A9DRPF-10S

Posted on September 5, 2021 by Belgarion

Using Xeon E5-26xx v2 CPUs in this server requires a BIOS update.
Updating using AFUDOS does not work (and will brick your server).
Requirements for update:
*) Server to upgrade
*) CH341A BIOS programmer
*) Hot air station
*) Soldering iron
*) New BIOS file.

First get the BIOS update file `B810Update.7z` linked to from this forum thread: https://forum.ixbt.com/topic.cgi?id=66:12091:13#13 .

Then open the server and use the hot air station to remove the BIOS flash chip.

When you have removed the chip solder it to the CH341A programmer:

Connect programmer to computer and install driver from CH341PAR.ZIP.
Run programmer software.

First it’s a good idea to read the existing data from the chip and save it, so that you have a backup in case the new bios doesn’t work on your specific server.
Then load the new bios file and write it to the chip.
After that you can solder the chip back in the server and try booting.

VESA 200x100mm template

Posted on April 7, 2019 by Belgarion

I needed to put a monitor up on a plywood structure and therefore needed a template for the VESA mounting holes.

It’s in A4 page format. Disable any page scaling options when printing.

vesa-200x100mm.pdf

HP Spectre x360 – 15-bl001no swollen battery

Posted on October 16, 2018 by Belgarion

The trackpad on my Spectre x360 have been very difficult to click on lately, so I removed the back cover on the laptop and found that the battery is bulging.

Warranty ended a few months ago 🙁

Inside a Nexa PER-1500

Posted on May 11, 2018 by Belgarion

I was looking for double pole relays suitable for mains voltage and noticed that one such relay is almost as expensive as a Nexa receiver, which got me wondering how remote switches does it.

I had an unused Nexa PER-1500 that I chose to disassemble and found that it uses a single pole relay, which to me was a bit unexpected since then you won’t know if it will switch the live or neutral.

Debian Linux firewall with multiple external IPs through DHCP

Posted on April 14, 2018 by Belgarion

Requirements:

Debian Linux
Multiple network interfaces connected to WAN (for example using a switch, might also be possible using bridge and dummy interfaces in Linux)
ISP that gives multiple IPs via DHCP

Configure the interfaces

File: /etc/network/interfaces , change the interface names to match yours.

# The loopback network interface
auto lo
iface lo inet loopback

# LAN Interface
allow-hotplug ens3
iface ens3 inet static
        address 172.16.1.1
        netmask 255.255.255.0
        up /sbin/ip rule add 172.16.1.0/24 dev $IFACE table 10
        up /sbin/ip rule add 172.16.1.0/24 dev $IFACE table 11


# WAN Interface 1
allow-hotplug ens5
iface ens5 inet manual
        up /sbin/dhclient -4 -v -pf /run/dhclient.$IFACE.pid -lf /var/lib/dhcp/dhclient.$IFACE.leases -I -df /var/lib/dhcp/dhclient6.$IFACE.leases $IFACE
        down /bin/kill $(cat /run/dhclient.$IFACE.pid)

# WAN Inetrface 2
allow-hotplug ens9
iface ens9 inet manual
        up /sbin/dhclient -4 -v -pf /run/dhclient.$IFACE.pid -lf /var/lib/dhcp/dhclient.$IFACE.leases -I -df /var/lib/dhcp/dhclient6.$IFACE.leases $IFACE
        down /bin/kill $(cat /run/dhclient.$IFACE.pid)

# WAN Interface 3
allow-hotplug ens10
iface ens10 inet manual
        up /sbin/dhclient -4 -v -pf /run/dhclient.$IFACE.pid -lf /var/lib/dhcp/dhclient.$IFACE.leases -I -df /var/lib/dhcp/dhclient6.$IFACE.leases $IFACE
        down /bin/kill $(cat /run/dhclient.$IFACE.pid)

Configure dhclient enter hooks to use multiple routing tables

File: /etc/dhcp/dhclient-enter-hooks.d/routing-tables , change the interface names to match yours.

RUN="yes"

if [ "$RUN" = "yes" ]; then
        if [ "$interface" = "ens5" ]; then
                echo "Main wan interface, not doing anything special" >> /tmp/dhclient-routing-tables.log
        else
                table=""
                if [ "$interface" = "ens9" ]; then
                        table="10"
                elif [ "$interface" = "ens10" ]; then
                        table="11"
                fi
                echo "Routing table $table" >> /tmp/dhclient-script.debug

                if [ -n $table ]; then
                        if [ x$reason = xBOUND ] || [ x$reason = xRENEW ] || \
                                [ x$reason = xREBIND ] || [ x$reason = xREBOOT ]; then
                                if [ x$new_routers != x ] && [ x$new_routers != x$old_routers ]; then
                                        for router in $old_routers; do
                                                echo "Removing default $router table $table" >> /tmp/dhclient-routing-tables.log
                                                /sbin/ip route delete $router dev $interface table $table
                                                /sbin/ip route delete default via $router dev $interface table $table
                                        done

                                        for router in $new_routers; do
                                                echo "Adding default $router table $table" >> /tmp/dhclient-routing-tables.log
                                                /sbin/ip route add $router dev $interface table $table
                                                /sbin/ip route add default via $router dev $interface table $table
                                        done
                                fi

                                if [ x$new_ip_address != x$old_ip_address ]; then
                                        echo "ip rule add from $new_ip_address table $table" >> /tmp/dhclient-routing-tables.log
                                        /sbin/ip rule del from $old_ip_address table $table
                                        /sbin/ip rule add from $new_ip_address table $table
                                fi
                        fi
                fi
                new_routers=""
                old_routers=""
        fi
fi

Automatically update firewall when dhclient runs

File: /etc/dhcp/dhclient-exit-hooks.d/firewall

# Reload firewall in case ip has changed or such
RUN="yes"

if [ "$RUN" = "yes" ]; then
        /etc/firewall.sh
fi

Configure the NAT and firewall

File: /etc/firewall.sh

#!/bin/bash

LAN_IF="ens3"
WAN_INTERFACE="ens5"
WAN2_INTERFACE="ens9"
WAN2_IP=$(ip addr show dev $WAN2_INTERFACE | grep 'inet ' |awk '{print $2}' | cut -f1 -d'/')
WAN3_INTERFACE="ens10"
WAN3_IP=$(ip addr show dev $WAN3_INTERFACE | grep 'inet ' |awk '{print $2}' | cut -f1 -d'/')

# Configure routing tables
ip rule delete fwmark 10 table 10
ip rule add fwmark 10 table 10
ip rule delete fwmark 11 table 11
ip rule add fwmark 11 table 11

ip route add 172.16.1.0/24 dev ens3 table 10
ip route add 172.16.1.0/24 dev ens3 table 11

# Configure firewall
iptables -F
iptables -F -t nat
iptables -F -t mangle
ip6tables -F

# Allow ICMP
iptables -A INPUT -p icmp -j ACCEPT
iptables -A FORWARD -p icmp -j ACCEPT
ip6tables -t filter -A INPUT -p icmpv6 -j ACCEPT
ip6tables -t filter -A FORWARD -p icmpv6 -j ACCEPT

# Allow SSH
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
ip6tables -A INPUT -p tcp --dport 22 -j ACCEPT

# Allow localhost
iptables -I INPUT -i lo -s 127.0.0.0/8 -d 127.0.0.0/8 -j ACCEPT
ip6tables -I INPUT -i lo -s ::1 -d ::1 -j ACCEPT

# Allow state
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT

# NAT Postrouting

# Allow to all from lan
iptables -A FORWARD -i $LAN_IF -o $WAN_INTERFACE -s 172.16.1.0/24 -j ACCEPT
iptables -A FORWARD -i $LAN_IF -o $WAN2_INTERFACE -s 172.16.1.10 -j ACCEPT
iptables -A FORWARD -i $LAN_IF -o $WAN3_INTERFACE -s 172.16.1.20 -j ACCEPT

# Special mangle for multiple routing tables
iptables -t mangle -A PREROUTING -j CONNMARK --restore-mark
iptables -t mangle -A PREROUTING -m mark ! --mark 0 -j RETURN # return if already set
iptables -t mangle -A PREROUTING -i $WAN2_INTERFACE -j MARK --set-mark 10
iptables -t mangle -A PREROUTING -i $WAN3_INTERFACE -j MARK --set-mark 11

iptables -t mangle -A POSTROUTING -o $WAN2_INTERFACE -j MARK --set-mark 10
iptables -t mangle -A POSTROUTING -o $WAN3_INTERFACE -j MARK --set-mark 11
iptables -t mangle -A POSTROUTING -j CONNMARK --save-mark


# HTTP/HTTPS on WAN2 to webserver
iptables -t nat -A PREROUTING -i $WAN2_INTERFACE -p tcp --dport 80 -j DNAT --to 172.16.1.11:80
iptables -t nat -A PREROUTING -i $WAN2_INTERFACE -p tcp --dport 443 -j DNAT --to 172.16.1.11:443
iptables -A FORWARD -p tcp --dport 80 -d 172.16.1.11 -j ACCEPT
iptables -A FORWARD -p tcp --dport 443 -d 172.16.1.11 -j ACCEPT

# Rest of WAN2 to 172.16.1.10
iptables -t nat -A POSTROUTING -o $WAN2_INTERFACE -s 172.16.1.10 -j SNAT --to-source $WAN2_IP
iptables -t nat -A PREROUTING -i $WAN2_INTERFACE -j DNAT --to-destination 172.16.1.10
iptables -t mangle -A PREROUTING -s 172.16.1.10 -j MARK --set-mark 10

# 1:1 NAT for WAN3
iptables -t nat -A POSTROUTING -o $WAN3_INTERFACE -s 172.16.1.20 -j SNAT --to-source $UWAN3_IP
iptables -t nat -A PREROUTING -i $WAN3_INTERFACE -j DNAT --to-destination 172.16.1.20
iptables -t mangle -A PREROUTING -s 172.16.1.20 -j MARK --set-mark 11
iptables -A FORWARD -p tcp --dport 22 -d 172.16.1.20 -j ACCEPT

# Masquerading
iptables -t nat -A POSTROUTING -s 172.16.1.0/24 -j MASQUERADE

# Log the rest
iptables -t filter -A INPUT -j LOG
ip6tables -t filter -A INPUT -j LOG
iptables -A FORWARD -j LOG
ip6tables -A FORWARD -j LOG

# Default drop
iptables -P INPUT DROP
iptables -P FORWARD DROP
ip6tables -P INPUT DROP
ip6tables -P FORWARD DROP

Make script executable:

# chmod +x /etc/firewall.sh

Create systemd service for firewall

File: /etc/systemd/system/firewall.service

[Unit]
Description=Firewall
ConditionFileIsExecutable=/etc/firewall.sh

[Service]
Type=oneshot
ExecStart=/etc/firewall.sh

[Install]
WantedBy=basic.target

Enable service:

# systemctl enable firewall

Enable forwarding

File: /etc/sysctl.conf

net.ipv4.ip_forward=1
net.ipv4.conf.all.accept_redirects = 0
net.ipv6.conf.all.accept_redirects = 0
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.all.accept_source_route = 0
net.ipv6.conf.all.accept_source_route = 0
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2

Completion

Reboot the system and verify functionality.

Digoo DG-M1Z IP Camera settings

Posted on October 21, 2017 by Belgarion

Cheap IP camera with 1920×1080 resolution.

It does NOT have a web interface.
It can only be managed via ONVIF (python-onvif is useful for this, also ONVIF Device Manager).

Zoneminder settings:
General -> Source type = Ffmpeg
Source -> Source path: rtsp://admin:20160404@<ip>:554/onvif1
Source -> Remote Method: RTP/Unicast
Capture width: 1920
Capture height: 1080

There is smearing on the bottom part of the image about half the time.
Most people on the internet recommends switching to TCP to avoid smearing, but I have been unable to get this camera working over TCP.

Jumbo frames on Quanta LB6M

Posted on August 31, 2017 by Belgarion

Enable jumbo frames for layer2 traffic:

(FASTPATH Routing) #config

(FASTPATH Routing) (Config)#interface 0/1-0/28

(FASTPATH Routing) (Interface 0/1-0/28)#mtu 9216

(FASTPATH Routing) (Interface 0/1-0/28)#exit

(FASTPATH Routing) (Config)#exit

Enable jumbo frames for routed traffic:

(FASTPATH Routing) #show ip interface brief

Interface    State  IP Address      IP Mask         Method
----------   -----  --------------- --------------- -------
2/1          Up     130.240.207.3   255.255.255.0   Manual

(FASTPATH Routing) (Config)#interface 2/1

(FASTPATH Routing) (Interface 2/1)#ip mtu 9198

Remember to save your config:

(FASTPATH Routing) #write mem

This operation may take a few minutes.
Management interfaces will not be available during this time.

Are you sure you want to save? (y/n) y

Config file 'startup-config' created successfully .

Configuration Saved!

Raspberry Pi Dragino LoRa/GPS Hat + DS18B20 temperature sensor

Posted on August 30, 2017 by Belgarion

Wanted to log the temperature with the LoRa gateway pi, but had to use another gpio since gpio4 was already in use for the Dragino LoRa/GPS Hat.

Just solder the DS18B20 sensor as in the image (the blue resistor is a 4k7 ohm pullup between data and +3v3).

And then add the following to /boot/config.txt

dtoverlay=w1-gpio,gpiopin=22

Reboot and you will find the sensor in /sys/bus/w1/devices/.

Deadbugging

Posted on February 27, 2017 by Belgarion

Sometimes you mess up a component footprint.
In this case the footprint is inverted.
Luckily there weren’t many pins on the chip (TPS2115ADRBR).

Multicore debugging with OpenOCD + GDB

Posted on November 21, 2016 by Belgarion

When using openocd with a MCU with multiple targets, openocd will listen on multiple ports (one per core) for gdb to connect to.
So for example a LPC4370 with the following openocd config:

swj_newdap lpc4370 m4 -irlen 4 -ircapture 0x1 -irmask 0xf -expected-id 0x4ba00477
jtag newtap lpc4370 m0sub -irlen 4 -ircapture 0x1 -irmask 0xf -expected-id 0x0ba01477
jtag newtap lpc4370 m0app -irlen 4 -ircapture 0x1 -irmask 0xf -expected-id 0x0ba01477

target create lpc4370.m4 cortex_m -chain-position lpc4370.m4
target create lpc4370.m0sub cortex_m -chain-position lpc4370.m0sub
target create lpc4370.m0app cortex_m -chain-position lpc4370.m0app

lpc4370.m4 configure -work-area-phys 0x10000000 \
                        -work-area-size 0x20000 -work-area-backup 0
lpc4370.m0sub configure -work-area-phys 0x18000000 \
                         -work-area-size 0x4800 -work-area-backup 0
lpc4370.m0app configure -work-area-phys 0x10080000 \
                         -work-area-size 0x92000 -work-area-backup 0
targets lpc4370.m4

The main m4 core will be available as usual by connecting with gdb> target remote localhost:3333 , and m0app will be debuggable by connecting with gdb> target remote localhost:3335 .

The m0app and m0sub cores are a bit special in that they must be started from the m4 core, and any attempts to start them from gdb will result in warnings and the core will still be in reset state, until started by the m4 core.

Into the depths of electronics and computer science

Just another Blog.brokenbrain.se site