MAL - Memória Auxiliar do Lutieri

sexta-feira, outubro 30, 2009

samba binding only a specifig interface

Tip: If your box has multiple NICs, you may not want Samba to broadcast its presence on both interfaces. To make it only use one IP add the following, in [global]:

interfaces = [interface_ip]/32 127.0.0.1/8
bind only interfaces = yes

Marcadores:

quarta-feira, outubro 28, 2009

Managing cached connections

I'm developing a script to failover different links when one of them fails. After some tests I could see some strange behavior. After changing the routing table, flushing the route cache, removing the NAT rule and creating a new one to satisfy the new link, the packets were going out through the new interface(specified in the new route) but using the translated IP address of the old NAT rule.

After some research I found out that linux kernel keeps a kind of cache for all connections, maybe just the NATed ones?!

The nice thing is you can see this table:

cat /proc/net/ip_conntrack

The netfilter team also developed a tool to manage this table, flush, list, delete, add entries, etc.
It's called conntrack-tools. It's a replacement for the /proc interface. What you will need is to compile and install the following:


libnfnetlink
libnetfilter_conntrack
conntrack-tools

You can download all the sources from:
http://conntrack-tools.netfilter.org/downloads.html

After installed you can call the conntrack binary.
I.e.:

conntrack -L -d x.x.x.x

The above command list all entries with x.x.x.x destination IP.

conntrack -F

The above command flushes the whole table. That's exactly what I have to do in order in my fail-over scripts.


conntrack -L -m 11

If you're using the MARK target in any iptables rule you can check out if the packets are being marked correctly with the above command. This command list all the connections with mark=11(-j MARK --set-mark 11)


References:

http://linux.derkeiler.com/Mailing-Lists/Debian/2005-08/3411.html
http://lists.netfilter.org/pipermail/netfilter-devel/2002-October/009530.html
http://mailman.ds9a.nl/pipermail/lartc/2003q1/007249.html
http://linux.die.net/man/8/conntrack
http://www.mail-archive.com/netfilter-devel@lists.samba.org/msg01394.html
http://conntrack-tools.netfilter.org/downloads.html

Marcadores:

terça-feira, outubro 27, 2009

customizing ls time output

ls -l --time-style="+%d-%m-%Y %H:%M:%S" /var/log/xxxxxxx


It's the same syntax used by date command

Marcadores:

Compilation stuff

./configure
....
checking lex library... -lfl
checking whether yytext is a pointer... yes
checking for bison... bison -y
checking for pkg-config... yes
checking for pkg-config... /usr/bin/pkg-config
checking pkg-config is at least version 0.9.0... yes
checking for LIBNFNETLINK... no
configure: error: Cannot find libnfnetlink >= 1.0.0

However libnfnetlink was installed.

# ls /usr/local/lib/pkgconfig/
libnetfilter_conntrack.pc libnfnetlink.pc

# pkg-config --libs libnfnetlink
Package libnfnetlink was not found in the pkg-config search path.
Perhaps you should add the directory containing `libnfnetlink.pc'
to the PKG_CONFIG_PATH environment variable
No package 'libnfnetlink' found


# PKG_CONFIG_PATH=/usr/local/lib/pkgconfig/ pkg-config --libs libnfnetlink
-L/usr/local/lib -lnfnetlink


Solution:
PKG_CONFIG_PATH=/usr/local/lib/pkgconfig/ ./configure

Marcadores:

segunda-feira, outubro 26, 2009

Download RPM's from yum repos

Use:

yumdownloader packagename


yumdownloader is included in yum-utils package

Marcadores:

quinta-feira, outubro 15, 2009

Playing with ip command

ip -o -s -s route show table cache

Existe um tabela chamada "cache" que nem preciso dizer que ela contém o cache :)

com a opção -s é exibido a idade(age), em segundos, daquela entrada, quantas vezes aquela regra foi usada(used), etc.

A opção -o é só pra mostra tudo em uma linha só. Fica mais fácil de fazer grep ou wc -l

A idade é zerada toda vez que aquela regra é usada e a o valor used é incrementado.

Não consegui determinar de quanto em quanto tempo essa tabela é esvaziada. Apenas determinei que de tempos em tempos ela é completamente zerada e reiniciada. Uma vez que eu acompanhei demorou algo em torno de 8 minutos, de uma outra vez 3:30min, depois 4 min cravados. Então o mais certo é: vai saber né?

o importante é lembrar que quando se alterar rotas ou rules é importante limpar essa tabela de cache com o comando:


ip route flush cache

ou

ip r f c



Do contrário você vai morrer tentando e não vai entender o comportamento do seu linux roteando.


Vou só incluir alguns comando aqui de exemplo que serão úteis logo logo:

ip rule show

ip rule add from 192.168.0.0/24 table 10
ou
ip rule add from 192.168.0.0/24 table dez
ou
ip rule add from 192.168.0.0/24 lookup 10
ou
ip rule add from 192.168.0.0/24 table dez

Observações:
lookup ou table podem ser usado interchangeable.

o Nome ou número da tabela no arquivo /etc/iproute2/rt_tables também podem ser usados interchangeable.

ip rule from 10.1.1.0/22 lookup WAN
ip rule to 200.0.0.1/24 lookup ADSL


Usando marcas(lembrando que o pacote não é alterado de forma alguma, essa marcação quem toma conta é o kernel, como se fosse NAT, pois existem uma tabela, porém no NAT o pacote ainda é alterado, nesse caso não):

iptables -t mangle -A PREROUTING -s 192.168.0.0/24 -j MARK --set-mark 10
ip rule add fwmark 10 table GVT

Se você realmente deseja alterar o pacote deve usar o alvo TOS do iptables(não testei):


iptables -t mangle -A PREROUTING -s 192.168.0.0/24 -j TOS --set-tos 0x10

tente: iptables -j TOs -h para descobrir as opções do --set-tos

ip rule add tos 0x10 lookup 10


Quando você for listar as rules você verá que surge na tela 'lowdelay' ao invés do valor 0x10. Isso porque o ip traduz e/ou mapeia isso de acordo com o arquivo /etc/iproute2/rt_dsfield


ip route get 192.168.1.55


Will pretend sending a packet to this destination resolve and get back the route that will be used to reach the destination. It actually creates an entry into the cache table. Check it out with ip route show cache

As the manual says it's equivalent to send a ping and running ip route show cache.

Marcadores:

sexta-feira, outubro 02, 2009

Autoload modules in CentOS

40.2. Persistent Module Loading

Kernel modules are usually loaded directly by the facility that requires them, which is given correct settings in the /etc/modprobe.conf file. However, it is sometimes necessary to explicitly force the loading of a module at boot time.

Red Hat Enterprise Linux checks for the existence of the /etc/rc.modules file at boot time, which contains various commands to load modules. The rc.modules should be used, and not rc.local because rc.modules is executed earlier in the boot process.

For example, the following commands configure loading of the foo module at boot time (as root):

# echo modprobe foo >> /etc/rc.modules
# chmod +x /etc/rc.modules



http://www.centos.org/docs/5/html/Deployment_Guide-en-US/s1-kernel-modules-persistant.html

Marcadores:



Chat with Lutieri G. B.

Subscribe in a reader