# wget http://www.mellanox.com/downloads/firmware/fw-ConnectX3-rel-2_42_5000-MCX354A-FCB_A2-A5-FlexBoot-3.4.752.bin.zip
# unzip fw-ConnectX3-rel-2_42_5000-MCX354A-FCB_A2-A5-FlexBoot-3.4.752.bin.zip
# mstflint -d 03:00.0 -i fw-ConnectX3-rel-2_42_5000-MCX354A-FCB_A2-A5-FlexBoot-3.4.752.bin -allow_psid_change burn
# reboot
# mst start
# mlxconfig -d /dev/mst/mt4099_pciconf0 set LINK_TYPE_P1=2 LINK_TYPE_P2=2
reboot
BIOS update on ZTSystem JASPER12 / Inventech B810 / A9DRPF-10S
Using Xeon E5-26xx v2 CPUs in this server requires a BIOS update.
Updating using AFUDOS does not work (and will brick your server).
Requirements for update:
*) Server to upgrade
*) CH341A BIOS programmer
*) Hot air station
*) Soldering iron
*) New BIOS file.
First get the BIOS update file `B810Update.7z` linked to from this forum thread: https://forum.ixbt.com/topic.cgi?id=66:12091:13#13 .
Then open the server and use the hot air station to remove the BIOS flash chip.
When you have removed the chip solder it to the CH341A programmer:
Connect programmer to computer and install driver from CH341PAR.ZIP.
Run programmer software.
First it’s a good idea to read the existing data from the chip and save it, so that you have a backup in case the new bios doesn’t work on your specific server.
Then load the new bios file and write it to the chip.
After that you can solder the chip back in the server and try booting.
VESA 200x100mm template
I needed to put a monitor up on a plywood structure and therefore needed a template for the VESA mounting holes.
It’s in A4 page format. Disable any page scaling options when printing.
HP Spectre x360 – 15-bl001no swollen battery
Inside a Nexa PER-1500
I was looking for double pole relays suitable for mains voltage and noticed that one such relay is almost as expensive as a Nexa receiver, which got me wondering how remote switches does it.
I had an unused Nexa PER-1500 that I chose to disassemble and found that it uses a single pole relay, which to me was a bit unexpected since then you won’t know if it will switch the live or neutral.
Debian Linux firewall with multiple external IPs through DHCP
Requirements:
- Debian Linux
- Multiple network interfaces connected to WAN (for example using a switch, might also be possible using bridge and dummy interfaces in Linux)
- ISP that gives multiple IPs via DHCP
Configure the interfaces
File: /etc/network/interfaces , change the interface names to match yours.
# The loopback network interface auto lo iface lo inet loopback # LAN Interface allow-hotplug ens3 iface ens3 inet static address 172.16.1.1 netmask 255.255.255.0 up /sbin/ip rule add 172.16.1.0/24 dev $IFACE table 10 up /sbin/ip rule add 172.16.1.0/24 dev $IFACE table 11 # WAN Interface 1 allow-hotplug ens5 iface ens5 inet manual up /sbin/dhclient -4 -v -pf /run/dhclient.$IFACE.pid -lf /var/lib/dhcp/dhclient.$IFACE.leases -I -df /var/lib/dhcp/dhclient6.$IFACE.leases $IFACE down /bin/kill $(cat /run/dhclient.$IFACE.pid) # WAN Inetrface 2 allow-hotplug ens9 iface ens9 inet manual up /sbin/dhclient -4 -v -pf /run/dhclient.$IFACE.pid -lf /var/lib/dhcp/dhclient.$IFACE.leases -I -df /var/lib/dhcp/dhclient6.$IFACE.leases $IFACE down /bin/kill $(cat /run/dhclient.$IFACE.pid) # WAN Interface 3 allow-hotplug ens10 iface ens10 inet manual up /sbin/dhclient -4 -v -pf /run/dhclient.$IFACE.pid -lf /var/lib/dhcp/dhclient.$IFACE.leases -I -df /var/lib/dhcp/dhclient6.$IFACE.leases $IFACE down /bin/kill $(cat /run/dhclient.$IFACE.pid)
Configure dhclient enter hooks to use multiple routing tables
File: /etc/dhcp/dhclient-enter-hooks.d/routing-tables , change the interface names to match yours.
RUN="yes" if [ "$RUN" = "yes" ]; then if [ "$interface" = "ens5" ]; then echo "Main wan interface, not doing anything special" >> /tmp/dhclient-routing-tables.log else table="" if [ "$interface" = "ens9" ]; then table="10" elif [ "$interface" = "ens10" ]; then table="11" fi echo "Routing table $table" >> /tmp/dhclient-script.debug if [ -n $table ]; then if [ x$reason = xBOUND ] || [ x$reason = xRENEW ] || \ [ x$reason = xREBIND ] || [ x$reason = xREBOOT ]; then if [ x$new_routers != x ] && [ x$new_routers != x$old_routers ]; then for router in $old_routers; do echo "Removing default $router table $table" >> /tmp/dhclient-routing-tables.log /sbin/ip route delete $router dev $interface table $table /sbin/ip route delete default via $router dev $interface table $table done for router in $new_routers; do echo "Adding default $router table $table" >> /tmp/dhclient-routing-tables.log /sbin/ip route add $router dev $interface table $table /sbin/ip route add default via $router dev $interface table $table done fi if [ x$new_ip_address != x$old_ip_address ]; then echo "ip rule add from $new_ip_address table $table" >> /tmp/dhclient-routing-tables.log /sbin/ip rule del from $old_ip_address table $table /sbin/ip rule add from $new_ip_address table $table fi fi fi new_routers="" old_routers="" fi fi
Automatically update firewall when dhclient runs
File: /etc/dhcp/dhclient-exit-hooks.d/firewall
# Reload firewall in case ip has changed or such RUN="yes" if [ "$RUN" = "yes" ]; then /etc/firewall.sh fi
Configure the NAT and firewall
File: /etc/firewall.sh
#!/bin/bash LAN_IF="ens3" WAN_INTERFACE="ens5" WAN2_INTERFACE="ens9" WAN2_IP=$(ip addr show dev $WAN2_INTERFACE | grep 'inet ' |awk '{print $2}' | cut -f1 -d'/') WAN3_INTERFACE="ens10" WAN3_IP=$(ip addr show dev $WAN3_INTERFACE | grep 'inet ' |awk '{print $2}' | cut -f1 -d'/') # Configure routing tables ip rule delete fwmark 10 table 10 ip rule add fwmark 10 table 10 ip rule delete fwmark 11 table 11 ip rule add fwmark 11 table 11 ip route add 172.16.1.0/24 dev ens3 table 10 ip route add 172.16.1.0/24 dev ens3 table 11 # Configure firewall iptables -F iptables -F -t nat iptables -F -t mangle ip6tables -F # Allow ICMP iptables -A INPUT -p icmp -j ACCEPT iptables -A FORWARD -p icmp -j ACCEPT ip6tables -t filter -A INPUT -p icmpv6 -j ACCEPT ip6tables -t filter -A FORWARD -p icmpv6 -j ACCEPT # Allow SSH iptables -A INPUT -p tcp --dport 22 -j ACCEPT ip6tables -A INPUT -p tcp --dport 22 -j ACCEPT # Allow localhost iptables -I INPUT -i lo -s 127.0.0.0/8 -d 127.0.0.0/8 -j ACCEPT ip6tables -I INPUT -i lo -s ::1 -d ::1 -j ACCEPT # Allow state iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT # NAT Postrouting # Allow to all from lan iptables -A FORWARD -i $LAN_IF -o $WAN_INTERFACE -s 172.16.1.0/24 -j ACCEPT iptables -A FORWARD -i $LAN_IF -o $WAN2_INTERFACE -s 172.16.1.10 -j ACCEPT iptables -A FORWARD -i $LAN_IF -o $WAN3_INTERFACE -s 172.16.1.20 -j ACCEPT # Special mangle for multiple routing tables iptables -t mangle -A PREROUTING -j CONNMARK --restore-mark iptables -t mangle -A PREROUTING -m mark ! --mark 0 -j RETURN # return if already set iptables -t mangle -A PREROUTING -i $WAN2_INTERFACE -j MARK --set-mark 10 iptables -t mangle -A PREROUTING -i $WAN3_INTERFACE -j MARK --set-mark 11 iptables -t mangle -A POSTROUTING -o $WAN2_INTERFACE -j MARK --set-mark 10 iptables -t mangle -A POSTROUTING -o $WAN3_INTERFACE -j MARK --set-mark 11 iptables -t mangle -A POSTROUTING -j CONNMARK --save-mark # HTTP/HTTPS on WAN2 to webserver iptables -t nat -A PREROUTING -i $WAN2_INTERFACE -p tcp --dport 80 -j DNAT --to 172.16.1.11:80 iptables -t nat -A PREROUTING -i $WAN2_INTERFACE -p tcp --dport 443 -j DNAT --to 172.16.1.11:443 iptables -A FORWARD -p tcp --dport 80 -d 172.16.1.11 -j ACCEPT iptables -A FORWARD -p tcp --dport 443 -d 172.16.1.11 -j ACCEPT # Rest of WAN2 to 172.16.1.10 iptables -t nat -A POSTROUTING -o $WAN2_INTERFACE -s 172.16.1.10 -j SNAT --to-source $WAN2_IP iptables -t nat -A PREROUTING -i $WAN2_INTERFACE -j DNAT --to-destination 172.16.1.10 iptables -t mangle -A PREROUTING -s 172.16.1.10 -j MARK --set-mark 10 # 1:1 NAT for WAN3 iptables -t nat -A POSTROUTING -o $WAN3_INTERFACE -s 172.16.1.20 -j SNAT --to-source $UWAN3_IP iptables -t nat -A PREROUTING -i $WAN3_INTERFACE -j DNAT --to-destination 172.16.1.20 iptables -t mangle -A PREROUTING -s 172.16.1.20 -j MARK --set-mark 11 iptables -A FORWARD -p tcp --dport 22 -d 172.16.1.20 -j ACCEPT # Masquerading iptables -t nat -A POSTROUTING -s 172.16.1.0/24 -j MASQUERADE # Log the rest iptables -t filter -A INPUT -j LOG ip6tables -t filter -A INPUT -j LOG iptables -A FORWARD -j LOG ip6tables -A FORWARD -j LOG # Default drop iptables -P INPUT DROP iptables -P FORWARD DROP ip6tables -P INPUT DROP ip6tables -P FORWARD DROP
Make script executable:
# chmod +x /etc/firewall.sh
Create systemd service for firewall
File: /etc/systemd/system/firewall.service
[Unit] Description=Firewall ConditionFileIsExecutable=/etc/firewall.sh [Service] Type=oneshot ExecStart=/etc/firewall.sh [Install] WantedBy=basic.target
Enable service:
# systemctl enable firewall
Enable forwarding
File: /etc/sysctl.conf
net.ipv4.ip_forward=1 net.ipv4.conf.all.accept_redirects = 0 net.ipv6.conf.all.accept_redirects = 0 net.ipv4.conf.all.send_redirects = 0 net.ipv4.conf.all.accept_source_route = 0 net.ipv6.conf.all.accept_source_route = 0 net.ipv4.conf.all.arp_ignore = 1 net.ipv4.conf.all.arp_announce = 2
Completion
Reboot the system and verify functionality.
Digoo DG-M1Z IP Camera settings
Cheap IP camera with 1920×1080 resolution.
It does NOT have a web interface.
It can only be managed via ONVIF (python-onvif is useful for this, also ONVIF Device Manager).
Zoneminder settings:
General -> Source type = Ffmpeg
Source -> Source path: rtsp://admin:20160404@<ip>:554/onvif1
Source -> Remote Method: RTP/Unicast
Capture width: 1920
Capture height: 1080
There is smearing on the bottom part of the image about half the time.
Most people on the internet recommends switching to TCP to avoid smearing, but I have been unable to get this camera working over TCP.
Jumbo frames on Quanta LB6M
Enable jumbo frames for layer2 traffic:
(FASTPATH Routing) #config (FASTPATH Routing) (Config)#interface 0/1-0/28 (FASTPATH Routing) (Interface 0/1-0/28)#mtu 9216 (FASTPATH Routing) (Interface 0/1-0/28)#exit (FASTPATH Routing) (Config)#exit
Enable jumbo frames for routed traffic:
(FASTPATH Routing) #show ip interface brief Interface State IP Address IP Mask Method ---------- ----- --------------- --------------- ------- 2/1 Up 130.240.207.3 255.255.255.0 Manual (FASTPATH Routing) (Config)#interface 2/1 (FASTPATH Routing) (Interface 2/1)#ip mtu 9198
Remember to save your config:
(FASTPATH Routing) #write mem This operation may take a few minutes. Management interfaces will not be available during this time. Are you sure you want to save? (y/n) y Config file 'startup-config' created successfully . Configuration Saved!
Raspberry Pi Dragino LoRa/GPS Hat + DS18B20 temperature sensor
Wanted to log the temperature with the LoRa gateway pi, but had to use another gpio since gpio4 was already in use for the Dragino LoRa/GPS Hat.
Just solder the DS18B20 sensor as in the image (the blue resistor is a 4k7 ohm pullup between data and +3v3).
And then add the following to /boot/config.txt
dtoverlay=w1-gpio,gpiopin=22
Reboot and you will find the sensor in /sys/bus/w1/devices/.