Upload Firmware from a Mac using Xmodem

If you have to upload firmware to a router or a switch with xmodem, get the package lrzsz-0.12.20.tar.gz. Configure it with

tar xvzf lrzsz-0.12.20.tar.gz
cd lrzsz-0.12.20
./configure --disable-nls && sudo make install

Then start a console session with screen

screen /dev/tty.Keyserial1 9600

then, when you are asked from the program up upload the firmware using xmodem, do:

Press ctrl-a
:exec !! lsx -b -X /path/srw2016-24-10086.ros

the upload will start.

Adding a DKIM record to your DNS

Adding a DKIM record to your DNS is quite simple. Add two txt records like

_domainkey.domain.com          IN TXT o=!;r=postmaster@domain.com
selector._domainkey.domain.com IN TXT v=DKIM1;k=rsa;p=<public key>

Which means:

  • o=~ the server signs some mail
  • o=- all mail is signed, but unsigned mail should be accepted
  • o=! all mail is signed, do not accept unsigned mail
  • t=y I’m still testing
  • v=DKIM1 we use DKIM version 1
  • k=rsa it is a RSA key
  • r=<x@xx> report problems to this email address
  • p=<public key> this is my public key

IPv6 Tunnel with Cisco

Cisco does support PPPoE with IPv6, so if your provider does support IPv6, you can do a native connection. If not, you can establish a Tunnel to SIXXS or another IPv6 provider.

ipv6 unicast-routing
interface tunnel0
  description IPv6 uplink to SixXS
  no ip address
  ipv6 enable
  ipv6 nd suppress-ra (<12.4)
  ipv6 nd ra suppress (>=12.4)
  ipv6 address [Your IPv6 Endpoint]/[Prefix Length]
  ipv6 mtu 1280 (or other MTU value)
  tunnel source [Your IPv4 Endpoint]
  tunnel destination [PoP IPv4 Endpoint]
  tunnel mode ipv6ip
ipv6 route 2000::/3 [PoP IPv6 Endpoint]

Fortigate Session Timeout

This article describes how to change the session TTL for a specific port. In this example it is telnet.

config system session-ttl
 set default 1800
 config port
 edit 23
  set protocol 6
  set timeout 3600
  set start-port 23
  set end-port 23

The session timeout is in seconds.

Protocol 6 is TCP.

Protocol 17 is UDP.

If you leave the protocol on 0, it is valid for all protocols.

Alternatively you can change the TTL per policy. Again, this is only possible on the command line.

config firewall policy
  edit 1
    set session-ttl 1800

It is also possible to change the TTL per Policy or per application on the CLI.

IPv6 Address renumbering

IPv6 uses provider aggregated IP addresses. In the documentation you can read, how easy it is to do address renumbering.

You can specify a general prefix on a device. If you need to change the address, you have to change the global prefix only, and all addresses got the new prefix on this device.

On cisco devices it is:

ipv6 general-prefix PROD 2001:DB8:1234::/48
interface Vlan1
 description Management Network
 ipv6 address PROD ::1:0:0:0:2E1/64
 ipv6 enable
interface Vlan2
 description Management Network
 ipv6 address PROD ::2:0:0:0:FF/64
 ipv6 enable

Now you change the address of the generel-prefix PROD and all your IP addresses on this device are changed.