代码学习 – Page 2

2023-02-06

ASA 5515-X

PPPOE

1. set the CT route to bridge mode
2. configed the pppoe on the asa5515
fw02# show running-config vpdn vpdn group CT request dialout pppoe vpdn group CT localname user1234 vpdn group CT ppp authentication pap vpdn username user1234 password ***** fw02# show run fw02# show running-config int fw02# show running-config interface g0/5 ! interface GigabitEthernet0/5 nameif outside security-level 0 dhcp client update dns pppoe client vpdn group CT ip address pppoe setroute fw02#


fw02# show vpdn session pppoe state 
PPPoE Session Information (Total tunnels=1 sessions=1)

SessID TunID Intf State Last Chg 22408 5 outside SESSION_UP 28161 secs

3. publish http service to internet

fw02# show running-config access-list access-list SSH extended permit ip any any access-list SSH extended permit tcp any any log critical access-list OUT extended permit icmp any any log access-list OUT extended permit tcp any any eq www access-list IN extended permit tcp any any eq 8888 log access-list IN extended permit tcp any any eq www access-list IN extended permit udp host x.x.x.x any access-list IN extended permit tcp host x.x.x.x any fw02# show running-config nat ! object network OA nat (inside,outside) static interface service tcp www 8888 ! nat (inside,outside) after-auto source dynamic OA interface fw02# fw02# show nat


Auto NAT Policies (Section 2)

1 (inside) to (outside) source static OA interface  service tcp www 8888

    translate_hits = 0, untranslate_hits = 78
Manual NAT Policies (Section 3)

1 (inside) to (outside) source dynamic OA interface

    translate_hits = 473, untranslate_hits = 0

fw02#

fw02# packet-tracer input outside tcp 8.8.8.8 12345 x.x.x.x 8888 detailed 
Phase: 1

Type: UN-NAT

Subtype: static

Result: ALLOW

Config:

object network OA

 nat (inside,outside) static interface service tcp www 8888

Additional Information:

NAT divert to egress interface inside

Untranslate x.x.x.x/8888 to x.x.x.x/80
Phase: 2

Type: ACCESS-LIST

Subtype: log

Result: ALLOW

Config:

access-group OUT in interface outside

access-list OUT extended permit tcp any any eq www

Additional Information:

 Forward Flow based lookup yields rule:

 in  id=0x2aaac4a10fe0, priority=13, domain=permit, deny=false

        hits=2, user_data=0x2aaab9906b80, cs_id=0x0, use_real_addr, flags=0x0, protocol=6

        src ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=any

        dst ip/id=0.0.0.0, mask=0.0.0.0, port=80, tag=any, dscp=0x0

        input_ifc=outside, output_ifc=any
Phase: 3

Type: CONN-SETTINGS

Subtype:

Result: ALLOW

Config:

class-map class-default

 match any

policy-map global_policy

 class class-default

  set connection decrement-ttl

service-policy global_policy global

Additional Information:

 Forward Flow based lookup yields rule:

 in  id=0x2aaac3eb0280, priority=7, domain=conn-set, deny=false

        hits=224, user_data=0x2aaacabcf980, cs_id=0x0, use_real_addr, flags=0x0, protocol=0

        src ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=any

        dst ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=any, dscp=0x0

        input_ifc=outside, output_ifc=any
Phase: 4

Type: NAT

Subtype:

Result: ALLOW

Config:

nat (inside,outside) after-auto source dynamic OA interface

Additional Information:

 Forward Flow based lookup yields rule:

 in  id=0x2aaab9bb49f0, priority=6, domain=nat, deny=false

        hits=40, user_data=0x2aaac276e650, cs_id=0x0, flags=0x0, protocol=0

        src ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=any

        dst ip/id=x.x.x.x, mask=255.255.255.255, port=0, tag=any, dscp=0x0

        input_ifc=outside, output_ifc=inside
Phase: 5

Type: NAT

Subtype: per-session

Result: ALLOW

Config:

Additional Information:

 Forward Flow based lookup yields rule:

 in  id=0x2aaac2b1f880, priority=0, domain=nat-per-session, deny=false

        hits=29568, user_data=0x0, cs_id=0x0, reverse, use_real_addr, flags=0x0, protocol=6

        src ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=any

        dst ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=any, dscp=0x0

        input_ifc=any, output_ifc=any
Phase: 6

Type: IP-OPTIONS

Subtype:

Result: ALLOW

Config:

Additional Information:

 Forward Flow based lookup yields rule:

 in  id=0x2aaac44e2400, priority=0, domain=inspect-ip-options, deny=true

        hits=7307, user_data=0x0, cs_id=0x0, reverse, flags=0x0, protocol=0

        src ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=any

        dst ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=any, dscp=0x0

        input_ifc=outside, output_ifc=any
Phase: 7

Type: INSPECT

Subtype: np-inspect

Result: ALLOW

Config:

class-map class-default

 match any

policy-map global_policy

 class class-default

  inspect icmp

service-policy global_policy global

Additional Information:

 Forward Flow based lookup yields rule:

 in  id=0x2aaac4aace50, priority=70, domain=inspect-icmp, deny=false

        hits=50, user_data=0x2aaac4ac4ed0, cs_id=0x0, use_real_addr, flags=0x0, protocol=0

        src ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=any

        dst ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=any, dscp=0x0

        input_ifc=outside, output_ifc=any
Phase: 8

Type: FOVER

Subtype: standby-update

Result: ALLOW

Config:

Additional Information:

 Forward Flow based lookup yields rule:

 in  id=0x2aaac4380a90, priority=20, domain=lu, deny=false

        hits=132, user_data=0x0, cs_id=0x0, flags=0x0, protocol=6

        src ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=any

        dst ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=any, dscp=0x0

        input_ifc=outside, output_ifc=any
Phase: 9

Type: VPN

Subtype: ipsec-tunnel-flow

Result: ALLOW

Config:

Additional Information:

 Forward Flow based lookup yields rule:

 in  id=0x2aaac4b56900, priority=13, domain=ipsec-tunnel-flow, deny=true

        hits=1216, user_data=0x0, cs_id=0x0, flags=0x0, protocol=0

        src ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=any

        dst ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=any, dscp=0x0

        input_ifc=outside, output_ifc=any
Phase: 10

Type: NAT

Subtype: rpf-check

Result: ALLOW

Config:

object network OA

 nat (inside,outside) static interface service tcp www 8888

Additional Information:

 Forward Flow based lookup yields rule:

 out id=0x2aaac447d000, priority=6, domain=nat-reverse, deny=false

        hits=50, user_data=0x2aaac4480120, cs_id=0x0, use_real_addr, flags=0x0, protocol=6

        src ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=any

        dst ip/id=x.x.x.x, mask=255.255.255.255, port=80, tag=any, dscp=0x0

        input_ifc=outside, output_ifc=inside
Phase: 11

Type: NAT

Subtype: per-session

Result: ALLOW

Config:

Additional Information:

 Reverse Flow based lookup yields rule:

 in  id=0x2aaac2b1f880, priority=0, domain=nat-per-session, deny=false

        hits=29570, user_data=0x0, cs_id=0x0, reverse, use_real_addr, flags=0x0, protocol=6

        src ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=any

        dst ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=any, dscp=0x0

        input_ifc=any, output_ifc=any
Phase: 12

Type: IP-OPTIONS

Subtype:

Result: ALLOW

Config:

Additional Information:

 Reverse Flow based lookup yields rule:

 in  id=0x2aaac475d220, priority=0, domain=inspect-ip-options, deny=true

        hits=5834, user_data=0x0, cs_id=0x0, reverse, flags=0x0, protocol=0

        src ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=any

        dst ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=any, dscp=0x0

        input_ifc=inside, output_ifc=any
Phase: 13

Type: FLOW-CREATION

Subtype:

Result: ALLOW

Config:

Additional Information:

New flow created with id 7981, packet dispatched to next module

Module information for forward flow ...

snp_fp_tracer_drop

snp_fp_inspect_ip_options

snp_fp_tcp_normalizer

snp_fp_inspect_icmp

snp_fp_translate

snp_fp_adjacency

snp_fp_fragment

snp_ifc_stat
Module information for reverse flow ...

snp_fp_tracer_drop

snp_fp_inspect_ip_options

snp_fp_translate

snp_fp_tcp_normalizer

snp_fp_inspect_icmp

snp_fp_adjacency

snp_fp_fragment

snp_ifc_stat
Result:

input-interface: outside

input-status: up

input-line-status: up

output-interface: inside

output-status: up

output-line-status: up

Action: allow

fw02#

2022-08-23

ORA-01210: data file header is media corrupt

bbed parfile=parfile.txt

parfile.txt
blocksize=8192
listfile=file.txt
mode=edit
password=blockedit

file.txt
1 /opt/app/oradata/test/system01.dbf 8178892
2 /opt/app/oradata/test/sysaux01.dbf 2936012
3 /opt/app/oradata/test/undotbs01.dbf 9017753
4 /opt/app/oradata/test/users01.dbf 5242880
5 /opt/app/oradata/test/test01.dbf 2547200

SQL> select checkpoint_change# from v$datafile_header;

CHECKPOINT_CHANGE#
——————
120020207
120020207
120020207
120020207
120000000

BBED> info
BBED> p kcvfhckp
BBED> d /v dba 1,1 offset 484 count 16
BBED> assign dba 5,1 kcvfh.kcvfhckp.kcvcpscn.kscnbas = dba 1,1 kcvfh.kcvfhckp.kcvcpscn.kscnbas
BBED> d /v dba 5,1 offset 484 count 16
BBED> set dba 5,1
BBED> sum apply

SQL> recover datafile 5;
Connected to an idle instance.

SQL> startup
ORACLE instance started.

Total System Global Area 3340451840 bytes
Fixed Size 2217952 bytes
Variable Size 2499807264 bytes
Database Buffers 822083584 bytes
Redo Buffers 16343040 bytes
Database mounted.
Database opened.

2022-08-222022-08-22

terraform alicloud import security group rule

ecs

%appdata%\terraform.rc
provider_installation {
filesystem_mirror {
path = “C:/Users/Linus/tf/mirror”
}
}

main.cf
provider “alicloud” {
access_key = “xxxxxxxxxxxxxxxx”
secret_key = “xxxxxxxxxxxxxxxx”
region = “cn-beijing”
}

resource “alicloud_vpc” “testvpc” {
vpc_name = “testvpc”
cidr_block = “192.168.0.0/16”
}

resource “alicloud_vswitch” “vswitch” {
vpc_id = alicloud_vpc.testvpc.id
cidr_block = “192.168.100.0/24”
zone_id = “cn-beijing-d”
}

resource “alicloud_security_group” “testgroup” {
name = “sg-test”
description = “test security group”
vpc_id = “${alicloud_vpc.testvpc.id}”
}

resource “alicloud_security_group_rule” “allow_22” {
type = “ingress”
ip_protocol = “tcp”
nic_type = “intranet”
policy = “accept”
port_range = “22/22”
priority = 1
security_group_id = “${alicloud_security_group.testgroup.id}”
cidr_ip = “10.56.8.13/32”
}

resource “alicloud_instance” “test” {
description = “test”
host_name = “test”
image_id = “ubuntu_20_04_x64_20G_alibase_20220727.vhd”
instance_name = “test”
instance_charge_type = “PostPaid”
security_groups = alicloud_security_group.testgroup.*.id
instance_type = “ecs.xn4.small”
vswitch_id = alicloud_vswitch.vswitch.id
internet_charge_type = “PayByBandwidth”
internet_max_bandwidth_out = 1
}

terraform init
terraform show
terraform plan
terraform state pull
terraform import alicloud_security_group_rule.allow_22 sg-2zefwtrsg4df3r4cy80:ingress:tcp:22/22:intranet:x.x.x.x/32:accept:2

2022-08-12

mixed content to https mixing with http

Mixed Content: The page at ‘‘ was loaded over HTTPS, but requested an insecure element ‘‘. This request was automatically upgraded to HTTPS, For more information see

adding configration to nginx.conf
add_header Content-Security-Policy “upgrade-insecure-requests;connect-src *”;

2022-08-082022-08-08

rsync over nfs

rsync -aP source/ target/

if you meet some performance issue during ext4 to nfs mounted to local filesystem, try below command replace rsync
1. ssh-copy-id user@x.x.x.x
2. find folder/ -mindepth 1 -maxdepth 4 -type d -exec bash -c ‘tar cz {} | ssh user@x.x.x.x tar -xzf – -C backup’ \;

2022-07-05

save excel file to csv with double quotes

add the code to vbs
Sub CSVFile() 'updateby Extendoffice Dim xRg As Range Dim xRow As Range Dim xCell As Range Dim xStr As String Dim xSep As String Dim xTxt As String Dim xName As Variant On Error Resume Next If ActiveWindow.RangeSelection.Count > 1 Then xTxt = ActiveWindow.RangeSelection.AddressLocal Else xTxt = ActiveSheet.UsedRange.AddressLocal End If Set xRg = Application.InputBox("Please select the data range:", "Kutools for Excel", xTxt, , , , , 8) If xRg Is Nothing Then Exit Sub xName = Application.GetSaveAsFilename("", "CSV File (*.csv), *.csv") xSep = Application.International(xlListSeparator) Open xName For Output As #1 For Each xRow In xRg.Rows xStr = "" For Each xCell In xRow.Cells xStr = xStr & """" & xCell.Value & """" & xSep Next While Right(xStr, 1) = xSep xStr = Left(xStr, Len(xStr) - 1) Wend Print #1, xStr Next Close #1 If Err = 0 Then MsgBox "The file has saved to: " & xName, vbInformation, "Kutools for Excel" End Sub