Skip to content

HOWTO: Linux iproute2 vlan configuration a.k.a. Using ip command for managing vlans on linux

  • Create new VLAN with id 100 and interface name eth0.100 , configure it over eth0 physical link and add INET settings on it:
# ip link add link eth0 name eth0.100 type vlan id 100
# ip link set dev eth0.100 up
# ip addr add a.b.c.1/24 brd 1.b.c.255 dev eth0.100
  • Bringing Down the vlan interface (device) and permanently remove vlan tag (vlan interface)
# ip link set dev eth0.100 down
# ip link delete eth0.100

     

  • Some Informational commands:
# ip -d link show eth0.100
# ip -d addr show

 

 

Bookmarks: https://wiki.archlinux.org/index.php/VLAN

Advertisements

QUICK HowTo: Linux Policy Routing by ip-src

Show and/or Listing the routing tables:

 # ip rule show
 # ip rule list
 # ip route list table local
 # cat /etc/iproute2/rt_tables

Add (append) route table with index number 100 to match before table: main and table: default

# echo 100 AS207172 >> /etc/iproute2/rt_tables
 # cat /etc/iproute2/rt_tables
 # ip rule add from A.B.C.0/25 table AS207172
 # ip rule list
 # ip route add default via A.B.C.2 dev eth1.100 table AS207172
 # ip rooute flush cache
 # ip route flush cache

Ping with src IP thru the new default gateway to confirm the ip-src routing:

# ping -I A.B.C.7 dir.bg

 

Use parameters:

  • Our new source network: A.B.C.0/25
  • Our new routing table name: AS207172

FIX (SOLUTION): Default perl version during portmaster -a upgrade mishmash and error: pkg-static: perl5-x.xx.x conflicts with perl5.xx-x.xx.x (installs files into the same place). Problematic file: /usr/local/bin/perl5.xx.x

The WARNING:

===> Cleaning for perl5.24-5.24.3
##################################################
This is *NOT* the DEFAULT perl version
It will *NOT* install /usr/local/bin/perl
It will *ONLY* install /usr/local/bin/perl5.24.3
The default Perl version currently is 5.20.
If you want to use this version as the default,
stop the build now, add this line to your
/etc/make.conf, and then restart the build.

DEFAULT_VERSIONS+=perl5=5.24

############################################

The PROBLEM:

 # cd /usr/ports/lang/perl5.24
 # make reinstall

===> Installing for perl5-5.24.3
===> Registering installation for perl5-5.24.3
[hostname] Installing perl5-5.24.3…
pkg-static: perl5-5.24.3 conflicts with perl5.24-5.24.3 (installs files into the same place). Problematic file: /usr/local/bin/perl5.24.3
*** Error code 70
Stop.
make[2]: stopped in /usr/ports/lang/perl5.24
*** Error code 1
Stop.
make[1]: stopped in /usr/ports/lang/perl5.24
*** Error code 1
Stop.
make: stopped in /usr/ports/lang/perl5.24

The SOLUTION / a.k.a. SOLVED:

# pkg version|grep perl

perl5.22-5.22.4 =
perl5.24-5.24.3 ?
# pkg set -n perl5.24=perl5
pkg: Wrong format for -n. Expecting oldname:newname, got: perl5.24=perl5

# pkg set -n perl5.24:perl5
 Change name from perl5.24 to perl5 for perl5.24-5.24.3? [y/N]: y

… and then

 # portmaster -a OR just make reinstall will succeed.

QUICK: FreeBSD csh shortcut (bindkey) for Delete button

Add  bindkey to your csh rc script for the delete-char, eg this line:  bindkey “\e[3~” delete-char , in this file: ~/.cshrc

For MAC keyboards the usual kbd-combo for Delete button is: fn+Backspac

 

Here is example of .cshrc file with the Delete button binding added.

# cat .cshrc

# $FreeBSD: releng/10.2/etc/root/dot.cshrc 243893 2012-12-05 13:56:39Z eadler $
#
# .cshrc – csh resource script, read at beginning of execution by each shell
#
# see also csh(1), environ(7).
# more examples available at /usr/share/examples/csh/
#

alias h history 25
alias j jobs -l
alias la ls -aF
alias lf ls -FA
alias ll ls -lAF

# A righteous umask
umask 22

set path = (/sbin /bin /usr/sbin /usr/bin /usr/games /usr/local/sbin /usr/local/bin $HOME/bin)

setenv EDITOR vi
setenv PAGER more
setenv BLOCKSIZE K

if ($?prompt) then
# An interactive shell — set some stuff up
set prompt = “%N@%m:%~ %# ”
set promptchars = “%#”

set filec
set history = 1000
set savehist = (1000 merge)
set autolist = ambiguous
# Use history to aid expansion
set autoexpand
set autorehash
set mail = (/var/mail/$USER)
if ( $?tcsh ) then
bindkey “^W” backward-delete-word
bindkey “\e[3~” delete-char
bindkey -k up history-search-backward
bindkey -k down history-search-forward
endif

endif

 

QUICK: let’s encrypt cert-auto : auto generate + config + run ssl certificates for nginx and apache on Linux Only

let’s encrypt cert-auto :

auto generate + config + run ssl certificates for nginx and apache on Linux Only

 

# curl https://dl.eff.org/certbot-auto -o certbot-auto

% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 57312 100 57312 0 0 10055 0 0:00:05 0:00:05 –:–:– 13684

# chmod +x certbot-auto
# ./certbot-auto

Bootstrapping dependencies for Debian-based OSes… (you can skip this with –no-bootstrap)

Enter email address (used for urgent renewal and security notices) (Enter ‘c’ to
cancel): ……..@remote-admins.com

(A)gree/(C)ancel: A


(Y)es/(N)o: N

Which names would you like to activate HTTPS for?
——————————————————————————-
1: …………….
2: …………….
3: …………….
4: tickets.remote-admins.com
——————————————————————————-

Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter ‘c’ to cancel): 3 4

Obtaining a new certificate
Performing the following challenges:
tls-sni-01 challenge for …………………
tls-sni-01 challenge for tickets.remote-admins.com
Enabled Apache socache_shmcb module
Enabled Apache ssl module
Waiting for verification…
Cleaning up challenges….

……… some other lines of info, if interaction: read and then do

…………………………………………………………………………………………………….
Created an SSL vhost at /etc/apache2/sites-enabled/004-tickets-le-ssl.conf
Deploying Certificate for tickets.remote-admins.com to VirtualHost /etc/apache2/sites-enabled/004-tickets-le-ssl.conf

Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
——————————————————————————-
1: No redirect – Make no further changes to the webserver configuration.
2: Redirect – Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you’re confident your site works on HTTPS. You can undo this
change by editing your web server’s configuration.
——————————————————————————-

Select the appropriate number [1-2] then [enter] (press ‘c’ to cancel): 2

Redirecting vhost in /etc/apache2/sites-enabled/000-default.conf to ssl vhost in /etc/apache2/sites-enabled/000-………………….-le-ssl.conf
Redirecting vhost in /etc/apache2/sites-enabled/004-tickets.conf to ssl vhost in /etc/apache2/sites-enabled/004-tickets-le-ssl.conf

——————————————————————————-
Congratulations! You have successfully enabled https://………………………….
and https://tickets.remote-admins.com

and that’s all.

Thats a cheatsheet shit, please if you  copy/paste do not flood me with questions.

If anything goes wrong  you will have to search for sysadmin

FIX: GPG error: http://www.deb-multimedia.org jessie InRelease: The following signatures couldn’t be verified because the public key is not available: NO_PUBKEY 5C808C2B65558117

……on the command line:

The Reason:

 # apt-get update

The Error:

  W: GPG error: http://www.deb-multimedia.org jessie InRelease: The following signatures   couldn't be verified because the public key is not available: NO_PUBKEY  5C808C2B65558117

The Solution:

 # apt-get install deb-multimedia-keyring
 # apt-get update

FIX: Windows Server 2016 Auto Restarting with Reason Code: 0x80020010 (or HOWTO: stop WinSRV2016 autoUpdates and autoRestarts!!)

The EventLog logged event by the issue is:

The process C:\WINDOWS\system32\svchost.exe (“servername”) has initiated the restart of computer “servername” on behalf of user NT AUTHORITY\SYSTEM for the following reason: Operating System: Service pack (Planned)
Reason Code: 0x80020010
Shutdown Type: restart

After Disabling of Automatic Updates in Settings/WindowsUpdates in the local Settings interface ‘Settings’ , the server continue to auto update critical updates and auto-restart after it, WITHOUT any notification.

Here is howto stop this madness!?. There are some other methods described in windows documentation ( read the docs: https://docs.microsoft.com/en-us/windows/deployment/update/waas-wu-settings ), but still to edit the Group Policy is best practice for managing windows updates in details, granular.

so, Open the Edit Group Policy interface, and navigate to:

Computer Configuration\Administrative Templates\Windows Components\Windows update\Configure Automatic Update , the set it to ENABLE and choose OPTION 2.

and that’s should be what it says to be, but still , i will update this post if it’s not. 🙂

Here is a Exported_list file from the particular section, you can just import with in your group policy

Aaand The Exported Export-List txt file content:

Setting State Comment
Defer Windows Updates
Setting State Comment
Do not display 'Install Updates and Shut Down' option in Shut Down Windows dialog box Not configured No
Do not adjust default option to 'Install Updates and Shut Down' in Shut Down Windows dialog box Not configured No
Enabling Windows Update Power Management to automatically wake up the system to install scheduled updates Not configured No
Turn off auto-restart for updates during active hours Not configured No
Always automatically restart at the scheduled time Not configured No
Specify deadline before auto-restart for update installation Not configured No
Configure Automatic Updates Enabled Yes
Specify intranet Microsoft update service location Not configured No
Automatic Updates detection frequency Not configured No
Do not allow update deferral policies to cause scans against Windows Update Not configured No
Remove access to use all Windows Update features Not configured No
Do not connect to any Windows Update Internet locations Not configured No
Allow non-administrators to receive update notifications Not configured No
Do not include drivers with Windows Updates Enabled Yes
Turn on Software Notifications Not configured No
Allow Automatic Updates immediate installation Not configured No
Turn on recommended updates via Automatic Updates Not configured No
No auto-restart with logged on users for scheduled automatic updates installations Not configured No
Re-prompt for restart with scheduled installations Not configured No
Delay Restart for scheduled installations Not configured No
Reschedule Automatic Updates scheduled installations Not configured No
Enable client-side targeting Not configured No
Allow signed updates from an intranet Microsoft update service location Not configured No

rom the original microsoft’s doc, here is some details about the configured OPTION 2:

Read more…