Comments for Andryan's Random Notes

Comment on MikroTik RouterOS — BGP by Andryan

Andryan — Sun, 07 Dec 2008 15:17:18 +0000

Hi Arif,

This is the example:
from /routing filter
0 ;;; Advertise 116.0.0.0/21 to OpenIXP in /24s
chain=to_OpenIXP prefix=116.0.0.0/21 prefix-length=24 invert-match=no action=accept

1 ;;; Advertise 61.45.224.0/20 to OpenIXP in /24s
chain=to_OpenIXP prefix=61.45.224.0/20 prefix-length=24 invert-match=no action=accept

2 ;;; Advertise only our prefixes to OpenIXP, do not redistribute transit routes to IX
chain=to_OpenIXP invert-match=no action=discard

3 ;;; Discard default route from OpenIXP
chain=from_OpenIXP prefix=0.0.0.0/0 invert-match=no action=discard

4 ;;; IX routes should get higher priority
chain=from_OpenIXP invert-match=no action=accept set-bgp-local-pref=200

5 ;;; Advertise 61.45.224.0/20 to NAP
chain=to_NAP prefix=61.45.224.0/20 prefix-length=20 invert-match=no action=accept

6 ;;; Advertise 116.0.0.0/21 to NAP
chain=to_NAP prefix=116.0.0.0/21 prefix-length=21 invert-match=no action=accept

7 ;;; Advertise only our prefixes to NAP, do not redistribute IX routes/other transit routes to this transit
chain=to_NAP invert-match=no action=discard

8 X ;;; Only use default route from NAP’s BGP feed, opposite the following rule
chain=from_NAP prefix=0.0.0.0/0 invert-match=yes action=discard

9 ;;; Discard default route from NAP
chain=from_NAP prefix=0.0.0.0/0 invert-match=no action=discard

from /routing bgp network
0 A 116.0.0.0/21 no
1 A 116.0.0.0/24 no
2 A 116.0.1.0/24 no
3 A 116.0.2.0/24 no
4 A 116.0.3.0/24 no
5 A 116.0.4.0/24 no
6 A 116.0.5.0/24 no
7 A 116.0.6.0/24 no
8 A 116.0.7.0/24 no
9 A 61.45.224.0/20 no
10 A 61.45.224.0/24 no
11 A 61.45.225.0/24 no
12 A 61.45.226.0/24 no
13 A 61.45.227.0/24 no
14 A 61.45.228.0/24 no
15 A 61.45.229.0/24 no
16 A 61.45.230.0/24 no
17 A 61.45.231.0/24 no
18 A 61.45.232.0/24 no
19 A 61.45.233.0/24 no
20 A 61.45.234.0/24 no
21 A 61.45.235.0/24 no
22 A 61.45.236.0/24 no
23 A 61.45.237.0/24 no
24 A 61.45.238.0/24 no
25 A 61.45.239.0/24 no

Please note that OpenIXP advertises the smaller prefixes (/24) to make sure that local IX traffic takes the OpenIXP path rather than the NAP path. I also choose to drop default route from NAP to receive full BGP feed from my NAP. If you wish to receive only the default route (make sure your NAP does provide a default route otherwise your packets will go nowhere), enable filter #8 and disable #9.

Good luck!

Comment on MikroTik RouterOS — BGP by arif

arif — Tue, 02 Dec 2008 06:06:33 +0000

whereis the example configuration, could you share? may be with fake ip address,
thanks 4 advance

Comment on Update initrd with mkinitrd to install new (different) hardware on Linux by Demetri Mouratis

Demetri Mouratis — Fri, 21 Nov 2008 19:59:33 +0000

Good reference. I’m glad to hear you figured it out.

Comment on Hello Kitty Online on Mac OS X with CrossOver by marine_maiden

marine_maiden — Sun, 16 Nov 2008 05:06:54 +0000

LOL
You should put that in the site when it’s finished later. :p

Comment on Passive FTP workaround for Plesk’s proftpd by Russell

Russell — Tue, 13 May 2008 00:08:18 +0000

Make sure if you place the PassivePorts 49152 65534 that you place it between the tags and not just anywhere.

Comment on krb5-telnet != telnet-server by Andryan

Andryan — Thu, 08 May 2008 00:46:40 +0000

Because these servers are connected to an internal network which is isolated and sniffing is impossible. Anyway, that was my task at work and there is no security concern.

Before you post your comment, this is my technical notes and I don’t need people telling me that telnet is insecure. The idea of this blog is to share knowledge that is probably not documented elsewhere. I know what I’m doing, people.

For those who need this information, they should know what they are doing and know the risks involved by using telnet.

Comment on krb5-telnet != telnet-server by jaoswald

jaoswald — Wed, 07 May 2008 22:29:36 +0000

Why, out of curiosity, do you feel the need to enable a doubly-insecure option?

Anyone who sniffs your root password (sent unencrypted by telnet) will then be able to own your system.

Comment on krb5-telnet != telnet-server by Kongo Kalle

Kongo Kalle — Wed, 07 May 2008 20:38:34 +0000

They have put notes in about it, its written pretty clearly:

TELNET IS DEAD, USE SSH!

Comment on Passive FTP workaround for Plesk’s proftpd by Amed

Amed — Thu, 24 Apr 2008 22:44:54 +0000

hey thanks, it helped alot

Comment on RP-PPPoE server problem in Fedora Core 5, 6, Fedora 7, 8 by Aland

Aland — Tue, 15 Apr 2008 22:27:06 +0000

Realmente no core 7 e 8 apos fazer toda configuração do pppoe-setup…
quando ele consegue conectar ele perde todas as rotas… nem o proprio ip local LAN ou WAN ele consegue pingar…
problema grave se fosse so em casa blz.. mas tem empresas que usam adsl com ip dinamico….
quero migrar para o core 7 ou 8 e nao posso por este problema.
Grato pela atenção e conto com a colaboracao na solucao deste problema.