Adding an ONT with trunk port to Huawei SmartAX MA5683T

Here is an example of adding ONT so that at the output of the ethernet port all VLANs are tagged.
Suppose OLT is configured for my article – Configuring Huawei SmartAX MA5683T through the console.
ONT for the test I’ll take TP-Link GP110 with the configured mode transparent and off DHCP, well, in fact with other single-port ethernet ONT setting is similar.

Continue reading “Adding an ONT with trunk port to Huawei SmartAX MA5683T”

How to disable Windows 10 updates

I’ll describe several options for disabling Windows 10 updates:

1) Disable the update service.
Open the “ Services ” window through the Control Panel, or press the Win+R key combination and in the “ Run ” window, enter:

services.msc

In the list of services, usually at the end, we find “ Windows Update” , click on it with the left mouse button twice, in the opened window, select “ Startup Type: Disabled “and click the” Stop “button, then click” OK “and close the windows.

2) You can disable the automatic downloading of drivers from the Internet.
Using the Win+R keys, open the “ Run ” window and enter:

rundll32 newdev.dll,DeviceInternetSettingUi

In the window that opens, select “ No, give the option to select “, then for example “ Never install drivers from Windows Update ” and click the “ Save “.

3) You can hide updates by running the official utility Show or hide updates and tapping “Hide updates“.

4) You can also turn on the “ Set as limit connection ” radio button for any network connection by going to “ Settings ” – “ Network and Internet ” and selecting the network connection, after that Windows will not download updates via this network connection.

5) Open the “Local Group Policy Editor” by pressing the Win+R keys and typing:

gpedit.msc

Select “ Computer Configuration ” -> “ Administrative Templates ” -> “ Windows Components ” -> “ Windows Update “, then on the right” Set up automatic updates “. In the window that opens, select “ Enabled ” and the desired option, for example, “ Download notification and Automatic installation “.

How to fix error “host NAME greeted me with my own hostname NAME”

I noticed once on one server that Postfix does not always send mail, the logs had the following error:

warning: host NAME[192.168.5.5]:25 greeted me with my own hostname NAME

After seeing the host name:

hostname -f

Found that it is not correct and coincides with that on which the mail is sent!

Changed the host name to the correct one in the following files (in the nano editor Ctrl+X to exit, y/n to save or cancel changes):

sudo nano /etc/hostname
sudo nano /etc/postfix/main.cf
sudo nano /etc/hosts

Done, after that the error did not appear and the mail was successfully delivered.

Redmine Backup

Create a script (in the text editor nano Ctrl+X to exit, y/n to save or cancel changes):

sudo nano /etc/cron.daily/redmine

Sample script content:

#!/bin/sh
/usr/bin/mysqldump -u root -p<password> redmine_default | gzip > /path/to/backups/redmine_db_`date +%y_%m_%d`.gz
rsync -a /var/lib/redmine/default/files /path/to/backups/files

Let’s make the script executable:

chmod +x /etc/cron.daily/redmine

In the script, you can also add the command to delete old files or directories so that the disk does not overflow, see my article – Script to delete old files

See also other my articles about backup – Backup

How to fix error “dhcpd self-test failed. Please fix the config file”

I noticed once in the syslog:

dhcpd self-test failed. Please fix the config file

Isc-dhcp-server was installed on the server.

To check the correctness of the configuration file, use the command:

dhcpd -t
dhcpd -t -cf /dir/dhcpd.conf
/usr/sbin/dhcpd -t

The command should tell which line the error is, but noted that if it is not critical, it may not.
The key “t” executes the configuration test, and “cf” allows you to specify the path to the configuration file if it is not standard.

In my case, in the configuration file /etc/dhcp/dhcpd.conf, someone made a typo, in the line below (there was an extra letter):

authorivtative;

Because of this, an error occurred, but despite the error dhcp worked.
Although there were also some critical errors, such as an incorrectly written mac address, DHCP did not start because of this error.

How to fix error Failed binding to authentication address * port 1812: Address already in use freeradius

I once ran FreeRADIUS in debug mode:

sudo radiusd -X

And I noticed the following error:

Failed binding to authentication address * port 1812: Address already in use freeradius
/usr/local/freeradius/etc/raddb/radiusd.conf[84]: Error binding to port for 0.0.0.0 port 1812

The error indicates that the address is already in use, so you need to stop the running FreeRADIUS process, look for it and see what’s running on the ports:

sudo ps ax | grep radius
sudo netstat -tulpn | grep :1812
sudo netstat -tulpn | grep :1813
sudo netstat -tulpn | grep :67

In my case, /usr/sbin/radiusd was already started, it can be terminated by PID:

sudo kill -9 PID

Or so:

sudo /etc/init.d/radiusd status
sudo /etc/init.d/radiusd stop
sudo /etc/init.d/freeradius stop

How to disable Windows Defender in Windows 10?

I’ll describe several options for disabling the Windows Defender in Windows 10:

1) The easiest option is to open the menu “Start“, then “ Settings ” (small gear) – “ Update and Security “, on the left, select the section “ Windows Defender ” and turn off real-time protection.

2) The second option, press the combination of keys Win+R and enter the command “ gpedit.msc “, the editor of the group local policy will open.
Then go to “ Computer Configuration ” – “ Administrative Templates ” – “ Windows Components ” – “ Endpoint Protection ” , right-click on “ Disable Endpoint Protection ” and “ Change “, select “ Enabled ” in the opened window and click “ OK “(to select it back you need to select “Not set”).

3) Click Win+R and type “ regedit ” to start the Registry Editor.
In the Registry Editor window, select “ HKEY_LOCAL_MACHINE ” – “ SOFTWARE ” – “ Policies ” – “ Microsoft ” – Windows Defender “.
In the right part of the window, right-click on “ DisableAntiSpyware ” and “ Change “, and set the value to 1 (to turn on Windows Defender return 0).
If “DisableAntiSpyware” is not present, then right-click on “Windows Defender” – “Create” – “DWORD parameter (32 bits)”, enter “DisableAntiSpyware” and set the value to 1.

Installing and using dhcping

dhcping – a utility for checking DHCP-servers using unicast packages.

In Ubuntu, you can install dhcping with the command:

sudo apt-get install dhcping

First let’s see what IP-addresses are received and from which gateway:

ifconfig
route
netstat -rn | grep default

Also you can see the information received from DHCP in the directory /var/lib/dhcp/.

In my case, IP is received from the DHCP server 10.0.2.2.
Here’s an example of running dhcping:

dhcping -s 10.0.2.2

If the DHCP server responds, the following information will be displayed:

Got answer from: 10.0.2.2

If there is no answer:

no answer

I’ll describe the dhcping startup keys:
-v (detailed mode)
-V (very detailed mode)
-i (use DHCPINFORM packets)
-r (use DHCPREQUEST packets (standard))
-q (quiet mode)
-t maxwait (response timeout, standard 3 seconds)
-c IP (request the specified IP)
-s IP (send request to specified IP)
-h MAC (use the specified MAC address in the request)
-g IP (use the specified IP gateway in the packet)

Installing and Configuring HAProxy on Linux

HAProxy – proxy server for load balancing of TCP and HTTP applications, a method of distribution to multiple servers.

The Haproxy installation command in Ubuntu / Debian:

sudo apt-get install haproxy

For CentOS:

yum install haproxy

To view the installed version, you can use the command:

haproxy -v

We will check whether it will automatically start when the system is turned on, there should be ENABLED = 1 (in the nano editor CTRL+X to exit, y/n to save or cancel changes):

sudo nano /etc/default/haproxy

In CentOS, simply execute the command:

chkconfig haproxy on

Make a copy of the configuration file just in case:

sudo cp /etc/haproxy/haproxy.cfg{,.original}

Open the main configuration file in the editor:

sudo nano /etc/haproxy/haproxy.cfg

I will give an example of a configuration:

global
    log /dev/log    local0
    log /dev/log    local1 notice
    chroot /var/lib/haproxy
    user haproxy
    group haproxy
    daemon

defaults
    log     global
    mode    http
    option  httplog
    option  dontlognull
    contimeout     5000
    clitimeout     50000
    srvtimeout     50000
    errorfile 400 /etc/haproxy/errors/400.http
    errorfile 403 /etc/haproxy/errors/403.http
    errorfile 408 /etc/haproxy/errors/408.http
    errorfile 500 /etc/haproxy/errors/500.http
    errorfile 502 /etc/haproxy/errors/502.http
    errorfile 503 /etc/haproxy/errors/503.http
    errorfile 504 /etc/haproxy/errors/504.http
    retries 3
        
listen webfarm 0.0.0.0:80
    mode http
    stats enable
    stats uri /haproxy?stats
    stats auth user:password
    maxconn 5000
    balance roundrobin
    option httpclose
    option forwardfor
    server webserver01 192.168.88.50:80 check
    server webserver02 192.168.88.51:80 check

Parameter maxconn 5000 defines the maximum number of simultaneous connections, 0 is used to remove the limit, if not specified, it will be standard 2000.

For example, to use Apache2 on the same local machine, change its /etc/apache2/ports.conf and /etc/apache2/sites-enabled/ configuration files from 80 to 81 for example, and /etc/haproxy/haproxy. cfg we indicate:

server webserver01 0.0.0.0:81 check

Each time after a configuration change, you must restart:

sudo service apache2 restart
sudo service haproxy restart

This completes the installation and the basic configuration of HAProxy.