UC-GZ1 crontab

Posted on June 30, 2021 by alfred

@reboot sleep 61; /sbin/iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 1852 -j DNAT --to-destination 192.168.0.61:1852
@reboot sleep 61; /sbin/iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 443 -j DNAT --to-destination 192.168.0.61:443
@reboot sleep 61; /sbin/iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 992 -j DNAT --to-destination 192.168.0.61:992
@reboot sleep 61; /sbin/iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 1194 -j DNAT --to-destination 192.168.0.61:1194
@reboot sleep 61; /sbin/iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 1852 -j DNAT --to-destination 192.168.0.61:1852
@reboot sleep 61; /sbin/iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 5555 -j DNAT --to-destination 192.168.0.61:5555
@reboot sleep 61; /sbin/iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 8888 -j DNAT --to-destination 192.168.0.61:8888
@reboot sleep 61; /sbin/iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 18106 -j DNAT --to-destination 192.168.0.61:18106
@reboot sleep 61; /sbin/iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 18158 -j DNAT --to-destination 192.168.0.61:18158
@reboot sleep 61; /sbin/iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 18208 -j DNAT --to-destination 192.168.0.61:18208

@reboot sleep 61; /sbin/iptables -t nat -A PREROUTING -i eth0 -p udp --dport 1852 -j DNAT --to-destination 192.168.0.61:1852
@reboot sleep 65; /usr/sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

Switch to use different gateway according to the time

Posted on June 25, 2021 by alfred

#!/bin/bash
NOW=`date '+%H:%M:%S'`
MORNINGTIME="06:00:00"
NIGHTTIME="20:00:00"

if [ $NOW > $MORNINGTIME ] && [[ $NOW < $NIGHTTIME ]]
then
/sbin/route add -net 0.0.0.0/1 gw 192.168.168.1
/sbin/route add -net 128.0.0.0/1 gw 192.168.168.1
/sbin/route del -net 0.0.0.0/1 gw 192.168.42.1
/sbin/route del -net 128.0.0.0/1 gw 192.168.42.1
echo "Use 192.168.168.1"
else
/sbin/route del -net 0.0.0.0/1 gw 192.168.168.1
/sbin/route del -net 128.0.0.0/1 gw 192.168.168.1
/sbin/route add -net 0.0.0.0/1 gw 192.168.42.1
/sbin/route add -net 128.0.0.0/1 gw 192.168.42.1
echo "Use 192.168.42.1"
fi

Clean the docker cache

Posted on June 20, 2021 by alfred

docker kill $(docker ps -q)
docker_clean_ps
docker rmi $(docker images -a -q)

Block the traffic of a particular IP using iptables

Posted on January 20, 2021 by alfred

sudo iptables -A FORWARD -s IP-ADDRESS -j DROP

#!/bin/bash

# Check if an IP address is provided
if [ -z "$1" ]; then
    echo "Usage: $0 <IP_ADDRESS>"
    exit 1
fi

IP_ADDRESS=$1

echo "Blocking IP: $IP_ADDRESS"

# Add iptables rule to block the IP
sudo iptables -A INPUT -s $IP_ADDRESS -j DROP

echo "IP $IP_ADDRESS has been blocked."

Linux QoS traffic shaping

Posted on November 12, 2020 by alfred

#! /bin/bash
NETCARD=eth0
MAXBANDWIDTH=100000

# reinit
tc qdisc del dev $NETCARD root handle 1
tc qdisc add dev $NETCARD root handle 1: htb default 9999

# create the default class
tc class add dev $NETCARD parent 1:0 classid 1:9999 htb rate $(( $MAXBANDWIDTH ))kbit ceil $(( $MAXBANDWIDTH ))kbit burst 5k prio 9999

# control bandwidth per IP
declare -A ipctrl
# define list of IP and bandwidth (in kilo bits per seconds) below
ipctrl[192.168.1.1]="256"
ipctrl[192.168.1.2]="128"
ipctrl[192.168.1.3]="512"
ipctrl[192.168.1.4]="32"

mark=0
for ip in "${!ipctrl[@]}"
do
    mark=$(( mark + 1 ))
    bandwidth=${ipctrl[$ip]}

    # traffic shaping rule
    tc class add dev $NETCARD parent 1:0 classid 1:$mark htb rate $(( $bandwidth ))kbit ceil $(( $bandwidth ))kbit burst 5k prio $mark

    # netfilter packet marking rule
    iptables -t mangle -A INPUT -i $NETCARD -s $ip -j CONNMARK --set-mark $mark

    # filter that bind the two
    tc filter add dev $NETCARD parent 1:0 protocol ip prio $mark handle $mark fw flowid 1:$mark

    echo "IP $ip is attached to mark $mark and limited to $bandwidth kbps"
done

#propagate netfilter marks on connections
iptables -t mangle -A POSTROUTING -j CONNMARK --restore-mark

Reference link: https://serverfault.com/questions/191560/how-can-i-do-traffic-shaping-in-linux-by-ip

DNSMASQ China List

Posted on November 7, 2020 by alfred

https://github.com/felixonmars/dnsmasq-china-list

DHCP Server

Posted on October 20, 2020 by alfred

dhcp-range=tap_unibits,100.64.0.10,100.64.7.250,255.255.248.0,5m
dhcp-option=3,100.64.0.1
dhcp-option=6,8.8.8.8
dhcp-option=6,8.8.4.4

Path of Munin RRD files

Posted on September 29, 2020 by alfred

/var/lib/munin

If all RRD files are deleted, the graph will be reset.

Update Munin to collect data every 1 min

Posted on September 29, 2020 by alfred

vi /etc/cron.d/munin

Change the */5 to */1

Update Cloudflare DNS using ddclient

Posted on July 13, 2020 by alfred

```
apt-get install ddclient
```
```
mkdir /etc/ddclient
```
```
copy ddclient.conf to /etc/ddclient
```

scp ddclient-3.9.0/ddclient alfred@172.16.13.250:/tmp

copy ddclient-3.9.0/ddclient to /usr/sbin/

scp /etc/default/ddclient to target server

copy /etc/default/ddclient to target server's /etc/default/ddclient

apt-get install libdata-validate-ip-perl
apt-get install libjson-any-perl

Remark: Need to use "systemctl start ddclient.service" to start the service

Tech Log

Just another WordPress site

Category Archives: Linux