Protected: ExpressVPN for Android

This content is password protected. To view it please enter your password below:

Samsung Magician vs Nvme

I couldn’t find something on Google with this title, but I found this lovely article, where I was forbidden to post the followin’ reply:

 

I am confused yet impressed with the results of my 850 evo sata with the Magician on overclocked 3000mhz Ram: 

6000 MBs read/write with 2GB Disk Mark sample.

With 8GB WRITE sample ? – ! 500MBs for evo850 VS 50MBs for evo960 !

It is always superior to an nvme Evo 960 in Writing big files, not so with Reading speeds… with little disappointment for the newest Samsung product.
I don’t know why Samsung is being so humble with the Magician’s power (and not so with its nvme drives), while Intel is making a big fuss with its Optane sticks. They are both toys, but the Magician deserves more, I think.
On both I am running lots of server VMs and on my 1 tb 850 evo I never had the cache crashing issue mentioned (after removing all power saving features in the bios I got 1 month and more uptime). I did have the crashing with the Optane stick, the day I lost lots of data and sold all those stupid sticks I had bought… for sticking in someone else’s …

 

 

rSyncTrees baptism

GitHub is full of “rsync backup” scripts with the such similar names…

 

As of today rSyncTrees is baptized @lonblu

…and @Github too…

…as the backup, restore and storage management Swiss knife for Linux.

Rsync Restore: Restore Linux rsync backups

The rSyncTrees script won’t stop surprising…

If the storage is configured, as you launch it along with a path it will show you the same file in 1 or more versions, or the same directory in 4 or less versions among:

  • the one that is running on the live system (or supposed to be there)

and the 3 rSyncTrees storage folders:

  • the Synched tree (which may be pointing to a Restore folder)
  • the Previous versions tree (which may contain multiple versions of the same file)
  • the Extras tree

#rSyncTrees /home/user/Desktop

 

– Restoring Linux files and directories…

#rSyncTrees Rs

will launch the Restore Mode.

At the prompt input the name of the file/directory to re-sync, or to restore because is missing, and the script will show if it is present somewhere. It will be presented as mentioned. As opposed to rSyncTrees, the Rs option allows to enter missing directories, but that are present in some storage sync-tree

Storage Folder/               
              Machine folder/------------->Rs>---------Machine
               _/     _|_     \_                  Linux|Bash|rsync
          12.2019 - Previous - Extras                   /
            /etc      /etc     /etc                    /etc
          file     file.date     file                  file
                   file.date                          file_DISMISS
                   file.date      |                        |
             |         |          |                        |
            -|--Full---|-------|Onetime|--------<Backup<---|

It allows to restore single files from the many versions found, or whole directories under the root tree.

It can restore to a different path, when the prompt for it is given.

 

Other built-in command line options

#rSyncTrees option

-option- will provoke exit if isn’t :

rp – creates a recovery point of the synchronization dir on the Storage root as DATEofRun_tar.gz

du/due/dup/duA – shows the used disk Mbytes for all storage folders.—–e for Extras, p for Previous, A for All.

speed – runs an rsync test job showing the speed. The size of the transfer can be set with the variable ttestMb=2222, for instance for 2.2 gygabytes. The bigger, the more accurate.

Rs – ReStore

/dir/to/something

 

 

Rsync Linux backup script: rSyncBackup.sh

Make Rsync backup simple… Try it out!

Created on BackBox, tested in Debian, Suse, CentOS.

rSyncBackup in action

Created on BackBox, tested in Debian and Suse.
Rsync should be installed!

The script will run 2 rsync jobs:
– 1 for remote or One-time only,
to a sub folder called -Extras-;
in verbose mode (-vv) on terminal and minimal log;
it has fewer standard exclusions. Hence is more dangerous – (anyway the backup storage is always excluded);
it backs up when something has been specified on the first prompt;
can run as basic non-root user;
it won’t allow to backup the root / of the filesystem ;
it can run Onetime only without or along with -Full backup-.

– 1 to mirror your chosen subfolders of “/”, is the -Full backup-:
has a new folder every month -02.2019- for February;
runs in info mode on terminal and delivers detailed log;
it backups / but with –include-from-file=INCbackup.txt, and with standard exclusions;
is able to run non-interactively as crontab job (use #crontab -e);
is optimized for SMB storage;
will run only as root user.

– BOTH jobs have
the backup option to put previous version in folder -Previous-;
the modified files in this folder have suffix of the hour backup time most recent after the file was modified: hence there can be a new file every hour;
ask what dir/file to backup, validate it exists; and ask you to make it permanent for next backups;
ask whether to exclude something from the current backup; and whether to make it permanet;
both are bound to exclusion files;
will display the size of the inclusions and exclusions in MB;

The first time you run it, it will:
– ask you to choose or create a backup directory in your home; it will create the 3 subdirs: 1 for synchronization, 1 for backup, 1 for onetime/remote jobs.
– create an exclude EXCbackup.txt with standard inclusions (/dev and /proc are excluded anyway) and an include INCbackup.txt file in your home. If you delete them it will recreate them.

At every run it will:
– if the backup directory is not found it can backup to an alternative storage, defined in /etc/.rsyncbackup;
– it will never create directories if the storage is not defined, but only as subdirs of the Storage.
– allow to run a one-time backup of the chosen path, remote or local.
– otherwise synchonize the included files/dirs the monthly folder (and delete files no longer present) ; backup the changes to the “previous” backup directory; backup the extra input to the extra folder.
– create a backup log with end date in the name, and deliver the most recent to the backup directory.

Copy rSyncBackup.sh in your /root/, and do

#chmod 500 rSyncBackup.sh

#./rSyncBackup.sh

 

The following is an old version and may not copy-paste well, better use rSyncBackup.sh.7z.

Notes on latest version: 
works!

#!/bin/bash
linux=$(hostname)
##backup to Windows Share
rsync_root=$HOME/backup
#rsync_root=/mnt/nvme/backup
backup_root=$rsync_root/$linux #dir must be present with hostname name month=$(date +%m.%Y) starthour=$(date +%d%h_%H:%M)
#Rsync and bash and nano do not start well , better changing base dir. cd $HOME
####Interactive#########################
if tty -s; then
#
if [[ -d $rsync_root ]]; then : ;
else echo $’Create a “backup/hostname_of_your_linux” directory in your home, \n or Change third line in the
script to a directory with enough space.’ & exit 1;
fi

if [[ ! -d $backup_root ]]; then mkdir $rsync_root/”$linux”;fi

read -r -p $’\e[31m 2- (Ctrl-C to quit before -0**)\n – Enter the first file/folder to backup (AAA!: /etc/dir > /etc/dir/) :\n ‘ extradir

if [[ ! -z “${extradir// }” ]]; then
#if [[ -z “${extradir// }” ]] means: if extradir is empty (! for NOT empty)
read -t 5 -r -p ‘PermanenT add to include.txt?(NO by default) : ‘ perminc ; else
#else exit 1;else
echo “Nothing extra but…”; fi
###$$$##->
#
fi
####Interactive#########################
#
#targets=($extradir “/”) #######Multiple tg may be removed in the future
include_file=”$HOME/INCbackup.txt”
if [[ ! -f $include_file ]]; then touch “$include_file”;fi
#->###$$$###
#
########################Interactive#####
if [[ $perminc =~ ^[Yy]$ ]];then
if [[ ! -d $extradir ]] && [[ ! -f $extradir ]];then
echo “$extradir” $’\e[39m doesnt exist! (UP arrow and Enter!)’ & exit 1; else
echo -e ‘\r’ & echo “$extradir” >> “$include_file”; fi
fi
########################Interactive#####
#
exclude_file=$HOME/EXCbackup.txt
if [[ ! -f $exclude_file ]]; then touch “$exclude_file”;fi
previous=$backup_root/previous #must be present is some cases?
log=”$HOME/backup.log”
echo “$starthour” >> “$log”
sync_dir=${backup_root}’/’${month}
#
#########Interactive#################
#echo $extradir ##The / is backed up only according to –files-from= –recursive
cat “$include_file”
echo -e ‘\r’ #carriage return
if tty -s;
then read -t 15 -r -p $’1- We will backup the above…….\n \e[39m Something to EXClude for this backup ?? Continues in 15s.. \n – HELP: type “chrome” for /opt/google/chrome or similar from above – :\n’ exclu; ##read variable
fi

if [[ -z “${exclu// }” ]]; then
echo “No more exclusions but…”; else
read -t 15 -r -p $’ 1/2- More excludes? :’ exclu2 ;
fi
########################
cat “$exclude_file”
echo -e ‘\r’ #carriage return
echo “$exclu”
echo “$exclu2”
echo $rsync_root
if tty -s;then
#
read -t 9 -p $’\e[4m-0** READY?- \e[24m\e[36m–delete or other arguments for rsync (–progress -vv –info=ALL4)?’ argu; ##read variable
#
fi
#########Interactive#################
##
#####
###
##
rsync_cmd() { rsync -aWzLhRb –files-from=$include_file –recursive –backup-dir=$previous –safe-links –munge-links –info=BACKUP2,DEL2,COPY2,PROGRESS2 –exclude-from=$exclude_file –exclude $rsync_root –exclude $exclu –exclude $exclu2 –delete-excluded $argu –log-file=$log –modify-window=1 / $sync_dir
}
##
###
#####
##–recursive is needed for rsync to backup / by keeping the original structure RSYNC execution
#for tg in ${targets[@]}; do
#######################################################
rsync_cmd
#######################################################
#echo “$(date +%D” “%r): Beginning backup of $tg” >> $log done the / argument should be replaced by $tg if $extradir is enabled
hour=$(date +%d%h_%H:%M)
#Document inputs and End time
cmd=$HOME/ShellBackup_ended$hour
echo “————–VARIABILI————–” >> “$cmd”
echo -e ‘\r’ >> “$cmd” #carriage return
echo “#” >> “$cmd”
echo “Included:” >> “$cmd”
cat “$include_file” >> “$cmd”
echo -e ‘\r’ >> “$cmd” #carriage return
for tg in ${targets[@]}; do echo “$tg” >> “$cmd”; done
echo “##” >> “$cmd”
echo “Extra shell arguments:” >> “$cmd”
echo “$argu” >> “$cmd”
echo -e ‘\r’ >> “$cmd” #carriage return
echo “###” >> “$cmd”
echo “Excluded:” >> “$cmd”
cat “$exclude_file” >> “$cmd”
echo -e ‘\r’ >> “$cmd” #carriage return
echo “$exclu” >> “$cmd”
echo “$exclu2” >> “$cmd”
echo “####” >> “$cmd”
##better have new Log next time, or else it will grow too big with >>
cp -f “$log” “$backup_root”
mv “$log” “$HOME”‘/’Bkup_”$hour”.log

Automount Windows SMB file shares with Samba on Linux BackBox/Ubuntu

This should be implemented in every Linux distro with graphical configuration.

Is the best article I found after years of using Linux and I am pasting it below, for redundancy.

 

Required:

apt install cifs-utils

#apt install autofs

 

Yet Another Even-better method

If you have multiple shares to mount with the same credentials, there is a handy way to set it up.

Create a local mountpoint (of your choice):

[root@host]# mkdir /mnt/smb

Add this line to /etc/auto.master:

/mnt/smb /etc/auto.smb.top

Create /etc/auto.smb.top as:

* -fstype=autofs,-Dhost=& file:/etc/auto.smb.sub

Create /etc/auto.smb.sub as (adjust as needed):

* -fstype=cifs,credentials=/root/secret.txt,uid=500,gid=100 ://${host}/&

Create a test /root/secret.txt as

username=user@domain
password=password

Let’s make sure that the permission bits are correct and restart the service:

[root@host]# chmod 644 /etc/auto.smb.*

[root@host]# service autofs restart

Now you can access by simply typing:

[user@host]$ cd /mnt/smb/Hostname/Sharename

 

 

: -) Works G R E A T on file manager GUI 🙂

 

 

Additional tips:

If you have multiple remote servers and shares with different usernames and/or passwords, use this formula:

* -fstype=cifs,credentials=/root/${host}.secret.txt,uid=${UID},gid=${EUID} ://${host}/&

To allow users to put their own usernames/passwords to their home directories (might expose security even more):

* -fstype=cifs,credentials=${HOME}/${host}.secret.txt,uid=${UID},gid=${EUID} ://${host}/&

To improve security with Samba-servers, you could also add sec=ntlmv2, and make credentials file hidden like this:

* -fstype=cifs,sec=ntlmv2,credentials=${HOME}/.${host}.secret.txt,uid=${UID},gid=${EUID} ://${host}/&

See mount.cifs man page for details about the sec- and other cifs related mount parameters.

 

 

 

#Appendix——– do the needful reverse: SHARE your Linux directories ——

># nano /etc/samba/smb.conf

#======================= Share Definitions ===

[home]
comment = Visible Share
path = /home/username
browseable = yes
read only = no

[etc]
comment = Hidden Share
path = /etc
browseable = no
read only = no

[var]
comment = Logs Hidden Share
path = /var
browseable = no
read only = no

#==========Add similar as per man smb.conf========

Then use smbpasswd to set the share login for some existing or new users that will connect from Windows to your linux dns or ip \\10.2.3.4\home or \\Linux-machine\var

# smbpasswd username

Do service smbd restart or wait a little.

Set chmod or chown in your shares subdirectories if required.

Exchange wants disk space for receiving emails

The receiving server in this case is a 2010Sp3ur22. In Exhange 2016 it seems to me that the error is more verbose, though not yet very easily spotted before mail flow is broken.

Test-exchangeserverhealth.ps1 will get stuck when testing mail flow on a server with no disk space, or give the following error.

Mail flow test: *FAILURE*
You must provide a value for this property.
+ CategoryInfo : NotSpecified: (0:Int32) [Get-MailboxDatabase], DataValidationException
+ FullyQualifiedErrorId : 860DC82A,Microsoft.Exchange.Management.SystemConfigurationTasks.GetMailboxDatabase

 

Sending email with telnet receivingExchange 25 you may see “Insufficient system resources” when typing rcpt to:recipient address.

 

In the sending Exchange server Get-queue|fl shows the following.

MessageCount : 11
LastError : [{LED=451 4.4.397 Error communicating with target host. -> 421 4.2.1 Unable to connect ->
SocketTimedout: Socket error code 10060};{MSG=};{FQDN=

 

Outlook may show some sympthoms, but will appear connected, and the mail gets sent.

 

After increasing the disk space on the receiving server all queued messages started to arrive in the Outlook inboxes.

🙂 🙂  🙂

🙂 🙂

🙂

 

La Forza dello spirito – Nicolas Malebranche

Capitolo I 

Capitolo VI

 

 

I. La fede e la Ragione ci assicurano che Dio solo è la causa veritiera di ogni cosa: ma l’esperienza ci insegna che egli agisce solo secondo certe leggi che egli si è fatto, e che segue costantemente. Per esempio, è solo Dio a muovere i corpi: ci vorrebbe forse una bella spiegazione per convincere certe persone. Ma se presupposto, da come provato altrove, è evidente per esperienza che Dio muova i corpi solo quando sono stati percossi. Possiamo allora dire che lo choc dei corpi percossi sia la causa occasionale che determina infallibilmente l’efficacia della legge generale con cui Dio produce migliaia di svariati movimenti nella sua opera.

II. E Dio solo diffonde la luce negli spiriti: è una verità che ho già sufficientemente spiegato. Ma non serve a niente cercare altrove, se non in sé stessi, la causa occasionale che lo determina a comunicarcela. Dio, secondo una legge che egli segue costantemente, e di cui ha previso ogni seguito, ha vincolato la presenza delle idee all’attenzione dello spirito: poiché se sappiamo padroneggiare la propria attenzione, e farne uso, la luce non mancherà di diffondersi in noi in proporzione al nostro lavoro. Questo è talmente vero che l’uomo ingrato e stupido ne fa spesso oggetto di vanità. Egli immagina di essere la causa delle proprie conoscenze, per quanto fedelmente Dio esaudisce i suoi desideri. Poiché avendo il sentimento interiore della propria attenzione e mancando conoscenza dell’operato di Dio, egli considera lo sforzo dei suoi desideri, che dovrebbe convincerlo della sua impotenza, essere la causa veritiera delle idee che accompagnano questo sforzo.

III. Dio a dovuto riporre in noi le cause occasionali delle nostre conoscenze per molte ragioni, tra cui la principale è che altrimenti non saremmo stati padroni delle nostre volontà. Poiché dovendo le nostre volontà essere illuminate per potersi eccitare, se pensare non fosse in nostro potere, neppure lo sarebbe di volere. Non saremmo dunque liberi in perfetta libertà, né di conseguenza in grado di meritare i veri beni, per i quali siamo fatti.

IV. L’attenzione dello spirito è dunque una preghiera naturale con la quale otteniamo l’illuminazione della Ragione. Ma in seguito al peccato lo spirito si ritrova spesso in spaventose siccità: non sa pregare: il lavoro dell’attenzione lo affatica e lo desola. In effetti questo lavoro è grosso all’inizio, e la ricompensa molto esigua; e ci si sente comunque ad ogni istante sollecitati, spinti e agitati dall’immaginazione e dalle passioni, delle quali è delizioso assecondare l’ispirazione e i movimenti. Tuttavia, è una necessità, bisogna invocare la Ragione per esserne illuminati; non c’è altra via per ottenere la luce e l’intelligenza, se non il lavoro dell’attenzione. La fede è un dono di Dio che non si merita affatto: ma l’intelligenza d’ordinario si dona solo per merito. La fede è grazia pura in ogni senso: ma l’intelligenza della verità è talmente grazia, che serve meritarla col lavoro, o con la cooperazione alla grazia.

V. Coloro che sono fatti per questo lavoro, e che fanno sempre attenzione alla verità che li deve condurre, hanno una disposizione che meriterebbe senza dubbio un nome più magnifico di quelli dati alle virtù più incantevoli. Ma anche se questa abitudine, o questa virtù è inseparabile dall’amore per l’ordine, essa è così poco conosciuta tra noi che non sono certo che gli sia stato dato un nome particolare. Che mi sia allora permesso di designarla con l’equivoco nome di forza dello spirito.

VI. Per acquisire questa veritabile forza con cui lo spirito supporta il lavoro dell’attenzione, serve iniziare presto il lavoro; poiché naturalmente possiamo acquisire le abitudini solo grazie ad azioni; e possiamo fortificarle solo grazie all’esercizio. Ma la difficoltà è forse proprio iniziare. Ci ricordiamo di avere iniziato, e di essere stati obbligati a fermarci. Per cui ci si scoraggia, ci si crede incapaci a meditare, si rinuncia alla Ragione. Se così avviene, pur giustificando la nostra pigrizia e negligenza, rinunciamo comunque alla virtù, almeno in parte. Poiché senza il lavoro dell’attenzione non si potrà mai capire la grandezza della Religione, o la santità della Morale, o la piccolezza di ciò che non è Dio, il ridicolo nelle passioni, e tutte le proprie miserie interiori. Senza questo lavoro l’anima vivrà in cecità e in disordine; poiché per natura non c’è altra via per avere luce nella nostra condotta: saremmo eternamente in inquietudine o in strano imbarazzo; poiché si è intimiditi da tutto quando si cammina nelle tenebre, e ci si crede circondati da precipizi. È vero che la fede conduce e sostiene; ma è perché essa produce sempre della luce nell’attenzione che stimola in noi: e non resta che la luce a rassicurare gli spiriti, quando hanno tanti nemici quanti i nostri.

Skype server and Exchange all on 2 public ips

I recently am working like workholic… I know.

The Microsoft supported configuration for Skype is with at least 3 public ips.

-sip – port 5061

-ssl – port 443

-audio-video 444

But 1 extra is needed for mobile devices (Android, etcetera):

-adfs/ssl – port 443

Also what would you do without Exchange?

-smtp -port 25

-ssl – port 443

Supposing you want to avoid the hassle of forcing custom ports you need at least 3 IPs for the 3 ports on 443, plus other 2 ips for sip and audio-video.

Total 5 ips.

Even though not supported, the skype topology gives you the chance to put 3 services on 1 ip/fqdn.

(You can even have 3 fqdn on same ip, but that I couldn’t make it work, I am not sure why.) If you use single ip you have to use single fqdn.

This would be the Edge server, 1st public ip.

 

The 2nd public ip would be in the Reverse Proxy, which will only need port 443, and give me possibility to configure short urls for:

Exchange web and all virtual directories: autodiscover,ews,oab,activesync,owa,ecp,mapi,(outlookanywhere)rpc.

Skype lyncdiscover, meet, dialin, admin.

 

Well, I just wanted to let you know that it does all work fine on 2 ips..

I had to struggle a bit, because the documentation for the adfs/web application proxy is still lacking. The Exchange/Wap documentation seems to support only Owa and Ecp, but I can assure, Outlook on both Android and Windows will work just fine.

 

Guidelines for a virtual-lab for passing 70-741 (2016 – Networking) or 70-411 (2012r2 – Administration)

I have recently passed 411 Windows server administration on 2012 r2.

I couldn’t find a lab example to get started with good practise on the material covered by the exam. After many trials I have set up this lab configuration which I find pretty comfortable to work with.

MremoteNG remote desktop open-source software is the main non-Microsoft tool I use on the physical machine. This tool allows resizable display and copy paste of files and text between the machines. It also memorizes the login informations and connects in the remote machines desktop with a double-click. To have it working correctly is a good sign that the virtual machines are well connected at Ip – Tcp and Application level.

Physical Windows 2016/2012r2/10Pro Hyper-V server

16GB or more RAM, (with SSD better), cpu i3, i5 or i7

All server VMs with W2012r2 or 2016

2 domains – 1 extra domain or namespace.

2 clients VMs per domain – W8 or 10

Virtual switches:

External – Internet – automatic Ip is ok

Internal – DMZ – subnet including the hyper-v server, the router, and a third edge server.

182.0.0.0/255.255.255.0

Private – 2, one subnet each, one per domain

Dom1net – 192.168.23.0/255.255.255.0

Dom2net – 192.168.24.0/255.255.255.0

 

 

ISP-Cloud
      |
Physical-Router
      |
    -nat-
      |
HyperV-SwitcH 
         |- External 
                  | 
            VirtualRouter-------------Dmz
              |       |
Dom1net ------|       |------ Dom2net 

 

Physical machine:

Hostname: HyperV(.physic.dmz)

Nic1: Physical-bridged (wifi or lan), Internet, probably automatic ip from Telecom company.

Nic2 (DMZ): 182.0.0.254/24 GW:182.0.0.1 DNS:182.0.0.1

(If you wish Nic1 active the following routes will need be created.   Otherwise Nic2 is enough for having Internet in your physical and virtual machines.)

Route print – gives #-Nic2

Route add 192.168.23.0 netmask 255.255.255.0 182.0.0.1 if #-Nic2 -p

Route add 192.168.24.0 netmask 255.255.255.0 182.0.0.1 if #-Nic2 -p

(This machine can be joined to the domain or left in a workgroup with the router and edge machines. physic.dmz is not a domain, is just a dns name space.)

Virtual machines:

Hostname: Router(.physic.dmz) – Routing and remote access – Routing+Nat – DNS

Nic1 (DMZ): 182.0.0.1/24 GW:null DNS:127.0.0.1

Nic2 (Internet): – automatic ip – Nat public interface

Nic3 (Dom1net): 192.168.23.1/24 Gw:null DNS:192.168.23.2

Nic4 (Dom2net): 192.168.24.1/24 Gw:null DNS:192.168.24.2

Optional Nic5 (Fakewww): 131.107.0.1/24 Gw:null Dns:null

Dns primary Zone: physic.dmz

Dns conditional forwarders to dom1.lab and dom2.lab

(I was using secondary zones at the outset, instead of forwarders… but more manual zone transfers need be performed. Having the Dns in this machine is optional, at the outset. You can still use fix ip address in all machines. But when you start having Dhcp clients you won’t be sure  of their IPs, so you will need to set up the Router and the DC’s DNS properly.

You will need to setup the custom features of Routing and Nat. The internet interface will be the Nat-public interface, which will route your domains and your physic.dmz machines.)

Hostname: dc0.dom1.lab – PDC – Dns– Dhcp – CA

Nic (Dom1net): 192.168.23.2/24 Gw:192.168.23.1 DNS: 127.0.0.1/182.0.0.1

(I was behind a proxy and in a big subnet of technicians in my office, I could not afford to expose the dhcp on the public interfaces, otherwise it is convenient to put Dhcp on the Router vm.

Forwarders on the dc Dns servers will need be added, pointing to the router dns, respectively 192.168.23.1 and 192.168.24.1, for contacting the names of the physic.dmz machines.)

Hostname: dc0.dom2.lab – PDC – Dns– Dhcp – CA

Nic (Dom2net): 192.168.24.2/24 Gw:192.168.24.1 DNS: 127.0.0.1/182.0.0.1

//// Role desing ////

Direct Access

For testing DA (you either need buy a public certificate or) you need to setup a forth fake Internet network, and therefore an additional router with Dns and Dhcp. These can stay in an Edge machine in the DMZ physic.dmz; it needs be well outside of the domain networks (ie, not directly routed).

New virtual switch: Fakewww

Hostname: Edge(.physic.dmz) – Routing and remote access – Dns – Dhcp – Nps proxy

Nic1 (DMZ): 182.0.0.2/24 Gw:null Dns:null

Nic2 (Internet): automatic ip

Nic3 (Fakewww): 131.107.0.2/24 Gw:null Dns:127.0.0.1

(A Fakewww Nic can be added to the Router machine with ip 131.107.0.1. Then the 2 routers can be connected with RIP.

The Da clients can go in the same subnet and have the new router as gateway, 131.107.0.2. Same for the Da server.)

Hostname: Da.dom1.lab – Direct access – Vpn – Nps server

Nic1 (Dom1net): 192.168.23.3/24 Gw:null Dns: 192.168.23.2

Nic2 (Fakewww): 131.107.0.3/24 Gw:131.107.0.2 Dns:127.0.0.1

(I have not tested this design thoroughly, but some routes will need be created on the Da server for having Fakewww as main route and still be able to contact the domain CA.)

« Older entries