1. Open the back of the router by removing the 4 screws hidden underneath the rubber stands.
2. Remove both covers and carefully place the router motherboard on your desk.
3. Make sure the boards Ethernet ports are facing the left and the Serial pins positioned on the right but in the bottom right corner.

4. Connect your serial cable to your computer and the connectors to the corresponding pins as shown below. DO NOT plug in the VC power cable (red) this can fry the router. This is what your serial cable should look like:

5. Install screen (Ubuntu). This will allow you to see what the router is doing through the serial cable. See more at step 11.

•  sudo apt install screen

6. Install TFTP (Ubuntu)

• sudo apt install tftp-hpa

7. Connect your Ethernet cable to your computer from the router board. We must open a connection between your computer and the router.

8. Set up a static IP on your wired network. (Ubuntu)

• Go to your settings
• Select “network”
• Select IPV4
• Change your IPV4 from DHCP to manuel
• Address: 192.168.1.X choose any available IP on this network.
• Netmask: 255.255.255.0
• Gateway: 192.168.1.1

9. Put the router board into recovery mode using the following steps.

• Turn off the router. Remove the power cord, or just press the power button.
• Remove the Ethernet cable temporarily from the board.
• Press and hold the reset button on the bottom left.

•  Press and hold the reset button for 30 seconds.
•  After 30 seconds, plug the power cable back in. DO NOT release the reset button.
• Hold the rest button for another 30 seconds until the power light flashes slowly or the console returns a message.

10. Download the proper .trx firmware file for the RT-AC5300 from ASUS.

– https://www.asus.com/au/supportonly/rt-ac5300/helpdesk_download/

– Select BIOS and FIRMWARE

– Download the latest FIRMWARE for the RT-AC5300 and keep it on your desktop. You will have to extract the zip file (If you get one) to access the .trx binary file.

11. Open a second tab on your terminal and prepare to monitor your flash using screen.

type in your command line: screen /dev/ttyUSB0 115200

12. Use TFTP to flash the .trx file to the router. You can monitor your progress through the serial cable using screen.

• Type the following commands in order:
• • tftp 192.168.1.1
    tftp> binary
    tftp> trace (Tracks the packets being sent)
    tftp> put filename.trx
    tftp> quit
• Wait for the flash to complete. This usually takes about 5-10 minutes.

13. Change your wired network back to DHCP now that the router has its own unique IP.

14. Visit your WiFi internet link.

15. Create A password for the new network and the router. After this is completed re login to your router UI make sure to edit your internet link accordingly.

16. Log in to your router UI ex https or http://192.168.0.X and login using you router name and password:

17. Configure the NTP server. Navigate to the “administration” tab and then “system”

– Adjust your NTP server to 192.168.0.12. Type this IP in if the setting is blank.

18.  If you do not want this router to advertise its IP’s as the network DNS server, make sure to disable dnsmasq. To do this:

– Select “operation mode” to the left of system.

– Change your operation mode from “wireless router mode” to “Access point”.

IMPORTANT. You will have to re enter the IP of your router again to avoid reverting it to the default IP.

19. ALL done! You have finished your router setup! You now have the fastest internet on your street.

How to set up your RT-AC5300 ASUS router by Francesco Kacperski

Issue:

[root@nfs02 ~]# systemctl restart nfs-ganesha
[root@nfs02 ~]# tail -f /var/log/audit/audit.log|grep -Ei denied
type=AVC msg=audit(1751218637.762:445): avc: denied { module_request } for pid=9185 comm=”ganesha.nfsd” kmod=”net-pf-10″ scontext=system_u:system_r:ganesha_t:s0 tcontex t=system_u:system_r:kernel_t:s0 tclass=system permissive=0
type=AVC msg=audit(1751218637.790:446): avc: denied { module_request } for pid=9185 comm=”ganesha.nfsd” kmod=”net-pf-10″ scontext=system_u:system_r:ganesha_t:s0 tcontex t=system_u:system_r:kernel_t:s0 tclass=system permissive=0
type=AVC msg=audit(1751218639.131:447): avc: denied { module_request } for pid=9221 comm=”lpqd” kmod=”net-pf-10″ scontext=system_u:system_r:smbd_t:s0 tcontext=system_u: system_r:kernel_t:s0 tclass=system permissive=0
type=AVC msg=audit(1751218684.282:448): avc: denied { module_request } for pid=1256 comm=”zabbix_agentd” kmod=”net-pf-10″ scontext=system_u:system_r:zabbix_agent_t:s0 t context=system_u:system_r:kernel_t:s0 tclass=system permissive=0
type=AVC msg=audit(1751218804.322:456): avc: denied { module_request } for pid=1256 comm=”zabbix_agentd” kmod=”net-pf-10″ scontext=system_u:system_r:zabbix_agent_t:s0 t context=system_u:system_r:kernel_t:s0 tclass=system permissive=0
type=AVC msg=audit(1751218924.363:457): avc: denied { module_request } for pid=1256 comm=”zabbix_agentd” kmod=”net-pf-10″ scontext=system_u:system_r:zabbix_agent_t:s0 t context=system_u:system_r:kernel_t:s0 tclass=system permissive=0
type=AVC msg=audit(1751219044.406:458): avc: denied { module_request } for pid=1256 comm=”zabbix_agentd” kmod=”net-pf-10″ scontext=system_u:system_r:zabbix_agent_t:s0 t context=system_u:system_r:kernel_t:s0 tclass=system permissive=0
^C

Fix:

[root@nfs02 ~]# ausearch -m avc -c ganesha.nfsd –raw | audit2allow -m ganesha_local | tee -a ganesha_local.te

module ganesha_local 1.0;

require {
type kernel_t;
type ganesha_t;
class system module_request;
}

#============= ganesha_t ==============

#!!!! This avc can be allowed using the boolean ‘domain_kernel_load_modules’
allow ganesha_t kernel_t:system module_request;
[root@nfs02 ~]# setsebool -P domain_kernel_load_modules on
[root@nfs02 ~]# checkmodule -M -m -o ganesha_local.mod ganesha_local.te
checkmodule: loading policy configuration from ganesha_local.te
checkmodule: policy configuration loaded
checkmodule: writing binary representation (version 19) to ganesha_local.mod
[root@nfs02 ~]# semodule_package -o ganesha_local.pp -m ganesha_local.mod
[root@nfs02 ~]# sudo semodule -i ganesha_local.pp
libsemanage.add_user: user ipauser not in password file
[root@nfs02 ~]#
[root@nfs02 ~]#
[root@nfs02 ~]# tail -f /var/log/audit/audit.log|grep -Ei denied

Also, for this error:

[root@nfs01 ganesha]# cat ganesha-rgw.log
29/06/2025 13:30:18 : epoch 6861782a : nfs01.nix.mds.xyz : ganesha.nfsd-8233[main] nfs_start_grace :STATE :EVENT :NFS Server Now IN GRACE, duration 90
29/06/2025 13:30:18 : epoch 6861782a : nfs01.nix.mds.xyz : ganesha.nfsd-8233[main] glusterfs_create_export :FSAL :EVENT :Volume gv01 exported at : ‘/’
29/06/2025 13:30:19 : epoch 6861782a : nfs01.nix.mds.xyz : ganesha.nfsd-8233[main] glusterfs_get_fs :FSAL :CRIT :Unable to initialize volume. Volume: gv01
29/06/2025 13:30:20 : epoch 6861782a : nfs01.nix.mds.xyz : ganesha.nfsd-8233[main] mdcache_fsal_create_export :FSAL :MAJ :Failed to call create_export on underlying FSAL GLUSTER
29/06/2025 13:30:20 : epoch 6861782a : nfs01.nix.mds.xyz : ganesha.nfsd-8233[main] fsal_cfg_commit :CONFIG :CRIT :Could not create export for (/n) to (/n)
29/06/2025 13:30:20 : epoch 6861782a : nfs01.nix.mds.xyz : ganesha.nfsd-8233[main] main :NFS STARTUP :WARN :No export entries found in configuration file !!!
29/06/2025 13:30:20 : epoch 6861782a : nfs01.nix.mds.xyz : ganesha.nfsd-8233[main] config_errs_to_log :CONFIG :CRIT :Config File (/etc/ganesha/export.conf:12): 1 validation errors in block FSAL

Don’t restart NFS-Ganesha too quickly after Glusterd.  Give it a second or two:

systemctl restart keepalived glusterd -l; sleep 15; systemctl restart nfs-ganesha -l

HIH!

Cheers,
TK

This is only ok if doing so for non user/client facing systems such as testing or engineering or lab environments.  Otherwise, DO NOT do this.  Changing vSphere Server root password and setting no expiry or no history can be done as follows:

# chage -l root

Last password change                                         : Jun 22, 2025
Password expires                                             : Sep 20, 2025
Password inactive                                            : never
Account expires                                              : never
Minimum number of days between password change               : 0
Maximum number of days between password change               : 0
Number of days of warning before password expires            : 7

# chage -M 99999 -m 0 -W 7 -I -1 root
# chage -l root

Last password change                                        : Jun 22, 2025
Password expires                                            : never
Password inactive                                           : never
Account expires                                             : never
Minimum number of days between password change              : 0
Maximum number of days between password change              : 99999
Number of days of warning before password expires           : 7

# grep -EiR member *
system-password: password required pam_pwhistory.so debug use_authtok enforce_for_root remember=0

The parameter, remember=0 was 5 before.

Router doesn’t flash or appears bricked?  Flashing to the stock firmware doesn’t work either?  Pressed WDS to flash the router originally?

On an Asus router, press the WDS button again then the reset button for 15 seconds.  Then use a TFTP program or in the case of Asus, the Asus Firmware Restoration tool to reflash the firmware.

Cheers,

Received:

br0: received packet on vlan1 with own address as source address

on router 1, when router 4, through router 2 and router 3, had a number of bridges assigned with eth0, eth1, eth2 eth3, wlan2, vlan1, vlan2, wlan0.1, wlan0.2, wlan1.0, wlan1.1, wlan2.1 and wlan2.2 or similar.  Just needed:

Assignment Interface STP Prio Path Cost
none eth0 Off 128 100 
br1 - VLAN-10-14-0-0 wl0.1 Off 128 100
br1 - VLAN-10-14-0-0 wl1.1 Off 128 100
br1 - VLAN-10-14-0-0 wl2.1 Off 128 100
br2 - VLAN-10-15-0-0 wl0.2 Off 128 100
br2 - VLAN-10-15-0-0 wl1.2 Off 128 100
br2 - VLAN-10-15-0-0 wl2.2 Off 128 100
br1 - VLAN-10-14-0-0 eth0 Off 128 100
br2 - VLAN-10-15-0-0 eth0 Off 128 100

Cheers,
Tk

Sizing images correctly for mobile devices in WordPress just needs the following in the image properties.  For example, add the following:

max-width: 100%; height: auto;

to images such as these:

Ensuring you also have the following set to size the page appropriately for mobile devices:

<meta name=”viewport” content=”width=device-width, initial-scale=1.0″>

in your header files or main PHP files.

Cheers,
HTH

Can’t connect to a wireless network in windows or otherwise?  This issue came up on the DD WRT firmware enabled routers I have.  It’s possible that either FORWARDED ICMP traffic is blocked or an explicit rule on an interface is missing.  Here is a list of rules you can try, or the equivalent on your router:

# ———————-
iptables -A FORWARD -p icmp –icmp-type 0 -j ACCEPT
iptables -A FORWARD -p icmp –icmp-type 3 -j ACCEPT
iptables -A FORWARD -p icmp –icmp-type 8 -j ACCEPT
# ———————-
# ICMP – Allow ICMP TYPE 8 – Echo
# ———————-
iptables -A INPUT -p icmp –icmp-type 8 -j ACCEPT
iptables -A OUTPUT -p icmp –icmp-type 8 -j ACCEPT
# ICMP – Allow ICMP TYPE 3
iptables -A INPUT -p icmp –icmp-type 3 -s $(nvram get wan_ipaddr) -d $(nvram get wan_ipaddr) -m state –state NEW,ESTABLISHED,RELATED -j ACCEPT
# ICMP – Allow ICMP TYPE 0
iptables -A INPUT -p icmp –icmp-type 0 -d $(nvram get wan_ipaddr) -m state –state NEW,ESTABLISHED,RELATED -j ACCEPT
# ICMP – Allow ICMP TYPE 8
iptables -A INPUT -p icmp –icmp-type 8 -d $(nvram get wan_ipaddr) -m state –state NEW,ESTABLISHED,RELATED -j ACCEPT
# ———————-
# ICMP – 192.168.0.X
# ———————-
iptables -A INPUT -p icmp –icmp-type 0 -s 192.168.0.0/24 -d 192.168.0.0/24 -j ACCEPT
iptables -A OUTPUT -p icmp –icmp-type 0 -s 192.168.0.0/24 -d 192.168.0.0/24 -j ACCEPT
iptables -A INPUT -p icmp –icmp-type 8 -s 192.168.0.0/24 -d 192.168.0.0/24 -j ACCEPT
iptables -A OUTPUT -p icmp –icmp-type 8 -s 192.168.0.0/24 -d 192.168.0.0/24 -j ACCEPT
iptables -A INPUT -p icmp –icmp-type 3 -s 192.168.0.0/24 -d 192.168.0.0/24 -j ACCEPT
iptables -A OUTPUT -p icmp –icmp-type 3 -s 192.168.0.0/24 -d 192.168.0.0/24 -j ACCEPT
# ———————-

While determining what exactly is blocking traffic on your end, add the following lines at the bottom of the rules to drop any other traffic, and log it, that wasn’t taken care of the rules that already existed above:

iptables -A FORWARD -j LOG –log-prefix “DROP: ”
iptables -A INPUT -j LOG –log-prefix “DROP: ”
iptables -A OUTPUT -j LOG –log-prefix “DROP: “

Hope this helps!

Cheers,

Getting this in Virtual Studio Code ( aka VSCode, vscode )?

Failed to connect to the remote extension host server (Error: WebSocket close with status code 1006) and Could not fetch remote environment

Clear the running remote agent (also called server) and let VScode reconnect:

# ps -ef|grep -Ei vscode
tom@mds+ 5364 1 0 12:48 ? 00:00:00 sh /n/mds.xyz/tom/.vscode-server/bin/12341234124312341234/server.sh –start-server –host=127.0.0.1 –enable-remote-auto-shutdown –port=0 –connection-secret /n/mds.xyz/tom/.vscode-server/.12341234124312341234.token
tom@mds+ 5371 5364 0 12:48 ? 00:00:02 /n/mds.xyz/tom/.vscode-server/bin/12341234124312341234/node /n/mds.xyz/tom/.vscode-server/bin/12341234124312341234/out/vs/server/main.js –start-server –host=127.0.0.1 –enable-remote-auto-shutdown –port=0 –connection-secret /n/mds.xyz/tom/.vscode-server/.12341234124312341234.token

Appears that even attempting to remove the files from the folder results in an error:

# rm -rf *
rm: cannot remove ‘bin/fd6f3bce6709b121a895d042d343d71f317d74e7/.nfsb69106cd86847b680000003f’: Device or resource busy

So checking with lsof what processes are holding locks on them reveals there’s a couple of them running:

# lsof|grep -Ei vscode
bash 14099 tom@mds.xyz 99w REG 0,47 0 13155303466320821096 /n/mds.xyz/tom/.vscode-server/bin/12341234124312341234/.nfsb69106cd86847b680000003f (nfs-c01.nix.mds.xyz:/n/mds.xyz)
sleep 14827 tom@mds.xyz 99w REG 0,47 0 13155303466320821096 /n/mds.xyz/tom/.vscode-server/bin/12341234124312341234/.nfsb69106cd86847b680000003f (nfs-c01.nix.mds.xyz:/n/mds.xyz)
bash 14953 root cwd DIR 0,47 4096 12134188379298541696 /n/mds.xyz/tom/.vscode-server (nfs-c01.nix.mds.xyz:/n/mds.xyz)
lsof 15022 root cwd DIR 0,47 4096 12134188379298541696 /n/mds.xyz/tom/.vscode-server (nfs-c01.nix.mds.xyz:/n/mds.xyz)
grep 15023 root cwd DIR 0,47 4096 12134188379298541696 /n/mds.xyz/tom/.vscode-server (nfs-c01.nix.mds.xyz:/n/mds.xyz)
lsof 15024 root cwd DIR 0,47 4096 12134188379298541696 /n/mds.xyz/tom/.vscode-server (nfs-c01.nix.mds.xyz:/n/mds.xyz)

For reasons that escape me, clearing the above agent might not have been totally necessary since after a Windows Reboot, connectivity was fine.  Still uncertain if the redownload and setup of the ~/.vscode-server folder had anything to do with this, but after those two actions, the issue went away. Still, if more debug is needed, use this command off the target host:

# strace -f -s 512 -p <PID>

to get all the trace calls for the VScode Server PID.  This usually reveals more, though it’s very chatty.  🙂

Cheers,

Users not able to post on WordPress even when logged in.  This code no longer works, because with passage of time, roughtly eh … (cough) … 12 years or so it’s about time to get off my a.. and update it.   Basically, the following line and user_ID no longer works to detect if you’re logged in or not.

    <?php if ( get_option(‘comment_registration’) && !$user_ID ) : ?>
        <p>You must be <a href=”<?php echo get_option(‘siteurl’); ?>/wp-login.php?redirect_to=<?php the_permalink(); ?>”>logged in</a> to post a comment.</p>
    <?php else : ?>

This code below now replaces the above code to check if user is logged in.  Appears functions ‘is_user_logged_in’, ‘wp_login_url’ and ‘get_permalink’ are new in the updated WordPress versions, so do not need to define these in the theme functions themselves:

    <?php if ( get_option(‘comment_registration’) && !is_user_logged_in() ) : ?>
        <p><?php printf(__(‘You must be <a href=”%s”>logged in</a> to post a comment.’, ‘kubrick’), wp_login_url( get_permalink() )); ?></p>
    <?php else : ?>

Cheers,
HTH

mysqld [Note] Access denied for user ‘zabbix’@’mysql03.nix.mds.xyz’ (using password: YES)

If you get this error:

Mar 17 23:56:14 mysql01 mysqld: 2019-03-18T03:56:14.176594Z 4770 [Note] Access denied for user ‘zabbix’@’mysql03.nix.mds.xyz’ (using password: YES)

Verify your password in the following two files:

[root@linsrvj01 zabbix]# cat /etc/zabbix/web/zabbix.conf.php
<?php
// Zabbix GUI configuration file.
global $DB;

$DB[‘TYPE’]     = ‘MYSQL’;
$DB[‘SERVER’]   = ‘mysql-c01’;
# $DB[‘PORT’]     = ‘0’;
$DB[‘PORT’]     = ‘3306’;
$DB[‘DATABASE’] = ‘zabbix’;
$DB[‘USER’]     = ‘zabbix’;
$DB[‘PASSWORD’] = ‘BADPASSWORD‘;

// Schema name. Used for IBM DB2 and PostgreSQL.
$DB[‘SCHEMA’] = ”;

$ZBX_SERVER      = ‘localhost’;
# $ZBX_SERVER      = ‘linsrvj01.nix.mds.xyz’;
$ZBX_SERVER_PORT = ‘10051’;
$ZBX_SERVER_NAME = ‘ZabbixLAB’;

$IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG;
[root@linsrvj01 zabbix]#

and the following file:

[root@linsrvj01 zabbix]# cat /etc/zabbix/zabbix_server.conf|grep -v “#”|sed -e “/^$/d”
LogFile=/var/log/zabbix/zabbix_server.log
LogFileSize=0
PidFile=/var/run/zabbix/zabbix_server.pid
SocketDir=/var/run/zabbix
DBHost=mysql-c01.nix.mds.xyz
DBName=zabbix
DBUser=zabbix
DBPassword=BADPASSWORD
DBPort=3306
SNMPTrapperFile=/var/log/snmptrap/snmptrap.log
Timeout=4
AlertScriptsPath=/usr/lib/zabbix/alertscripts
ExternalScripts=/usr/lib/zabbix/externalscripts
LogSlowQueries=3000
[root@linsrvj01 zabbix]#
[root@linsrvj01 zabbix]#

and change accordingly to ensure it’s correct.  Likewise, ensure permissions are sound:

mysql> uninstall plugin validate_password;
ERROR 1305 (42000): PLUGIN validate_password does not exist
mysql> GRANT ALL PRIVILEGES ON *.* TO ‘zabbix’@’%.mws.mds.xyz’ IDENTIFIED BY ‘zabbix’ WITH GRANT OPTION;
Query OK, 0 rows affected, 1 warning (0.02 sec)

mysql> GRANT ALL PRIVILEGES ON *.* TO ‘zabbix’@’%.mws.mds.xyz’ IDENTIFIED BY ‘zabbix’ WITH GRANT OPTION;
Query OK, 0 rows affected, 1 warning (0.53 sec)

mysql> GRANT ALL PRIVILEGES ON *.* TO ‘zabbix’@’%.nix.mds.xyz’ IDENTIFIED BY ‘zabbix’ WITH GRANT OPTION;
Query OK, 0 rows affected, 1 warning (0.01 sec)

mysql> flush privileges;
Query OK, 0 rows affected (0.01 sec)

mysql> INSTALL PLUGIN validate_password SONAME ‘validate_password.so’;
Query OK, 0 rows affected (0.01 sec)
mysql>

Then restart the front end:

systemctl restart httpd zabbix-server zabbix-agent;

Enjoy!

Thx,
TK