http://simon.zekar.com "Unix is simple, but it takes a genious to understand the simplicity" --Dennis Ritchie Sat, 27 Feb 2010 23:37:34 +0000 http://backend.userland.com/rss092 en Since many of you are still connecting to your Cisco boxes with the plain ssh/telnet command (typing password every time) and since Cisco boxes don't have SSH public key authentication, the tool to use comes from Rancid (Really Awesome New Cisco confIg Differ) package. It's called "clogin" as Cisco login script. It ... http://simon.zekar.com/2010/02/28/automatic-login-to-cisco-routers-firewalls/ There's a really easy way of controlling bandwidth of an interface (e.g. guest interface). It's done via queues: /queue simple add interface=guest max-limit=2M/2M disabled=no Where "guest" is the interface name and 2M is the down/uplink speed in bps you want to shape it to. More about this on Mikrotik Wiki S. http://simon.zekar.com/2009/10/14/mikrotik-simple-bandwidth-control/ I had a strange issue with hp-ux x11 forwarding over ssh. xclock, xterm ran fine but hpterm and some other x11 programs didn't start, claiming error: X11 connection rejected because of wrong authentication. after some searching I found following fixed the issue: /opt/ssh/etc/sshd_config: X11UseLocalhost no (must be set to no, default is yes) S. http://simon.zekar.com/2009/10/08/hp-ux-ssh-x11-forwarding-not-working-for-certain-applications/ I can't believe it... Failover on Cisco ASA silently stops working after you enable ipv6 configuration. We're used of stupid Cisco bugs, but this wins it all ! S. http://simon.zekar.com/2009/10/02/cisco-asa-failover-fail-if-ipv6-enabled/ Time when native IPv6 network will come right to your home is still far away. So tunneling IPv6 network over IPv4 to some IPv6 enabled site is a way to go. Configuration is easier than expected and it worked right away. In my case Cisco 7600 series is at the data ... http://simon.zekar.com/2009/09/27/ipv6-over-ipv4-tunnel-with-mikrotik-cisco-router/ Portfwd was the choice of software when I ever needed to forward a port from the server to another server - multiple hops away (not NAT port mapping). It uses configuration like this (193.2.1.66 is the local ip, 193.2.1.80 is destination server IP): bind-address 193.2.1.66 tcp { 55443 { => 193.2.1.80:443 } } tcp ... http://simon.zekar.com/2009/02/07/freebsd-massive-port-forwarding/ A few minutes before coding my own perl script, which would alert me on certain log entries, I've found a software which does it's job very well. It's called swatch - yes, really impressing web site and lack of documentation, examples is tipical for a geek's tool. example config - very simple: watchfor ... http://simon.zekar.com/2009/02/04/swatch-log-monitor/ I think it is better to write in english, since I'm often googling around about some problem and land on a site in chinese with some configuration pasted in the site. The problem is I don't know what poor chinese boy wrote: "This configuration is working for me:" or "This configuration ... http://simon.zekar.com/2009/01/30/understanding-freebsd-memory-usage/ Ker je jutri srečanje blogerjev, jaz pa že skoraj pol leta nisem nič napisal, imam slabo vest in pišem... Po svetu imam kar nekaj strežnikov in pride čas, da strežnik zamenjam za novega, ob tem pa nočem da podatki pridejo v roke "nasledniku" strežnika. Poleg varnega brisanja datotek sem si vedno ... http://simon.zekar.com/2009/01/30/freebsd-self-destruct/ http://www.hasthelargehadroncolliderdestroyedtheworldyet.com/ Lahko se tudi naročite na RSS feed... http://simon.zekar.com/2008/10/17/je-ze-pospesevalec-delcev-unicil-svet/