shukko·Mikrotik router kullanarak kendi 6to4 tunel yapilandirmam ile datacenterdaki native ipv6 networkum uzerinden evde ipv6 kullanma deneyimim. için yorumlar kapalı

Mikrotik router kullanarak kendi 6to4 tunel yapilandirmam ile datacenterdaki native ipv6 networkum uzerinden evde ipv6 kullanma deneyimim.

bu yazi basligi cok uzun oldu biliyorum.

Ancak bu konu ile ilgili bir suredir dusunmekte idim.

Kendi evimde kablonet uzerinden sabit ip adresimle he.net tunnel broker servisini kullarak uzun zamandir ipv6 kullanabilmekteydim.

Mikrotik ile bu isin nasil yapilacagi konusunda zaten 1 milyon tane dokumantasyon howto vb var.

 

Ancak benim yapmak istedigim verimerkezinde bulunan mikrotik routerimda hali hazirda bulunan native ipv6 baglantisi ve o lokasyonda anons ettigim /32 ipv6 icinden kendi evimde ipv6 kullanmak idi.

bu konu icin okudum arastirdim , uykusuz gecelerde kafa patlattim. Bosunaymis

aslinda yapilmasi gerekenler cok basitmis.

ben konuyu bos yere karmasik hale getiriyormusum.

NASIL YAPILIR konusuna gelince

adim adim yazayim belki yapmak isteyen bir baskasi olursa faydasi olsun.

 

1- DURUMUM NEDIR? 

Verimerkezinde bir mikrotik routerim var.

Bu router ile direk native olarak ipv6 internete cikabiliyorum.

Bu router uzerinde anons ettigim /32 ipv6 adres blogum var.

 

Evde kablonet kullaniyorum,

Kablomodemim bridge modda calisiyor,

Tum nat, dhcp ve benzeri isleri kablonet modem arkasindaki mikrotik routerim hallediyor.

Kablonet firmasindan sabit ipv4 ip adresim var.

Ve bunu kullanarak internete cikiyorum mikrotik routerim uzerinden.

 

2- YAPMAK ISTEDIGIM NEDIR?

Verimerkezindeki /32 ipv6 blogumdan bir /48 ipv6 blogunu evimde kullanmak istiyorum.

Bu sayede evimde ipv6 baglantim olmus olacak.

Direk yurt icindeki, hatta ayni sehirdeki verimerkezi uzerinden cikacagim icin dusuk ping ile ipv6 internete ulasabilir durumda olacagim.

 

3- E PEKI HE.NET ?  TUNNELBROKER ?

ipv6 he.net tunnelbroker ile uzun zamandir evde kullaniyorum.

ipv6 zaten var evimde yani.

Ancak

Frankfurt uzerinden yaptigim v6 tunel yaklasik 80ms overhead koyuyor ping surelerine.

ip adresin he.net almanya gozuktugunden ipv6 internetinde mesela facebook’a girerken veya youtube’a girerken beni Alman zannediyor.

Iyimi? Aslinda cok cok iyi 🙂 ama ben kendi ipv6 ip blogumu kullanmak arzusundayim

 

4- PEKI NASIL YAPTIN SONUNDA? HADI ARTIK LAF SALATASINI KES!

su sekilde yaptim:

4-1-  Verimerkezindeki mikrotik router uzerinde yapilan ayarlar (Winbox ile anlatilmistir)

Interfaces > Interface > EKLE (+) 6to4 Tunnel

Name: verimerkezinden-eve-v6

Local Address: Verimerkezindeki routerin v4 ip adresi: 93.88.11.1

Remote Address: Evimde kullandigim sabit kablonet v4 ip adresi: 94.66.21.23

YANI:

/interface 6to4
add local-address=93.88.11.1 name=verimerkezinden-eve-v6 remote-address=94.66.21.23

4-2- Evdeki mikrotik router uzerinde yapilan ayarlar

Interfaces > Interface > EKLE (+) 6to4 Tunnel

Name: verimerkezinden-eve-v6

Local Address: Evimde kullandigim sabit kablonet v4 ip adresi: 94.66.21.23

Remote Address: Verimerkezindeki routerin v4 ip adresi: 93.88.11.1

YANI:

/interface 6to4
add local-address=94.66.21.23 name=verimerkezinden-eve-v6 remote-address=93.88.11.1

BU KADAR 🙂 Ne kadar kolay degilmi 🙂 6to4 tunelimiz kuruldu.

su anda fe80 ile baslayan verimerkezindeki v6 ip adresimizi evden pingleyebilir durumdayiz.

/ping fe80:bla:bla test edebiliriz.

5- Verimerkezindeki mikrotik router uzerinden devam: /48 tanimlayalim.

verimerkezindeki anons ettigim ipv6 adres blogum 2a02:800::/32 oldugundan yola cikarak.

ipv6 > routes

Ekle (+)

Dst. Address: 2a02:800:b0b::/48

Gateway: verimerkezinden-eve-v6

YANI:

add dst-address=2a02:800:b0b::/48 gateway=verimerkezinden-eve-v6

 

6- Evdeki mikrotik router uzerinden devam: 

ipv6 > routes

Ekle (+)

Dst.Address: ::/0

gateway:verimerkezinden-eve-v6

Bi tane daha ekle:

Dst. Address: 2a02:800:b0b::/48

type: unreachable

YANI:

/ipv6 route
add dst-address=::/0 gateway=verimerkezinden-eve-v6
add dst-address=2a02:800:b0b::/48 type=unreachable

 

NOT: Bunu neden boyle ekledik:

prefixmimiz icin default gateway ve unreachable route cunku, paketler routerlar arasinda luzumsuz bounce etmesin. tamam?

7- Evdeki mikrotik router uzerinden devam: /48 imiz icinden /64 tanimlayalim bir kac tane hatta komsulara dagitalim:

ipv6 > Addressess > Ekle (+)

Address: 2a02:800:b0b::9/64

Interface: bridge-local

Asagida Advertise secili olacak kutucuk . Ki mikrotik arkasindaki lokal agimizdaki cihazlar bu blok uzerinden ipv6 larini alsinlar doya doya.

Ok Apply

Isimiz bitti .

Gule gule kullanalim 😀

tebrikler. Artik evinizde ipv6 var.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOT: ND nedir /48 nedir /32 Nedir ? Route ipv6 falan? Ha?

tabi azicik ne ile ugrastiginizi biliyor olmaniz gerekiyor dogal olarak.

v6 bu borumu?

DHCPv6 sucks ND varken stateless ne guzel 🙂

 

SONUC:

 

shukko@Kazandibi ~ $ ifconfig 
enp8s0    Link encap:Ethernet  HWaddr 70:65:eb:4a:e2:fe  
          inet addr:192.168.88.27  Bcast:192.168.88.255  Mask:255.255.255.0
          inet6 addr: fe80::e726:b820:3f73:f2b4/64 Scope:Link
          inet6 addr: 2a02:800:b0b:0:25b2:4e7f:1b9a:f1a2/64 Scope:Global
          inet6 addr: 2a02:800:b0b:0:48a7:e94f:985b:d3ba/64 Scope:Global
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:2058293 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1896972 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:2395810724 (2.3 GB)  TX bytes:1095854661 (1.0 GB)
          Memory:f7500000-f751ffff

 

BIR SONUC DAHA ?

ping6 ipv6.google.com
PING ipv6.google.com(fra15s11-in-x0e.1e100.net) 56 data bytes
64 bytes from fra15s11-in-x0e.1e100.net: icmp_seq=1 ttl=54 time=57.2 ms
64 bytes from fra15s11-in-x0e.1e100.net: icmp_seq=2 ttl=54 time=56.4 ms
64 bytes from fra15s11-in-x0e.1e100.net: icmp_seq=3 ttl=54 time=57.3 ms
64 bytes from fra15s11-in-x0e.1e100.net: icmp_seq=4 ttl=54 time=56.5 ms
64 bytes from fra15s11-in-x0e.1e100.net: icmp_seq=5 ttl=54 time=57.4 ms
64 bytes from fra15s11-in-x0e.1e100.net: icmp_seq=6 ttl=54 time=57.6 ms
64 bytes from fra15s11-in-x0e.1e100.net: icmp_seq=7 ttl=54 time=56.8 ms
64 bytes from fra15s11-in-x0e.1e100.net: icmp_seq=8 ttl=54 time=56.8 ms
64 bytes from fra15s11-in-x0e.1e100.net: icmp_seq=9 ttl=54 time=58.4 ms
64 bytes from fra15s11-in-x0e.1e100.net: icmp_seq=10 ttl=54 time=56.6 ms
64 bytes from fra15s11-in-x0e.1e100.net: icmp_seq=11 ttl=54 time=56.3 ms
64 bytes from fra15s11-in-x0e.1e100.net: icmp_seq=12 ttl=54 time=57.9 ms
64 bytes from fra15s11-in-x0e.1e100.net: icmp_seq=13 ttl=54 time=61.5 ms
64 bytes from fra15s11-in-x0e.1e100.net: icmp_seq=14 ttl=54 time=60.3 ms
64 bytes from fra15s11-in-x0e.1e100.net: icmp_seq=15 ttl=54 time=59.5 ms
64 bytes from fra15s11-in-x0e.1e100.net: icmp_seq=16 ttl=54 time=60.7 ms
64 bytes from fra15s11-in-x0e.1e100.net: icmp_seq=17 ttl=54 time=58.7 ms
64 bytes from fra15s11-in-x0e.1e100.net: icmp_seq=18 ttl=54 time=56.5 ms
64 bytes from fra15s11-in-x0e.1e100.net: icmp_seq=19 ttl=54 time=57.6 ms
64 bytes from fra15s11-in-x0e.1e100.net: icmp_seq=20 ttl=54 time=56.9 ms
64 bytes from fra15s11-in-x0e.1e100.net: icmp_seq=21 ttl=54 time=57.4 ms
64 bytes from fra15s11-in-x0e.1e100.net: icmp_seq=22 ttl=54 time=57.7 ms
^C
--- ipv6.google.com ping statistics ---
22 packets transmitted, 22 received, 0% packet loss, time 21033ms
rtt min/avg/max/mdev = 56.338/57.868/61.511/1.435 ms

 

 

 

shukko·directadmin sunucudaki tum email adreslerinin listesi için yorumlar kapalı
for DOMAIN in $(find /etc/virtual/* -maxdepth 0 -type d ! -type l ! -name '*_off' ! -name 'usage' ! -name 'majordomo' -printf '%f \n'); do { for USER in $(cut -d: -f1 /etc/virtual/${DOMAIN}/quota); do { echo ${USER}@${DOMAIN} >> /root/activePopAccounts.txt; }; done; }; done;

 

shukko·en hizli rsync nasil yapilir? için yorumlar kapalı

en hizli rsync nasil yapilir?

https://gist.github.com/KartikTalwar/4393116

adresinden yola cikarak yapilir evet.

ORIGINAL:


rsync -aHAXxv --numeric-ids --delete --progress -e "ssh -T -c arcfour -o Compression=no -x" user@<source>:<source_dir> <dest_dir>



FLIP:


rsync -aHAXxv --numeric-ids --delete --progress -e "ssh -T -c arcfour -o Compression=no -x" [source_dir] [dest_host:/dest_dir]

not:

bu siliyor yahu eski dosyalari

aman silmesin dikkat edelim 🙂

 

suda var birde

 

rsync -rtXx --numeric-ids --progress -e "ssh -T -c aes128-ctr -o Compression=no -x" <user>@<ip>:/<source-path>/ /<dest.path>/

 

bu bisi silmiyor – delete yok dogal olarak –  ama az daha yavas

 

buunu birde boyle denemek mi lazim acaba?

 

rsync -rtXx --numeric-ids --progress -e "ssh -T -c arcfour -o Compression=no -x" <user>@<ip>:/<source-path>/ /<dest.path>/

olabilir denemedim 🙂

 

az sonra edit

 

aynen denedim

 

en krali bu tamam ya bu is ..

 

bir daha yazalim mi ?

rsync -rtXx --numeric-ids --progress -e "ssh -T -c arcfour -o Compression=no -x" <user>@<ip>:/<source-path>/ /<dest.path>/

NOT: dogal olarak bunu ALICI makinada calistiriyoruz.

 

shukko·bye bye Centos 5 için yorumlar kapalı

Centos 5 coktan EOL oldu.

ama inatla yuksetlmek istenilmeyen sunucular var.

Centos 5 repolari vaulta tasinmis

bu dosyayi asagidaki sekilde guncellersen

en azindan final 5.11 devam edersin.

tabi yukseltmek gerek eninde sonunda.

Sene 2018, Centos5 mi kaldi yahu…

##

nano /etc/yum.repos.d/CentOS-Base.repo

# CentOS-Base.repo
#
# The mirror system uses the connecting IP address of the client and the
# update status of each mirror to pick mirrors that are updated to and
# geographically close to the client.  You should use this for CentOS updates
# unless you are manually picking other mirrors.
#
# If the mirrorlist= does not work for you, as a fall back you can try the 
# remarked out baseurl= line instead.
#
#

[base]
name=CentOS-$releasever - Base
#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=os
#baseurl=http://mirror.centos.org/centos/$releasever/os/$basearch/
baseurl=http://vault.centos.org/5.11/os/$basearch
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-5

#released updates 
[updates]
name=CentOS-$releasever - Updates
#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=updates
#baseurl=http://mirror.centos.org/centos/$releasever/updates/$basearch/
baseurl=http://vault.centos.org/5.11/updates/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-5

#additional packages that may be useful
[extras]
name=CentOS-$releasever - Extras
#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=extras
#baseurl=http://mirror.centos.org/centos/$releasever/extras/$basearch/
baseurl=http://vault.centos.org/5.11/extras/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-5

#additional packages that extend functionality of existing packages
[centosplus]
name=CentOS-$releasever - Plus
#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=centosplus
#baseurl=http://mirror.centos.org/centos/$releasever/centosplus/$basearch/
baseurl=http://vault.centos.org/5.11/centosplus/$basearch/
gpgcheck=1
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-5

#contrib - packages by Centos Users
[contrib]
name=CentOS-$releasever - Contrib
#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=contrib
#baseurl=http://mirror.centos.org/centos/$releasever/contrib/$basearch/
baseurl=http://vault.centos.org/5.11/contrib/$basearch/
gpgcheck=1
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-5

 

shukko·exim block .TLD için yorumlar kapalı

Bu konu hakkinda daha once yazmistim.

ancak o zamanki kod fasle positive uretiyor

mesela .link bloklamak istiyorsun linkedin den gelen mailleride blokluyor.

su asagidakini cpanel forumlarinda buldum

ise yarama ihtimali yuksek gibi

 

# Block Newfangled Domain Spam
# THESE BLOCK MORE SPAM THAN ALL THE OTHER RULES COMBINED!

if first_delivery
and (
("$h_from:" matches ".+@.+\\\\.click[^a-zA-Z0-9_]")
or ("$h_from:" matches ".+@.+\\\\.ch[^a-zA-Z0-9_]")
or ("$h_from:" matches ".+@.+\\\\.cricket[^a-zA-Z0-9_]")
or ("$h_from:" matches ".+@.+\\\\.asia[^a-zA-Z0-9_]")
or ("$h_from:" matches ".+@.+\\\\.ec[^a-zA-Z0-9_]")
or ("$h_from:" matches ".+@.+\\\\.exercise[^a-zA-Z0-9_]")
or ("$h_from:" matches ".+@.+\\\\.co.in[^a-zA-Z0-9_]")
or ("$h_from:" matches ".+@.+\\\\.gen.in[^a-zA-Z0-9_]")
or ("$h_from:" matches ".+@.+\\\\.it[^a-zA-Z0-9_]")
or ("$h_from:" matches ".+@.+\\\\.net.in[^a-zA-Z0-9_]")
or ("$h_from:" matches ".+@.+\\\\.link[^a-zA-Z0-9_]")
or ("$h_from:" matches ".+@.+\\\\.ninja[^a-zA-Z0-9_]")
or ("$h_from:" matches ".+@.+\\\\.review[^a-zA-Z0-9_]")
or ("$h_from:" matches ".+@.+\\\\.rocks[^a-zA-Z0-9_]")
or ("$h_from:" matches ".+@.+\\\\.science[^a-zA-Z0-9_]")
or ("$h_from:" matches ".+@.+\\\\.space[^a-zA-Z0-9_]")
or ("$h_from:" matches ".+@.+\\\\.sk[^a-zA-Z0-9_]")
or ("$h_from:" matches ".+@.+\\\\.uno[^a-zA-Z0-9_]")
or ("$h_from:" matches ".+@.+\\\\.website[^a-zA-Z0-9_]")
or ("$h_from:" matches ".+@.+\\\\.work[^a-zA-Z0-9_]")
or ("$h_from:" matches ".+@.+\\\\.xyz[^a-zA-Z0-9_]")
or ("$h_from:" matches ".+@.+\\\\.za[^a-zA-Z0-9_]")
)
then
headers add "SpamRule: EXIM FILTER Block Newfangled Domains (was: $h_subject:)"
deliver "Newfangled <newfangled@myfalsepositivecheckingdomain.com>"
seen finish
endif

You can omit the “headers add” line and the “deliver” line to just delete them if you dare.

demis yani

headres add ile mailinn subjectini degistirip deliver ile false positive varmi diye bakmak icin baska bir adrese telim ediyor

bu satirlar kontrol icin , yiyorsa toptan sil 2 satiri demis.

 

shukko·to find out which user and which process is making connections on a port için yorumlar kapalı
lsof -i tcp:80 -P -R

This command shows us all running processes that are using port 80 for any kind of communication.

  • The -i parameter specifies we want to list the processes, by identifying them with IPv4 or IPv6.
  • The tcp:80 part means we only want to show TCP connections (and ignore UDP for the time being) using port 80.
  • Using -P we specify we want to see the port numbers (80, 21, …) instead of the names (HTTP, FTP) which are shown by default. Much like the -n parameter with netstat.
  • With -R we also show the Parent Process ID, to see who initiated this process.

shukko·3proxy yenisi 2017 için yorumlar kapalı
HTTP proxy setup with SSL support.

OS: Debian or Ubuntu.

sudo apt-get install gcc make

wget https://github.com/z3APA3A/3proxy/archive/0.8.9.tar.gz

tar -xvzf 0.8.9.tar.gz

cd 3proxy-0.8.9

make -f Makefile.Linux

cd src

mkdir /etc/3proxy/

mv 3proxy /etc/3proxy/

cd /etc/3proxy/

nano 3proxy.cfg

nserver 80.80.80.80

nserver 80.80.81.81

nscache 65536

timeouts 1 5 30 60 180 1800 15 60

users $/etc/3proxy/.proxyauth

daemon

log /dev/null

authcache user 60

auth strong cache

deny * * 127.0.0.1,192.168.1.1

allow * * * 80-88,8080-8088 HTTP

allow * * * 443,8443 HTTPS

proxy -n -p80 -a

admin -p3200

chmod 600 /etc/3proxy/3proxy.cfg

nano .proxyauth

user:CL:password

user1:CL:password1

user2:CL:password2

chmod 600 /etc/3proxy/.proxyauth

cd /etc/init.d/
nano 3proxyinit

case "$1" in
   start)
       echo Starting 3Proxy

       /etc/3proxy/3proxy /etc/3proxy/3proxy.cfg
       ;;

   stop)
       echo Stopping 3Proxy
       /usr/bin/killall 3proxy
       ;;

   restart|reload)
       echo Reloading 3Proxy
       /usr/bin/killall -s USR1 3proxy
       ;;
   *)
       echo Usage: \$0 "{start|stop|restart}"
       exit 1
esac
exit 0
chmod  +x /etc/init.d/3proxyinit

reboot The machine will restart.

/etc/init.d/3proxyinit restart

 

shukko·The Internet // Internet Nedir? için yorumlar kapalı

This Is The Internet // Iste bu asagidaki resim Internetin ta kendisi:::

 

 

“Insan Herkesi Kendisi Gibi Sanarmis” – Ozlu sozlu deyis – Sayin Cengiz E. Tarafindan soylenmistir ve binlerce kez dogrulanmistir…

shukko·How to configure a static IP address on CentOS 7 için yorumlar kapalı

Gecen gun gene lazim oldu.
alisamadim su centos7 olayina.
alismak lazim.
lazim olursa diye ekleyelim
How to configure a static IP address on CentOS 7
orjinal link:
hxxp://ask.xmodulo.com/configure-static-ip-address-centos7.html

Question: On CentOS 7, I want to switch from DHCP to static IP address configuration with one of my network interfaces. What is a proper way to assign a static IP address to a network interface permanently on CentOS or RHEL 7?

If you want to set up a static IP address on a network interface in CentOS 7, there are several different ways to do it, varying depending on whether or not you want to use Network Manager for that.

Network Manager is a dynamic network control and configuration system that attempts to keep network devices and connections up and active when they are available). CentOS/RHEL 7 comes with Network Manager service installed and enabled by default.

To verify the status of Network Manager service:

$ systemctl status NetworkManager.service

To check which network interface is managed by Network Manager, run:

$ nmcli dev status

If the output of nmcli shows “connected” for a particular interface (e.g., enp0s3 in the example), it means that the interface is managed by Network Manager. You can easily disable Network Manager for a particular interface, so that you can configure it on your own for a static IP address.

Here are two different ways to assign a static IP address to a network interface on CentOS 7. We will be configuring a network interface named enp0s3.

Configure a Static IP Address without Network Manager
Go to the /etc/sysconfig/network-scripts directory, and locate its configuration file (ifcfg-enp0s3). Create it if not found.

Open the configuration file and edit the following variables:

In the above, “NM_CONTROLLED=no” indicates that this interface will be set up using this configuration file, instead of being managed by Network Manager service. “ONBOOT=yes” tells the system to bring up the interface during boot.

Save changes and restart the network service using the following command:

# systemctl restart network.service
Now verify that the interface has been properly configured:

# ip add

Configure a Static IP Address with Network Manager

If you want to use Network Manager to manage the interface, you can use nmtui (Network Manager Text User Interface) which provides a way to configure Network Manager in a terminal environment.

Before using nmtui, first set “NM_CONTROLLED=yes” in /etc/sysconfig/network-scripts/ifcfg-enp0s3.

Now let’s install nmtui as follows.

# yum install NetworkManager-tui

Then go ahead and edit the Network Manager configuration of enp0s3 interface:

# nmtui edit enp0s3

The following screen will allow us to manually enter the same information that is contained in /etc/sysconfig/network-scripts/ifcfg-enp0s3.

Use the arrow keys to navigate this screen, press Enter to select from a list of values (or fill in the desired values), and finally click OK at the bottom right:

Finally, restart the network service.

# systemctl restart network.service
and you’re ready to go.

shukko·3proxy için yorumlar kapalı

3proxy?