service x11vnc.service
Conflicts=rescue.service rescue.target
After=multi-user.target rescue.service rescue.target display-manager.service
AllowIsolate=yes

Save and close the file. Then copy /lib/systemd/system/graphical.target to /etc/systemd/system/
sudo cp /lib/systemd/system/graphical.target /etc/systemd/system/


7. Reload services and enable the x11vnc service at boot time:

sudo systemctl daemon-reload
sudo systemctl enable graphical.target

8. reboot (preferably) Linux Mint or manually start x11vnc service:

sudo systemctl start x11vnc.service


Remotely controlling Linux Mint 18.x
From a client computer in your network, using a VNC client of your choice (Remmina, Ultra VNC, TightVNC, Chicken VNC, VNC Viewer, Screen Sharing, (you name it) enter the IP address of your Linux Mint box or its hostname 
Posted by at No comments:

Monday, August 13, 2018

Migrate VMDISK file to Proxmox

 Prepare the VMDisk using the vdiskmanager

"C:\Program Files\VMware\VMware Server\vmware-vdiskmanager" -r disk0.vmdk -t 0 disk0-pve.vmdk

Then convert the vmdk to a qcow2 file
qemu-img convert -f vmdk disk0-pve.vmdk -O qcow2 disk0-pve.qcow2



in raw format, you convert vmdk over it in raw format:
qemu-img convert -p -O raw disk0.vmdk /dev/vgname/vm-111-disk-1

to enlarge disk
qemu-img resize your.vmdk 700G
Posted by at No comments:

Wednesday, August 8, 2018

Backup and restore cisco

1. Connecting to a Cisco Router Using Console
Step 1: Attach a console cable to the console port (Rj-45) located at the back of the router.
Step 2: Open a new HyperTerminal instance from Start-All Programs-Accessories-Communications-HyperTerminal, enter a random name to this connection and choose the com port to use for connecting to the router. Adjust the following port settings to the com port:
Bits per second: 9600
Data bits: 8
Parity: none
Stop bits: 1
Flow control: Hardware
Step 3: After pressing [Enter] a few times you will see the Router> prompt. Go to menu view-font of the hyperterminal and select courier font with font size 14.
Write enable to enter into privileged mode (after issuing the correct enable secret). Here are the steps:
[Router name]>
[Router name]>enable
Password: ..........
[Router name]#
2. Connecting to a Cisco Router Using Telnet
Note that in order to be able to telnet onto a router, a telnet password must have been configured on the router and also telnet access should not be disabled on the specific router.
Before installing a new router you must provide a password for the telnet access on the router, otherwise you will not be able to telnet to it.
Use the console to connect to the router:
[Router name] enable
Password: ..........[insert enable secret here]
[Router name]# sh run
Press [enter] until you see a sentence like: line vty 0 4 (see the example below). Below this sentence you should see a password. If not then you should provide a password. If a password is set but no exec line is seen like in the example below, then telnet is blocked and you should unblock it.
Example:
Line vty 0 4
Password surpass
No exec

a. To Provide a telnet Password

Router#config t
Router(Config)#line vty 0 4
Router(Config)#login
Router(Config)#password [password name]
Press [Ctrl][z] and issue sh run to ensure that password has been set

b. To Unblock telnet Access on Router

Router#config t
Router(Config)#line vty 0 4
Router(Config)#exec
C:\>telnet 10.176.100.2
Password: ..........
[Router name]>enable
Password: ..........
[Router name]#
3. Backup setting routing with ftp/tftp server

[router name]#show run

[router name]#copy run tftp -- to copy the running configuration to TFTP server

[router name]#copy run ftp  --> -- to copy the configuration file from FTP server to the running configuration of the router

4. Restore

[router name]# show run

[router name]#copy ftp run  --> -- to copy the configuration file from FTP server to the running configuration of the router

[router name]#copy tftp run  --> -- to copy the configuration file from TFTP server to the running configuration of the router

[router name]#show run

[router name]#copy run start --> to copy the configuration from running configuration (DRAM) to Startup configuration (NVRAM). 


Posted by at No comments:

Thursday, June 7, 2018

Example FBF setting

Example: Configuring Filter-Based Forwarding on the Source Address

This example shows how to configure filter-based forwarding (FBF), which is sometimes also called Policy Based Routing (PBR). The filter classifies packets to determine their forwarding path within the ingress routing device.
Filter-based forwarding is supported for IP version 4 (IPv4) and IP version 6 (IPv6).

Requirements

No special configuration beyond device initialization is required for this example.

Overview

In this example, we use FBF for service provider selection when customers have Internet connectivity provided by different ISPs yet share a common access layer. When a shared media (such as a cable modem) is used, a mechanism on the common access layer looks at Layer 2 or Layer 3 addresses and distinguishes between customers. You can use filter-based forwarding when the common access layer is implemented using a combination of Layer 2 switches and a single router.
With FBF, all packets received on an interface are considered. Each packet passes through a filter that has match conditions. If the match conditions are met for a filter and you have created a routing instance, FBF is applied to the packet. The packet is forwarded based on the next hop specified in the routing instance. For static routes, the next hop can be a specific LSP.
Note: Source-class usage filter matching and unicast reverse-path forwarding checks are not supported on an interface configured for FBF.
To configure FBF, perform the following tasks:
  • Create a match filter on the ingress device. To specify a match filter, include the filter filter-name statement at the [edit firewall] hierarchy level. A packet that passes through the filter is compared against a set of rules to classify it and to determine its membership in a set. Once classified, the packet is forwarded to a routing table specified in the accept action in the filter description language. The routing table then forwards the packet to the next hop that corresponds to the destination address entry in the table.
  • Create routing instances that specify the routing table(s) to which a packet is forwarded, and the destination to which the packet is forwarded at the [edit routing-instances] hierarchy level. For example:
    [edit]
    routing-instances {
    routing-table-name1 {
    instance-type forwarding;
    routing-options {
    static {
    route 0.0.0.0/0 next-hop 172.16.0.14;
    }
    }
    }
    routing-table-name2 {
    instance-type forwarding;
    routing-options {
    static {
    route 0.0.0.0/0 next-hop 172.16.0.18;
    }
    }
    }
    }
  • Create a RIB group to share interface routes with the forwarding routing instances used in filter-based forwarding (FBF). This part of the configuration resolves the routes installed in the routing instances to directly connected next hops on that interface. Create the routing table group at the [edit routing-options] hierarchy level.
    [edit]
    routing-options {
    interface-routes {
    rib-group;
    inet {
    int-routes;
    }
    }
    }
    }
    routing-options {
    rib-groups {
    int-routes {
    import-rib {
    inet.0;
    webtraffic.inet.0;
    }
    }
    }
    }
This example shows a packet filter that directs customer traffic to a next-hop router in the domains, SP1 or SP2, based on the packet’s source address.
If the packet has a source address assigned to an SP1 customer, destination-based forwarding occurs using the sp1-route-table.inet.0 routing table. If the packet has a source address assigned to an SP2 customer, destination-based forwarding occurs using the sp2-route-table.inet.0 routing table. If a packet does not match either of these conditions, the filter accepts the packet, and destination-based forwarding occurs using the standard inet.0 routing table.
Figure 1 shows the topology used in this example.
On Device P1, an input filter classifies packets received from Device PE3 and Device PE4. The packets are routed based on the source addresses. Packets with source addresses in the 10.1.1.0/24 and 10.1.2.0/24 networks are routed to Device PE1. Packets with source addresses in the 10.2.1.0/24 and 10.2.2.0/24 networks are routed to Device PE2.
Figure 1: Filter-Based Forwarding
Filter-Based Forwarding
To establish connectivity, OSPF is configured on all of the interfaces. For demonstration purposes, loopback interface addresses are configured on the routing devices to represent networks in the clouds.
The CLI Quick Configuration section shows the entire configuration for all of the devices in the topology. The Configuring Filter-Based Forwarding on Device P1 section shows the step-by-step configuration of the ingress routing device, Device P1.

Configuration

CLI Quick Configuration

To quickly configure this example, copy the following commands, paste them into a text file, remove any line breaks, change any details necessary to match your network configuration, and then copy and paste the commands into the CLI at the [edit]hierarchy level.
Device P1
set firewall filter classify-customers term sp1-customers from source-address 10.1.1.0/24
set firewall filter classify-customers term sp1-customers from source-address 10.1.2.0/24
set firewall filter classify-customers term sp1-customers then log
set firewall filter classify-customers term sp1-customers then routing-instance sp1-route-table
set firewall filter classify-customers term sp2-customers from source-address 10.2.1.0/24
set firewall filter classify-customers term sp2-customers from source-address 10.2.2.0/24
set firewall filter classify-customers term sp2-customers then log
set firewall filter classify-customers term sp2-customers then routing-instance sp2-route-table
set firewall filter classify-customers term default then accept
set interfaces fe-1/2/0 unit 0 family inet filter input classify-customers
set interfaces fe-1/2/0 unit 0 family inet address 172.16.0.10/30
set interfaces fe-1/2/1 unit 0 family inet address 172.16.0.13/30
set interfaces fe-1/2/2 unit 0 family inet address 172.16.0.17/30
set protocols ospf rib-group fbf-group
set protocols ospf area 0.0.0.0 interface all
set protocols ospf area 0.0.0.0 interface fxp0.0 disable
set routing-instances sp1-route-table instance-type forwarding
set routing-instances sp1-route-table routing-options static route 0.0.0.0/0 next-hop 172.16.0.14
set routing-instances sp2-route-table instance-type forwarding
set routing-instances sp2-route-table routing-options static route 0.0.0.0/0 next-hop 172.16.0.18
set routing-options rib-groups fbf-group import-rib inet.0
set routing-options rib-groups fbf-group import-rib sp1-route-table.inet.0
set routing-options rib-groups fbf-group import-rib sp2-route-table.inet.0
Device P2
set interfaces fe-1/2/0 unit 0 family inet address 172.16.0.2/30
set interfaces fe-1/2/1 unit 0 family inet address 172.16.0.6/30
set interfaces fe-1/2/2 unit 0 family inet address 172.16.0.9/30
set protocols ospf area 0.0.0.0 interface all
set protocols ospf area 0.0.0.0 interface fxp0.0 disable
Device PE1
set interfaces fe-1/2/0 unit 0 family inet address 172.16.0.14/30
set interfaces lo0 unit 0 family inet address 172.16.1.1/32
set protocols ospf area 0.0.0.0 interface all
set protocols ospf area 0.0.0.0 interface fxp0.0 disable
Device PE2
set interfaces fe-1/2/0 unit 0 family inet address 172.16.0.18/30
set interfaces lo0 unit 0 family inet address 172.16.2.2/32
set protocols ospf area 0.0.0.0 interface all
set protocols ospf area 0.0.0.0 interface fxp0.0 disable
Device PE3
set interfaces fe-1/2/0 unit 0 family inet address 172.16.0.1/30
set interfaces lo0 unit 0 family inet address 10.1.1.1/32
set interfaces lo0 unit 0 family inet address 10.1.2.1/32
set protocols ospf area 0.0.0.0 interface all
set protocols ospf area 0.0.0.0 interface fxp0.0 disable
Device PE4
set interfaces fe-1/2/0 unit 0 family inet address 172.16.0.5/30
set interfaces lo0 unit 0 family inet address 10.2.1.1/32
set interfaces lo0 unit 0 family inet address 10.2.2.1/32
set protocols ospf area 0.0.0.0 interface all
set protocols ospf area 0.0.0.0 interface fxp0.0 disable

Configuring the Firewall Filter on P1

Step-by-Step Procedure

The following example requires you to navigate various levels in the configuration hierarchy. For information about navigating the CLI, see Using the CLI Editor in Configuration Mode in the CLI User Guide.
To configure the firewall filter on the main router or switch:
  1. Configure the source addresses for SP1 customers.
    [edit firewall filter classify-customers term sp1-customers]
    user@host# set from source-address 10.1.1.0/24
    user@host# set from source-address 10.1.2.0/24
  2. Configure the actions that are taken when packets are received with the specified source addresses; they are logged, and they are passed to the sp1-route-table routing instance for routing via the sp1-route-table.inet.0 routing table.
    [edit firewall filter classify-customers term sp1-customers]
    user@host# set then log
    user@host# set then routing-instance sp1-route-table
  3. Configure the source addresses for SP2 customers.
    [edit firewall filter classify-customers term sp2-customers]
    user@host# set from source-address 10.2.1.0/24
    user@host# set from source-address 10.2.2.0/24
  4. Configure the actions that are taken when packets are received with the specified source addresses; they are logged, and they are passed to the sp2-route-table routing instance for routing via the sp2-route-table.inet.0 routing table.
    [edit firewall filter classify-customers term sp2-customers]
    user@host# set then log
    user@host# set then routing-instance sp2-route-table
  5. Configure the action to take when packets are received from any other source address; they are accepted and routed using the default IPv4 unicast routing table, inet.0.
    [edit firewall filter classify-customers term default]
    user@host# set then accept

Configuring Filter-Based Forwarding on Device P1

Step-by-Step Procedure

The following example requires you to navigate various levels in the configuration hierarchy. For information about navigating the CLI, see Using the CLI Editor in Configuration Mode in the CLI User Guide.
To configure the routing instances:
  1. Configure the interfaces.
    [edit interfaces fe-1/2/0]
    user@host# set unit 0 family inet address 172.16.0.10/30

    [edit interfaces fe-1/2/1]
    user@host# set unit 0 family inet address 172.16.0.13/30

    [edit interfaces fe-1/2/2]
    user@host# set unit 0 family inet address 172.16.0.17/30
  2. Assign the classify-customers firewall filter to router interface fe-1/2/0.0 as an input packet filter.
    [edit interfaces fe-1/2/0]
    user@host# set unit 0 family inet filter input classify-customers
  3. Configure connectivity, using either a routing protocol or static routing.
    As a best practice, disable routing on the management interface.
    [edit protocols ospf area 0.0.0.0]
    user@host# set interface all
    user@host# set interface fxp0.0 disable
  4. Create the routing instances that are referenced in the classify-customers firewall filter. The forwarding instance type provides support for filter-based forwarding, where interfaces are not associated with instances.
    [edit routing-instances]
    user@host# set sp1-route-table instance-type forwarding

    user@host# set sp2-route-table instance-type forwarding
  5. For each routing instance, define a default route to forward traffic to the specified next hop (PE1 and PE2 in this example).
    [edit routing-instances ]
    user@host# set sp1-route-table routing-options static route 0.0.0.0/0 next-hop 172.16.0.14

    user@host# set sp2-route-table routing-options static route 0.0.0.0/0 next-hop 172.16.0.18
  6. Associate the routing tables to form a routing table group. The first routing table, inet.0, is the primary routing table, and the others are secondary routing tables. The primary routing table determines the address family of the routing table group, in this case IPv4.
    [edit routing-options]
    user@host# set rib-groups fbf-group import-rib inet.0
    user@host# set rib-groups fbf-group import-rib sp1-route-table.inet.0
    user@host# set rib-groups fbf-group import-rib sp2-route-table.inet.0
  7. Specify the fbf-group routing table group within the OSPF configuration to install OSPF routes into the three routing tables.
    [edit protocols ospf]
    user@host# set rib-group fbf-group
  8. Commit the configuration when you are done.
    [edit]
    user@host# commit

Results

Confirm your configuration by issuing the show interfacesshow firewallshow protocolsshow routing-instances, and show routing-options commands.
user@host# show interfaces
fe-1/2/0 {
unit 0 {
family inet {
filter {
input classify-customers;
}
address 172.16.0.10/30;
}
}
}
fe-1/2/1 {
unit 0 {
family inet {
address 172.16.0.13/30;
}
}
}
fe-1/2/2 {
unit 0 {
family inet {
address 172.16.0.17/30;
}
}
}
user@host# show firewall
filter classify-customers {
term sp1-customers {
from {
source-address {
10.1.1.0/24;
10.1.2.0/24;
}
}
then {
log;
routing-instance sp1-route-table;
}
}
term sp2-customers {
from {
source-address {
10.2.1.0/24;
10.2.2.0/24;
}
}
then {
log;
routing-instance sp2-route-table;
}
}
term default {
then accept;
}
}
user@host# show protocols
ospf {
rib-group fbf-group;
area 0.0.0.0 {
interface all;
interface fxp0.0 {
disable;
}
}
}
user@host# show routing-instances
sp1-route-table {
instance-type forwarding;
routing-options {
static {
route 0.0.0.0/0 next-hop 172.16.0.14;
}
}
}
sp2-route-table {
instance-type forwarding;
routing-options {
static {
route 0.0.0.0/0 next-hop 172.16.0.18;
}
}
}
user@host# show routing-options
rib-groups {
fbf-group {
import-rib [ inet.0 sp1-route-table.inet.0 sp2-route-table.inet.0 ];
}
}

Verification

Confirm that the configuration is working properly.

Pinging with Specified Source Addresses

Purpose

Send some ICMP packets across the network to test the firewall filter.

Action

  1. Run the ping command, pinging the lo0.0 interface on Device PE1.
    The address configured on this interface is 172.16.1.1.
    Specify the source address 10.1.2.1, which is the address configured on the lo0.0 interface on Device PE3.
    user@PE3> ping 172.16.1.1 source 10.1.2.1
    PING 172.16.1.1 (172.16.1.1): 56 data bytes
64 bytes from 172.16.1.1: icmp_seq=0 ttl=62 time=1.444 ms
64 bytes from 172.16.1.1: icmp_seq=1 ttl=62 time=2.094 ms
^C
--- 172.16.1.1 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max/stddev = 1.444/1.769/2.094/0.325 ms
  2. Run the ping command, pinging the lo0.0 interface on Device PE2.
    The address configured on this interface is 172.16.2.2.
    Specify the source address 10.2.1.1, which is the address configured on the lo0.0 interface on Device PE4.
    user@PE4> ping 172.16.2.2 source 10.2.1.1
    PING 172.16.2.2 (172.16.2.2): 56 data bytes
64 bytes from 172.16.2.2: icmp_seq=0 ttl=62 time=1.473 ms
64 bytes from 172.16.2.2: icmp_seq=1 ttl=62 time=1.407 ms
^C
--- 172.16.2.2 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max/stddev = 1.407/1.440/1.473/0.033 ms

Meaning

Sending these pings activates the firewall filter actions.

Verifying the Firewall Filter

Purpose

Make sure the firewall filter actions take effect.

Action

  1. Run the show firewall log command on Device P1.
    user@P1> show firewall log
    Log :
Time      Filter    Action Interface     Protocol        Src Addr            Dest Addr
13:52:20  pfe       A      fe-1/2/0.0   ICMP            10.2.1.1            172.16.2.2
13:52:19  pfe       A      fe-1/2/0.0   ICMP            10.2.1.1            172.16.2.2
13:51:53  pfe       A      fe-1/2/0.0   ICMP            10.1.2.1            172.16.1.1
13:51:52  pfe       A      fe-1/2/0.0   ICMP            10.1.2.1            172.16.1.1
Posted by at No comments:
Subscribe to: Posts (Atom)