IPv6 connection with Fortigate and xDSL

The IPv6 support of Fortigate is very advanced. Unfortunately Fortigate does not support PPPoe with IPv6, because this is a legacy protocol. If you have a DSL connection it does work with IPv4, but not with IPv6. The workaround is: Connect yourself with IPv4 and PPPoe and request from a tunnel provider like www.sixxs.net a tunnel and later a IPv6 subnet.

The configuration on the Fortigate for the sit-tunnel looks like this:

config system sit-tunnel
edit "sixxs-tun"
    set destination 12.34.56.78
    set interface wan1
    set ip6 2001:dead:babe:c5::2/64
    set source 98.76.54.32
end
config system interface
edit "sixxs-tun"
    config ipv6
        set ip6-allowaccess ping
    end
end
config router static6
edit 1
    set device "sixxs-tun"
end

The IP address 12.34.56.78 is the remote tunnel address of your POP.

The IP address 98.76.54.32 is the IP address of your external IPv4 interface.

The IP address 2001:dead:babe:c5::2/64 is the IPv6 address, you got from your tunnel provider.

Now you can use the interface sixxs-tun as your IPv6 connection and gateway.

Reset MySQL root password

Sometimes you do not remember a password anymore. Like me just before. I cannot remember the root password of the one MySQL database. Well, that is not really a problem. You can easily recover it, if you got root access to the machine with the following steps:

  1. Log into the system as root
  2. Stop MySQL like
    /etc/init.d/mysql stop
  3. Create a file, e.g. /tmp/reset, with the following content:
    SET PASSWORD FOR ‘root’@’localhost’ = PASSWORD(‘MyNewPassword’);
  4. Execute the next command:
    mysqld_safe –init-file=/tmp/reset
  5. Restart MySQL:
    /etc/init.d/mysql restart
  6. Remove the temporary file:
    rm /tmp/reset

Antivirus Test Files

If you want to test your Antivirus Scanner, you can use the test string from the¬†European Institute for Computer Antivirus Research ¬†“eicar“. Put this string into a file. Send it, download it, compress it, do what ever you want. Scan the file, see if your Antivirus scanner finds it.

Here the string.

X5O!P%@AP[4PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*

Even if your scanner finds this pattern, keep your scanner updated. It is like in real life. The dangerous ones are the unknown ones.

The links in the table blow contain the test string. The files are compressed with different methods.

triggerplain ascii
trigger.txtplain ascii
trigger.Zcompressed with compress
trigger.arccompressed with arc
trigger.complain ascii
trigger.exeself extracting zip
trigger.gzcompressed with gnuzip
trigger.bz2compressed with bzip2
trigger.rarcompressed with rar
trigger.tgztar, compressed with gnuzip
trigger.tar.gztar, compressed with gnuzip
trigger.zipcompressed with zip
trigger.zoocompressed with zoo

Antivirus on Apple

Users coming from the UNIX side are used to a life without anti virus scanner. Microsoft users feel uncomfortable and naked, if they don’t have a virus scanner. This discrepancy always leeds to discussions about the need of an antivirus scanner on an Apple computer. If you ask the AV industrie, they say you need one. Of course, there is a lot of money to make in this market. Experience shows, today you do not really need one.
Currently there are three known trojans for Mac available. One of them only installs, if you get a cracked verison of iWork 09. Being a little bit careful from where you download your software from helps more then spending a lot of money for software, which just slows down your machine.
Starting with 10.6 Apple started to scan downloads for trojans. There is a file called

/System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/XProtect.plist

on your Mac containing the signatures of these three known trojans.
Anyway. Currently it is not necessary to spend a lot of money for virus protection on a Mac. If you want to scan your Mac from time to time, get the open source antivirus scanner clamav, with comes nicely packed with a nice frontend in a package called ClamXav. Download the free version and scan your Mac from time to time.

More information to this subject can be found here.

Connect to a serial console with a Mac

Most network devices still got a serial console. If you got a Mac and want to connect to this console, get yourself a Serial-to-USB converter that is supported by Apple. A good one is the Keyspan usa-19hs. After you installed the driver, plug in the USB serial Adapter.

Now you could search and download some Terminal Software. But it is much easier. Use screen. screen is already built in. You have nothing to compile, nothing to add, just use it like this:

screen /dev/tty.Keyserial1 9600

When you finished your work just close screen with “ctrl-a k“.

Another method is the usage of cu.

sudo cu -l /dev/tty.Keyserial1 -s 9600

cu is easier to use, if you have to send a break signal.

simply type

~%break