Supermicro ipmi port forwarding

| Chanchai Srithep

The first ports you have to allow are of course TCP 80 and 443 for web management interface. Almost all IPMI implementations have it and quite often it’s the interface with the most features. For example, Supermicro’s implementation only allows BIOS update and port number changes over web interface. This interface unfortunately stops just short of allowing console access.

To get access via IPMI tool (I use Supermicro’s IPMI View) you need to have UDP port 623 allowed through. This will allow logging into the IPMI interface and seeing machine’s status. Unfortunately, this too stops short of console access.

The key to the console (aka KVM) access is in TCP ports 3520 and 5900. These will allow you to see and type into. And only if you ever ran IPMI in nonrestrictive network would you notice something missing.

The missing piece is the menu, allowing you to mount virtual media and similar. For this you need to enable TCP port 623. This will finally allow full control over the hardware.

It’s a bit of annoyance that so many ports are needed but in general this doesn’t present the problem. Unless there are special circumstances, you shouldn’t access IPMI from the outside via port forwarding. What you should do is use VPN and then use IPMI via it.

Download PDF

Streaming HLS and MPEG-DASH from behind reverse proxy

| Chanchai Srithep

There are use cases when a media streamer is putting Nimble Streamer media server behind the reverse proxy. This is usually done for security reasons and works pretty good.

But there is a side effect of this solution. For each connection, Nimble Streamer gets the IP of the proxy instead of IP of the viewer. This means that geo-location reporting for HLS and other HTTP protocols would be shown incorrectly. Also, WMSPanel hotlinking protection and geo-lock will not work since it’s based on IP as well.

For HTTP-based protocols like HLS, MPEG-DASH, SmoothStreaming and Progressive download this can be solved via processing X-Forwarded-For header.

We’ve recently added processing capability option to handle this HTTP header in Nimble Streamer. You need to follow these easy steps.

1. Open Nimble Streamer configuration file called /etc/nimble/nimble.conf and add the following parameter:

cdn_origin = true

2. Restart Nimble.
For Debian/Ubuntu run:

sudo service nimble restart

For Red Hat Enterprise Linux 6 / CentOS 6 run:

sudo service nimble start

That’s it. Nimble Streamer will be obtaining customers’ IP addresses correctly.

How to enable/disable firewall on Ubuntu 18.04 Bionic Beaver Linux

| Chanchai Srithep

Objective

The objective is to show how to enable or disable firewall on Ubuntu 18.04 Bionic Beaver Linux

Check a current firewall status

$ sudo ufw status
[sudo] password for linuxconfig: 
Status: inactive

Enable Firewall

To enable firewall execute: 

$ sudo ufw enable
Command may disrupt existing ssh connections. Proceed with operation (y|n)? y
Firewall is active and enabled on system startup

Firewall, is now enabled: 

$ sudo ufw status
Status: active

Disable Firewall

UFW is quite intuitive to use. To disable firewall execute: 

$ sudo ufw disable
Firewall stopped and disabled on system startup

Confirm the firewall status: 

$ sudo ufw status
Status: inactive

Remove Proxmox 6.0/5.1+ Subscription Notice

| Chanchai Srithep

With the release of Proxmox 5.1 and newer (including 6.0) you’ll find the code related to the no subscription message that pops up on login has changed and prior instructions for removing it wont work.

To remove “You do not have a valid subscription for this server” run the command bellow. You will need to SSH to your Proxmox machine or use the node console through the PVE web interface.

Run the following one line command and then clear your browser cache (depending on the browser you may need to open a new tab or restart the browser):

sed -i.bak "s/data.status !== 'Active'/false/g" /usr/share/javascript/proxmox-widget-toolkit/proxmoxlib.js && systemctl restart pveproxy.service

Here are alternative step by step instructions so you can understand what the above command is doing:

  • Change to working directory
    cd /usr/share/javascript/proxmox-widget-toolkit
  • Make backup of file
    cp proxmoxlib.js proxmoxlib.js.bak
  • Edit the file
    nano proxmoxlib.js
  • Locate this line of code inside the file (use ctrl+w in nano)
    if (data.status !== 'Active') {
  • Replace it with this
    if (false) {
  • Restart the Proxmox service (also be sure to clear your browser cache, depending on the browser you may need to open a new tab or restart the browser)
    systemctl restart pveproxy.service

Cisco Configure Basic

| Chanchai Srithep

#config terminal
#write memory
#show vlan
#show ip interface [number]
#show vlan id [number]
#show interfaces switchport FastEthernet [number]
#hostname [name]
#no ip addeess
#no ip address dhcp
#copy running-config startup-config
#show interfaces status
#switchport mode access
#switchport access multicast-tv vlan [number]
#copy running-config startup-config

https://www.cisco.com/c/en/us/support/switches/small-business-300-series-managed-switches/tsd-products-support-series-home.html