backuppc

9 février 2012 informatique No comments

Sauvegarde avec backuppc

openvpn

9 février 2012 informatique No comments

OpenVPN

OS 6250 switch alcatel

9 février 2012 informatique No comments

os_sw_6250revB-3

Création de réseau local virtuel entre les machines – voir iptable nat

9 février 2012 informatique No comments

Vu sur internet

Il faut alors créer un réseau local virtuel entre les machines.
Créer une interface non reliée physiquement dans l’administration de Proxmox ; exemple :
Interface Actif Ports/Esclaves Addresse IP Masque Gateway
eth1 down
vmbr0 up eth0 88.190.25.xxx 255.255.255.0 88.190.25.1
vmbr1 up 10.0.1.254 255.255.255.0

Ensuite, activer l’ip-forwarding avec cette commande en SSH :

echo 1 > /proc/sys/net/ipv4/ip_forward

Il est possible de vérifier cette valeur avant et après avec la commande suivante (toujours en SSH) :

cat /proc/sys/net/ipv4/ip_forward

Puis il faut donner aux VMs l’accès à internet :

iptables -t nat -A POSTROUTING -o vmbr0 -s 10.0.1.0/24 -j MASQUERADE

Ensuite la redirection de port (dans cet exemple la VM a pour IP 10.0.1.2, et on redirige le port 3389, RDP) :

iptables -t nat -A PREROUTING -p tcp -d 88.190.25.xxx –dport 3389 -i vmbr0 -j DNAT –to-destination 10.0.1.2:3389

Pour voir les nat en cours :

iptables -t nat -n -L

Pour supprimer tous les nat en cours :

iptables -t nat -F

La VM dans cet exemple aura donc comme config IP :

IP : 10.0.1.2
Masque : 255.255.255.0
GW : 10.0.1.254
DNS1 : 88.191.254.60
DNS2 : 88.191.254.70

tftp on mac

9 février 2012 Non classé No comments

Many network devices are able to upload and download firmware and configurations via the TFTP protocol. I have found it useful to use this feature with Netopia ENT routers, as it enables me to make backups of client configurations, and update the firmware directly on my service laptop. OS X comes with tftpd preinstalled. On OS X Server, tftpd is utilized for NetBoot; however, on the standard client, the framework still exists.

In Tiger, most services that were previously configured using xinetd have been migrated to launchd. The new launchd service consults the settings located in /System » Library » LaunchDaemons and /Library » LaunchDaemons directories. By default, Tiger has tftp.plist installed, however, this should be modified to suit your needs.

First, back up the default tftp.plist as below:

cp /System/Library/LaunchDaemons/tftp.plist ~/Desktop/tftp.plist

The tftp.plist includes only one program argument: -i. This flag prohibits usage with realpath, which will translate relative links to a full path. I would recommend using this as well as the -s flag, which essentially chroots the environment. The entire contents of this modified file is as follows (note that there is no return within the <!DOCTYPE plist... statement):

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN"
        "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>InitGroups</key>
    <true/>
    <key>Label</key>
    <string>com.apple.tftpd</string>
    <key>ProgramArguments</key>
    <array>
        <string>/usr/libexec/tftpd</string>
        <string>-i</string>
        <string>-s</string>
        <string>/private/tftpboot</string>
    </array>
    <key>Sockets</key>
    <dict>
        <key>Listeners</key>
        <dict>
            <key>SockServiceName</key>
            <string>tftp</string>
            <key>SockType</key>
            <string>dgram</string>
        </dict>
    </dict>
    <key>inetdCompatibility</key>
    <dict>
        <key>Wait</key>
        <true/>
    </dict>
</dict>
</plist>

You may also wish to add the -l flag in the ProgramArguments block to enable logging requests to syslog. Consult the tftpd man pages for additional arguments. In 10.4, the /private/tftpboot directory already exists, so no other changes are necessary. The service may be started with the following command:

$ sudo launchctl load -w /System/Library/LaunchDaemons/tftp.plist

And stopped with:

sudo launchctl unload -w /System/Library/LaunchDaemons/tftp.plist

The TFTP protocol allows any user to read and write to files on your system, so keep this in mind when choosing the storage directory. As a minimal security measure, the files must already exist before writing to them, and must have write access by all users. In general usage, I will store firmware upgrades with read-only access. When capturing someone’s firmware configuration, I then perform the following:

$ cd /private/tftpboot
$ sudo touch netopia.conf
$ sudo chmod 666 netopia.conf

At this point, you’re ready to start using the service to store configurations as needed. For testing, you can perform the following:

$ cd ~/Desktop
$ echo "THIS IS A TEST" > netopia.conf
$ tftp localhost

This will open a tftp connection and switch to an interactive tftp session. Now perform the following:

tftp>verbose
tftp>put netopia.conf
tftp>quit

If there are no errors returned, all is working correctly. If not, check your firewall settings to ensure that UDP port 69 is open. Other issues may be due to syntax errors in the tftp.plist file.

« Older Entries Recent Entries »