Posts from 2016-07

proxmox and VLANs
posted on 2016-07-15 13:07

This is a howto with a sample configuration on how to create a proxmox setup using vlans. No bonding is used.

  • network: 10.0.0.0/24
  • gateway ip: 10.0.0.1
  • proxmox ip: 10.0.0.2
  • VM ip: 10.0.0.3
  • vlan id: 222
  • physical NIC: eth0

proxmox

Physical NIC is set to manual, also the coresponding vlan device. Also the main bridge, only the specific bridge-vlan adapter is of type inet.

Main bridge uses physical NIC, vlan-bridge used the vlan-adapter the the physical NIC.

/etc/network/interfaces:

auto lo
iface lo inet loopback

auto eth0
iface eth0 inet manual

auto eth0.222
iface eth0.222 inet manual
    vlan-raw-device eth0

auto vmbr0
    iface vmbr0 inet manual
    bridge_ports eth0
    bridge_stp off
    bridge_fd 0

auto vmbr0v222
iface vmbr0v222 inet static
    address     10.0.0.2
    netmask     255.255.255.0
    gateway     10.0.0.1
    bridge_ports eth0.222
    bridge_stp off
    bridge_fd 0

Naming convention is ethX.VLAN for the physical NIC's VLAN adapter. For the bridge, do vmbrXvVLAN.

Set up more ethX.VLAN / vmbrXvVLAN couples for more VLANs.

VM

Setup the network as usual, as if no VLAN is in place:

auto lo
iface lo inet loopback

# The primary network interface
allow-hotplug eth0
iface eth0 inet static
    address     10.0.0.3
    netmask     255.255.255.0
    network     10.0.0.0
    broadcast   10.0.0.255
    gateway     10.0.0.1

Also set the VLAN from withing the proxmox interface for your VM's desired adapter. (Tab Hardware in the VM's menu, double-click onto Network Device, select main bride, which is vmbr0 here, and add the VLAN id in the field VLAN Tag.)

switch

You have to have set up trunking on the physical switch's switchport that your proxmox hardware is using.

If you omit this, no vlan tagging will take place and you will have no connectivity even if your proxmox network config is solid.

apache htpasswd
posted on 2016-07-14 13:27

To password-protect a phpmyadmin interface via a .htpasswd authentication through the apache, try this in your vhost. (I prefer doing these things in the vhost instead of from within a .htaccess in the webfolder.)

`vim /etc/apache/sites-enabled/phpmyadmin.conf

...

<Directory /var/www/phpmyadmin/htdocs>
    Options -Indexes +ExecCGI +FollowSymLinks -MultiViews
    AllowOverride all

    AuthType basic
    AuthName "phpmyadmin pw"
    AuthUserFile    /var/www/phpmyadmin/.htpasswd
    Require   valid-user

</Directory>

...

Afterwards create a user (here called 'admin') in the .htpasswd file, which lies in the WEBROOT, not the DOCROOT of your hosting, so it cannot be changed via FTP access. (FTP is available only for htdocs folder in my example.)

htpasswd -c /var/www/phpmyadmin/.htpasswd admin

Then you will be prompted for entering a password twice.

A service apache2 reload to activate the changes afterwards and you are done.

modbus basics
posted on 2016-07-05 14:11

Here is a handful of facts I came across lately, in no particular order. Also you really really should read this link and the wiki pages.

adressing

The following are the data types at specific memory adresses with which you can work with via the bus system.

  • discrete inputs: RO boolean, size: 1 bit
  • input registers: RO integer, size: 16 bits, for measurements / statuses
  • coil: RW boolean, size: 1 bit
  • holding registers: RW integer, size: 16 bits, essentially configuration values

master / slave vs. client / server

There can only be one server on the bus. Multimaster = recipe for disaster, from what I read until now.

A modbus client is basically a master. With it you query the one of the slaves / servers for data. You either get a register's content, or set it, depending on its type. (See above.)

communication types

There exist several:

  • Modbus ASCII: basically plaintext, but slower, used mainly on 7- or 8-bit serial lines
  • Modbus RTU: 'remote terminal unit', used mainly on 8-bit async lines like EIA-485/RS485
  • Modbus TCP: same as RTU, but checksumming is done through TCP, usually TCP port 502 is used, for ethernet networks

Further Modbus requests can be transferred via UDP, too.

They all differ in how the requests have to be structured.

communication

All types of communication with the bus transport the following information, plus/minus their specific headers and start/stop bits.

  • address
  • function
  • data

example with pymodbus library

Plain copy paste, without further comments:

from pymodbus.client.sync import ModbusTcpClient as ModbusClient

import logging

logging.basicConfig()
log = logging.getLogger()
log.setLevel(logging.DEBUG)

client = ModbusClient('192.168.88.88', port=502)
client.connect()

r0  =  client.read_holding_registers(0,1,unit=0x01)
r1  =  client.read_holding_registers(1,1,unit=0x01)
r2  =  client.read_holding_registers(2,1,unit=0x01)
r3  =  client.read_holding_registers(3,1,unit=0x01)
r4  =  client.read_holding_registers(4,1,unit=0x01)
r5  =  client.read_holding_registers(5,1,unit=0x01)
r6  =  client.read_holding_registers(6,1,unit=0x01)
r7  =  client.read_holding_registers(7,1,unit=0x01)
r8  =  client.read_holding_registers(8,1,unit=0x01)
r9  =  client.read_holding_registers(9,1,unit=0x01)
r10 = client.read_holding_registers(10,1,unit=0x01)
r11 = client.read_holding_registers(11,1,unit=0x01)
r12 = client.read_holding_registers(12,1,unit=0x01)
r13 = client.read_holding_registers(13,1,unit=0x01)
r14 = client.read_holding_registers(14,1,unit=0x01)
r15 = client.read_holding_registers(15,1,unit=0x01)
r16 = client.read_holding_registers(16,1,unit=0x01)
r17 = client.read_holding_registers(17,1,unit=0x01)
r18 = client.read_holding_registers(18,1,unit=0x01)
r19 = client.read_holding_registers(19,1,unit=0x01)
r20 = client.read_holding_registers(20,1,unit=0x01)
r21 = client.read_holding_registers(21,1,unit=0x01)
r22 = client.read_holding_registers(22,1,unit=0x01)
r23 = client.read_holding_registers(23,1,unit=0x01)
r24 = client.read_holding_registers(24,1,unit=0x01)
r25 = client.read_holding_registers(25,1,unit=0x01)
r26 = client.read_holding_registers(26,1,unit=0x01)
r27 = client.read_holding_registers(27,1,unit=0x01)
r28 = client.read_holding_registers(28,1,unit=0x01)
r29 = client.read_holding_registers(29,1,unit=0x01)
r30 = client.read_holding_registers(30,1,unit=0x01)

client.close()
snmp querying
posted on 2016-07-05 11:57

prerequisites

For testing your SNMP setup, it needs to have these defined:

  • agentaddress with protocol,public ip,port
  • community string (often 'public' or 'mrtgread')
  • snmpd service restart, if changes are pending (config was edited in the past but service not restarted/reloaded yet)

Then for querying: (this is an example)

snmpwalk -c public -v 2c <IP>

or

snmpget -c public -v 2c <IP> <OID>

This blog covers .csv, .htaccess, .pfx, .vmx, /etc/crypttab, /etc/network/interfaces, /etc/sudoers, /proc, 10.04, 14.04, AS, ASA, ControlPanel, DS1054Z, GPT, HWR, Hyper-V, IPSEC, KVM, LSI, LVM, LXC, MBR, MTU, MegaCli, PHP, PKI, R, RAID, S.M.A.R.T., SNMP, SSD, SSL, TLS, TRIM, VEEAM, VMware, VServer, VirtualBox, Virtuozzo, XenServer, acpi, adaptec, algorithm, ansible, apache, apachebench, apple, arcconf, arch, architecture, areca, arping, asa, asdm, awk, backup, bandit, bar, bash, benchmarking, binding, bitrate, blackarmor, blowfish, bochs, bond, bonding, booknotes, bootable, bsd, btrfs, buffer, c-states, cache, caching, ccl, centos, certificate, certtool, cgdisk, cheatsheet, chrome, chroot, cisco, clamav, cli, clp, clush, cluster, coleslaw, colorscheme, common lisp, console, container, containers, controller, cron, cryptsetup, csync2, cu, cups, cygwin, d-states, database, date, db2, dcfldd, dcim, dd, debian, debug, debugger, debugging, decimal, desktop, df, dhclient, dhcp, diff, dig, display manager, dm-crypt, dmesg, dmidecode, dns, docker, dos, drivers, dtrace, dtrace4linux, du, dynamictracing, e2fsck, eBPF, ebook, efi, egrep, emacs, encoding, env, error, ess, esx, esxcli, esxi, ethtool, evil, expect, exportfs, factory reset, factory_reset, factoryreset, fail2ban, fbsd, fedora, file, filesystem, find, fio, firewall, firmware, fish, flashrom, forensics, free, freebsd, freedos, fritzbox, fsck, fstrim, ftp, ftps, g-states, gentoo, ghostscript, git, git-filter-branch, github, gitolite, gnutls, gradle, grep, grml, grub, grub2, guacamole, hardware, haskell, hdd, hdparm, hellowor, hex, hexdump, history, howto, htop, htpasswd, http, httpd, https, i3, icmp, ifenslave, iftop, iis, imagemagick, imap, imaps, init, innoDB, innodb, inodes, intel, ioncube, ios, iostat, ip, iperf, iphone, ipmi, ipmitool, iproute2, ipsec, iptables, ipv6, irc, irssi, iw, iwconfig, iwlist, iwlwifi, jailbreak, jails, java, javascript, javaws, js, juniper, junit, kali, kde, kemp, kernel, keyremap, kill, kpartx, krypton, lacp, lamp, languages, ldap, ldapsearch, less, leviathan, liero, lightning, links, linux, linuxin3months, lisp, list, livedisk, lmctfy, loadbalancing, locale, log, logrotate, looback, loopback, losetup, lsblk, lsi, lsof, lsusb, lsyncd, luks, lvextend, lvm, lvm2, lvreduce, lxc, lxde, macbook, macro, magento, mailclient, mailing, mailq, manpages, markdown, mbr, mdadm, megacli, micro sd, microsoft, minicom, mkfs, mktemp, mod_pagespeed, mod_proxy, modbus, modprobe, mount, mouse, movement, mpstat, multitasking, myISAM, mysql, mysql 5.7, mysql workbench, mysqlcheck, mysqldump, nagios, nas, nat, nc, netfilter, networking, nfs, nginx, nmap, nocaps, nodejs, numberingsystem, numbers, od, onyx, opcode-cache, openVZ, openlierox, openssl, openvpn, openvswitch, openwrt, oracle linux, org-mode, os, oscilloscope, overview, parallel, parameter expansion, parted, partitioning, passwd, patch, pdf, performance, pfsense, php, php7, phpmyadmin, pi, pidgin, pidstat, pins, pkill, plesk, plugin, posix, postfix, postfixadmin, postgres, postgresql, poudriere, powershell, preview, profiling, prompt, proxmox, ps, puppet, pv, pvecm, pvresize, python, qemu, qemu-img, qm, qmrestore, quicklisp, r, racktables, raid, raspberry pi, raspberrypi, raspbian, rbpi, rdp, redhat, redirect, registry, requirements, resize2fs, rewrite, rewrites, rhel, rigol, roccat, routing, rs0485, rs232, rsync, s-states, s_client, samba, sar, sata, sbcl, scite, scp, screen, scripting, seafile, seagate, security, sed, serial, serial port, setup, sftp, sg300, shell, shopware, shortcuts, showmount, signals, slattach, slip, slow-query-log, smbclient, snmpget, snmpwalk, software RAID, software raid, softwareraid, sophos, spacemacs, spam, specification, speedport, spi, sqlite, squid, ssd, ssh, ssh-add, sshd, ssl, stats, storage, strace, stronswan, su, submodules, subzone, sudo, sudoers, sup, swaks, swap, switch, switching, synaptics, synergy, sysfs, systemd, systemtap, tar, tcpdump, tcsh, tee, telnet, terminal, terminator, testdisk, testing, throughput, tmux, todo, tomcat, top, tput, trafficshaping, ttl, tuning, tunnel, tunneling, typo3, uboot, ubuntu, ubuntu 16.04, udev, uefi, ulimit, uname, unetbootin, unit testing, upstart, uptime, usb, usbstick, utf8, utm, utm 220, ux305, vcs, vgchange, vim, vimdiff, virtualbox, virtualization, visual studio code, vlan, vmstat, vmware, vnc, vncviewer, voltage, vpn, vsphere, vzdump, w, w701, wakeonlan, wargames, web, webdav, weechat, wget, whois, wicd, wifi, windowmanager, windows, wine, wireshark, wpa, wpa_passphrase, wpa_supplicant, x2x, xfce, xfreerdp, xmodem, xterm, xxd, yum, zones, zsh

View posts from 2017-03, 2017-02, 2017-01, 2016-12, 2016-11, 2016-10, 2016-09, 2016-08, 2016-07, 2016-06, 2016-05, 2016-04, 2016-03, 2016-02, 2016-01, 2015-12, 2015-11, 2015-10, 2015-09, 2015-08, 2015-07, 2015-06, 2015-05, 2015-04, 2015-03, 2015-02, 2015-01, 2014-12, 2014-11, 2014-10, 2014-09, 2014-08, 2014-07, 2014-06, 2014-05, 2014-04, 2014-03, 2014-01, 2013-12, 2013-11, 2013-10


Unless otherwise credited all material Creative Commons License by sjas