Posted by jpluimers on 2017/04/26
When halt is not a real halt but a “disabling” of the CPU.
A while ago I wrote about OpenSuSE 12.x not halting after a halt:
The same holds for more recent OpenSuSE systems, but ESXi would never tell what was going on.
Recently I installed an OpenSuSE Tumbleweed system under VMware Fusion (running on Mac OS X) which indicated “The CPU has been disabled by the guest operating system.”
Log indicates a “Shutdown” which in fact is a CPU not powered down.
Which — Understanding the message: The CPU has been disabled by the guest operating system (2000542) | VMware KB [WayBack] — means that
halt will not power down the VM but perform a CLI + HLT on the CPU. This effectively hangs the CPU even though the console log on the right tells does a real Shutdown.
In the past – even under ESXi – a
halt would just power down the system, so based on the above I did more digging and fount this very interesting answer in rhel – What is the difference between these commands for bringing down a Linux server? – Unix & Linux Stack Exchange [WayBack] which comes down to:
- on a systemd [WayBack] based system commands like
shutdown all invoke systemctl [WayBack] calling for a specific target [WayBack].
- mapping of targets and commands is as follows (quoted from the answer):
systemctl isolate halt.target has the shorthands:
shutdown -H now
- plain unadorned
systemctl isolate reboot.target has the shorthands:
shutdown -r now
- plain unadorned
systemctl isolate poweroff.target has the shorthands:
shutdown -P now
- plain unadorned
systemctl isolate rescue.target has the shorthands:
systemctl isolate multi-user.target has the shorthands:
systemctl isolate graphical.target has the shorthand:
For a SysV [WayBack] init runlevels versus systemd targets see:
The systemd parameters making things a bit confusing, for instance you can do
reboot --halt and more of those shown in linux – Are there any good reasons for halting system without cutting power? – Super User [WayBack].
That also explains that
halt without a powerdown can be useful: it for instance gives the end-user the opportunity to click the reset button instead of the power button after a halt.
Posted in Power User, *nix, Linux, SuSE Linux, openSuSE, Tumbleweed, SysVinit, systemd | Leave a Comment »
Posted by jpluimers on 2017/04/25
MikroTik has great hardware, but getting things to work can be a bit ehm intimidating.
So here are some links that were useful getting my CCR1009 and CRS226 configurations to do what I wanted.
- Saving your configuration (two possibilities: binary backup file which only works on the same physical model device, or text based configuration export script that you can import back to any model).
- Choosing ports for WAN and LAN
- Never ever use the domain named .local for your local domain if you have Apple devices in your network:
- Many people like Winbox because they prefer visual configuration. Others like the web or terminal interface better (the terminal is especially useful for scripts)
- Manual:First time startup – MikroTik Wiki (default password for admin is empty; WinBox and web-interface are available on WAN *and* LAN interfaces!)
- One of the first things I did was binding some ports to use LAN and others to use WAN. The LAN ports are in a bridge: Configure one port for WAN and others for LAN – MikroTik RouterOS
- Manual:IP/DHCP Server – MikroTik Wiki and Manual:IP/Pools – MikroTik Wiki
- I had a lot of DHCP entries on my LAN before switching to the MikroTik for which some I wanted to add statically. Couldn’t find out how to do that in the IP pool, but it appeared there is a different way to do it:
- Assign fixed / static IP address via Mikrotik DHCP server
- the MAC address cab be either (:) separated or minus (-) separated. And yes: there is a RegEx for that.
- usually you don’t pass the client-id (it’s here just as an example that you could use it, but most DHCP clients do NOT use a client-ID, as they only use the MAC address)
/ip dhcp-server lease add address=192.168.100.10 mac-address=70:F1:A1:D1:49:49 client-id="client10"
- Manual:IP/DNS – MikroTik Wiki
- If you use the MikroTik as a caching DNS server, then you need to enable “/ip dns set allow-remote-requests=yes”, but also immediately disable DNS TCP and UDP on all your WAN ports. See:
- nslookup on the Mikrotik itself is called
put[: resolv ...] syntax: nslookup on Mikrotik – MikroTik RouterOS
- Examples (first uses the internal DNS, second one one of the Google DNS servers):
put [:resolve shell.xs4all.nl]
put [:resolve shell.xs4all.nl 184.108.40.206]
put [:resolve 220.127.116.11]
- tolaris.com · Synchronising DHCP and DNS on Mikrotik routers (script available on Github: Tolaris/mikrotik-dns-dhcp).
- Hardening (since my Guest WiFi is outside of the Mikrotik LAN and WAN realm, I’ve left some things open, for instance MAC service is available, but on a limit set of interfaces):
- Manual:Upgrading RouterOS – MikroTik Wiki
- Manual:IP/Route – MikroTik Wiki (if you think routing is a massive topic, read about firewall rules).
- Not sure this is a good idea, but you can get a DDNS address in the sn.mynetname.net domain and VPN to it (for instance using PPTP): Quick Set Home AP — How to use vpn provided? – MikroTik RouterOS
- You need to setup both the clock (date/time) and SNTP in one step:
- Setup SNTP (Winbox) aka NTP (shell):
/system ntp client set enabled=yes server-dns-names=0.pool.ntp.org,1.pool.ntp.org,2.pool.ntp.org,3.pool.ntp.org
After a few seconds the Winbox will update the
SNTP Client dialog and a few seconds later, the
Clock dialog will also update itself.
- Manual:IP/Firewall/NAT – MikroTik Wiki
- I like these ones as they use Winbox:
- Sharing Ideas … Mikrotik with Kannel/playSMS
- Connect CCR1009 with CSR226 over a longer distance than 3 meter – MikroTik RouterOS
- Graphing: ensure you only limit this to IP-addresses that you want graphs to be visible on (0.0.0.0/0 makes it visible to ALL): Manual:Tools/Graphing – MikroTik Wiki
- DNS – MikroTik RouterOS: I would like to have my router to stop all the DNS coming from my clients and not reaching my ISP provider.
- Email sending can now also use the DNS-name of the SMTP server: Why does the email server configuration only allow IP-addresses? – MikroTik RouterOS
- Dynamic DNS Update Script for No-IP DNS for Router OS V.6.7 – MikroTik RouterOS
- Script for Ransomware Tracker by abuse.ch. Tracking Ransomware Infrastructure around the globe. Source: How I fight ransomware (crypto viruses) with Mikrotik – MikroTik RouterOS
/ip firewall mangle add chain=prerouting action=change-ttl new-ttl=increment:1
very simple solution for a traceroute to Hide ip address – MikroTik RouterOS
- Using staged address list to perform Bruteforce login prevention – MikroTik Wiki
Very advanced stuff:
- DNS Conditional forwarders with Mikrotik RouterOS | Dale Macartney
- Pointing Mikrotik RouterOS hardware logging to a remote Syslog server | Dale Macartney
- trying to setup CRS226-24G-2S+IN, could use some help : mikrotik
- Video: VLANs using the Switching chips do not take the brdige penalty when you can do switching
- Be carful with CRS226 and SFP+ link aggregation
- Vlans on Mikrotik environment – MikroTik Wiki
- Block traffic like WhatsApp.
- API Links – MikroTik RouterOS (in various language, for which I’m most interested in C#, Delphi, Perl and Python.
- Routing from mikrotik two IP addresses to same gateway – Server Fault
- RouterOS – public subnet routed and NAT-ed to internal clients – MikroTik RouterOS
- Known issues and bugs – a list – MikroTik RouterOS
- Tutorials blogs and other helpful RouterOS resources – MikroTik RouterOS
- ethernet ports overrunning – default interface queue (only-hardware-queue) not working well – MikroTik RouterOS
- MAC-Ping is described in Manual:Tools/Ping – MikroTik Wiki but *only* works for MikroTik devices having MAC-Ping Server enabled.
- How to auto-reboot if remote IP down for 5 minutes – MikroTik RouterOS
- ping, traceroute, log files, torch, sniffer, bandwidth tester, profile: Manual:Troubleshooting tools – MikroTik Wiki
- majbthrd/miksms: controlling external devices with Mikrotik RouterOS
- Howto Recover Mikrotik ADMIN account Forgotten Password | Syed Jahanzaib Personal Blog to Share Knowledge !
- Mikrotik script to change PUBLIC ip from available pool | Syed Jahanzaib Personal Blog to Share Knowledge !
- Mikrotik Firewall / Short Notes + Scripts | Syed Jahanzaib Personal Blog to Share Knowledge !
- SIP Poblem with Mikrotik | Syed Jahanzaib Personal Blog to Share Knowledge !
- VPN/PPTP Static Routes Loose gateway when client reconnects | Syed Jahanzaib Personal Blog to Share Knowledge !
Packet flow (maybe the toughest part to wrap your head around):
Very well written blog:
Manito Network’s Mikrotik solutions blog. In-depth articles on Mikrotik routing, security, best practices, VPN, and more.
Source: Mikrotik — Manito Networks
Solutions for RouterOS-based Mikrotik networks. Includes security and best practices, VPN, routing, switching, and more.
Source: Mikrotik-1 — Manito Networks
Posted in Internet, IPSec, MikroTik, Network-and-equipment, OpenVPN, Power User, PPTP, Routers, VPN | Leave a Comment »
Posted by jpluimers on 2017/04/24
ANSI HTML Adapter example installation on OpenSuSE Tumbleweed:
zypper addrepo http://download.opensuse.org/repositories/utilities/openSUSE_Factory/utilities.repo
zypper install aha
On Mac OS X:
brew install aha
Output looks like this: ANSI HTML Adapter example:
diaspore:/etc # aha --version
Ansi Html Adapter Version 0.4.9.0
diaspore:/etc # aha --version | grep aha
diaspore:/etc # aha --version | aha
Ansi Html Adapter Version 0.4.9.0
aha --help output on Mac OS X:
Ansi Html Adapter Version 0.4.8.0
aha takes SGR-colored Input and prints W3C conform HTML-Code
use: aha <options> [-f file]
aha reads the Input from a file or stdin and writes HTML-Code to stdout
options: --black, -b: Black Background and White "standard color"
--pink, -p: Pink Background
--stylesheet, -s: Use a stylesheet instead of inline styles
--iso X, -i X: Uses ISO 8859-X instead of utf-8. X must be 1..16
--title X, -t X: Gives the html output the title "X" instead of
"stdin" or the filename
--line-fix, -l: Uses a fix for inputs using control sequences to
change the cursor position like htop. It's a hot fix,
it may not work with any program like htop. Example:
echo q | htop | aha -l > htop.htm
--word-wrap, -w: Wrap long lines in the html file. This works with
CSS3 supporting browsers as well as many older ones.
--no-header, -n: Don't include header into generated HTML,
useful for inclusion in full HTML files.
Example: aha --help | aha --black > aha-help.htm
Writes this help text to the file aha-help.htm
Copyleft Alexander Matthes aka Ziz 2015
This application is subject to the MPL or LGPL.
Posted in *nix, Linux, openSuSE, Power User, SuSE Linux, Tumbleweed | Leave a Comment »
Posted by jpluimers on 2017/04/24
I don’t use Wireshark enough to be fluent, so here are some links and quotes that proved to be useful for me:
Posted in *nix, *nix-tools, Power User, Wireshark | Leave a Comment »
Posted by jpluimers on 2017/04/21
For future research: opensuse – How to run my script after SuSE finished booting up? – Unix & Linux Stack Exchange
Reason? Want to show the output of this as the last boot sequence line:
ip address | grep -w 'UP\|flags\|inet\|inet6'
echo more detailed info through "ip address" and "ip route"
cat /etc/resolv.conf | grep nameserver
Posted in *nix, *nix-tools, bash, Linux, openSuSE, Power User, SuSE Linux, Tumbleweed | Leave a Comment »