Rexxer

Some tips for me and other

FreeBSD

IPSEC + multilpe networks

I had to configure access from other local networks to remote site via IPSEC. My environment: FreeBSD + PFSense. I tried to add an additional SA to the both systems but that didn’t work. I read this document: https://doc.pfsense.org/index.php/IPsec_with_Multiple_Subnets and did such a way: Supernetting Example At Site A, there is one subnet, 10.0.0.0/24. This […]

Grep + Parse IPs

grep -o ‘[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}’ file.txt

FTP-log + get IP-addresses

cat ftp.txt | grep incorrect | awk ‘{print $8};’ | tr -d “(” | tr -d “)>” | sort -u

PFSense + import DHCP-mappings from dhcpd.conf

I wanted migrate my static mapping from my dhcpd.conf to PFSense. Script to parse data from dhcpd.conf to xml-text: #!/usr/bin/awk -f # # Author: Matt Pascoe – matt@opennetadmin.com # Forked: Konstantin Shalygin – kostya@opentech.ru # Forked2: Rexxer, for PFSense # USAGE: # ./dhcpparse.awk /etc/dhcpd.conf # Note that for hosts, it will try a reverse lookup […]

DHCPD + Classes e.g. MAC-address

subnet 192.168.30.0 netmask 255.255.255.0 { option routers 192.168.30.1; option domain-name-servers 192.168.30.11, 192.168.30.2; class “Hyper-V” { match if substring(hardware,1,3) = 00:15:5d; } class “VMWare” { match if substring(hardware,1,3) = 00:0c:29; } class “Winemu” { match if substring(hardware,1,3) = 00:03:ff; } pool { range 192.168.30.100 192.168.30.130; allow members of “Hyper-V”; } pool { range 192.168.30.131 192.168.30.160; allow […]

Tcpdump examples

See the list of interfaces on which tcpdump can listen: tcpdump -D Listen on interface eth0: tcpdump -i eth0 Listen on any available interface (cannot be done in promiscuous mode. Requires Linux kernel 2.2 or greater): tcpdump -i any Be verbose while capturing packets: tcpdump -v Be more verbose while capturing packets: tcpdump -vv Be […]

My case: arplookup 0.0.0.0 failed: host is not on local network

I got strange messages in log: kernel: arplookup 0.0.0.0 failed: host is not on local network. When I tried to resolve it for the first time different people in different blogs wrote that it’ok – don’t mind about it. Someone adviced turning off the arp logging but I didn’t want. I decided to inspect this […]

DHCP debugging with tcpdump

http://sysadmin.wikia.com/wiki/DHCP_debugging_with_tcpdump tcpdump filter to match DHCP packets including a specific Client MAC Address: tcpdump -i br0 -vvv -s 1500 ‘((port 67 or port 68) and (udp[38:4] = 0x3e0ccf08))’ tcpdump filter to capture packets sent by the client (DISCOVER, REQUEST, INFORM): tcpdump -i br0 -vvv -s 1500 ‘((port 67 or port 68) and (udp[8:1] = 0x1))’

PFSense + FreeBSD + Multicore = ISSUE

I installed FreeBSD 10 on a multicore server and got strange behavior – network connections were slow and I got many timeouts with 1 client only. The same situation with PFSense 2.2.1 on a multicore server (Atom 8 cores) – server even hangs without any loads. The cause: the maximum of mbclusters were riched – […]

PFSense + DHCP issues from provider

I met a strange issue with an internet channel from my provider: it doesn’t assign an IP (PFSense gets 0.0.0.0 and the provider blocks me) via DHCP or the channel stops working(IP is assigned). I suppose provider has got several DHCP-servers and they are configured with to much security. So, I wrote a script to […]

Previous Posts