TiFFolk's questions

Cisco has "sdm templates" and the number of mac, arp, ace, route entires depends on template type. Is there something like that in Juniper switches?

I have to connect two LANs: LAN1: 10.10.0.0/16 and LAN2: 192.168.0.0/16. I can't do simple routing, because 192.168.0.0/16 net is prohibited in LAN1, so I am thinking of using Full cone nat (1:1) to translate 192.168.x.y/16 to 10.11.x.y/16. Each translation is done by this rules:

iptables -t nat -A PREROUTING -d 10.11.0.0/16 -j DNAT --to-destination 192.168.0.0/16
iptables -t nat -A POSTROUTING -s 192.168.0.0/16 -j SNAT --to-source 10.11.0.0/16

But I will have to enter 254*254*2 rules, what will, I think, result in enormous performance degradation. So, is there a way to write such one-to-one translation with minimum number of rules?

Is there a way of limiting number of cpu cores seen from inside a VE? I have an eight core server, but I want my VE to see only one particular core.

Thanx!

We are choosing a system for managing our IP address space. So we are looking for a special free software like IPPlan. So what we have nowadays:

• Ipplan (Beta IPv6 support)
• SolarWinds IP address tracker (IPv6 support unknown )
• IP module of The NOC Project (BTW, take a look of it, seems to be very promising project) (IPv6 support unknown )
• phpIP (Does not support IPv6)
• IP management from RackTables (Does not support IPv6)

Do you know about any other special software, like written above?

But:

• No Wiki
• No DNS
• No DHCP
• No spreadsheet

Software should provide:

• Clear view of available addresses
• Detail listing of all addresses by subnets/search pattern/owners/additional info
• It must support adding additional info like owner of IP, domain-name, contacts, etc
• Multi user support
• Easy interface
• Software has to be specially written for address management.

• Scalability

• Any OS: win, lin, sol, web

The purpose of this questions, is to understand pros and cons of filtering outgoing mail.

I am admin of an ISP. As usual, users, who have dynamic IPs, can send mail only with ISP's SMTP server. Nowadays users can send mail without authorization inside the network, but sending mail to internet requires authorization on the SMTP server. Thereby I can protect my network from been banned for spam.

But I see, that some providers permit sending mail to internet with their SMTP server without authorization. Is it good? Aren't they afraid to appear in DNSBL?

So, what do think about filtering outgoing mail? Use content filter? Deny or permit non-authorized users to send mail? How it is configured in your production?

How can I configure my UNIX or/and Linux PC with COM port to support serial console connections? I would like to connect my notebook to that PC via a console cable and manage the PC with terminal emulation software like putty, as if I use keyboard directly.

Do you know any special software for monitoring BGP peers, prefixes, log their failures, prefixes amount and etc? (Cisco)

( Not zabbix, nagios and etc, i know that you can write plugins or work with snmp, but I am searching for already written software )

Thanks!

Can you tell such a tool for windows, that lets you to autocopy selected text to clipboard, as in PuTTy or terminal emulators. But it must copy text from any other app too.

Thanks!

I installed an Intel gigabit card, it is shown as:

[root@mail ~]# ethtool eth0
Settings for eth0:
        Supported ports: [ FIBRE ]
        Supported link modes:   1000baseT/Full
        Supports auto-negotiation: Yes
        Advertised link modes:  1000baseT/Full
        Advertised auto-negotiation: Yes
        Speed: 1000Mb/s
        Duplex: Full
        Port: FIBRE
        PHYAD: 0
        Transceiver: external
        Auto-negotiation: on
        Supports Wake-on: umbg
        Wake-on: g
        Current message level: 0x00000007 (7)
        Link detected: yes
[root@mail ~]#

Thereby I get errors:

[root@mail ~]# ifconfig eth0
eth0      Link encap:Ethernet  HWaddr 00:07:E9:0A:75:A5
          inet addr:78.158.192.29  Bcast:78.158.192.127  Mask:255.255.255.128
          inet6 addr: fe80::207:e9ff:fe0a:75a5/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:29351806494030 dropped:4891967749005 overruns:0 frame:19567870996020
          TX packets:0 errors:9783935498010 dropped:0 overruns:0 carrier:14675903247015
          collisions:4891967749005 txqueuelen:1000
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)
          Base address:0xb000 Memory:ff700000-ff720000

The other network cards are shown as "MII" and work fine. Is there any ability to change the port type from FIBER to MII? ethtool can't change it.

thanks

Is there a way, to create such privilege, which will let to configure just one particular port ex: gi1/0/1 , but at that time will not let to configure gi1/0/2 .

Smth like: privilege interface gi1/0/1 10

UPD: As radius said, from /usr/local/share/doc/tac_plus/users_guide :

    The following configuration example permits user Fred to run the
following commands:

    telnet 131.108.13.<any number> and
    telnet 128.<any number>.12.3 and
    show <anything>

All other commands are denied (by default).

user=fred {

    cmd = telnet {
        # permit specified telnets
        permit 131\.108\.13\.[0-9]+
        permit 128\.[0-9]+\.12\.3
    }
    cmd = show {
        # permit show commands
        permit .*
    }
}

Is there any console utility which can export mysql sql query result to Exel (xls) file?

Can you recommend good and secure looking glass scripts with traceroute,ping and bgp? I want to install it to my website, and connect to Cisco routers.

I couldn't get it. Are updates free and can be downloaded for Solaris 10? Or i must buy support to obtain updates, as in RHEL?

I am not sure, but if I install pci-e 4x raid controller in pci-e 16x slot, will it work? As i read in google, it should work. What do you thinks/know?

I have extended access-list BLOCK, where each entire has its own special number. EX:

1038047 deny ip any host 192.168.38.47
1038048 deny ip any host 192.168.38.48
1038049 deny ip any host 192.168.38.49
1038069 deny ip any host 192.168.38.69
1038077 deny ip any host 192.168.38.77
1038080 deny ip any host 192.168.38.80

Formula is 1 000 000 + 1 000*3_octet+4_octet , and the last one is

3 000 000 permit ip any any

But after reboot they become:

2020 deny ip any host 192.168.38.27
2030 deny ip any host 192.168.38.32
2040 deny ip any host 192.168.38.37
2050 deny ip any host 192.168.38.38
2060 deny ip any host 192.168.38.43

It is bad. Is there any command to prohibit cisco resequencing entires?

I have connected a switch to a PC with a serial cable, and I want to manage it. What utility can I use to open a serial line and manage the switch through the console?

On Windows I used PuTTY (serial line COM1).