Cisco NOTE:- DHCP static IP assignment

Set up a main DHCP pool

#ip dhcp pool STATIC_POOL_for_LAN
#network 10.x.x.x 255.255.255.0
#domain-name xxx.com
#default-router 10.x.x.x
#dns-server x.x.x.x  x.x.x.x
#lease 20

Set up some exclusions
#ip dhcp excluded-address 10.x.x.200 10.x.x.255

First verify if the client is using hardware address or client-identifier with
#sh ip dhcp binding.

#Clear ip dhcp binding x.x.x.x
So you can then assign the device back to the free address

#Enable
#Conf term
#ip dhcp pool (Name of device/pool)
host 10.x.x.x 255.255.255.0
client-identifier 01aa.bbcc.ddee.ff  or hardware-address aabb.ccdd.eeff

See what is set up
#show ip dhcp pool

Reboot the client

Linux Note:- SSH, Tunnels, Keys and Stuff

SSHing back home.

My home network is a big learning environment; but it also has to function and be secure. As a household we need a reliable internet connection wired and wireless to be able to work. We also need a decent level of security. There is an edge router/firewall dealing with the BT infinity connection, behind that is the insecure section of the network and further along there is another gateway firewall to the secure portion of the network and the DMZ.

I run a EXSi environment with a few machines; a web server, backup server, pen testing machine, it hosts a pfsense router/firewall set up and a dev server. There are various hardening and protection measures in place but there are also some open doors.

There are a few ports open to the big bad internet. 80 and 443- standard web stuff, I also have a physical VPN box with an open port and the last one is my physical SSH gateway. I use this to access the internal network when I am away, it also allows me to proxy back home for a slightly more secure connection when tethering or hotspotting. There is a second physical ssh server running in the secure part of the network as well, so depending on what access I need depends on many many hops back into the network. Phew, here is some ssh stuff configured on the different machines.

Although my laptop has full disk encryption I decided not to keep the keys on the physical machine – the reason, I only want one version of the key file in circulation but I need to use it on a couple of machines/devices. Basically I partitioned an SD card, one an encrypted linux partition and another windows encrypted part. So keys go on the SD card. Card needs decrypting, keys have passphrases.

Need to have cryptsetup installed.

Need some aliases to make the process of mounting and decrypting a bit quicker

#alias securecard=’sudo cryptsetup luksOpen /dev/mmcblk0p6 luks-7ffe790b-fc85-46d2-bfba-122427acceef’

#alias mountsecurecard=’sudo mount -n /dev/mapper/luks-7ffe790b-fc85-46d2-bfba-122427acceef /media’

and some more to gracefully remove the card

#alias removesecurecard=’sudo dmsetup remove /dev/mapper/luks-7ffe790b-fc85-46d2-bfba-122427acceef’
#alias umountsecurecard=’sudo umount -f /media’

Also need some config to make the SSHing process quicker

sudo nano /.ssh/config file I have added a few entries

Host *
AddressFamily inet

(I only want to use ipv4 at the moment to stop proxy binding to ipv6 addresses)

Host Home
Hostname (ip or hostname)
IdentityFile /media/path/of/mounted/SD/card
user (name of my user)
Port (port I use for ssh)
ForwardX11Trusted yes (trust any forwarding connection)

Host HomeTunnel
Hostname (ip or hostname)
IdentityFile /media/path/of/mounted/SD/card
user (name of my user)
Port (port I use for ssh)
LocalForward 8080 localhost:8000

Host Secure
ProxyCommand ssh HomeTunnel ssh -t -ND 8000 secure

SSHecurish browsing is now available while I am out and about. I can proxy home, I can hop on to my ssh gateway box and then over to the secure ssh box, access the terminal  of the servers, etc etc. Wonderful!

 

 

 

 

Raspberry Pi – First boot and Internet Connectivity

OK everything connected

HDMi to DVI on my desk monitor
Mains power from RS
USB keyboard from APPLE model A1243
Microsoft optical mouse model 1344
Ethernet Cable
Class 6 Transcend 4GB SD card

PIonDesk

First boot took a little time but everything up and running…oh hang on not quite.

Although my keyboard was on this compatible list. It didn’t work, neither did the mouse

Power consumption is key with the Pi and my mouse was plugged into one of the keyboards side USB ports and hence the two together were drawing too much power. So a slight socket change and things are working.

pialive

Next Network/Internet connectivity.

My Pi had a DHCP address, great…. but wait I can’t ping the 192.168.0.1 router or the outside world,this was odd, DNS maybe?!

My personal setup is Raspberry Pi plugged in (via an Ethernet cable),to a small Ethernet switch which is turn is connected to a DD-WRT router (192.168.0.2) which is connected as a wireless bridge to the AP router.

My first troubleshooting port of call is to hard code an IP address as it seems odd to have received a dhcp address but then cant get back out to www.

This instantly solved my problem and there is some how to information here…

http://www.penguintutor.com/blog/viewblog.php?blog=6306

http://www.raspberrypi.org/

I am not sure why the Pi traffic can not get back to the AP router. So work in progress. I would have hard coded an address any way as I like to know what is where on the network…..

Raspberry Pi – SD Card Install

Installing a Raspberry Pi image to SD Card Using the dd Command & Installer

Get an Image
Insert your SD/SDHC card into the card reader
Identify the device node of the SD card; mine was /dev/mmcblk0).

Easy way to identify the card is to list the devices using ls -l /dev/sd* /dev/mmcblk* before and after inserting the SD card.

Make sure it didn’t get mounted

Use to dd to copy the image to the SD card

sudo dd bs=1mb of=/home/ali/Downloads/debian-xbmc-24-04-2012/debian-xbmc-24-04-2012.img if=/dev/mmcblk0
[sudo] password for ali:

then sync

Remove the SD card

OR Use the installer

Fedora

Click the refresh (circle-arrow) button beside the Download list to retrieve a list of available images.
Select the image you wish to install or, if you have already downloaded the image file, browse to that file’s location.
Click the refresh button beside the Device list to retrieve a list of possible target devices for the installation.
Select the device on which you wish to install the image.
Click “Install”.
Wait until the program states that the installation is complete before removing the card.

All the info at Here and Here

 

vMy newly imaged SD CARD AND another RaspberryPi arrived today..bonus

RPI