I needed a small file server at home, focused on storage backups. Searching in my circuit warehouse i found my old sheevaplug and decided use it.
I choose install a Debian on it.
Step 1: Identify sheevaplug serial console
Plug sheeva plug microusb port to your desktop computer and execute dmesg in your computer.
Output will be like this
[ 3016.391801] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0
[ 3016.391820] ftdi_sio 2-4.3:1.1: device disconnected
[ 3019.518529] usb 2-4.3: new full-speed USB device number 4 using ehci-pci
[ 3019.611536] usb 2-4.3: New USB device found, idVendor=9e88, idProduct=9e8f
[ 3019.611542] usb 2-4.3: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 3019.611545] usb 2-4.3: Product: SheevaPlug JTAGKey FT2232D B
[ 3019.611548] usb 2-4.3: Manufacturer: FTDI
[ 3019.611551] usb 2-4.3: SerialNumber: FTT39IJR
[ 3019.615454] usb 2-4.3: Ignoring serial port reserved for JTAG
[ 3019.618652] ftdi_sio 2-4.3:1.1: FTDI USB Serial Device converter detected
[ 3019.618696] usb 2-4.3: Detected FT2232C
[ 3019.619289] usb 2-4.3: FTDI USB Serial Device converter now attached to ttyUSB0
That means that our serial console is attached to device /dev/ttyUSB0
Step 2: Connect to sheeva serial console
cu -s 115200 -l /dev/ttyUSB0
with this command you can access to sheeva console
I needed to add a new user into sudoers file into several debian machines, i didn’t want open a terminal in each machine and add the line manually, the other option was append a new line into the file like echo “new line”>> /etc/sudoers .But I don’t like edit sudoers file without using visudo, I don’t feel safe.
Reading the debian documentation I found a magical directive for append external files #includedir /etc/sudoers.d, that’s mean if I add a new file with 0440 permisions and the permissions are important will be appended into our sudo config.
Removing the hash character is a inherited custom ok don’t remove the hash character is not a comment indicador withouth the hash character, includedir /etc/sudoers.d is a bad line and visudo show an error.
¿ Qué comandos serían necesarios ejecutar para que un sistema Linux pudiese sustituir el encaminador R2 mostrado en el diagrama ? Asume todos aquellos datos que necesites para realizar el ejercicio (nombre de interfaces, gateway, etc)
Enable IP Forwarding
echo 1 > /proc/sys/net/ipv4/ip_forward
changue the value of net.ipv4.ip_forward = 1
sysctl -p /etc/sysctl.conf # enable changues
Configuring network intefaces
ifconfig eth0 down
ifconfig eth0 10.10.0.2 netmask 255.255.255.0 up
ifconfig eth1 down
ifconfig eth1 220.127.116.11 netmask 255.255.255.0 up
if you want to add more routes increment the numbers next to GATEWAY, for example: GATEWAY1=10.0.0.2 NETMASK1= 255.255.255.0 ADDRESS1=192.168.30.0
No extra processing and added resources as in the case of dynamic routing protocols
No extra bandwidth requirement caused by the transmission of excessive packets for the routing table update process
Extra security by manually admitting or rejecting routing to certain networks
Network Administrators need to know the complete network topology very well in order to configure routes correctly
Topology changes need manual adjustment to all routers something which is very time consuming
Option 2: Using NAT
Basically NAT works like static routing but changes the output ip maintaining a internal
# delete old configuration, if any
#Flush all the rules in filter and nat tables
iptables –table nat –flush
# delete all chains that are not in default filter and nat table, if any
iptables –table nat –delete-chain
# Set up IP FORWARDing and Masquerading (NAT)
iptables –table nat –append POSTROUTING –out-interface eth0 -j MASQUERADE
iptables –append FORWARD –in-interface eth1 -j ACCEPT
store the rules into the ip tables into a rules set
same that static plus
It also benefits in a security sense as attackants can’t target a computer directly, they have to first get past the router.
Network Address Translation does not allow a true end-to-end connectivity that is required by some real time applications. A number of real-time applications require the creation of a logical tunnel to exchange the data packets quickly in real-time. It requires a fast and seamless connectivity devoid of any intermediaries such as a proxy server that tends to complicate and slow down the communications process.
NAT creates complications in the functioning of Tunneling protocols. Any communication that is routed through a Proxy server tends to be comparatively slow and prone to disruptions. Certain critical applications offer no room for such inadequacies. Examples include telemedicine and teleconferencing. Such applications find the process of network address translation as a bottleneck in the communication network creating avoidable distortions in the end-to-end connectivity.
NAT acts as a redundant channel in the online communication over the Internet. The twin reasons for the widespread popularity and subsequent adoption of the network address translation process were a shortage of IPv4 address space and the security concerns. Both these issues have been fully addressed in the IPv6 protocol. As the IPv6 slowly replaces the IPv4 protocol, the network address translation process will become redundant and useless while consuming the scarce network resources for providing services that will be no longer required over the IPv6 networks.
Option 3: Using RIP
Rip is a distance routing protocol, is more flexible that using static routers and necessary if the number of subnets grows. Do you want to fight against hundred of rules? or assume the risk of downtime’s created by a router malfunction?
ospfd(config-router)# network 18.104.22.168/24 area 0
ospfd(config-router)# passive-interface eth1
ospfd# write file
Configuration saved to /etc/zebra/ospfd.conf
Scalability – OSPF is specifically designed to operate with larger networks.
Full subnetting support – OSPF can fully support subnetting
Hello packets – OSPF uses small hello packets to verify link operation with out transferring large tables
TOS routing – OSPF can route packets by different criterion based on their type of service field
Tagged routes – Routes can be tagged with arbitrary values, easing interoperation.
very intensive processor
maintaining multiple copies of routing information, increasing the amount of memory needed
OSPF can be logically segmented by using areasnot as easy to learn as some other protocols
if an entire network is running OSPF, and one link within it is “bouncing” every few seconds, then OSPF updates would dominate the network by informing every other router every time the link changed state.