LISTAR MAC ADDRESS NO ESXI

vi lista_mac.sh

#!/bin/sh
#vmrale
for VSWITCH in `vsish -e ls /net/portsets/ | cut -c 1-8`
do
echo $VSWITCH
for PORT in `vsish -e ls /net/portsets/$VSWITCH/ports | cut -c 1-8`
do
CLIENT_NAME=`vsish -e get /net/portsets/$VSWITCH/ports/$PORT/status | grep clientName | uniq`
ADDRESS=`vsish -e get /net/portsets/$VSWITCH/ports/$PORT/status | grep unicastAdd | uniq`
echo -e “\t$PORT\t$CLIENT_NAME\t$ADDRESS”
done
done

chmod 755 lista_mac.sh

HABILITAR CERTIFICADO NO APACHE

ln -s /etc/apache2/sites-available/default-ssl.conf /etc/apache2/sites-enabled/default-ssl.conf
nano /etc/apache2/sites-available/default-ssl.conf

SSLCertificateFile /etc/letsencrypt/live/srv1.seudominio.com.br/privkey.pem
SSLCertificateKeyFile /etc/letsencrypt/live/srv1.seudominio.com.br/chain.pem
SSLCertificateChainFile /etc/letsencrypt/live/srv1.seudominio.com.br/cert.pem

a2enmod rewrite
a2enmod ssl
a2ensite default-ssl.conf
service apache2 restart

FORWARD COM IPTABLES

Criar as regras

NAT de destino
iptables -t nat -A PREROUTING -i eth0 -p tcp -d IP_DESTINO –dport 2000 -j DNAT –to-destination NOVO_IP_DESTINO:2000 -m comment –comment “Acesso ao Aplicativo”

NAT de origem
iptables -t nat -A POSTROUTING -p tcp -d NOVO_IP_DESTINO –dport 2000 -j SNAT –to-source NOVO_IP_ORIGEM -m comment –comment “Acesso ao Aplicativo”

Liberação de encaminhamento
iptables -A FORWARD -p tcp –dport 2000 -j ACCEPT -m comment –comment “Acesso ao Aplicativo”

Deletar as regras

NAT de destino
iptables -t nat -D PREROUTING -i eth0 -p tcp -d IP_DESTINO –dport 2000 -j DNAT –to-destination NOVO_IP_DESTINO:2000 -m comment –comment “Acesso ao Aplicativo”

NAT de origem
iptables -t nat -D POSTROUTING -p tcp -d NOVO_IP_DESTINO –dport 2000 -j SNAT –to-source NOVO_IP_ORIGEM -m comment –comment “Acesso ao Aplicativo”

Liberação de encaminhamento
iptables -D FORWARD -p tcp –dport 2000 -j ACCEPT -m comment –comment “Acesso ao Aplicativo”

CERTIFICADO LET’S ENCRYPT

Instalação

apt-get update
apt-get install certbot

Gerar certificado

certbot certonly –non-interactive –standalone –agree-tos –email [email protected] -d srv1.seudominio.com.br

Revogar e deletar certificado

certbot revoke –cert-path etc/letsencrypt/live/srv1.seudominio.com.br/fullchain.pem
certbot delete

Renovar certificado

certbot renew –noninteractive

LISTAR SEÇÕES FORTIGATE

diag sys session full-stat

diagnose sys session filter src IP_DE_ORIGEM

diagnose sys session filter dintf INTERFACE_DESTINO

diag sys session list

Outro exemplo

diagnose debug flow filter addr 10.254.16.1

diagnose debug flow show console enable

diagnose debug flow show function-name enable

diagnose debug console timestamp enable

diagnose debug flow trace start 50

diagnose debug enable