FreeBSD massive port forwarding
Portfwd was the choice of software when I ever needed to forward a port from the server to another server - multiple hops away (not NAT port mapping).
It uses configuration like this (193.2.1.66 is the local ip, 193.2.1.80 is destination server IP):
bind-address 193.2.1.66
tcp { 55443 { => 193.2.1.80:443 } }
tcp { 55022 { => 193.2.1.80:22 } }
But it fails doing its job right when you use this on a really busy port/service (500 or more simultaneous established TCP connections).
pf does the forwarding well even over 1000 TCP connections. Example:
rdr on em0 proto tcp from any to 193.2.1.66 port 55443 -> 193.2.1.80 port 443
rdr on em0 proto tcp from any to 193.2.1.66 port 55022 -> 193.2.1.80 port 22
nat on em0 from any to 193.2.1.80 -> 193.2.1.66
- the em0 is the name of the outside interface. Without the nat rule, destination server would see a packet with source ip of the client so it would send a packet back directly to the client which causes asymmetric routing and very possible problems. The nat rule changes the source IP to the port forwarders one.
Happy forwarding,
S.
swatch - alerting you of certain log entries
A few minutes before coding my own perl script, which would alert me on certain log entries, I’ve found a software which does it’s job very well.
It’s called swatch - yes, really impressing web site and lack of documentation, examples is tipical for a geek’s tool.
example config - very simple:
watchfor /Security violation occurred/
mail addresses=ninja@level13.org,subject="SWATCH warning - switch_name"
and the command line invocation:
# /usr/local/bin/swatch -c /usr/local/etc/swatch/switch_name.conf -t /var/log/syslog/switch_name.log --daemon --use-cpan-file-tail
–daemon for forking it in the background
–use-cpan-file-tail is needed so that the swatch will tail file even after it’s rotated by the rotating script, but make sure that the perl module File::Tail is installed
It can of course match multiple patterns (multiple watchfor sections) on the same log file, but you must run multiple instances of the software for tailing multiple log files.
Make sure to read swatch man page.
S.
understanding freebsd memory usage
I think it is better to write in english, since I’m often googling around about some problem and land on a site in chinese with some configuration pasted in the site.
The problem is I don’t know what poor chinese boy wrote: “This configuration is working for me:” or “This configuration is not working at all, can someone help me:”. So I try it. Never worked.
Recently I found a post which nicely describes statuses of FreeBSD memory allocation.
Top shows:
Mem: 4589M Active, 13G Inact, 489M Wired, 733M Cache, 214M Buf, 886M Free
And the snip from the post:
Memory normally moves along the following path:
Wired -> Active -> Inactive -> Cached -> Free
and then when it gets allocated and used it moves back to Wired.
The difference between the categories is mainly that “Inactive” and
“Cached” memory still contains data that the system might be able to
reuse, while “Free” memory is completely free and unused.
In order to use Cached or Inactive memory it might need to be flushed
first, with Inactive probably being dirty and Cached probably not.
(”Active” memory is almost certainly dirty and is therefore somewhat
more expensive to reuse.
samouničenje FreeBSD-ja
Ker je jutri srečanje blogerjev, jaz pa že skoraj pol leta nisem nič napisal, imam slabo vest in pišem…
Po svetu imam kar nekaj strežnikov in pride čas, da strežnik zamenjam za novega, ob tem pa nočem da podatki pridejo v roke “nasledniku” strežnika. Poleg varnega brisanja datotek sem si vedno želel pognati kakšen destruktiven ukaz, ki bi strežnik zares pokončal.
Takoj pride ideja, dd !! Vendar je FreeBSD malo zaščitniški glede pisanja po raw diskih:
[root@dolfi ~]# dd if=/dev/zero of=/dev/da0
dd: /dev/da0: Operation not permitted
Rešitev se skriva v sysctl zastavici. Hvala, bc !
[root@dolfi ~]# sysctl kern.geom.debugflags=16
po spremembi zastavice, bo dd deloval. Uničujoče. Poskusite v službi.
Je že pospeševalec delcev uničil svet ?
http://www.hasthelargehadroncolliderdestroyedtheworldyet.com/
Lahko se tudi naročite na RSS feed…
openssh as SOCKS proxy
Tokrat ne bom pametoval ampak vas usmeril na dober opis openssh-jeve SOCKS funkcionalnosti.
Hvala, Miha ! 
OpenSSH Socks proxy | secure browsing
ssh bouncing
Ojla,
danes mi je bilo dovolj skakanja po serverjih, da dosežem server, ki je za tem serverjem. Po malo raziskovanja je tukaj način, kako “bouncnat” na strežnik preko drugega strežnika. spet ~/.ssh/config:
Host secret
ProxyCommand ssh bounce.server.net 'nc secret.siel.si 22'
in potem samo “ssh secret”. Seveda pa imate postavljenega ssh agent, tako da proces steče brez vpisovanja gesla.
Na bounce serverju mora biti instaliran netcat.
FreeBSD mount_smbfs .nsmbrc
Tale je za v arhiv, ker naslednjič bom vedel, da sem stvar že rešil, ampak ne kako…
Torej za avtomatski mount windows share-a iz /etc/fstab je konfiguracija sledeča…
/etc/fstab:
//BACKUP_USER@BACKUP_SERVER/BACKUP_SHARE /back/ar4 smbfs rw,-N 0 0
~/.nsmbrc:
[default]
workgroup=WORKGROUP
[BACKUP_SERVER]
addr=10.10.10.10
[BACKUP_SERVER:BACKUP_USER]
password=geslo
tcpdump - syn paketi
Kar bi rekel, da bo sila enostavno, se izkaže da niti ni. Če želite da tcpdump kaže samo SYN pakete:
tcpdump -i ime_vmesnika -n 'tcp[tcpflags] & tcp-syn != 0′
Konec počitnic… s.
hitrejsi ssh !
v ~/.ssh/config vpišete:
ControlMaster auto
Host *
ControlPath ~/.ssh/master-%r@%h:%p
in druga seja do istega strežnika se bo zgodila v trenutku !
Happy ssh !