Cisco traffic shaping

There are a few tools to convert Mb to bits, bytes to bits etc, but I like this one –

Directions are as follows:

direction = input or output
shaped = Speed you want to traffic shape in bits
normal burst = (shaped / 8) * 1.5 
extended burst = (normal burst * 2) 


For example, if you would like to ensure customer has 100Mbps speeds, you would do –

rate-limit input 104857600 19660800 39321600 conform-action transmit exceed-action drop
rate-limit output 104857600 19660800 39321600 conform-action transmit exceed-action drop


Scenario; set up ssh keys to machine so that you do not require a password for use with something like scp.

First you need a slave user. If you ‘adduser’ on both machines and pick a user name. Make sure they have a shell account but do not require authentication using a password.

On the remote machine you need to run ssh-keygen when you have logged in as that user. You can do something like – su username. Once you run that you will see in /home/username/.ssh/ you now have a public key, which you need to copy onto the following file on the remote machine –


You then need to ensure permissions are set properly on all the files to the user you created. chmod -R username /home/username/.ssh

Do this on both machines.

You can then – su username on the local machine and try a scp command and it should not prompt you for the password.


You can either then run a script via the crontab as that user, or if you like something like this should work –

su username -c “scp -B remotehost:/etc/somefile /tmp”

Free website SSL for my NAS

I own a couple of NAS boxes and I’m using 1 of them right now. My StartCom certificate was nearly about to expire, so I had to generate another CSR for the new certificate. In fact on Apache you can just use the same one I believe, but I wanted to ensure I used the newer 2048 encryption type. In order to do this on a ReadyNAS, you need to generate the CSR and I like to keep things neat, so firstly let’s create a directory for the year –

mkdir /etc/ssl/2016 && cd /etc/ssl/2016

We should the export the private key and generate the certificate signing request –

openssl genrsa -des3 -out 2048

openssl req -new -key -out

You then use the CSR to create your free certificate, or any authority you like. I used the free one with StartCom and I got mine for a 3 year expiry, which is handy!

Once we get the pem file back, we need to remove the password you set on the private key –

openssl rsa -in -out NOPASS.mynas.mydomain.key

You can then upload it to the nas or copy and paste the certificate and then add it into the same directory to file You need to edit a few settings in the /etc/ssl/openssl.cnf file. I changed –

dir = /etc/ssl

certificate = $dir/2016/mynas.mydomain.pem    # The CA certificate

private = = $dir/2016/NOPASS.mynas.mydomain.key # The private key

I’m not sure of a good way to link the apache config to use this new certificate, so what I did was just edit file – /etc/frontview/apache/apache.pem (copy it to /etc/frontview/apache/apache.pem.old first) and then delete the contents and paste in the private key and also the certificate pem file. You could do this –

cp /etc/frontview/apache/apache.pem /etc/frontview/apache/apache.pem.old && cat /etc/ssl/2016/NOPASS.mynas.mydomain.key > /etc/frontview/apache/apache.pem && cat /etc/ssl/2016/mynas.mydomain.pem >> /etc/frontview/apache/apache.pem

You need to also ensure the files are owned by root:root and security is set properly –

chown root:root /etc/ssl/2016/*

chmod 600 /etc/ssl/2016/*

Once that’s all done, just kill apache and start it again.

killall apache-ssl
/usr/sbin/apache-ssl -f /etc/frontview/apache/httpd.conf