Hey,
For (perhaps) futur projet I read different documentations around Bird, FRR Routing, … and I am really happy to see in FRR Routing v8.0 the new ‘pathd’ daemon, which implement SR (Segment Routing). It is really cool to see this.
There is others new feature which have been implemented in this release and are major IMHO.
It is really great work !!!
For those of you which update your personal cloud to the lastest stable version of Nextcloud due to CVE (https://www.cert.ssi.gouv.fr/avis/CERTFR-2021-AVI-543/), you could encountered this error :
An unhandled exception has been thrown:
OC\HintException: [0]: Memcache \OC\Memcache\APCu not available for local cache (Is the matching PHP module installed and enabled?)
You could solve the issue :
echo 'apc.enable_cli=1' >> /etc/php/7.x/mods-available/apcu.ini
Have fun.
Hey,
To go on configuring my FreeBSD server, I install my traditionnal package : “fail2ban”. By the way with Linux distro, apt install fail2ban is enough.
Not now :D
You must add :
root@pluton:/usr/local/etc/fail2ban/jail.d# cat ssh-ipfw.local
[ssh-ipfw]
enabled = true
filter = sshd
action = ipfw[name=SSH, port=ssh, protocol=tcp]
logpath = /var/log/auth.log
findtime = 600
maxretry = 3
bantime = 3600
root@pluton:/usr/local/etc/fail2ban/jail.d#
And edit action file so that “localhost” is your public IP :
It was long time ago I used a FreeBSD system. I was really impressed by the way it great evolved. It is easy to add package due to “pkg” tool and “portsnap”.
After :
pkg install apache24 mysql57-server mod_php73 php73-mysqli php73-xml php73-hash php73-gd php73-curl php73-tokenizer php73-zlib php73-zip
I have a really fast install of an HTTP server as I can do with “apt-get”.
I have needed to load some modules by editiing /usr/local/etc/apache24/httpd.conf such as :
It was a long long timeago I wrote here. ot of things happens to me but I don’t think it is the time and place to explain it.
This post is about a new experience to me : hosting this blog on FreeBSD machine. I am in love with BSD but don’t use it everyday. Networking&Telco is not an professional area where you can use it or your employer allow you to use it. Damn Windows, Teams, … and his egemony.
Now, I go to CCIE and need to begin by first of all : CCIE Written. And to know where to start, you begin with a __real__ self assessment on your knowledge and where to work hard to.
In memory of all the soldiers who paid with their life the cost to peace and democracy in Europe. Please read these words and keep it in mind.
https://www.youtube.com/watch?v=9-9SFHdaRVM
https://lyricstranslate.com/en/n%C3%A9-en-17-%C3%A0-leidenstadt-born-1917-leidenstadt.html
If I 'd been born in 1917 in Leidenstadt
On top of ruins, in a battlefield
Would I have behaved better of worse than those people
If I'd been German?
Born into humiliation, hatred and ignorance
Fed on dreams of revenge
Would I have been one of those unlikely beings with a conscience
Like some teardrops in the midst of a flood?
If I'd grown up in the docklands of Belfast
Soldier of a faith, of a class
Would I have had the strength to withstand and fight against my Own kind: to betray, to hold out a hand in friendship?
If I'd been born white and rich in Johannesburg
Between the power and the fear
Would I have heard the cries carried by the wind?
Nothing will be like it was before.
One never knows what one really has in one's guts,
Hidden behind our appearances
The soul of a brave man, an accomplice, an executioner?
The worst or the best?
Would we be one of those who resist or just those who follow like sheep
If it was a question of more than just words?
(Refrain)
If I 'd been born in 1917 in Leidenstadt
On top of ruins in a battlefield
Would I have behaved better of worse than those
If I'd been German?
Hi,
It’s been a while I have posted a blog entry. A simple tip from IOS 12.4(20) to 12.4(24) and above to use OID “.1.3.6.1.4.1.9.10.77.1.2.3.0” to graph your NAT translations :
R(conf)# ip nat service enable-mib %NAT: Old NAT-MIB support enabled R(conf)#
HTH ++Christophe
You will be for me the guy who wrote this kind of post and talk technology with Remy Card (ext2).
Path: bga.com!news.sprintlink.net!pipex!oleane!univ-lyon1.fr!ensta!itesec!frmug.fr.net!renux.frmug.fr.net!marouchka.gna.org!not-for-mail
From: ji...@marouchka.gna.org (Jean-Francois Monnet)
Newsgroups: fr.comp.os.linux
Subject: Re: LINUX ET E-IDE
Date: 23 Nov 1994 08:43:22 +0100
Organization: Marouchka, A Private Linux Site, France
Lines: 23
Distribution: world
Message-ID: <3aurqq$3mb@marouchka.gna.org>
References: <3asg5c$sp0@imag.imag.fr>
Reply-To: mon...@dir.univ-rouen.fr (Jean-Francois Monnet)
NNTP-Posting-Host: marouchka.gna.org
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
X-Newsreader: TIN [version 1.2 PL2]
Yves Arrouye (arr...@petole.imag.fr) ecrit:
> Tu vas peut-etre pouvoir m'aider : je veux mettre un 3e disque (sur un 2e
> controleur). Mon 2e controleur ne tourne que sur irq 14, mais on peut changer
> les adresses des disques (il en a deux plages). Je n'arrive pas a ce que le
> patch reconnaisse gentiment mon 3e disque, quelque soit la config. Au secours
> ! Help !
Chez moi, le deuxieme controleur n'a ete bien reconnu qu'a partir
du moment ou j'ai pris le fer a souder et devie la piste IRQ 14 -> IRQ 15,
comme explique dans la doc de l'archive atdisk2-0.9.tgz (ancien patch pour
gerer deux cartes controleur IDE). Je crois que cette doc n'est plus
fournie avec les patches ide-x.x*. Je peux te l'envoyer si tu ne trouves
pas l'archive atdisk. Car, meme avec deux adresses I/O differentes pour les
cartes, l'utilisation de la meme IRQ avec plus de 2 disques peut poser des
problemes.
> (Linux 1.1.64 + ide-2.5.patch-64+)
Je tourne en 1.1.61 + ide-2.01.patch.61+.gz et ca roule sans pbs pour
l'IDE.
--
Marouchka - 76 Rouen
And a great linux kernel programmer (Telsat Turbo), rock’n roll & Nina Hagen fan.
Hello guys,
Here it is a tips / reminder how to implement an site-ot-site IKEv2 tunnel :
crypto ikev2 proposal aes-cbc-256-proposal
encryption aes-cbc-256
integrity sha1
group 2
crypto ikev2 policy policy1
match address local x.x.x.x
proposal aes-cbc-256-proposal
crypto ikev2 keyring v2-kr1
peer abc
address y.y.y.y
pre-shared-key somesecretpass
!
crypto ikev2 profile profile1
description IKEv2 profile
match address local x.x.x.x
match identity remote address y.y.y.y 255.255.255.255
authentication local pre-share
authentication remote pre-share
keyring v2-kr1
crypto ipsec transform-set myset esp-des esp-md5-hmac
crypto map mymap 20 ipsec-isakmp
set peer y.y.y.y
set security-association lifetime seconds 27000
set transform-set ESP-AES-SHA
set ikev2-profile profile1
match address 120
With ACL 120 is your flows / SA and your implement your crypto map on your WAN interface.