OVH / Linux Two network cards (nic), two gateways. Gateway for one ip address. Two Gateways. VRACK IP Failover

eth0: 2.2.2.2 ( route like a normal )

eth1: 1.1.1.1 netmask 255.255.255.255 ( OVH )

# make this IP append to table Route1
ip rule add to 1.1.1.1/32 table Route1
ip rule add from 1.1.1.1/32 table Route1

# this IP push directly to eth1
ip route add 10.10.10.10 dev eth1

# and main think, put default route for this table
ip route add default via 10.10.10.10 dev eth1 table Route1

IPTABLES cPanel script set outgoing IP as dedicated

iptables -t nat -A POSTROUTING -o eth0 -m owner --uid-owner *USERNAME* -j SNAT --to 198.51.100.10

Do I need to comment that? 😉

 

Oh, wait. Maybe some script to do it easier?

#!/bin/bash
for file in /var/cpanel/users/*; do
        fname=$(basename $file)
        ip=$(grep "IP=" $file | cut -d "=" -f 2)
        hip=$(hostname -i)

        if [ "$ip" != "$hip" ]
        then
                echo iptables -t nat -A POSTROUTING -o eth0 -m owner --uid-owner $fname -j SNAT --to $ip
        fi
done

[POSTFIX] How to check if user exists in case of postfix proxy Exchange with Active Directory / LDAP

In case if postfix is Exchange proxy mail filter,
much email going to spamassasin (grow up load), and then relay to Exchange
( made fake reply to non existing address ) so it’s good idea to check if recipient exists:

This is in case of EFA – work nice.

1) Install postfix-ldap package
2) nano /etc/postfix/ldap-users.cf
3) Insert:

server_host = srv.domain.local

search_base = dc=domain,dc=local
bind = yes
bind_dn = CN=Some User,OU=SBSUsers,OU=Users,OU=MyBusiness,DC=domain,DC=local
bind_pw = [******** Your PW here *********]
query_filter = (|(mail=%s)(proxyAddresses=smtp:%s))
leaf_result_attribute = mail
# result_format = %S OK
result_format = OK

4) Modify your /etc/postfix/main.cf to achieve this one:

smtpd_recipient_restrictions =  permit_sasl_authenticated,
                                permit_mynetworks,
                                reject_unauth_destination,
                                reject_non_fqdn_recipient,
                                reject_unknown_recipient_domain,
                                check_recipient_access ldap:/etc/postfix/ldap-users.cf, hash:/etc/postfix/recipient_access,
                                reject

5) service postfix reload

6) tail -f /var/log/maillog

If some user shoud be passed, but it’s no in active directory,
edit /etc/postfix/recipient_access
and put:

email@domain.com    OK

postmap /etc/postfix/recipient_access

Done. Enjoy!

#ff

UBIQUITY Unifi, Windows 2008R2 RADIUS + SSL Setup – Integration

1. Add valid certificate to MMC, Local computer, Personal, Certificates. Cert should be signed, valid and probably not wildcard!

Intermediate cert shoud be placed in correct folders ( Trusted Root CA, etc. )
Remember to have imported SSL With private key. If it is without private key, do:

Get cert serial number from itself,
at cmd: certutil -repairstore my „SerialNumber (https://support.microsoft.com/en-us/kb/889651)

2. Configure Windows 2008 R2 RADIUS

Add radius client: Enable, Friendly name: Unify_AP_01  IP: 172.16.0.11, Secret: P@ssw0rd,

4. Create new network policy:

Overviev: Enabled, Grant Access, Ignore User account, Type of network: unspecified.
Conditions: Nas port type: Wirewless IEEE 802.11 _ OR _ Witreless – Other
Windows Group: Domain\Wireless Users
Client Friendly Name: Unify_AP_*
Constraints:
Authentication method: Microsoft: Protected EAP (PEAP)
Edit it, select cert from point 1, Enable fast reconnect, Leave only Secured password (EAP-MSCHAP-2)
Ok, back to auth methods,
Leave 2 first checkboxes ( MSCAHP-2, User can change expired pass )

And configure Unify:

Settings ->WLAN Group -> Your WLAN

Set IP of Your RADIUS, password from first screen. WPA-Enterprise
IP, port 1812, P@ssw0rd
Radius1: IP, port 1813, P@ssw0rd

Done.

 

WINDOWS XP, IPv6 configuration. OVH sample. VSphere working.

// chaos begin 😉
ipv6 install

// check index of interface
ipv6 if

// change default prefix ( WAN = Local Area Network by default )
netsh interface ipv6 set interface „WAN” siteprefixlength=54

// set ipv6 address ( 8 its interface index )
ipv6 -p adu 8/2001:41d0:b:110::1

// set default route
netsh interface ipv6 add route ::/0 „WAN” 2001:41d0:b:1ff:ff:ff:ff:ff