by ·0评论

Here are steps to setup a user and allow the user access only via FTP (i.e. no SSH) and also limit access to a specific (user home) directory on proftpd:

1. Add new user: adduser newusername
2. Set password: passwd newusername
3. Modify user home directory from default to a new folder:

usermod -d /target/directory username

4. Edit shells file: vi /etc/shells and add /dev/null at the end
5. Modify newusername entry in the passwd file: vi /etc/passwd to add /./ before the newusername so that the entry looks like this:

newusername:x:502:502::/home/ftp/./newusernamehomedirectory/:/dev/null

6. Edit /etc/proftpd/proftpd.conf file and uncomment the line DefaultRoot ~

by ·0评论
grep -rnw '/path/to/somewhere/' -e 'pattern'
  • -r or -R is recursive,
  • -n is line number, and
  • -w stands for match the whole word.
  • -l (lower-case L) can be added to just give the file name of matching files.

Along with these, --exclude--include--exclude-dir flags could be used for efficient searching:

  • This will only search through those files which have .c or .h extensions: 
    grep --include=\*.{c,h} -rnw '/path/to/somewhere/' -e "pattern"
  • This will exclude searching all the files ending with .o extension: 
    grep --exclude=*.o -rnw '/path/to/somewhere/' -e "pattern"
  • For directories, it’s possible to exclude a particular directory(ies) through --exclude-dirparameter. For example, this will exclude the dirs dir1/, dir2/ and all of them matching *.dst/: 
    grep --exclude-dir={dir1,dir2,*.dst} -rnw '/path/to/somewhere/' -e "pattern"

This works very well for me, to achieve almost the same purpose like yours.

For more options check man grep

by ·0评论

用了三年多了DigitalOcean,最近发现Vultr的性价比更高,速度更快。

还犹豫什么?换!

目前感觉速度还不错~ 有海外虚拟机需求的朋友可以关注了。

by ·0评论

还在用ISP给的DNS?有没发现一些网站上不去了?

试试下面几个公共DNS服务器:

  1. DNSPod
    首选:119.29.29.29
    备选:182.254.116.116
  2. 114DNS
    首选:114.114.114.114
    备选:114.114.114.115
  3. 阿里DNS首选:223.5.5.5
    备选:223.6.6.6
  4. DNS派
    首选(电信/移动/铁通):101.226.4.6
    备选(电信/移动/铁通):218.30.118.6

    首选(联通):123.125.81.6
    备选(联通):140.207.198.6

  5. 百度DNS
    首选:180.76.76.76
  6. 电信:
    首选:222.172.200.68
    备选:61.166.150.123

by ·0评论

如果碰上一些MP4中的音乐特别好听的,想转成MP3的话怎么办?

用ffmpeg就可以实现:

ffmpeg -i a.mp4 b.mp3

还可以加 -b:a 192k 来指定码率

更多参数可参照:https://trac.ffmpeg.org/wiki/Encode/MP3

 

by ·0评论

1) If RRAS based VPN server is behind a firewall (i.e. a firewall is placed between Internet and RRAS server), then following ports need to be opened (bidirectional) on this firewall to allow VPN traffic to pass through: –

  • For PPTP:
    • IP Protocol=TCP, TCP Port number=1723   <- Used by PPTP control path
    • IP Protocol=GRE (value 47)   <- Used by PPTP data path
  • For L2TP:
    • IP Protocol Type=UDP, UDP Port Number=500    <- Used by IKEv1 (IPSec control path)
    • IP Protocol Type=UDP, UDP Port Number=4500   <- Used by IKEv1 (IPSec control path)
    • IP Protocol Type=ESP (value 50)   <- Used by IPSec data path
  • For SSTP:
    • IP Protocol=TCP, TCP Port number=443   <- Used by SSTP control and data path
  • For IKEv2:
    • IP Protocol Type=UDP, UDP Port Number=500    <- Used by IKEv2 (IPSec control path)
    • IP Protocol Type=UDP, UDP Port Number=4500   <- Used by IKEv2 (IPSec control path)
    • IP Protocol Type=ESP (value 50)   <- Used by IPSec data path

2) If RRAS server is directly connected to Internet, then you need to protect RRAS server from the Internet side (i.e. only allow access to the services on the public interface that isaccessible from the Internet side). This can be done using RRAS static filters or running Windows Firewall on the public interface (or the interface towards the Internet side). In this scenario following ports need to be opened (bidirectional) on RRAS box to allow VPN traffic to pass through

    • For PPTP:
      • IP Protocol=TCP, TCP Port number=1723  <- Used by PPTP control path
      • IP Protocol=GRE (value 47)  <- Used by PPTP data path
    • For L2TP:
      • IP Protocol Type=UDP, UDP Port Number=500   <- Used by IKEv1 (IPSec control path)
      • IP Protocol Type=UDP, UDP Port Number=4500 <- Used by IKEv1 (IPSec control path)
      • IP Protocol Type=UDP, UDP Port Number=1701  <- Used by L2TP control/data path
      • IP Protocol Type=50  <- Used by data path (ESP)
  • For SSTP:
  • IP Protocol=TCP, TCP Port number=443   <- Used by SSTP control and data path
  • For IKEv2:
  • IP Protocol Type=UDP, UDP Port Number=500   <- Used by IKEv2 (IPSec control path)
  • IP Protocol Type=UDP, UDP Port Number=4500 <- Used by IKEv2 (IPSec control path)
  • IP Protocol Type=UDP, UDP Port Number=1701  <- Used by L2TP control/data path
  • IP Protocol Type=50 <- Used by data path (ESP)

Note: Please DO NOT configure RRAS static filters if you are running on the same server RRAS based NAT router functionality. This is because RRAS static filters are stateless and NAT translation requires a stateful edge firewall like ISA firewall.

Do not forget: If you enable Windows firewall or RRAS static filters on the public interface and only enable VPN traffic to pass-through, then all the other traffic may be dropped. For example, if the same server is running as a mail server facing internet or a DNS server or a reverse web proxy server, then you need to enable the ports used by those services explicitly. For further details, refer to this article: http://blogs.technet.com/rrasblog/archive/2006/07/06/enabling-rras-drops-all-other-traffic-except-vpn-traffic.aspx

Ref: https://blogs.technet.microsoft.com/rrasblog/2006/06/14/which-ports-to-unblock-for-vpn-traffic-to-pass-through/

另外如果L2TP服务器是在防火墙背后的话,Mac可以连,但是Win连不了。这个时候需要改Win的注册表:

Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PolicyAgent]
"AssumeUDPEncapsulationContextOnSendRule"=dword:00000002

Ref : http://support.microsoft.com/kb/926179

by ·0评论

Ubuntu好像自12.04以后,就把定制的dnsmasq用作自己的DNS解析服务。只绑定在127.0.0.1上面。

但是当你安装了完整版的dnsmasq以后,却发现这个定制版的dnsmasq导致无法在127.0.0.1以外的IP上提供服务。

经过多方研究,发现经过如下两步操作以后,dnsmasq的完整版就可以完美运行了。

  1. 编辑 /etc/NetworkManager/NetworkManager.conf
    在dns=dnsmasq这一行前面加上#注释掉。
    这样就可以把这个定制版的dnsmasq停掉
  2. 编辑/lib/systemd/system/dnsmasq.service
    在[Unit]下面加上这两行:

    After=network-online.target
Wants=network-online.target

    这样的目的是防止dnsmasq先于网卡前启动,导致网卡绑定失败。从而需要每次手工重启dnsmasq服务。

好了。难者不会,会者不难。这样就可以完美解决Ubuntu下面安装试用dnsmasq的问题。