Vyacheslav Gapon – personal blog, manuals, articles, notes, development
Suppose you registered ONT or it registered itself on BDCOM OLT as I described in this article – Configuring BDCOM P3310 EPON
Now to remove it from the configuration, connect to OLT and go into the configuration mode:
enable config
Continue reading “How to remove ONT from the BDCOM OLT configuration”
To enable access to the SSH server in IPTables, you must add a rule:
sudo iptables -A INPUT -p tcp --dport 22 -j ACCEPT
To open only a particular network, for example 192.168.0.0/24:
sudo iptables -A INPUT -s 192.168.0.0/24 -p tcp --dport 22 -j ACCEPT
You can also restrict access by the IP configuration of the SSH itself.
To remove a rule, we’ll specify the same command, replacing -A with -D, for example:
sudo iptables -D INPUT -p tcp --dport 22 -j ACCEPT
To view the list of rules, use the command:
sudo iptables -nvL
See also:
Installing and Configuring SSH
Configuring IPTables
On the test, I will install the Ministra TV Platform (formerly called Stalker Middleware) in Ubuntu Server 14.04 LTS.
First we will make a request for download by visiting the official website www.infomir.eu.
Unpack the downloaded archive:
sudo apt-get install unzip unzip stalker_portal-5.3.0.zip
Copy the files to the web server directory:
cp -a infomirgroup-stalker_portal* /var/www/stalker_portal
Install the necessary components:
sudo apt-get update sudo apt-get -y upgrade sudo apt-get install -y -u apache2 nginx memcached mysql-server php5 php5-mysql php-pear nodejs upstart sudo pear channel-discover pear.phing.info sudo pear install phing/phing
Create MySQL database and user:
mysql -u root -p CREATE DATABASE stalker_db; CREATE USER 'stalker'@'localhost' IDENTIFIED BY 'PASSWORD'; GRANT ALL PRIVILEGES ON stalker_db.* TO stalker@localhost IDENTIFIED BY '1' WITH GRANT OPTION; FLUSH PRIVILEGES; exit
If you need to change the settings in the /var/www/stalker_portal/server/config.ini configuration file, create a custom.ini file and add the parameters that you need to change:
sudo nano /var/www/stalker_portal/server/custom.ini
For example, the password for the database:
[database] mysql_pass = PASSWORD
Perform phing (this process can take a long time, also in my case the MySQL user root password was requested):
cd /var/www/stalker_portal/deploy/ sudo phing
In /etc/mysql/my.cnf we will specify:
max_allowed_packet = 32M
We activate short PHP tags in /etc/php5/apache2/php.ini:
short_open_tag = On
The libapache2-mod-php5filter package should not be installed on the system:
sudo apt-get purge libapache2-mod-php5filter
Let’s make a backup copy of the standard apache2 web server configuration and clear the file:
sudo cp /etc/apache2/sites-available/000-default.conf /etc/apache2/sites-available/000-default_backup.conf sudo nano /etc/apache2/sites-available/000-default.conf
Add to it:
<VirtualHost *:88>
ServerAdmin webmaster@localhost
DocumentRoot /var/www
<Directory /var/www/stalker_portal/>
Options -Indexes -MultiViews
AllowOverride ALL
Require all granted
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
Let’s change the port to Listen 88:
sudo nano /etc/apache2/ports.conf
Restart apache2 to apply the changes:
sudo service apache2 restart
Let’s make a backup copy of the standard nginx web server configuration and clear the file:
sudo mv /etc/nginx/sites-available/default /etc/nginx/sites-available/default_backup sudo nano /etc/nginx/sites-available/default
Add to it:
server {
listen 80;
server_name localhost;
location / {
proxy_pass http://127.0.0.1:88/;
proxy_set_header Host $host:$server_port;
proxy_set_header X-Real-IP $remote_addr;
}
location ~* \.(htm|html|jpeg|jpg|gif|png|css|js)$ {
root /var/www;
expires 30d;
}
}
Restart nginx to apply the changes:
sudo service nginx restart
Now you can open the browser interface administrator interface http://SERVER/stalker_portal, login – admin, password – 1.
And the client – http://SERVER/stalker_portal/c/
To delete a Uber account, you must:
1) Open the application
Continue reading “How to delete a Uber account”I noticed once on one of the servers that the RX overruns value is growing slightly.
I executed several commands (where p2p1 and p2p2 are the names of network interfaces):
ifconfig p2p1 ifconfig p2p2
Only the value of RX overruns increased by 10 packets every second, with traffic at about 2Gb/s (100,000 packets per second).
The server was equipped with the network adapter “HP NC552SFP 10Gb 2-Port Ethernet Server Adapter” with a network controller from Emulex.
Having looked the size of the maximum and current buffer:
ethtool -g p2p1 ethtool -g p2p2
Found that the buffers are set to maximum, TX buffer is 4096, and the maximum possible RX buffer was only 512.
See also my article – Changing TX and RX network interface buffers in Linux
Having looked at the correct distribution of network card interrupts over the processor cores:
grep p2p1 /proc/interrupts
Found that the network adapter has 4 IRQ interrupts maximum, and irqbalance accordingly allocated them to 4 cores, and the processor cores are 24.
The problem was solved by replacing the network adapter with a more expensive one – “665249-B21 HP 10Gb 2-port 560SFP + Adapter” with an Intel 82599 network controller.
After that, an error was not observed, RX and TX buffers were 4096, and IRQ was distributed to all 24 cores.
After a couple of days, the error counters remained at zero:
p2p1 RX packets:62535001155 errors:0 dropped:0 overruns:0 frame:0
TX packets:36343078751 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:77395016742081 (77.3 TB) TX bytes:10991051263063 (10.9 TB)
p2p2 RX packets:35672087256 errors:0 dropped:0 overruns:0 frame:0
TX packets:58598868464 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:10996254475480 (10.9 TB) TX bytes:73378418623349 (73.3 TB)
Probably the previous network adapter was some kind of truncated version, since the price was two times lower, and in general for serious purposes it is better to use network adapters with a controller from Intel.
See also my article – Configuring the Network in Linux
To make a bootable USB flash drive with CAINE, perform several actions:
1) Download the image CAINE from the official site www.caine-live.net
2) Download Universal USB Installer http://www.pendrivelinux.com/universal-usb-installer-easy-as-1-2-3/
3) We connect the USB flash drive to the computer and run the Universal USB Installer. In it, we agree with the license agreement by clicking “I Agree“, in the second window where “Step 1:” choose “CAINE Linux“, where “Step 2” click “Browse” and point to the downloaded image of CAINE (for example, caine9.0.iso). In “Step 3:” select the letter of the flash drive, tick the “Format” (this will re-partition the file system table and erase all the data on the USB flash drive).
4) Click “Create” and wait for the process to complete.
Iperf — cross-platform console client-server program – a TCP and UDP traffic generator for testing network bandwidth.
Continue reading “iperf – testing network bandwidth”Let’s look at the current IPTables rules:
iptables -nvL
To open a port for the Iperf server, add the rule:
sudo iptables -A INPUT -p tcp --dport 5001 -j ACCEPT
To open a port for a specific IP or network:
sudo iptables -A INPUT -s 192.168.5.11/32 -p tcp --dport 5001 -j ACCEPT
See also my articles:
Configuring IPTables
Testing network bandwidth with Iperf
First, download the new firmware from the official website of D-Link
http://forum.dlink.ru/viewtopic.php?f=2&t=92700
https://ftp.dlink.ru/pub/Switch/DES-3028/Firmware/
First of all, let’s look at the current IPTables rules:
iptables -nvL
To open the ntopng port, add the rule:
sudo iptables -A INPUT -m tcp -p tcp --dport 3000 -j ACCEPT
To open the ntopng port for a specific network or IP only:
sudo iptables -A INPUT -m tcp -p tcp --dport 3000 -s 10.0.0.0/24 -j ACCEPT
See also my articles:
Configuring IPTables
Install and configure ntopng