sed -i 's/#net.ipv4.ip_forward=1/net.ipv4.ip_forward=1/g' /etc/sysctl.conf
sysctl -p
apt -y install mtr tcpdump iftop kpartx ipmitool dnsutils ddrescue autossh whois unzip wget vim-conque golang git htpdate
cd /tmp
wget -c https://github.com/fatedier/frp/releases/download/v0.36.2/frp_0.36.2_linux_arm.tar.gz -O -| tar xz
cd frp_0.36.2_linux_arm
mkdir /etc/frp
sed -i 's/network.target/network.target ntpdate.service/g' systemd/frp{c,s}.service
install frp{c,s} /usr/bin/
install systemd/frp{c,s}.service /usr/lib/systemd/system/
install frp{c,s}.ini /etc/frp/
systemctl daemon-reload
systemctl enable frpc.service
systemctl start frpc.service
systemctl status frpc.servicefrpc.ini配置为默认.
附:
Nginx的stream四层转发串口方案
stream {
server {
listen 3501;
proxy_connect_timeout 15s;
proxy_timeout 30s;
proxy_pass unix:/dev/ttyUSB0;
#allow 333.333.333.0/24; #白名单IP段
#deny all;
}
server {
listen 3502;
proxy_connect_timeout 15s;
proxy_timeout 30s;
proxy_pass unix:/dev/ttyUSB1;
#allow 333.333.333.0/24; #白名单IP段
#deny all;
}
}
通过frp可以直接把串口丢到公网上去, 直接用telnet登陆进入串口.
telnet 公网IP 端口
frp和nginx主要做转发方案, 其他的还有隧道内网方案, 但基于没有独立IP的情况涉及第三方服务器服务, 像wireguard/ZeroTier/花生壳/蒲公英等等, 由于精力有限这里就暂时不涉及了. .
本文为草稿, 未完待续.
公网端
sed -i 's/#GatewayPorts no/GatewayPorts yes/g' /etc/ssh/sshd_config
service sshd restart
内网端-利用 AutoSSH 实现端口转发
yum install autossh -y -q
在内网主机 A 上,利用 AutoSSH 建立一条 SSH 隧道
autossh -M 4010 -NR 80:localhost:4000 [email protected] (-p PORT) ~/.ssh/id_rsa
参数解释:
“-M 4010”意思是使用内网主机 A 的 4010 端口监视 SSH 连接状态,连接出问题了会自动重连
“ -N”意思是不执行远程命令
“-R”意思是将远程主机(公网主机 B)的某个端口转发到本地指定机器的指定端口
can解释:
“80:localhost:4000”意思是将内网主机 A 的 4000 号端口转发至公网主机 B 的 80 号端口上
“[email protected]”意思是公网主机 B 的用户名和 IP
“-p xxxx”意思是公网主机 B 的 SSH 端口,如果是默认的 22 号端口,则可以不输入.
ssh几个常用参数说明
-f:SSH客户端在后台运行。
-C:压缩数据传输。
-N:仅做端口转发。
正向代理(-L):相当于iptable 的port forwarding.
反向代理(-R):相当于frp 或者ngrok.
socks5 代理(-D):相当于ss.
============================================================
简化使用ssh的config配置方法
$ cat ~/.ssh/config
Host Public-Server
HostName Remote-Public-Server-IP
User USERNAME
Port 22
IdentityFile ~/.ssh/id_rsa
LocalForward 80 localhost:4000
ServerAliveInterval 30
ServerAliveCountMax 3
手动启动运行(ssh和autossh用法都一样)
autossh -M 4010 -NR Public-Server
ssh -M 0 -f -T -N Public-Server
加入Systemd服务例子内容
#cat /lib/systemd/system/autossh.service
[Unit]
Description=autossh
Wants=network-online.target
After=network-online.target
[Service]
Type=simple
User=autossh
EnvironmentFile=/etc/default/autossh
ExecStart=
ExecStart=/usr/bin/autossh $SSH_OPTIONS
Restart=always
RestartSec=60
[Install]
WantedBy=multi-user.target
$ cat /etc/default/autossh
AUTOSSH_POLL=60
AUTOSSH_FIRST_POLL=30
AUTOSSH_GATETIME=0
AUTOSSH_PORT=22000
SSH_OPTIONS="-N -R 2222:localhost:22 example.com -i /home/autossh/.ssh/id_rsa"
systemctl daemon-reload
systemctl enable autossh
systemctl start autossh
直接ssh进行跳板连接转发
ssh -N -T -L Public-server-Port:<local server Host>:local-server-PORT [email protected]
shellinabox 这玩意也挺好用, ajax实现的web页面操作终端.
最近在弄远程访问串口以及一些项目, 很早前就知道有frp这个东西, 但是一直没用过.
主要是centos7安装部署, debian安装过程差不多,稍微变通一下.
frp分为公网端(frps)和内网端(frpc), 桌面端通过公网端的IP进入内网.
由于一般只运行一个端, 所以下面的配置全表以frp进行命名.
centos安装
yum install epel-release -y -q
yum install golang git wget -y -q
git clone https://github.com/fatedier/frp
cd frp
export GO111MODULE=on
export GOPROXY=https://goproxy.io
make
#由于一般只运行一个端, 下面的配置全表以frp进行命名, 所以此处的install根据情况选择一个进行使用.
#install bin/frps /usr/bin/frp
#install bin/frpc /usr/bin/frp
公网服务端配置
cat >/etc/frp.conf<<EOF
[common]
bind_addr = 0.0.0.0
bind_port = 7000
vhost_http_port = 8000
vhost_https_port = 8001
dashboard_port = 7500
privilege_token = 123456
dashboard_user = ubuntu
dashboard_pwd = 123
log_file = /var/log/frps.log
log_level = info
log_max_days = 3
max_pool_count = 5
authentication_timeout = 900
tcp_mux = true
EOF
内网端配置内容
cat >/etc/frp.conf<<EOF
[common]
server_addr = 服务器域名
server_port = 7000
# for authentication
privilege_token = 12345678
#if you want to connect frps by http proxy or socks5 proxy, you can set http_proxy here or in global environment variables
# it only works when protocol is tcp
# http_proxy = http://user:[email protected]:8080
# http_proxy = socks5://user:[email protected]:1080
# console or real logFile path like ./frpc.log
#log_file = /var/log/frpc.log
# trace, debug, info, warn, error
log_level = debug
log_max_days = 3
#启用压缩
use_compression = true
login_fail_exit = false
[ssh]
type = tcp
local_ip = 127.0.0.1
local_port = 22
remote_port = 2200
#http代理
[HTTP]
type = http
local_ip = 127.0.0.1
local_port = 8080
#自己的域名
custom_domains = xxxx
remote_port = 800
EOF
手动启动命令
frps -c /etc/frp.conf #启动公网服务端
frpc -c /etc/frc.conf #启动内网端
配置系统服务管理
cat>/lib/systemd/system/frp.service<<EOF
[Unit]
Description=fraps service
After=network.target syslog.target
Wants=network.target
[Service]
Type=simple
ExecStart=/usr/bin/frp -c /etc/frp.conf
[Install]
WantedBy=multi-user.target
EOF
systemctl daemon-reload
systemctl enable frps
systemctl start frps
=============================
debian配置守护进程启动
apt install supervisor -y
cat>/etc/supervisor/conf.d/frp.conf<<EOF
[program:frp]
command = /usr/bin/frp -c /etc/frp.conf
autostart = true
EOF
systemctl restart supervisor
思科的隧道默认是gre模式, 用tunnel mode ipip可以选择ipip模式
Cisco配置:
interface Tunnel0
ip address 172.16.1.1 255.255.255.0
ip tcp adjust-mss 1420
tunnel source 10.23.30.1
#tunnel mode ipip
tunnel destination 10.23.30.206
linux下的操作:
linux下的操作:
modprobe ip_gre
iptunnel add tun0 mode gre remote 10.23.30.1 local 10.23.30.206 ttl 225
ifconfig tun0 172.16.1.2/24
ifconfig tun0 up
ifconfig tun0 pointopoint 172.16.1.1
ifconfig tun0 multicast
思科隧道能玩的参数大致如下
tunnel bandwidth
tunnel checksum
tunnel destination
tunnel endpoint service-policy output
tunnel entropy
tunnel key
tunnel mode
tunnel path-mtu-discovery
tunnel rbscp ack_split
tunnel rbscp delay
tunnel rbscp input_drop
tunnel rbscp long_drop
tunnel rbscp report
tunnel rbscp window_stuff
tunnel route-via
tunnel sequence-datagrams
tunnel source
tunnel tos
tunnel ttl
tunnel vrftunnel bandwidth
tunnel checksum
tunnel destination
tunnel endpoint service-policy output
tunnel entropy
tunnel key
tunnel mode
tunnel path-mtu-discovery
tunnel rbscp ack_split
tunnel rbscp delay
tunnel rbscp input_drop
tunnel rbscp long_drop
tunnel rbscp report
tunnel rbscp window_stuff
tunnel route-via
tunnel sequence-datagrams
tunnel source
tunnel tos
tunnel ttl
tunnel vrf
interface g0/1
switchport trunk encapsulation dot1q
switchport mode trunk
switchport trunk native vlan 99
switchport trunk allowed vlan 1-100,111
Sw1(confit-if)#switchport access vlan 30
Sw1(confit-if)#switchport mode dotlq-tunnel Q-in-Q
switchport trunk encapsulation [dot1q | isl]
https://github.com/robcowart/elastiflow
https://hub.docker.com/r/elastiflow/flow-collector
树莓派空中串口透传工具
快速安装:在命令行执行
wget -qO- https://tech.biko.pub/resource/rpi-ws-uart-setup.sh | sudo bash
源码仓库:
https://github.com/hardcore-rpi/pilib/tree/main/packages/ws-uart
# 默认参数启动
sudo pilib-ws-uart
# 指定参数启动
sudo PORT=8081 UART_COM='/dev/ttyUSB1' UART_BAUD_RATE=9600 pilib-ws-uart
==========
# curl https://tech.biko.pub/resource/rpi-ws-uart-setup.sh
#!/bin/bash
set -e
echo "开始安装树莓派空中串口 pilib-ws-uart"
if ! command cnpm &> /dev/null
then
npm install -g cnpm --registry=https://registry.npm.taobao.org
fi
cnpm i pilib-ws-uart -g
echo "[电气罐头] 树莓派空中串口 pilib-ws-uart 安装完成"
echo "使用文档:https://tech.biko.pub/#/posts/rpi-ws-uart"
用yum和dnf都可以直接操作.
dnf install centos-release-stream
dnf distro-sync
cat /etc/centos-release
imapsync
yum -y -q install imapsync
imapsync --host1 mail.gmail.com \
--user1 [email protected] \
--password1 passwordold \
--host2 mail.newhost.com \
--user2 [email protected] \
--password2 passwordnew \
--ssl1 \
--ssl2
getmail
yum -y -q install getmail
mkdir -p /root/.getmail/maildir/{new,cur,tmp}
cat>/root/.getmail/getmailrc.buddha<<EOF
[retriever]
type = SimplePOP3Retriever
server = pop.qq.com #如果是gmail则改为pop.gmail.com
username = budda
password = password
[destination]
type = Maildir
path = ~/.getmail/maildir/ #就是刚才在~/.getmail/建立的目录,注意该目录下一定要有new,cur,tmp这三个子目录
[options]
read_all = False #只接受以前没有收取的邮件,如果改成True则收取邮箱中所有邮件
delete = False #下载邮件后不在服务器上删除该邮件,如果改成True则删除
EOF
getmail --rcfile=getmailrc.buddha
show ip bgp regexp ^6939
show ip bgp neighbors 100.64.163.1
show ip bgp neighbors 100.64.163.1 advertised-routes
Cisco BGP常用show命令
1.常用的show 命令
查看BGP路由表
XRV8#show ip bgp all
For address family: IPv4 Unicast
BGP table version is 217, local router ID is 10.255.255.8
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
*> 10.33.0.0/19 0.0.0.0 32768 i
*> 10.33.1.0/24 0.0.0.0 0 32768 i
*> 10.33.2.0/24 0.0.0.0 0 32768 i
*> 10.33.3.0/24 0.0.0.0 0 32768 i
查看BGP邻居表
XRV8#show ip bgp summary
BGP router identifier 10.255.255.8, local AS number 65002
BGP table version is 217, main routing table version 217
72 network entries using 10368 bytes of memory
76 path entries using 6080 bytes of memory
3/3 BGP path/bestpath attribute entries using 456 bytes of memory
1 BGP AS-PATH entries using 24 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP using 16928 total bytes of memory
BGP activity 140/68 prefixes, 220/144 paths, scan interval 60 secs
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
10.201.1.1 4 65000 95 89 217 0 0 01:08:02 4
10.201.2.1 4 65000 86 90 217 0 0 01:01:00 4
查看路由表中的BGP路由
XRV8#show ip route bgp
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override
Gateway of last resort is not set
10.0.0.0/8 is variably subnetted, 141 subnets, 4 masks
B 10.33.0.0/19 [200/0], 01:07:50, Null0
B 10.63.0.0/19 [20/0] via 10.201.2.1, 00:14:30
B 10.79.0.0/19 [20/0] via 10.201.2.1, 00:14:30
B 10.118.0.0/19 [200/0], 01:07:50, Null0
B 10.123.0.0/19 [200/0], 01:07:50, Null0
B 10.133.0.0/19 [20/0] via 10.201.2.1, 00:14:30
B 10.149.0.0/19 [200/0], 01:07:50, Null0
B 10.158.0.0/19 [20/0] via 10.201.2.1, 00:14:30
查看BGP路由含有某些特定路由的信息
XRV8#show ip route bgp | include 10.133.0.0
B 10.133.0.0/19 [20/0] via 10.201.2.1, 00:19:04
查看含有某些前缀的BGP路由信息
XRV8#show ip bgp 10.133.0.0
BGP routing table entry for 10.133.0.0/19, version 216
Paths: (2 available, best #2, table default)
Not advertised to any peer
Refresh Epoch 4
65000 65001, (aggregated by 65001 10.255.255.7)
10.201.1.1 from 10.201.1.1 (10.255.255.5)
Origin IGP, localpref 100, valid, external, atomic-aggregate
rx pathid: 0, tx pathid: 0
Refresh Epoch 4
65000 65001, (aggregated by 65001 10.255.255.7)
10.201.2.1 from 10.201.2.1 (10.255.255.6)
Origin IGP, localpref 100, valid, external, atomic-aggregate, best
rx pathid: 0, tx pathid: 0x0
查看某个特定的掩码区间的路由
XRV8#show ip bgp 10.133.0.0/16 longer-prefixes
BGP table version is 217, local router ID is 10.255.255.8
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
* 10.133.0.0/19 10.201.1.1 0 65000 65001 i
*> 10.201.2.1 0 65000 65001 i
查看起源于某个特定AS的路由
XRV8#show ip bgp regexp 65001$
BGP table version is 217, local router ID is 10.255.255.8
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
* 10.63.0.0/19 10.201.1.1 0 65000 65001 i
*> 10.201.2.1 0 65000 65001 i
* 10.79.0.0/19 10.201.1.1 0 65000 65001 i
*> 10.201.2.1 0 65000 65001 i
* 10.133.0.0/19 10.201.1.1 0 65000 65001 i
*> 10.201.2.1 0 65000 65001 i
* 10.158.0.0/19 10.201.1.1 0 65000 65001 i
*> 10.201.2.1 0 65000 65001 i
VRF
Usage Guidelines
This command is available for all IP-route tracked objects that are tracked by the track ip route global configuration command. Use this command to track a route that belongs to a specific VPN.
Examples
In the following example, the route associated with a VRF named VRF1 is tracked:
Router(config)# track 1 ip route 10.0.0.0 255.0.0.0 metric threshold
Router(config-track)# exit
Router(config)# ip vrf VRF1
Router(config-vrf)# rd 100:1
Router(config-vrf)# route-target both 100:1
!
Router(config)# interface ethernet0/2
Router(config-if)# no shutdown
Router(config-if)# ip vrf forwarding VRF1
Router(config-if)# ip address 10.0.0.2 255.0.0.0
Command | Description |
|---|
ip vrf forwarding | Associates a VPN VRF with an interface or subinterface. |
track ip route | Tracks the state of an IP route and enters tracking configuration mode. |
ip tcp adjust-mss
ip tcp adjust-mss 1452
ip mtu 1492
Examples
The following example shows the configuration of a PPPoE client with the MSS value set to 1452:
vpdn enable
no vpdn logging
!
vpdn-group 1
request-dialin
protocol pppoe
!
interface Ethernet0
ip address 192.168.100.1 255.255.255.0
ip tcp adjust-mss 1452
ip nat inside
!
interface ATM0
no ip address
no atm ilmi-keepalive
pvc 8/35
pppoe client dial-pool-number 1
!
dsl equipment-type CPE
dsl operating-mode GSHDSL symmetric annex B
dsl linerate AUTO
!
interface Dialer1
ip address negotiated
ip mtu 1492
ip nat outside
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication pap callin
ppp pap sent-username sohodyn password 7 141B1309000528
!
ip nat inside source list 101 interface Dialer1 overload
ip route 0.0.0.0 0.0.0.0 Dialer1
access-list 101 permit ip 192.168.100.0 0.0.0.255 any
原文地址https://www.cisco.com/en/US/docs/ios-xml/ios/ipapp/command/ip_tcp_adjust-mss_through_ip_wccp_web-cache_accelerated.html
go get github.com/cloudflare/goflow/cmd/goflow
cd ~/go/src/github.com/cloudflare/goflow/cmd/goflow
go install
goflow -kafka=false -nf -nf.addr 192.168.1.8 -nf.port 567
goflow -h
goflow -kafka=false -nf -nf.addr 192.168.1.8 -nf.port 5678
iRedMail
https://qing.su/article/158.html
香菇肥牛大佬写了些涨经验值的内容.
poste
https://poste.io/
基于docker的一个邮件投递系统
postal
https://postal.atech.media/
https://github.com/postalhq/postal/wiki/Quick-Install
用来专门投递邮件这玩意不错的.
mailu
https://mailu.io/
https://github.com/Mailu/Mailu
mailu这玩意是基于docker运行的, 看起来好像不错, 还没搭建过,
Mail-in-a-Box
https://mailinabox.email/
https://github.com/mail-in-a-box/mailinabox
指定在ubuntu上部署, ubuntu18可以安装, 还算比较不错的.
Zimbra和Modoboa好像还可以, 但还没搭建过.
未完待续
先挂一个rescue系统重启并进入,挂载/dev/sda5分区.
www.system-rescue-cd.org 可以下载, 用linux带rescue的iso也可以.
操作流程大致如下:
mkdir /mnt/sda5
mount /dev/sda5 /mnt/sda5
cp /mnt/sda5/state.tgz /tmp
cd /tmp
tar -xf state.tgz #(这一步对文件进行解压之后,会生成一个local.tgz的文件)
tar -xf local.tgz #(这一步操作结束后,tmp下会有一个etc目录)
vim etc/shadow #(把root的密码删掉)
rm -f /tmp/state.tgz /tmp/local.tgz
tar -zcvf local.tgz etc/
tar -zcvf state.tgz local.tgz
cp state.tgz /mnt/sda5/
- «
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- ...
- 55
- »
