Computer – Page 5 – Patrick Marc's Networks

2024-03-092024-03-10

FreeBSD bhyve – CheckPoint SMS

So letz move the CheckPoint SMS over to Bhyve. Basicly the same as for the FortiManager. guest=linuxloader="grub"uefi_vars="yes"grub_run_partition="1"grub_run_dir="/grub"grub_run0="root (hd0,0)"grub_run0="linux /vmlinuz-3.10.0-957.21.3cpx86_64 ro root=/dev/mapper/vg_splat-lv_current grub_mode=64bit-normal vmalloc=256M panic=15 console=SERIAL crashkernel=0M-35G:280M,35G-250G:768M,250G-:1G intel_idle.max_cstate=0 eagerfpu=on spectre_v2=off nopti 3 quiet"grub_run1="initrd /initrd-3.10.0-957.21.3cpx86_64.img"memory="8192"disk0_type="ahci-hd"disk0_name="disk0.img"network0_switch="VM"network0_type="e1000"network1_switch="VM"network2_switch="VM"network3_switch="VM"network1_type="e1000"network2_type="e1000"network3_type="e1000"cpu="2" One thing we still need to figure out how to boot this with generic entries. Based on https://github.com/churchers/vm-bhyve/blob/master/sample-templates/gentoo.conf this should load the …

Continue reading "FreeBSD bhyve – CheckPoint SMS"

2024-03-082024-03-08

FreeBSD bhyve – FortiManager

Photo by Kvistholt Photography on Unsplash

Create the Switch Add an uplink port Create the VMVM Configuration Booting the KernelCPU / RAMHarddisksNetworkThe HarddisksConvert the Harddisks from vmdk to rawDisk0Disk 1 Migrating the FortiManager from VMWare ESXi to FreeBSD bhyve. Be aware you doing this on your own without any support from Fortinet. bhyve is not a supported platform. Create the Switch …

Continue reading "FreeBSD bhyve – FortiManager"

2024-03-072024-03-07

Routing Tables

FreeBSD freebsd:~ $ netstat -rWRouting tablesInternet:Destination Gateway Flags Nhop# Mtu Netif Expiredefault 11.155.93.1 UGS 6 1500 em011.155.93.0/24 link#1 U 3 1500 em011.155.93.77 link#2 UHS 5 16384 lo0localhost link#2 UH 1 16384 lo0Internet6:Destination Gateway Flags Nhop# Mtu Netif Expire::/96 link#2 URS 6 16384 lo0default fe80::1%em0 UGS 7 1500 em0localhost link#2 UHS 1 16384 lo0::ffff:0.0.0.0/96 link#2 URS …

Continue reading "Routing Tables"

2024-03-052024-03-06

Source Port selection on Linux results allways in even ports

Some interestion observation over the past weeks, is that i have seen Linux is selecting only even source ports. So lets have a closer look. An exampleDoes this have any effect? How does LACP work?Does this make a difference? Yes certainly it does make a diffrence. What can we do? Where does this come from? …

Continue reading "Source Port selection on Linux results allways in even ports"

2024-03-032024-03-05

FreeBSD – Central Syslog Server

Quick setup a Central Syslog Server https://wiki.freebsd.org/Ports/sysutils/syslog-ng Install Syslog NG pkg install syslog-ng Edit the Configuration /usr/local/etc/syslog-ng.conf @version: 4.4source s_remote { tcp(port(514)); udp(port(514));};destination d_remote { file( "/var/log/remote/${HOST}/${YEAR}_${MONTH}_${DAY}.log" create-dirs(yes) );};log { source(s_remote); destination(d_remote);}; Enables the Service sysrc syslog_ng_enable="YES" Create nessesary directory mkdir /var/log/remotechown root:wheel /var/log/remotechmod g+w /var/log/remote Start the Service service syslog-ng start

2024-03-022024-03-05

FreeBSD Wifi

FreeBSD Wifi - RTL8821CEEdimax USB WiFi - RTL8188CUSRealtek Edimax AC600 (EW-7811UTC) - RTL8811AU FreeBSD Wifi - RTL8821CE pciconf -l -vrtw880@pci0:5:0:0: class=0x028000 rev=0x00 hdr=0x00 vendor=0x10ec device=0xc821 subvendor=0x10ec subdevice=0xc821 vendor = 'Realtek Semiconductor Co., Ltd.' device = 'RTL8821CE 802.11ac PCIe Wireless Network Adapter' class = network Driver compatiblity vi /boot/loader.confcompat.linuxkpi.skb.mem_limit=1 Enable Setting in rc.conf sysrc wlans_rtw880="wlan0"sysrc create_args_wlan0="country …

Continue reading "FreeBSD Wifi"

2024-03-012024-03-01

Splunk – Earliest – Latest

src_ip=IP | stats count earliest(_time) AS Earliest, latest(_time) AS Latest by src_ip dest_ip action wanin wanout lanin lanout | eval Earliest=strftime(Earliest,"%Y-%m-%d %H:%M:%S") | eval Latest=strftime(Latest,"%Y-%m-%d %H:%M:%S")

2024-02-292024-02-29

Checkpoint – Gratious ARP

Get the interface IPsip a | grep inet | awk '{print $2}' | cut -d/ -f1 cphaprob -m tablestat ---- Unique IP's Table ---- Member Interface IP-Address MAC-Address (Local)0 2 13.49.132.78 00:1c:7f:c3:ff:b80 24 192.168.0.2 00:1c:7f:a5:ff:d7 1 2 13.49.132.79 00:1c:7f:c3:ff:cc1 24 192.168.0.3 00:1c:7f:a5:ff:6f https://community.checkpoint.com/t5/Security-Gateways/How-to-send-G-ARP-manually/td-p/69895 echo 1 > /proc/sys/net/ipv4/ip_nonlocal_bind ip l | grep UP | grep -v …

Continue reading "Checkpoint – Gratious ARP"

2024-02-262024-03-09

VMWare to bhyve

Lately i decided to migrate my VM ESX Servers over to FreeBSD VM bhyve Installing pkg install vm-bhyve bhyve-firmware Configuration Storage zfs create zroot/bhyve zfs set recordsize=64K zroot/bhyve zfs create zroot/bhyve/.templates Add the following lines to /etc/rc.conf: # needed for virtualization support vm_enable=”YES” vm_dir=”zfs:zroot/bhyve” Now, add the following line to the end of /boot/loader.conf: # needed for …

Continue reading "VMWare to bhyve"

2024-01-072024-03-05

Comic Sans

I decided to my own font. https://tosche.net/fonts/comic-code https://github.com/dtinth/comic-mono-font https://github.com/shannpersand/comic-shanns https://www.youtube.com/watch?v=1zvWXT53puQ

2023-11-012024-02-06

SSH Configuration

Some Notes about OpenSSH configuration that comes in handy for me. This is have settings applied on Host or Domain base, use jump servers where needed, find the console for a device or use deprecated encryption when needed. Basic Options Host Hostname Port User Apply Settings per domain Host *. Protocol 2 TCPKeepAlive yes ServerAliveInterval …

Continue reading "SSH Configuration"

Category: Computer