| M | T | W | T | F | S | S |
|---|---|---|---|---|---|---|
| 1 | 2 | 3 | 4 | 5 | 6 | 7 |
| 8 | 9 | 10 | 11 | 12 | 13 | 14 |
| 15 | 16 | 17 | 18 | 19 | 20 | 21 |
| 22 | 23 | 24 | 25 | 26 | 27 | 28 |
| 29 | 30 | |||||
Recent Posts
Archives
- January 2016 (2)
- October 2014 (2)
- September 2014 (15)
Wenjian's Blog
Live and Learn
Gen8 Update: Service Pack for ProLiant (SPP) Version 2015.10.0
Posted by on January 19, 2016
HP Service Pack for ProLiant (SPP) is a comprehensive systems software and firmware update solution, which is delivered as a single ISO image. This solution uses HP Smart Update Manager (HP SUM) as the deployment tool and is tested on all HP ProLiant Gen9, Gen8 and earlier servers as defined in the Service Pack for ProLiant Server Support Guide found at www.hp.com/go/spp/documentation.
Download SPP 2015.10.0 at http://h17007.www1.hp.com/us/en/enterprise/servers/products/service_pack/spp/index.aspx
1. 登录到iLO的web界面
2. 选择Remote Console,然后打开.net IRC,也可以选择Java IRC
3. 在iLO的Remote Console界面,点击菜单Virtual Drives,选择Image File CD-ROM/DVD
4. 选择最新的SPP,打开
5. 点击Power Switch菜单,选择Reset,重启Gen8
6. 在启动过程中按F11,选择第一个启动项:One Time Boot to CD-ROM
7. 你会看到一个启动界面,这个时候千万要选第一个啊,让它自动更新
8. 下面就没你的事了,大概10分钟左右会更新结束,期间Gen8会自动重启。
9. 检查一下升级后的版本
HOWTO: Change hostname in CentOS 7
Posted by on January 18, 2016
In CentOS 7, there are three kinds of hostnames defined: static, transient, and pretty. The static hostname is also known as kernel hostname, which is initialized from /etc/hostname automatically at boot time. The transient hostname – a temporary hostname assigned at run time, for example, by a DHCP or mDNS server. Both static and transient hostnames follow the same character restriction rules as Internet domain names. On the other hand, the pretty hostname is allowed to have a free-form (including special/whitespace characters) hostname, presented to end users (e.g., Wenjian’s VPS).
In CentOS 7, there is a command line utility called hostnamectl which allows you to view or modify hostname related configurations.
1. To view hostname related settings
root@vps-wenjian ~>hostnamectl status
To view static, transient or pretty hostname only, use “–static”, “–transient” or “–pretty” option, respectively.
2. To change all three hostnames simultaneously
root@vps-wenjian ~ >hostnamectl set-hostname vps-wenjian
3. To update /etc/hosts manually
root@vps-wenjian ~ >vim /etc/hosts #127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 127.0.0.1 vps-wenjian ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
利用tftp方式给WZR-HP-G300NH2刷OpenWrt
Posted by on October 26, 2014
WZR-HP-G300NH2我用了好多年了,原来安装的是OpenWrt AA固件,今天心血来潮要升级到BB固件。选择从GUI升级,最方便了,结果。。。居然失败,路由器一直不重启,也ping不通,等了半小时,还是没反应,得了,tftp吧。
用u-Boot内置的tftp刷机功能来恢复,不管原来是什么系统,或者是在刷什么系统的过程中变砖头的,统一用WZR-HP-G300NH2的OpenWRT tftp固件刷进去救回来。
按照以下步骤一步一步来:
1、把路由器的电源拔掉
2、把电脑的除了有线网卡以外的全部网卡禁用,关闭系统防火墙
3、把电脑的有线网卡,通过网线接到最靠近路由器WAN口的第一个LAN口(位置非常重要,只有这个LAN可以tftp)
4、把电脑的有线以太网卡IP设置成192.168.11.2,子网掩码255.255.255.0,网关192.168.11.1
5、以管理员身份运行命令提示符CMD
6、输入命令:route print,查看下面的接口列表,看看你的有线网卡对应的接口号是多少,例如我的就是3
=========================================================================== 接口列表 3...c8 60 00 dd b5 fb ......Intel(R) 82579V Gigabit Network Connection 1...........................Software Loopback Interface 1 ===========================================================================
7、找到这个接口好之后,输入如下命令:
netsh interface ipv4 add neighbors 3 192.168.11.1 02-AA-BB-CC-DD-1A
一定要把neigbors后面的3改成你电脑上对应的接口号。
8、下面准备用windows自带的tftp工具来上传固件,输入如下命令:
tftp -i 192.168.11.1 PUT openwrt-ar71xx-generic-wzr-hp-g300nh2-squashfs-tftp.bin
这时候先不要按回车。
9、插上路由器的电源,观察路由器的网口指示灯,会发现指示灯会这样变化:(a)所有灯全亮》》(b)只剩插网线的LAN口灯亮》》(c)插网线的LAN口灯闪烁几下暗掉》》(d)插网线的LAN口灯再次亮起,(c)和(d)之间间隔大概4秒左右,u-boot只在这段时间接受tftp固件,所以一旦插网线的LAN口灯暗掉之后立刻按下回车上传固件。
10、很快固件就会上传完毕,之后等上5到10分钟,路由器更新完毕会自动重启。
11、固件成功刷新之后,把刚才添加的neighbors删掉,运行如下命令:
netsh interface ipv4 delete neighbors 3 192.168.11.1 02-AA-BB-CC-DD-1A
好了,现在可以telnet到192.168.1.1去设置root密码了,然后。。。随便折腾吧。
HOWTO: Change SSH port of VPS
Posted by on October 10, 2014
Edit the sshd configuration file:
$ sudo vi /etc/ssh/sshd_config
Edit the following lines
# What ports, IPs and protocols we listen for Port 22
Choose an appropriate port and make sure it is not currently used on vps.
Note: Port numbers are divided into three ranges: Well Known Ports, Registered Ports, and Dynamic and/or Private Ports. The Well Known Ports are those from 0 through 1023 and SHOULD NOT be used. Registered Ports are those from 1024 through 49151 should also be avoided too. Dynamic and/or Private Ports are those from 49152 through 65535 and can be used.
Now restart SSH to make the change effective:
$ sudo /etc/init.d/ssh restart
chmod 600 does not work as expected on Cygwin (Win8.1)
Posted by on September 28, 2014
Recently I installed Cygwin on Win8.1.
When I try to ssh to my router in Cygwin terminal, it let me to input password.
In fact I am using private/public key files for ssh. Let us find what’s going on.
$ cd .ssh $ ls -al drwx------+ 1 wenjian None 0 9月 28 20:37 ./ drwxrwxr-x+ 1 wenjian None 0 9月 28 20:47 ../ -rw-rw-rw- 1 wenjian None 668 9月 9 2013 id_dsa
Got it. Try to fix it:
$ chmod -c 600 id_dsa mode of "id_dsa" changed from 0666 (rw-rw-rw-) to 0600 (rw-------) $ ls -al id_dsa -rw-rw---- 1 wenjian None 668 9月 9 2013 id_dsa
chmod 600 failed !!!
Here is the solution:
$ chgrp -R Users id_dsa $ chmod -c 600 id_dsa mode of "id_dsa" changed from 0666 (rw-rw----) to 0600 (rw-------) $ ls -al id_dsa -rw------- 1 wenjian Users 668 9月 9 2013 id_dsa
HOWTO: Extract rar files on Cygwin
Posted by on September 28, 2014
Compile and install unrar:
$ wget http://www.rarlab.com/rar/unrarsrc-5.1.7.tar.gz $ tar -xzvf unrarsrc-5.1.7.tar.gz $ cd unrar $ make
Copy the resulting unrar.exe file to /usr/loca/bin/ directory. Now you are ready to uncompress your .rar files.
HOWTO: 利用OpenWrt路由器上的Shadowsocks+DNSMasq科学上网
Posted by on September 22, 2014
在HOWTO: Prevent DNS cache pollution一文中,我介绍了利用DNS服务器的非标准端口来防止DNS污染。但即使获得了正确的ip地址,我们也不一定能上网,原因。。。你懂的。这儿介绍一种方法,在OpenWrt路由器上利用Shadowsocks和DNSMasq达到局域网内零配置科学上网。
一个Shadowsocks服务器是必须的,你可以在自己的VPS上搭建一个,方法参见HOWTO: Install and configure shadowsocks on VPS/Ubuntu。或者你可以找一个免费的Shadowsocks服务器,推荐一个获取免费账号的网址https://www.shadowsocks.net/get。
安装Shadowsocks
我的OpenWrt版本是AA 12.09,首先更新libpolarssl到最新版本:
$ wget https://downloads.openwrt.org/snapshots/trunk/ar71xx/packages/base/libpolarssl_1.3.8-1_ar71xx.ipk $ sudo opkg install libpolarssl_1.3.8-1_ar71xx.ipk
下载并安装Shadowsocks:
$ wget http://shadowsocks.org/nightly/shadowsocks-libev-polarssl_1.4.6_ar71xx.ipk $ sudo opkg install shadowsocks-libev-polarssl_1.4.6_ar71xx.ipk
配置Shadowsocks
Shadowsocks安装之后在/usr/bin会有三个文件:
- ss-local <== socks5 协议代理
- ss-redir <== 透明代理
- ss-tunnel <== 端口转发
本文方法利用的是shadowsocks的透明代理功能。
编辑配置文件/etc/shadowsocks.json,
{
"server":"xxx.xxx.xxx.xxx",
"server_port":8388,
"local_port":1081,
"password":"demo",
"timeout":600,
"method":"aes-256-cfb"
}
server: 你的Shadowsocks服务器的IP地址 (IPv4/IPv6).server_port: 你的Shadowsocks服务器端口.local_port: 本地端口.password: 你的Shadowsocks服务器的账号密码.method: 你的Shadowsocks服务器采用的加密方式, “bf-cfb”, “aes-256-cfb”, “des-cfb”, “rc4”, 等等.
编辑/etc/init.d/shadowsocks
#!/bin/sh /etc/rc.common
# Copyright (C) 2006-2011 OpenWrt.org
START=94
SERVICE_USE_PID=1
SERVICE_WRITE_PID=1
SERVICE_DAEMONIZE=1
start() {
service_start /usr/bin/ss-redir -c /etc/shadowsocks.json
}
stop() {
service_stop /usr/bin/ss-redir
}
运行Shadowsocks透明代理:
$ sudo /etc/init.d/shadowsocks start $ sudo /etc/init.d/shadowsocks enable
添加防火墙规则
我们可以从APNIC获得最新的中国IP地址列表,利用iptables添加防火墙规则,保存以下文本为gen-firewall-gfw.sh
#!/bin/ash
# Write gfw iptables
firewall_gfw="/usr/bin/firewall-gfw.sh"
if [ -f $firewall_gfw ]; then
rm $firewall_gfw
fi
echo "#!/bin/ash" >>$firewall_gfw
echo >>$firewall_gfw
echo "# Create a new chain named SHADOWSOCKS" >>$firewall_gfw
echo "iptables -t nat -N SHADOWSOCKS" >>$firewall_gfw
echo >>$firewall_gfw
echo "# Ignore shadowsocks server" >>$firewall_gfw
echo "iptables -t nat -A SHADOWSOCKS -d xxx.xxx.xxx.xxx -j RETURN" >>$firewall_gfw
echo >>$firewall_gfw
echo "# Ignore LANs ip addresses" >>$firewall_gfw
echo "iptables -t nat -A SHADOWSOCKS -d 0.0.0.0/8 -j RETURN" >>$firewall_gfw
echo "iptables -t nat -A SHADOWSOCKS -d 10.0.0.0/8 -j RETURN" >>$firewall_gfw
echo "iptables -t nat -A SHADOWSOCKS -d 127.0.0.0/8 -j RETURN" >>$firewall_gfw
echo "iptables -t nat -A SHADOWSOCKS -d 169.254.0.0/16 -j RETURN" >>$firewall_gfw
echo "iptables -t nat -A SHADOWSOCKS -d 172.16.0.0/16 -j RETURN" >>$firewall_gfw
echo "iptables -t nat -A SHADOWSOCKS -d 192.168.0.0/16 -j RETURN" >>$firewall_gfw
echo "iptables -t nat -A SHADOWSOCKS -d 224.0.0.0/4 -j RETURN" >>$firewall_gfw
echo "iptables -t nat -A SHADOWSOCKS -d 240.0.0.0/4 -j RETURN" >>$firewall_gfw
echo >>$firewall_gfw
echo "# Ignore China ip addresses" >>$firewall_gfw
# Get latest delegated internet number resources from apnic
cd /tmp
if [ -f "delegated-apnic-latest" ]; then
echo "deleting old delegated internet number resources ..."
rm delegated-apnic-latest
fi
echo "Downloading latest delegated internet number resources from apnic ..."
wget -c http://ftp.apnic.net/stats/apnic/delegated-apnic-latest
echo "Extracting china ip addresses from downloaded latest delegated internet number resources ..."
cat delegated-apnic-latest | awk -v awk_firewall_gfw=$firewall_gfw -F '|' '/CN/&&/ipv4/ \
{print "iptables -t nat -A SHADOWSOCKS -d " $4 "/" 32-log($5)/log(2) " -j RETURN" >>awk_firewall_gfw}'
echo >>$firewall_gfw
echo "# Ohter ip addresses should be redirected to shadowsocks' local port" >>$firewall_gfw
echo "iptables -t nat -A SHADOWSOCKS -p tcp -j REDIRECT --to-ports 1081" >>$firewall_gfw
echo >>$firewall_gfw
echo "# Apply the rules" >>$firewall_gfw
echo "iptables -t nat -A PREROUTING -p tcp -j SHADOWSOCKS" >>$firewall_gfw
echo "Firewall rules for shadowsocks have been written into file " $firewall_gfw
然后
$ chmod +x gen-firewall-gfw.sh $ ./gen-firewall-gfw.sh $ sudo ./firewall-gfw.sh
用iptables命令查看一下这些规则有没有添加进去:
$ sudo iptables -t nat --list
大功告成。
现在所有通过你的路由器上网的设备无需设置就可以科学上网啦。
Useful links on building OpenWrt for WRT1900AC
Posted by on September 18, 2014
WRT1900AC was announced on 6th of January 2014 as a router developed to be used with OpenWrt.
Specifications:
| Model: | Linksys WRT1900AC |
|---|---|
| Technology: | Wireless-AC |
| Standards: | 802.11a, 802.11b, 802.11g, 802.11n. 802.11ac |
| Frequency: | Dual |
| Bands: | Simultaneous: 2.4 GHz (Wireless-N), 5.0 GHz (Wireless-AC) |
| Security: | WEP 64/128-bit, WPA2-Personal & Enterpise (AES/TKIP), WPS |
| Antennas: | 4x External Detachable Antennas |
| Antenna Gain (peak): | 2.4GHz: 2.5dBi 5GHz: 3.8dBi |
| Antenna Type: | Dipole |
| Output Power: | 2.4GHz: 19dBm 5GHz: 21dBm |
| Warranty: | 2 year hardware limited warranty |
| OS Compatibility: | Windows, Mac |
| Minimum System Requirements: | PC with CD or DVD drive, running Windows XP SP3 (32-bit), Vista SP1/SP2 (32 & 64-bit), Win7 (32-bit & 64-bit) and Win8 (32-bit & 64-bit) Mac: Wi-Fi enabled with CD or DVD drive, Mac OS® X Leopard v10.5.8 or later, Snow Leopard v10.6.1 or later, Lion v10.7, or Mountain Lion v10.8 Available USB 2.0 port |
| Package Contents: | Linksys Dual Band Gigabit Wi-Fi Router AC1900, WRT1900AC, Quick Start Guide, CD-ROM with Documentation, 4 Antennas, Ethernet Cable, Power Adapter, Power Cord |
Hardware Highlights:
| SoC | Ram | Flash | Network | USB | Serial | JTag | eSata |
|---|---|---|---|---|---|---|---|
| Marvell MV78230 | 256 MiB | 128 MiB | 1×2.0 1×3.0 | Yes |
Serial Port:
| 1 | 2 | 3 | 4 | 5 | 6 |
|---|---|---|---|---|---|
| GND | ? | RX | ? | TX | ? |
Useful Links:
OpenWrt forum thread for official statement: Update on Linksys WRT1900AC support
McWRT: https://github.com/Chadster766/McWRT
Prebuilt images: https://github.com/wrt1900ac/opensource
HOWTO: Install GNU C compiler and GNU C++ compiler on Ubuntu
Posted by on September 16, 2014
To install the gcc and g++ compilers, you will need the build-essential package.
Build-essential contains a list of packages which are essential for building Ubuntu packages including gcc compiler, make and other required tools.
$ sudo apt-get update $ sudo apt-get install build-essential
Install the manpages for c and c++ development:
$ sudo apt-get install manpages-dev
Check the version of gcc and make:
$ gcc -v ... gcc version 4.8.2 (Ubuntu 4.8.2-19ubuntu1)
$ make -v GNU Make 3.81 ...
Now you should be able to compile software using C / C++ compilers.
HOWTO: 从APNIC获取中国IP地址列表
Posted by on September 12, 2014
关于APNIC
全球IP地址块被IANA(Internet Assigned Numbers Authority)分配给全球三大地区性IP地址分配机构,它们分别是:
1、ARIN(American Registry for Internet Numbers)
负责北美、南美、加勒比以及非洲撒哈啦部分的IP地址分配。同时还要给全球NSP(Network Service Providers)分配地址。
2、RIPE(Reseaux IP Europeens)
负责欧洲、中东、北非、西亚部分地区(前苏联)
3、APNIC(Asia Pacific Network Information Center)
负责亚洲、太平洋地区
APNIC是管理亚太地区IP地址分配的机构,它有着丰富准确的IP地址分配库,同时这些信息也是对外公开的。
APNIC IP地址分配信息总表的获取
APNIC提供了每日更新的亚太地区IPv4,IPv6,AS号分配的信息表
http://ftp.apnic.net/apnic/stats/apnic/delegated-apnic-latest
该文件的格式与具体内容参见
ftp://ftp.apnic.net/pub/apnic/stats/apnic/README.TXT
通过该文件我们能够得到APNIC辖下IPv4地址空间的分配情况。
通过脚本提取IP信息
我的脚本如下
#!/bin/sh
wget -c http://ftp.apnic.net/stats/apnic/delegated-apnic-latest
cat delegated-apnic-latest | awk -F '|' '/CN/&&/ipv4/ {print $4 "/" 32-log($5)/log(2)}'
保存为脚本执行,输出如下
Connecting to ftp.apnic.net (202.12.29.205:80) delegated-apnic-late 100% |*******************************************| 1653k 0:00:00 ETA 1.0.1.0/24 1.0.2.0/23 1.0.8.0/21 1.0.32.0/19 1.1.0.0/24 1.1.2.0/23 1.1.4.0/22 1.1.8.0/21 1.1.16.0/20 1.1.32.0/19 1.2.0.0/23 1.2.2.0/24 1.2.4.0/24 1.2.5.0/24 1.2.6.0/23 1.2.8.0/24 1.2.9.0/24 1.2.10.0/23 1.2.12.0/22 1.2.16.0/20 1.2.32.0/19 1.2.64.0/18 ...
获得这些地址之后可以在OpenWrt上配合shadowsocks翻墙 ^_^
Wenjian's Blog 
Recent Comments