Open cndaqiang opened 5 years ago
主要是为了禁止transmission走有线网的ipv4(计费) 使v4走无线网
apt-get install iptables-persistent
无线网口的transmission
root@boy:/home/oem# iptables -A INPUT -i wlx50fa8409a212 -p tcp --dport 51413 -j ACCEPT
root@boy:/home/oem# iptables -nvL
Chain INPUT (policy ACCEPT 30 packets, 3640 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT tcp -- wlx50fa8409a212 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:51413
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 13 packets, 1200 bytes)
pkts bytes target prot opt in out source destination
更多规则后,禁用ipv4的出站是最好的
oem@boy:~$ sudo iptables -nvL
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
4 336 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmptype 8
0 0 ACCEPT all -- * * 198.1.0.0/16 0.0.0.0/0
0 0 ACCEPT all -- * * 10.10.0.0/16 0.0.0.0/0
671 63580 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
37652 45M ACCEPT all -- wlx50fa8409a212 * 0.0.0.0/0 0.0.0.0/0
39 4973 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:21
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:443
0 0 ACCEPT tcp -- wlx50fa8409a212 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:51413
68 6064 REJECT all -- enp3s0 * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 625 packets, 68802 bytes)
pkts bytes target prot opt in out source destination
4 336 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmptype 0
0 0 ACCEPT all -- * enp3s0 0.0.0.0/0 10.10.0.0/16
37 4092 ACCEPT all -- * enp3s0 0.0.0.0/0 192.168.0.0/16
9 649 REJECT all -- * enp3s0 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable
添加transmission demo的防火墙
iptables -I INPUT -p tcp --dport 9091 -j ACCEPT
无线网不能扫描,不代表驱动问题,或没卡
root@boy:/home/oem# iw dev wlx50fa8409a212 scan
command failed: No such device (-19)
换个命令就扫到了
root@boy:/home/oem# iwlist scan | grep ESSID
enp2s0 Interface doesn't support scanning.
enp3s0 Interface doesn't support scanning.
ESSID:"829"
ESSID:"eduroam"
ESSID:"iop-guest"
ESSID:"iopcas"
ESSID:"print"
ESSID:"Dr Hui Office"
ESSID:"WIN-MKG58PJUVUQ 7631"
ESSID:"eduroam"
ESSID:"MM-IOP-MOFS"
ESSID:"AP-2.4G"
ESSID:"CSTNET"
ESSID:"eduroam"
lo Interface doesn't support scanning.
ESSID:"iop-guest"
ESSID:"iopcas"
ESSID:"print"
ESSID:"lu"
ESSID:""
ESSID:"CSTNET"
Wireless network configuration
iw 命令 | wireless_tools 命令 | 描述 |
---|---|---|
iw dev wlan0 link | iwconfig wlan0 | 获取连接状态 |
iw dev wlan0 scan | iwlist wlan0 scan | 扫描可用热点 |
iw dev wlan0 set type ibss | iwconfig wlan0 mode ad-hoc | 设置操作模式为 ad-hoc. |
iw dev wlan0 connect your_essid | iwconfig wlan0 essid your_essid | 连接到开放网络 |
iw dev wlan0 connect your_essid 2432 | iwconfig wlan0 essid your_essid freq 2432M | 连接到开放网络的一个频道 |
iw dev wlan0 connect your_essid key 0:your_key | iwconfig wlan0 essid your_essid key your_key | 用16进制加密密码访问 WEP 加密网络 |
iw dev wlan0 connect your_essid key 0:your_key | iwconfig wlan0 essid your_essid key s:your_key | 用 ASCII 密码访问 WEP 加密网络. |
iw dev wlan0 set power_save on | iwconfig wlan0 power on | 启用省电模式 |
How to disable ipv6 on a specific interface in linux?
#sysctl -w net.ipv6.conf.无线网接口.disable_ipv6=1
sysctl -w net.ipv6.conf.wlx50fa8409a212.disable_ipv6=1
添加net.ipv6.conf.wlx50fa8409a212.disable_ipv6=1
到/etc/sysctl.conf
则开机有效
有时需要重启无线网卡,可能是网络的原因
netstat -na | grep ip
https://github.com/cndaqiang/E5-PC-daily/issues/29#issuecomment-683407008
vi /etc/exports
登陆BlackArmor NAS,Network开启Nfs服务,新建目录设置nfs权限
oem@boy:~$ showmount -e 192.168.1.213
Export list for 192.168.1.213:
/DataVolume/cnq *
/DataVolume/Public *
/DataVolume/Download *
oem@boy:~$ sudo mount -t nfs 192.168.1.213:/DataVolume/cnq /mnt/sf102t
开机挂载
192.168.1.213:/cnq /mnt/sf102t nfs defaults 0 0
nfs硬盘测速
oem@boy:~$ time dd if=/dev/zero of=/mnt/sf102t/test/testfile bs=8k count=1024
1024+0 records in
1024+0 records out
8388608 bytes (8.4 MB, 8.0 MiB) copied, 0.46822 s, 17.9 MB/s
real 0m0.479s
user 0m0.009s
sys 0m0.054s
oem@boy:~$ time dd of=/dev/null if=/mnt/sf102t/test/testfile bs=8k count=1024
1024+0 records in
1024+0 records out
8388608 bytes (8.4 MB, 8.0 MiB) copied, 0.0227194 s, 369 MB/s
real 0m0.030s
user 0m0.005s
sys 0m0.022s
apt-get install samba
root@boy:/etc/samba# samba -V
Version 4.7.6-Ubuntu
root@boy:/home/oem# cd /etc/samba/
root@boy:/etc/samba# cp -r smb.conf smb.conf.back
root@boy:/etc/samba# vi smb.conf
在最后添加配置文件
[oemsmaba]
path=/home/data
valid users = root
guest ok = no #匿名用,注意:不能有中文注释,请删除#号后的内容
启动服务
root@boy:/etc/samba# smbpasswd -a root
New SMB password:
Retype new SMB password:
Added user root.
root@boy:/etc/samba# systemctl start samba
Failed to start samba.service: Unit samba.service not found.
root@boy:/etc/samba# systemctl start smbd
访问
windows访问ipv6的samba IPV6访问SMB文件共享和HTTP表示方式
无法访问
\\2400:dd01:1026:127:43c8:ed64:1237:4f7e
需改:为-, 并添加.ipv6-literal.net
\\2400-dd01-1026-127-43c8-ed64-1237-4f7e.ipv6-literal.net\
sudo apt-get install netatalk
sudo vim /etc/default/netatalk
取消下面的注释
ATALKD_RUN=no
PAPD_RUN=no
CNID_METAD_RUN=yes
AFPD_RUN=yes
TIMELORD_RUN=no
A2BOOT_RUN=no
添加共享目录,如/home/data
到
sudo vim /etc/netatalk/AppleVolumes.default
如
/home/data/public/timemachine "timegirl" options:tm
必须加上 options:tm
不然不能挂载到timemachine
sudo systemctl restart netatalk
mac连接
afp://192.168.1.2
cat >reConnectWifi.sh<<EOF
#!/bin/bash
timeout 1 ping www.baidu.com -c 1 2>/dev/null 1>&2
#timeout 1 ping www.baidu.com -c 1
#短ping通返回0
if [ $? != 0 ]; then
nmcli radio wifi off && sleep 1 && nmcli radio wifi on
fi
EOF
chmod +x reConnectWifi.sh
添加到计划任务crontab -e
添加0 1 * * * /root/reConnectWifi.sh
重启服务
systemctl restart cron
yum install cifs-utils
mount -t cifs -o username=test,password=aaabbb,port=1445 //8.8.8.8/Disk01 /wky
#!/usr/bin/env bash
if [ ! -d "/wky/" ];then
#echo "文件夹不存在,执行挂载"
mount -t cifs -o username=test,password=aaabbb,port=1445 //8.8.8.8/Disk01 /wky
fi
查看
root@mboy:/home/cndaqiang# smbclient -L //192.168.1.213
WARNING: The "syslog" option is deprecated
#这个地方直接回车不输密码也可以
Enter WORKGROUP\root's password:
Sharename Type Comment
--------- ---- -------
ltl Disk the private share of ltl
Download Disk Download Share
Public Disk Public Share
cnq Disk cnq
ftp1 Disk the private share of ftp1
IPC$ IPC IPC Service (Seagate BlackArmor NAS)
Reconnecting with SMB1 for workgroup listing.
Server Comment
--------- -------
Workgroup Master
--------- -------
WORKGROUP BA-25A4D9
挂载
root@mboy:/home/cndaqiang# mount -t cifs //192.168.1.213/Download /tmp/Download -o guest
mount error(112): Host is down
Refer to the mount.cifs(8) manual page (e.g. man mount.cifs)
报错,指定ver=1.0/2.0/3.0
尝试
root@mboy:/home/cndaqiang# mount -t cifs //192.168.1.213/Download /tmp/Download -o guest,vers=1.0
root@mboy:/home/cndaqiang# !ls
ls /tmp/Download/
crystalmaker_win.zip
用户名密码挂载
mount -t cifs //192.168.1.213/Download /tmp/Download -o username=admin,password=123456789,vers=1.0
sudo su
apt install memtester
memtester 3G
直接使用另一台电脑打开,使用disk进行备份就好了
后续可能会尝试这样备份
dd if=/dev/sda | gzip -6 > /ghost.img.gz
gzip -dc /ghost.img.gz.gz | dd of=/dev/sda
UNAS教程 #36 后期UNAS不好用了,可以使用其他NAS系统把vbox的共享路径分享出去 增强功能下载http://download.virtualbox.org/
wget -q https://www.virtualbox.org/download/oracle_vbox_2016.asc -O- | sudo apt-key add -
sudo apt-get update
sudo apt-get install virtualbox
sudo apt-get install virtualbox-qt
注销重新登录图形化界面,菜单栏就自动出现vbox的启动图标了
移动路径
mkdir /home/data/cndaqiang
mv ~/VirtualBox\ VMs/ /home/data/cndaqiang/
ln -s /home/data/cndaqiang/VirtualBox\ VMs/ .
mkdir /home/data/.config
mv ~/.config/VirtualBox /home/data/cndaqiang/.config/
ln -s /home/data/cndaqiang/.config/VirtualBox ~/.config/
mkdir /home/data/cndaqiang/data
ln -s /home/data/cndaqiang/data .
传输文件使用
scp U-NAS_4.0.6_X86-64_ZH_DD_build202003062.iso mboy:data
vi /etc/systemd/system/vbox-unas.service
[Unit]
Description=vbox unas
After=network.target
[Service]
User=cndaqiang
LimitNOFILE=100000
ExecStart=/usr/bin/VBoxHeadless -startvm "UNAS"
Restart=on-failure
RestartSec=42s
[Install]
WantedBy=multi-user.target
systemctl daemon-reload
systemctl enable vbox-unas
systemctl start vbox-unas
关机
VBoxManage controlvm UNAS poweroff
卸载移动硬盘
udisksctl unmount -b /dev/sdc1 //卸载挂载点。相当与(umount /devsdc1)
udisksctl power-off -b /dev/sdc1 //安全关闭驱动器
ll /dev/sd*
这里 /dev/sdc1 和 /dev/sdc 都消失了(因为已经被安全分离)
cat > /etc/systemd/system/ssr.service <<EOF
[Unit]
[Service]
Type=forking
ExecStart=/usr/bin/python /opt/shadowsocksr-manyuser/shadowsocks/server.py -c /opt/shadowsocksr-manyuser/config.json -d start
TimeoutSec=0
StandardOutput=tty
RemainAfterExit=yes
SysVStartPriority=99
[Install]
WantedBy=multi-user.target
EOF
#重新载入配置信息
systemctl daemon-reload
#启动
systemctl start ssr
#添加到开机启动
systemctl enable ssr
systemctl stop frpc
cat > /etc/systemd/system/frpc.service <<EOF
[Unit]
[Service]
ExecStart=/opt/Frp/frpc_linux_amd64 -f XXXXX:XXXX
[Install]
WantedBy=multi-user.target
EOF
systemctl daemon-reload
systemctl enable frpc
systemctl start frpc
crontab -e
# m h dom mon dow command
0 1 * * * /root/reConnectWifi.sh
0 1 * * * /root/restartfrpc.sh
root@mboy:/home/cndaqiang# cat /root/restartfrpc.sh
#!/bin/bash
for i in frpc frpcsuanpan
do
a=$(systemctl status $i | grep Active | grep running | awk -F: '{ print $1 }')
if [ ! $a ]; then systemctl restart $i ; echo $i ; fi
done
route加-6
为ipv6
root@mboy:/home/cndaqiang# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default _gateway 0.0.0.0 UG 600 0 0 wlp2s0
default OpenWrt.lan 0.0.0.0 UG 20100 0 0 enp3s0
10.60.0.0 0.0.0.0 255.255.248.0 U 600 0 0 wlp2s0
10.60.0.0 0.0.0.0 255.255.248.0 U 600 0 0 wlp2s0
link-local 0.0.0.0 255.255.0.0 U 1000 0 0 wlp2s0
192.168.1.0 0.0.0.0 255.255.255.0 U 100 0 0 enp3s0
设置
route del default gw OpenWrt.lan
长期有效,添加到开机自启,或者由下面的cronta -e
设置定时任务
查看默认路由
root@mboy:~# ip route show
default via 192.168.1.1 dev enp3s0
default via 10.60.7.254 dev wlp2s0 proto static metric 600
10.60.0.0/21 dev wlp2s0 proto kernel scope link src 10.60.0.138 metric 600
10.60.0.0/21 dev wlp2s0 proto kernel scope link src 10.60.0.200 metric 600
169.254.0.0/16 dev wlp2s0 scope link metric 1000
192.168.1.0/24 dev enp3s0 proto kernel scope link src 192.168.1.200 metric 100
root@mboy:~# ip -6 route show
2400:dd01:1026:601::/64 dev wlp2s0 proto ra metric 600 pref medium
fd14:9f83:c307::3e7 dev enp3s0 proto kernel metric 100 pref medium
fd14:9f83:c307::/64 dev enp3s0 proto ra metric 100 pref medium
fd14:9f83:c307::/48 via fe80::22e5:2aff:fe5d:d688 dev enp3s0 proto ra metric 100 pref medium
fe80::/64 dev enp3s0 proto kernel metric 100 pref medium
fe80::/64 dev enp3s0 proto kernel metric 256 pref medium
fe80::/64 dev wlp2s0 proto kernel metric 256 pref medium
fe80::/64 dev wlp2s0 proto kernel metric 600 pref medium
default via fe80::22e5:2aff:fe5d:d688 dev enp3s0 proto ra metric 100 pref medium
default via fe80::3a22:d6ff:feb2:700 dev wlp2s0 proto ra metric 600 pref medium
ipv6删除route失败
vi /etc/systemd/system/rc-local.service
[Unit]
Description=/etc/rc.local Compatibility
ConditionPathExists=/etc/rc.local
[Service]
Type=forking
ExecStart=/etc/rc.local start
TimeoutSec=0
RemainAfterExit=yes
[Install]
WantedBy=multi-user.target
Alias=rc-local.service
vi /etc/rc.local
chmod +x /etc/rc.local
systemctl enable rc-local
编辑配置文件
root@mboy:~# crontab -e
填写定时任务:分,时,天,周,月 命令
23-59 * * * * bash /opt/delroute.sh
可以制定一个时刻,也可以范围0-6,也可以间隔,0-6/2., 也可以列出0,2,4,6
注意:执行脚本中的命令可能需要带绝对路径,环境变量不同,如
#!/bin/bash
#/sbin中的程序需要指定路径
PATH=$PATH:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games
#key=192.168.1.1
key=enp3s0
a=$(ip route show | grep default | grep $key | awk '{ print $1 }' )_
if [ $a != _ ]; then
route=$(ip route show | grep default | grep $key | awk '{ print $3 }')
dev=$(ip route show | grep default | grep $key | awk '{ print $5 }')
echo $(date) "route del default gw $route dev $dev" >> /tmp/route
route del default gw $route dev $dev
fi
ssh
免密登录