Fedora 19 Network Bonding without networkmanager

fedora_19_bonding

If your new server has two network interfaces use both in bonding can help you to get a better performance or failover tolerance.

If you want to create a bonding device first you need to disable network manager.

systemctl stop NetworkManager.service
systemctl disable NetworkManager.service

systemctl enable network.service
systemctl start network.service

Now you need to configure your network interfaces

ip link show

is the way to get your devices list

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: p33p1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000
link/ether ca:fe:ca:fe:ca:fe brd ff:ff:ff:ff:ff:ff
3: p2p1: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast state DOWN mode DEFAULT qlen 1000
link/ether ca:fe:ca:fe:ca:ff brd ff:ff:ff:ff:ff:ff

in my case I have two network cards p33p1 and p2p1

If i move to /etc/sysconfig/network-scripts and make a ls i will see two files

ifcfg-enp2s0 and ifcfg-enp3s0

edit both files to appear like these

BOOTPROTO=none
NAME=<device name>
UUID= <leave as is>
HWADDR=<leave as is>
NM_CONTROLLED=”no”
MASTER=”bond0″
SLAVE=”yes”

Creating bond interface

create a file /etc/modprobe.d/bonding.conf with the content

alias bond0 bonding

Create a file in /etc/sysconfig/network-scripts/ifcfg-bond0

DEVICE=bond0
BOOTPROTO=dhcp
ONBOOT=yes
BONDING_OPTS=”mode=0 ”
USERCTL=no
NM_CONTROLLED=”no”

reboot your system and enjoy 😛

Migrating from M0n0wall to pfSense

During the last year,  talking with some colleages about firewalls and operative systems the mayor part of then said that they’re using, Pfsense instead M0n0wall. Recently I get a new job and my home networks are in the same range that the work network and some clients. To avoid this situation I decided migrate my router from M0n0wall to Pfsense and thats are the steps:

I decided maintain a copy of the actual M0n0wall config, bougth a new compact flash was the quick option.

Download pfSense

First I downloaded the version for my router, in this case it’s and ALIX Board without VGA,, that means that i need to choose the nanobsd version and my compactFlash size is 4Gb, if I had a bigger campactFlash I just only need to take the 4gb versión.

wget
wget

wget

Verify downloaded image:

md5sum pfSense-2.0.1-RELEASE-4g-i386-nanobsd.img.gz

and check if output it’s the same that content in /pfSense-2.0.1-RELEASE-4g-i386-nanobsd.img.gz.md5

sha256sum pfSense-2.0.1-RELEASE-4g-i386-nanobsd.img.gz

and check if output it’s the same that content in /pfSense-2.0.1-RELEASE-4g-i386-nanobsd.img.gz.sha256

Dump pfSense into the compact flash

In my case as fedora user i need to detect what device file is linked to my compactFlash i make this

open a root cosole and write

mount >mountedBefore

this generate a file with actual mounted files

i attach the compact flash and execute

mount >mountedAfter

now i write

diff mountedBefore mountedAfter

and the output will be like:

> /dev/sdd1 on /run/media/luzem/753C-3741 type vfat (rw,nosuid,nodev,relatime,uid=1000,gid=1000,fmask=0022,dmask=0077,codepage=cp437,iocharset=ascii,shortname=mixed,showexec,utf8,errors=remount-ro,uhelper=udisks2)

It said that my compact flash is on /dev/sdd file

first i need to umount it

umount /dev/sdd1

now i decompress and dump pfSense into compact flash writing

zcat pfSense-2.0.1-RELEASE-4g-i386-nanobsd.img.gz | dd of=/dev/sdd bs=16k

you should get and output like these

244138+1 records in
244138+1 records out
3999969792 bytes (4.0 GB) copied, 226.826 s, 17.6 MB/s

Putting pfSense into alix board

Now plug the compactFlash on your board

connect your board , power, ethernet ….

enjoy reconfiguring yout new router

alix 2d3

Laboratory III

¿ Qué comandos serían necesarios ejecutar para que un sistema Linux pudiese sustituir el encaminador R2 mostrado en el diagrama ? Asume todos aquellos datos que necesites para realizar el ejercicio (nombre de interfaces, gateway, etc)

Network Diagram
Click for larger view

Previous Steps

Enable IP Forwarding

Temporal:

echo 1 > /proc/sys/net/ipv4/ip_forward

Permanent:

vim /etc/sysctl.conf

changue the value of  net.ipv4.ip_forward = 1

sysctl -p /etc/sysctl.conf # enable  changues

Configuring network intefaces

Temporal:

ifconfig eth0 down

ifconfig eth0 10.10.0.2 netmask 255.255.255.0 up
ifconfig eth1 down

ifconfig eth1 200.3.107.1 netmask 255.255.255.0 up

Persistent:

on debian: edit /etc/network/interfaces like this

auto lo

iface lo inet loopback

iface eth0 inet static
address 10.10.0.2
netmask 255.255.255.0

iface eth1 inet static
address 200.3.107.1
netmask 255.255.255.0

red hat and derivates: edit /etc/sysconfig/network-scripts/ifcfg-<interface name>

Device eth0 file /etc/sysconfig/network-scripts/ifcfg-eth0

DEVICE=”eth0″
IPADDR=10.10.0.2
METMASK=255.255.255.0
NETWORK=10.10.0.0
BROADCAST=10.0.0.255
ONBOOT=yes
BOOTPROTO=none
USERCTL=no

Device eth1 file /etc/sysconfig/network-scripts/ifcfg-eth1

DEVICE=”eth1″

IPADDR=200.3.107.1
METMASK=255.255.255.0
NETWORK=200.3.107.0
BROADCAST=200.3.107.255
ONBOOT=yes
BOOTPROTO=none
USERCTL=no

Option 1: Using Static Routing

temporal:

#from network 2 to network 3 assumed not necessary

#from network 3 to network 2 assumed not necessary

#from network 3 to network 1

ip route add 192.168.0.0/24 via 10.0.0.1 dev eth0

persistent:

on Debian

edit /etc/network/interfaces

write this at after the interfaces setup

up route add 192.168.0.0/24 via 10.0.0.1 dev eth0

on Fedora

edit /etc/sysconfig/network-scripts/route-<device>

GATEWAY0=10.0.0.1
NETMASK0= 255.255.255.0
ADDRESS0=192.168.0.0

if you want to add more routes increment the numbers next to GATEWAY, for example: GATEWAY1=10.0.0.2 NETMASK1= 255.255.255.0 ADDRESS1=192.168.30.0

Pros

  • No extra processing and added resources as in the case of dynamic routing protocols
  • No extra bandwidth requirement caused by the transmission of excessive packets for the routing table update process
  • Extra security by manually admitting or rejecting routing to certain networks

Cons

  • Network Administrators need to know the complete network topology very well in order to configure routes correctly
  • Topology changes need manual adjustment to all routers something which is very time consuming

Option 2: Using NAT

Basically NAT works like static routing but changes the output ip maintaining a internal

temporal:

# delete old configuration, if any
#Flush all the rules in filter and nat tables
iptables –flush
iptables –table nat –flush

# delete all chains that are not in default filter and nat table, if any
iptables –delete-chain
iptables –table nat –delete-chain

# Set up IP FORWARDing and Masquerading (NAT)
iptables –table nat –append POSTROUTING –out-interface eth0 -j MASQUERADE
iptables –append FORWARD –in-interface eth1 -j ACCEPT

permanent:

store the rules into the ip tables into a rules set

Pros

same that static plus

It also benefits in a security sense as attackants can’t target a computer directly, they have to first get past the router.

Cons

  • Network Address Translation does not allow a true end-to-end connectivity that is required by some real time applications. A number of real-time applications require the creation of a logical tunnel to exchange the data packets quickly in real-time. It requires a fast and seamless connectivity devoid of any intermediaries such as a proxy server that tends to complicate and slow down the communications process.
  • NAT creates complications in the functioning of Tunneling protocols. Any communication that is routed through a Proxy server tends to be comparatively slow and prone to disruptions. Certain critical applications offer no room for such inadequacies. Examples include telemedicine and teleconferencing. Such applications find the process of network address translation as a bottleneck in the communication network creating avoidable distortions in the end-to-end connectivity.
  • NAT acts as a redundant channel in the online communication over the Internet. The twin reasons for the widespread popularity and subsequent adoption of the network address translation process were a shortage of IPv4 address space and the security concerns. Both these issues have been fully addressed in the IPv6 protocol. As the IPv6 slowly replaces the IPv4 protocol, the network address translation process will become redundant and useless while consuming the scarce network resources for providing services that will be no longer required over the IPv6 networks.

Option 3: Using RIP

Rip is a distance routing protocol, is more flexible that using static routers and necessary if the number of subnets grows. Do you want to fight against hundred of rules? or assume the risk of downtime’s created by a router malfunction?

install zebra

permanent:

edit the /etc/zebra/ripd.conf file

redistribute connected

version 2

ip rip authentication string “max 16 characters”

router rip
network 10.10.0.0/24
network 200.3.107.200/24

pros

  • Easy to configure and use
  • V2 supports VLSM and CIDR

cons

  • Converges slowly on large networks
  • Doesn’t recognize bandwidth of links
  • Doesn’t support multiple paths for the same route
  • Routing updates can require significant bandwidth because the entire routing table is sent
  • Prone to routing loops

Option 4: Using OSPF (Open Shortest Path First)

OSPF is a routing protocol that uses the Dijkstra algorithm for get the quickest way. into a set of subnets where the routers are connected at different speeds could work better than R.I.P.

install zebra

add the necessary VTY in  /etc/services

zebrasrv        2600/tcp             # zebra service
zebra           2601/tcp              # zebra vty
ospfd           2604/tcp              # OSPFd vty
ospf6d          2606/tcp              # OSPF6d vty

edit zebra.conf file

hostname R2
password zebra
enable password z3bRa
log file /var/log/zebra/zebra.log
!
interface eth0
description Network 2
ip address 10.10.0.2/24
!
interface eth1
description Network 3
ip address 200.3.107.1/24

start zebra service

/usr/sbin/zebra –dk
/usr/sbin/ospfd –d

Telnet to port 2604 on the local machine to begin the OSPF configuration and type enable in order to get privileged mode

the next step will be announce the networks that we want  to publicity  in out networks

R2:~# telnet 0 2604
Trying 0.0.0.0…
Connected to 0.
Escape character is ‘^]’.

Hello, this is zebra (version 0.84b)
Copyright 1996-2000 Kunihiro Ishiguro

User Access Verification

ospfd> enable
Password:
ospfd# configure terminal
ospfd(config)# router ospf
ospfd(config-router)# network 10.10.0.0/24 area 0
ospfd(config-router)# passive-interface eth0

ospfd(config-router)# network 200.3.107.0/24 area 0
ospfd(config-router)# passive-interface eth1
ospfd(config-router)# end
ospfd# write file
Configuration saved to /etc/zebra/ospfd.conf

pros

  • Scalability – OSPF is specifically designed to operate with larger networks.
  • Full subnetting support – OSPF can fully support subnetting
  • Hello packets – OSPF uses small hello packets to verify link operation with out transferring large tables
  • TOS routing – OSPF can route packets by different criterion based on their type of service field
  • Tagged routes – Routes can be tagged with arbitrary values, easing interoperation.

cons

  • very intensive processor
  • maintaining multiple copies of routing information, increasing the amount of memory needed
  • OSPF can be logically segmented by using areasnot as easy to learn as some other protocols
  • if an entire network is running OSPF, and one link within it is “bouncing” every few seconds, then OSPF updates would dominate the network by informing every other router every time the link changed state.

sources:

http://www.techrepublic.com/article/use-zebra-to-set-up-a-linux-bgpospf-router/1047843

http://www.trainsignaltraining.com/ip-addressing-routing-default-static-routing

http://ipv6.com/articles/nat/NAT-Pros-and-Cons.htm

www.techrepublic.com/i/tr/one_offs/t063_preview.pdf

http://gotechsf.wordpress.com/2009/09/05/the-pros-and-cons-of-ospf-and-eigrp/

http://ipsit.bu.edu/sc546/sc441Spring2003/ospf/proscons.html

Cliente Wep en DD-WRT

¿Quieres poner tu router linksys en modo cliente de un puto de acceso  que emite una señal protegida con WEP?, seguro que la interfaz solo te permite insertar la clave a traves de la passphrase que no quieres cambiar o no puedes (interfaces web externas, muchas cosas configuradas….)

Pues esto es un bug de las ultimas versiones de DD-WRT si tienes un linksys con broadcom la solucion es conectarte por telnet o ssh (siempre mejor) e insertar estor comandos:

  • nvram set wl0_key1=”TU CLAVE WEP” (con las comillas)
  • nvram commit
  • reboot

sacado de

Nota mental

Cable de red y cable de corriente no has de juntar si feliz quieres ser

Solución: Usar PLC

problemas con OpenDNS y SAMBA

samba
samba

¿Has decidido pasarte a OpenDNS y no puedes ver la lista de host en samba?, simplemente modifica tu archivo smb.conf introduciendo o editando la resolución de nombres

name resolve order = lmhosts bcast wins host

La película de los TDT’s ¿Tengo que cambiar de decodificador?

Digital Video Broadcasting
Digital Video Broadcasting

Estos dias a mis oidos de informatico llegan consultas sobre el TDT (si tiene enchufe todo informatico puedo arreglarlo desde un pc a una tostadora)

En España se implemento el estandar DVB-T para la emisión de la televisión digital, con la ventaja que no se ve el ruidillo blanco y aparte de los 8 o 9 canales que teníamos siempre fulmina las televisiones locales y aparecen 10 canales de teletienda.

Nada problemático hasta que llega la película de los descodificadores hace un par de días por la aprobación de la TDT de pago.

El españolito medio tiene en casa una colección de televisores  que se ha comprado den los últimos años y no entiende la diferencia entre ver la televisión analógica y la tele del aparatito.

Punto 1 – La ventaja de la dichosa TDT es que se aprecia mejor calidad de imagen, cogen mas canales , tenemos una guía con la programación y no se pegan los canales entre si (famosas interferencias que solapaban la imagen de dos canales)

Modulo para la TDT de pago
Modulo para la TDT de pago

Punto  2- El decodificador del Carrefour que te compraste por 4 duros sigue valiendo a menos que todos los canales pasen a emitir en  1080i25 encapsulado en  MPEG4 AVC MP y HP L4.0 que lo dudo, así que  para lo único que no te va a funcionar es para los canales de pago. (Si quieres ver el fútbol lo pagas y compras otro decodificador)

Punto  3 – El decodificador que te compraste (para ver la tele de pago como para ver los canales) dejara de funcionar entre el 2010 y 2012 (o un poco mas tarde dependerá de como se planifique la transición ) ¿por qué? pues porque el se implementara DVB-T2 que se le llamara TDT de 2ª generación o como se les ocurra a los de los telediarios. Aquí habrá que volver a cambiar el aparatito por uno nuevo o la tele (que 5 lustros son muchos para un aparatito).

Conclusiones

Si le preguntas a Prisa (esto es un engaño del gobierno y una falta de respeto porque nos obliga a cambiar el decodificador, también se llama competencia en la contenidos de pago allí se fue el monopolio de Canal Satélite Digital)

Si le preguntas a MediaPro (esto es la entrada a una televisión de mejor calidad en contenidos un paso hacia el futuro bla bla bla bla)

Si me preguntas a mi: Se acabaron las teles que duran 5 lustros y la televisión entra en el mundo del sector informático (Actualizar, actualizar, comprar otro vuelta al principio). Ver las bellezas de la Sexta en Full HD algún día merece la inversión, verle las arrugas a Gayoso y a Maria Teresa Campos en Full HD es perjudicial para la audiencia de esos canales (demasiado aburrimiento en alta definición ).

Así que compra el decodificador mas barato que te encuentres y que pienses que no es un producto DSST(Día Siguiente al Servicio Técnico) si quieres ver la TDT de pago compras uno con la tarjetita, si no quieres ver la tele de pago, comparte uno sin ranura para la tarjetita. Total en el 2012 te tienes que comprar otro así que en menos de 5 años le vas a dar puerta.

y bonus para los que se compraron una tele HD Ready que no es Full HD osea que no tiene 1080 lineas pero si 720  o menos, el día que los canales emitan a 1080 veras la imagen deformada (Pero las teles HD ready eran mas baratas y la película de dibujos se veía tan bien como la que costaba el doble).

Vamos que como todo lo tecnológico hay que leerse un poco como esta todo el tema antes de comprar y no ir como un loco al Carrefour comprar la chatarra mas barata que encuentres en modo no se lo que estoy comprando pero le escuche a Fulano, a Mengano y a Zutano algo y leí alguna cosa sin fijarme y esto me hace falta.

Y minipunto para el que me diga en los comentarios que es el  MHP en los receptores de TDT (tecnología que era necesaria para la implantación de la televisión digital y con la cual no contaban todos los descodificadores y por eso algunos era un timo por que tendríamos que cambiarlos bla bla bla bla).

PD.- Corolario de la TDT por Luzem: La opinión del ciudadano sobre la TDT estará relacionada directamente con el canal de televisión donde vea las noticias

Claro, tu lo que querias era ver mi blog

De vez en cuando tengo visitas que buscan un zencart o un phpmyadmin instalado en el servidor

210.166.210.71 – – [07/Aug/2009:08:57:51 +0200] “GET /zencart/docs/INSTALL.txt HTTP/1.1” 404 284
210.166.210.71 – – [07/Aug/2009:08:57:51 +0200] “GET /shop/docs/INSTALL.txt HTTP/1.1” 404 281
210.166.210.71 – – [07/Aug/2009:08:57:52 +0200] “GET /store/docs/INSTALL.txt HTTP/1.1” 404 282
210.166.210.71 – – [07/Aug/2009:08:57:53 +0200] “GET /cart/docs/INSTALL.txt HTTP/1.1” 404 281
210.166.210.71 – – [07/Aug/2009:08:57:53 +0200] “GET /shoppe/docs/INSTALL.txt HTTP/1.1” 404 283
210.166.210.71 – – [07/Aug/2009:08:57:54 +0200] “GET /Store/docs/INSTALL.txt HTTP/1.1” 404 282
210.166.210.71 – – [07/Aug/2009:08:57:55 +0200] “GET /hp_zencart/docs/INSTALL.txt HTTP/1.1” 404 287
210.166.210.71 – – [07/Aug/2009:08:57:55 +0200] “GET /zen-cart/docs/INSTALL.txt HTTP/1.1” 404 285
210.166.210.71 – – [07/Aug/2009:08:57:56 +0200] “GET /boutique/docs/INSTALL.txt HTTP/1.1” 404 285
210.166.210.71 – – [07/Aug/2009:08:57:57 +0200] “GET /ddr/docs/INSTALL.txt HTTP/1.1” 404 280
210.166.210.71 – – [07/Aug/2009:08:57:57 +0200] “GET /bella/docs/INSTALL.txt HTTP/1.1” 404 282
210.166.210.71 – – [07/Aug/2009:08:57:58 +0200] “GET /shops/docs/INSTALL.txt HTTP/1.1” 404 282
210.166.210.71 – – [07/Aug/2009:08:57:59 +0200] “GET /ecommerce/docs/INSTALL.txt HTTP/1.1” 404 286
210.166.210.71 – – [07/Aug/2009:08:57:59 +0200] “GET /shopcart/docs/INSTALL.txt HTTP/1.1” 404 285
210.166.210.71 – – [07/Aug/2009:08:58:00 +0200] “GET /docs/INSTALL.txt HTTP/1.1” 404 276
210.166.210.71 – – [07/Aug/2009:08:58:01 +0200] “GET /zencart/install.txt HTTP/1.1” 404 279
210.166.210.71 – – [07/Aug/2009:08:58:01 +0200] “GET /shop/install.txt HTTP/1.1” 404 276
210.166.210.71 – – [07/Aug/2009:08:58:02 +0200] “GET /store/install.txt HTTP/1.1” 404 277
210.166.210.71 – – [07/Aug/2009:08:58:03 +0200] “GET /cart/install.txt HTTP/1.1” 404 276
210.166.210.71 – – [07/Aug/2009:08:58:03 +0200] “GET /shoppe/install.txt HTTP/1.1” 404 278
210.166.210.71 – – [07/Aug/2009:08:58:04 +0200] “GET /Store/install.txt HTTP/1.1” 404 277
210.166.210.71 – – [07/Aug/2009:08:58:05 +0200] “GET /hp_zencart/install.txt HTTP/1.1” 404 282
210.166.210.71 – – [07/Aug/2009:08:58:05 +0200] “GET /zen-cart/install.txt HTTP/1.1” 404 280
210.166.210.71 – – [07/Aug/2009:08:58:06 +0200] “GET /boutique/install.txt HTTP/1.1” 404 280
210.166.210.71 – – [07/Aug/2009:08:58:07 +0200] “GET /ddr/install.txt HTTP/1.1” 404 275
210.166.210.71 – – [07/Aug/2009:08:58:07 +0200] “GET /bella/install.txt HTTP/1.1” 404 277
210.166.210.71 – – [07/Aug/2009:08:58:08 +0200] “GET /shops/install.txt HTTP/1.1” 404 277
210.166.210.71 – – [07/Aug/2009:08:58:09 +0200] “GET /ecommerce/install.txt HTTP/1.1” 404 281
210.166.210.71 – – [07/Aug/2009:08:58:09 +0200] “GET /shopcart/install.txt HTTP/1.1” 404 280
210.166.210.71 – – [07/Aug/2009:08:58:10 +0200] “GET /install.txt HTTP/1.1” 404 271

Seguro que es solo curiosidad