Saturday, March 27, 2010
GNS3, compatible Cisco IOS images
You should be able to find these with Google:
1700
c1700-advipservicesk9-mz.124-15.T7.bin
2600
c2600-ipvoicek9-mz.124-4.T1.bin
c2600-telco-mz.124-2.T.bin
c2600-adventerprisek9-mz.124-18.bin
2691
c2691-advipservicesk9-mz.124-15.T6.bin
c2691-adventerprisek9_ivs-mz.124-9.T7.bin
3640
c3640-jk9o3s-mz.124-16a.bin
c3640-a3jk9s-mz.124-16a.bin
3660
c3660-jk9o3s-mz.124-15.T5.bin
c3660-ik9o3s-mz.124-15.T6.bin
3725
c3725-adventerprisek9-mz.124-15.T5.bin
3745
c3745-advipservicesk9-mz.124-15.T6.bin
7200
c7200-adventerprisek9-mz.124-15.T6.bin
c7200-adventerprisek9-mz.124-20.T.bin
c7200-advipservicesk9-mz.124-20.T.bin
c7200p-adventerprisek9-mz.124-20.T.bin
c7200p-ipbasek9-mz.124-4.XD9.bin
ASA8.1-1 ASDM6.1-1
PIX 8.0-3 ASDM 6.0-3 ASA 8.0-3
PIX 8.0-2 ASDM 6.0-2 ASA 8.0-2
PIX 7.2-3 ASDM 5.2-3 ASA 7.2-3
1700
c1700-advipservicesk9-mz.124-15.T7.bin
2600
c2600-ipvoicek9-mz.124-4.T1.bin
c2600-telco-mz.124-2.T.bin
c2600-adventerprisek9-mz.124-18.bin
2691
c2691-advipservicesk9-mz.124-15.T6.bin
c2691-adventerprisek9_ivs-mz.124-9.T7.bin
3640
c3640-jk9o3s-mz.124-16a.bin
c3640-a3jk9s-mz.124-16a.bin
3660
c3660-jk9o3s-mz.124-15.T5.bin
c3660-ik9o3s-mz.124-15.T6.bin
3725
c3725-adventerprisek9-mz.124-15.T5.bin
3745
c3745-advipservicesk9-mz.124-15.T6.bin
7200
c7200-adventerprisek9-mz.124-15.T6.bin
c7200-adventerprisek9-mz.124-20.T.bin
c7200-advipservicesk9-mz.124-20.T.bin
c7200p-adventerprisek9-mz.124-20.T.bin
c7200p-ipbasek9-mz.124-4.XD9.bin
ASA8.1-1 ASDM6.1-1
PIX 8.0-3 ASDM 6.0-3 ASA 8.0-3
PIX 8.0-2 ASDM 6.0-2 ASA 8.0-2
PIX 7.2-3 ASDM 5.2-3 ASA 7.2-3
Thursday, March 25, 2010
iPhone 1st Gen MMS, Tethering, Blutooth and Push notifications enabled
If you still have and old 1st gen iPhone and want to enable MMS, tethering, Bluetooth and push notifications, do the following. Note that this is for the 3.1.3 iPhone firmware ONLY! I have done it and it all works. At the time I was on the South African Vodacom network.
MMS, Bluetooth, Tethering:
Download from http://www.mediafire.com/?ezwzmjkzzmz
The md5sum of the archive is 275d31f84aedee9f949f1d9f46f46725
Read the "readme" on how to install!
Get some unique push certs and install. This guy charge $5.99 for a set and can be paid with Paypal:
http://www.pushfix.info/purchase
Once again, read the "readme" for the howto.
MMS, Bluetooth, Tethering:
Download from http://www.mediafire.com/?ezwzmjkzzmz
The md5sum of the archive is 275d31f84aedee9f949f1d9f46f46725
Read the "readme" on how to install!
Get some unique push certs and install. This guy charge $5.99 for a set and can be paid with Paypal:
http://www.pushfix.info/purchase
Once again, read the "readme" for the howto.
Wednesday, March 24, 2010
Interesting read... Traffic Conditioning scripts: Low Latency, Fast Up & Downloads
Maintain low latency for interactive traffic at all times:
This means that downloading or uploading files should not disturb SSH or even telnet. These are the most important things, even 200ms latency is sluggish to work over. Allow 'surfing' at reasonable speeds while up or downloading.
Even though http is 'bulk' traffic, other traffic should not drown it out too much. Make sure uploads don't harm downloads, and the other way around. This is a much observed phenomenon where outgress traffic simply destroys download speed.
It turns out that all this is possible, at the cost of a tiny bit of bandwidth. The reason that uploads, downloads and ssh hurt each other is the presence of large queues in many domestic access devices like cable or DSL modems.
The next section explains in depth what causes the delays, and how we can fix them. You can safely skip it and head straight for the script if you don't care how the magic is performed.
Why it doesn't work well by default:
ISPs know that they are benchmarked solely on how fast people can download. Besides available bandwidth, download speed is influenced heavily by packet loss, which seriously hampers TCP/IP performance. Large queues can help prevent packet loss, and speed up downloads. So ISPs configure large queues.
These large queues however damage interactivity. A keystroke must first travel the upstream queue, which may be seconds (!) long and go to your remote host. It is then displayed, which leads to a packet coming back, which must then traverse the downstream queue, located at your ISP, before it appears on your screen.
This HOWTO teaches you how to mangle and process the queue in many ways, but sadly, not all queues are accessible to us. The queue over at the ISP is completely off-limits, whereas the upstream queue probably lives inside your cable modem or DSL device. You may or may not be able to configure it. Most probably not.
So, what next? As we can't control either of those queues, they must be eliminated, and moved to your Linux router. Luckily this is possible.
Limit upload speed
By limiting our upload speed to slightly less than the truly available rate, no queues are built up in our modem. The queue is now moved to Linux.
Limit download speed
This is slightly trickier as we can't really influence how fast the internet ships us data. We can however drop packets that are coming in too fast, which causes TCP/IP to slow down to just the rate we want. Because we don't want to drop traffic unnecessarily, we configure a 'burst' size we allow at higher speed.
Now, once we have done this, we have eliminated the downstream queue totally (except for short bursts), and gain the ability to manage the upstream queue with all the power Linux offers.
What remains to be done is to make sure interactive traffic jumps to the front of the upstream queue. To make sure that uploads don't hurt downloads, we also move ACK packets to the front of the queue. This is what normally causes the huge slowdown observed when generating bulk traffic both ways. The Acknowledgements for downstream traffic must compete with upstream traffic, and get delayed in the process.
If we do all this we get the following measurements using an excellent ADSL connection from xs4all in the Netherlands:
Baseline latency:
round-trip min/avg/max = 14.4/17.1/21.7 ms
Without traffic conditioner, while downloading:
round-trip min/avg/max = 560.9/573.6/586.4 ms
Without traffic conditioner, while uploading:
round-trip min/avg/max = 2041.4/2332.1/2427.6 ms
With conditioner, during 220kbit/s upload:
round-trip min/avg/max = 15.7/51.8/79.9 ms
With conditioner, during 850kbit/s download:
round-trip min/avg/max = 20.4/46.9/74.0 ms
When uploading, downloads proceed at ~80% of the available speed. Uploads
at around 90%. Latency then jumps to 850 ms, still figuring out why.
What you can expect from this script depends a lot on your actual uplink speed. When uploading at full speed, there will always be a single packet ahead of your keystroke. That is the lower limit to the latency you can achieve - divide your MTU by your upstream speed to calculate. Typical values will be somewhat higher than that. Lower your MTU for better effects!
Next, two versions of this script, one with Devik's excellent HTB, the other with CBQ which is in each Linux kernel, unlike HTB. Both are tested and work well.
The actual script (CBQ)
Works on all kernels. Within the CBQ qdisc we place two Stochastic Fairness Queues that make sure that multiple bulk streams don't drown each other out.
Downstream traffic is policed using a tc filter containing a Token Bucket Filter.
You might improve on this script by adding 'bounded' to the line that starts with 'tc class add .. classid 1:20'. If you lowered your MTU, also lower the allot & avpkt numbers!
If the last two lines give an error, update your tc tool to a newer version!
15.8.3. The actual script (HTB)
The following script achieves all goals using the wonderful HTB queue. Well worth patching your kernel for!
If the last two lines give an error, update your tc tool to a newer version!
Article copied from http://lartc.org/howto/lartc.cookbook.ultimate-tc.html
This means that downloading or uploading files should not disturb SSH or even telnet. These are the most important things, even 200ms latency is sluggish to work over. Allow 'surfing' at reasonable speeds while up or downloading.
Even though http is 'bulk' traffic, other traffic should not drown it out too much. Make sure uploads don't harm downloads, and the other way around. This is a much observed phenomenon where outgress traffic simply destroys download speed.
It turns out that all this is possible, at the cost of a tiny bit of bandwidth. The reason that uploads, downloads and ssh hurt each other is the presence of large queues in many domestic access devices like cable or DSL modems.
The next section explains in depth what causes the delays, and how we can fix them. You can safely skip it and head straight for the script if you don't care how the magic is performed.
Why it doesn't work well by default:
ISPs know that they are benchmarked solely on how fast people can download. Besides available bandwidth, download speed is influenced heavily by packet loss, which seriously hampers TCP/IP performance. Large queues can help prevent packet loss, and speed up downloads. So ISPs configure large queues.
These large queues however damage interactivity. A keystroke must first travel the upstream queue, which may be seconds (!) long and go to your remote host. It is then displayed, which leads to a packet coming back, which must then traverse the downstream queue, located at your ISP, before it appears on your screen.
This HOWTO teaches you how to mangle and process the queue in many ways, but sadly, not all queues are accessible to us. The queue over at the ISP is completely off-limits, whereas the upstream queue probably lives inside your cable modem or DSL device. You may or may not be able to configure it. Most probably not.
So, what next? As we can't control either of those queues, they must be eliminated, and moved to your Linux router. Luckily this is possible.
Limit upload speed
By limiting our upload speed to slightly less than the truly available rate, no queues are built up in our modem. The queue is now moved to Linux.
Limit download speed
This is slightly trickier as we can't really influence how fast the internet ships us data. We can however drop packets that are coming in too fast, which causes TCP/IP to slow down to just the rate we want. Because we don't want to drop traffic unnecessarily, we configure a 'burst' size we allow at higher speed.
Now, once we have done this, we have eliminated the downstream queue totally (except for short bursts), and gain the ability to manage the upstream queue with all the power Linux offers.
What remains to be done is to make sure interactive traffic jumps to the front of the upstream queue. To make sure that uploads don't hurt downloads, we also move ACK packets to the front of the queue. This is what normally causes the huge slowdown observed when generating bulk traffic both ways. The Acknowledgements for downstream traffic must compete with upstream traffic, and get delayed in the process.
If we do all this we get the following measurements using an excellent ADSL connection from xs4all in the Netherlands:
Baseline latency:
round-trip min/avg/max = 14.4/17.1/21.7 ms
Without traffic conditioner, while downloading:
round-trip min/avg/max = 560.9/573.6/586.4 ms
Without traffic conditioner, while uploading:
round-trip min/avg/max = 2041.4/2332.1/2427.6 ms
With conditioner, during 220kbit/s upload:
round-trip min/avg/max = 15.7/51.8/79.9 ms
With conditioner, during 850kbit/s download:
round-trip min/avg/max = 20.4/46.9/74.0 ms
When uploading, downloads proceed at ~80% of the available speed. Uploads
at around 90%. Latency then jumps to 850 ms, still figuring out why.
What you can expect from this script depends a lot on your actual uplink speed. When uploading at full speed, there will always be a single packet ahead of your keystroke. That is the lower limit to the latency you can achieve - divide your MTU by your upstream speed to calculate. Typical values will be somewhat higher than that. Lower your MTU for better effects!
Next, two versions of this script, one with Devik's excellent HTB, the other with CBQ which is in each Linux kernel, unlike HTB. Both are tested and work well.
The actual script (CBQ)
Works on all kernels. Within the CBQ qdisc we place two Stochastic Fairness Queues that make sure that multiple bulk streams don't drown each other out.
Downstream traffic is policed using a tc filter containing a Token Bucket Filter.
You might improve on this script by adding 'bounded' to the line that starts with 'tc class add .. classid 1:20'. If you lowered your MTU, also lower the allot & avpkt numbers!
#!/bin/bash
# The Ultimate Setup For Your Internet Connection At Home
#
#
# Set the following values to somewhat less than your actual download
# and uplink speed. In kilobits
DOWNLINK=800
UPLINK=220
DEV=ppp0
# clean existing down- and uplink qdiscs, hide errors
tc qdisc del dev $DEV root 2> /dev/null > /dev/null
tc qdisc del dev $DEV ingress 2> /dev/null > /dev/null
###### uplink
# install root CBQ
tc qdisc add dev $DEV root handle 1: cbq avpkt 1000 bandwidth 10mbit
# shape everything at $UPLINK speed - this prevents huge queues in your
# DSL modem which destroy latency:
# main class
tc class add dev $DEV parent 1: classid 1:1 cbq rate ${UPLINK}kbit \
allot 1500 prio 5 bounded isolated
# high prio class 1:10:
tc class add dev $DEV parent 1:1 classid 1:10 cbq rate ${UPLINK}kbit \
allot 1600 prio 1 avpkt 1000
# bulk and default class 1:20 - gets slightly less traffic,
# and a lower priority:
tc class add dev $DEV parent 1:1 classid 1:20 cbq rate $[9*$UPLINK/10]kbit \
allot 1600 prio 2 avpkt 1000
# both get Stochastic Fairness:
tc qdisc add dev $DEV parent 1:10 handle 10: sfq perturb 10
tc qdisc add dev $DEV parent 1:20 handle 20: sfq perturb 10
# start filters
# TOS Minimum Delay (ssh, NOT scp) in 1:10:
tc filter add dev $DEV parent 1:0 protocol ip prio 10 u32 \
match ip tos 0x10 0xff flowid 1:10
# ICMP (ip protocol 1) in the interactive class 1:10 so we
# can do measurements & impress our friends:
tc filter add dev $DEV parent 1:0 protocol ip prio 11 u32 \
match ip protocol 1 0xff flowid 1:10
# To speed up downloads while an upload is going on, put ACK packets in
# the interactive class:
tc filter add dev $DEV parent 1: protocol ip prio 12 u32 \
match ip protocol 6 0xff \
match u8 0x05 0x0f at 0 \
match u16 0x0000 0xffc0 at 2 \
match u8 0x10 0xff at 33 \
flowid 1:10
# rest is 'non-interactive' ie 'bulk' and ends up in 1:20
tc filter add dev $DEV parent 1: protocol ip prio 13 u32 \
match ip dst 0.0.0.0/0 flowid 1:20
########## downlink #############
# slow downloads down to somewhat less than the real speed to prevent
# queuing at our ISP. Tune to see how high you can set it.
# ISPs tend to have *huge* queues to make sure big downloads are fast
#
# attach ingress policer:
tc qdisc add dev $DEV handle ffff: ingress
# filter *everything* to it (0.0.0.0/0), drop everything that's
# coming in too fast:
tc filter add dev $DEV parent ffff: protocol ip prio 50 u32 match ip src \
0.0.0.0/0 police rate ${DOWNLINK}kbit burst 10k drop flowid :1If the last two lines give an error, update your tc tool to a newer version!
15.8.3. The actual script (HTB)
The following script achieves all goals using the wonderful HTB queue. Well worth patching your kernel for!
#!/bin/bash
# The Ultimate Setup For Your Internet Connection At Home
#
#
# Set the following values to somewhat less than your actual download
# and uplink speed. In kilobits
DOWNLINK=800
UPLINK=220
DEV=ppp0
# clean existing down- and uplink qdiscs, hide errors
tc qdisc del dev $DEV root 2> /dev/null > /dev/null
tc qdisc del dev $DEV ingress 2> /dev/null > /dev/null
###### uplink
# install root HTB, point default traffic to 1:20:
tc qdisc add dev $DEV root handle 1: htb default 20
# shape everything at $UPLINK speed - this prevents huge queues in your
# DSL modem which destroy latency:
tc class add dev $DEV parent 1: classid 1:1 htb rate ${UPLINK}kbit burst 6k
# high prio class 1:10:
tc class add dev $DEV parent 1:1 classid 1:10 htb rate ${UPLINK}kbit \
burst 6k prio 1
# bulk & default class 1:20 - gets slightly less traffic,
# and a lower priority:
tc class add dev $DEV parent 1:1 classid 1:20 htb rate $[9*$UPLINK/10]kbit \
burst 6k prio 2
# both get Stochastic Fairness:
tc qdisc add dev $DEV parent 1:10 handle 10: sfq perturb 10
tc qdisc add dev $DEV parent 1:20 handle 20: sfq perturb 10
# TOS Minimum Delay (ssh, NOT scp) in 1:10:
tc filter add dev $DEV parent 1:0 protocol ip prio 10 u32 \
match ip tos 0x10 0xff flowid 1:10
# ICMP (ip protocol 1) in the interactive class 1:10 so we
# can do measurements & impress our friends:
tc filter add dev $DEV parent 1:0 protocol ip prio 10 u32 \
match ip protocol 1 0xff flowid 1:10
# To speed up downloads while an upload is going on, put ACK packets in
# the interactive class:
tc filter add dev $DEV parent 1: protocol ip prio 10 u32 \
match ip protocol 6 0xff \
match u8 0x05 0x0f at 0 \
match u16 0x0000 0xffc0 at 2 \
match u8 0x10 0xff at 33 \
flowid 1:10
# rest is 'non-interactive' ie 'bulk' and ends up in 1:20
########## downlink #############
# slow downloads down to somewhat less than the real speed to prevent
# queuing at our ISP. Tune to see how high you can set it.
# ISPs tend to have *huge* queues to make sure big downloads are fast
#
# attach ingress policer:
tc qdisc add dev $DEV handle ffff: ingress
# filter *everything* to it (0.0.0.0/0), drop everything that's
# coming in too fast:
tc filter add dev $DEV parent ffff: protocol ip prio 50 u32 match ip src \
0.0.0.0/0 police rate ${DOWNLINK}kbit burst 10k drop flowid :1If the last two lines give an error, update your tc tool to a newer version!
Article copied from http://lartc.org/howto/lartc.cookbook.ultimate-tc.html
Microsoft Exchange as relay for Elastix 1.6 eMail
You will need to have a valid domain user with an Exchange mailbox to send mail as.
SSH to your Elastix box and run the following commands:
SSH to your Elastix box and run the following commands:
postconf -e 'relayhost = exchange-ip-address'
postconf -e 'smtp_sasl_auth_enable = no'
postconf -e 'smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd'
postconf -e 'smtp_sasl_security_options ='
postconf -e 'mydomain = your-domain-name.com'
postconf -e 'myhostname = elastix-hostname.your-domain-name.com'
echo "exchange-ip-address domain-username:domain-password" > /etc/postfix/sasl_passwd
chown root:root /etc/postfix/sasl_passwd
chmod 600 /etc/postfix/sasl_passwd
postmap /etc/postfix/sasl_passwd
/etc/init.d/postfix restartmail -s test valid-email@whatever.com < /etc/hostsElastix 1.6 and A2Billing 1.4.2.1 upgrade
rpm -e elastix-a2billing
mkdir /usr/local/src/a2billing
cd /usr/local/src/a2billing
wget http://www.asterisk2billing.org/downloads/A2Billing_1.4.2.1.tar.gz
tar zxvf A2Billing_1.4.2.1.tar.gz
init 6
cd /usr/local/src/a2billing
mysql -u root -p < DataBase/mysql-5.x/a2billing-createdb-user.sqlThe script will create a database, username and password with the following default values
Database name is: mya2billing
Database user is: a2billinguser
User password is: a2billing
mysql -u root -p
drop database mya2billing;
quit
mysql -u root -p < DataBase/mysql-5.x/a2billing-createdb-user.sql
mysql -u root -p mya2billing < DataBase/mysql-5.x/a2billing-schema-v1.4.0.sql
mysql -u root -p mya2billing < DataBase/mysql-5.x/UPDATE-a2billing-v1.4.0-to-v1.4.1.sql
mysql -u root -p mya2billing < DataBase/mysql-5.x/UPDATE-a2billing-v1.4.1-to-v1.4.2.sql
cp /usr/local/src/a2billing/a2billing.conf /etc/[database]
hostname = localhost
port = 3306
user = a2billinguser
password = a2billing
dbname = mya2billing
dbtype = mysql
touch /etc/asterisk/additional_a2billing_iax.conf
touch /etc/asterisk/additional_a2billing_sip.conf
echo #include additional_a2billing_sip.conf >> /etc/asterisk/sip.conf
echo #include additional_a2billing_iax.conf >> /etc/asterisk/iax.conf
chown -Rf asterisk:asterisk /etc/asterisk/additional_a2billing_iax.conf
chown -Rf asterisk:asterisk /etc/asterisk/additional_a2billing_sip.conf
cd /usr/local/src/a2billing/addons/sounds/
./install_a2b_sounds.sh
cd /usr/local/src/a2billing[myasterisk]
secret=mycode
read=system,call,log,verbose,command,agent,user
write=system,call,log,verbose,command,agent,user
[cacti]
secret = cacti
deny=0.0.0.0/0.0.0.0
permit=192.168.1.1/255.255.255.0 #Your Cacti Server IP and Mask
read = command
write = command
cd /usr/local/src/a2billing/AGI
cp a2billing.php /var/lib/asterisk/agi-bin/
cp -Rf /usr/local/src/a2billing/common/lib /var/lib/asterisk/agi-bin/
chown asterisk:asterisk /var/lib/asterisk/agi-bin/a2billing.php
chown -Rf asterisk:asterisk /var/lib/asterisk/agi-bin/lib
chmod +x /var/lib/asterisk/agi-bin/a2billing.php
cd /usr/local/src/a2billing
mkdir /var/www/html/a2billing
chown asterisk:asterisk /var/www/html/a2billing
cp -rf /usr/local/src/a2billing/admin /var/www/html/a2billing/
cp -rf /usr/local/src/a2billing/agent /var/www/html/a2billing/
cp -rf /usr/local/src/a2billing/customer /var/www/html/a2billing/
cp -rf /usr/local/src/a2billing/common /var/www/html/a2billing/
chmod 755 /var/www/html/a2billing/admin/templates_c
chmod 755 /var/www/html/a2billing/customer/templates_c
chmod 755 /var/www/html/a2billing/agent/templates_c
chown -Rf asterisk:asterisk /var/www/html/a2billing/admin/templates_c
chown -Rf asterisk:asterisk /var/www/html/a2billing/customer/templates_c
chown -Rf asterisk:asterisk /var/www/html/a2billing/agent/templates_cAlias /a2billing /var/www/html/a2billing/admin
service httpd restarthttp://elastix-ip-address/a2billing
the default user and password are:
user: root
pass: changepassword
nano /etc/asterisk/extensions_a2billing.conf (Add the following lines:)
[a2billing]
; CallingCard application
exten => _X.,1,Answer
exten => _X.,2,Wait,2
exten => _X.,3,DeadAGI,a2billing.php
exten => _X.,4,Wait,2
exten => _X.,5,Hangup
[did]
; CallingCard application
exten => _X.,1,DeadAGI(a2billing.php|1|did)
nano /etc/asterisk/extensions.conf (Add the following line to the TOP of the file:)
#include extensions_a2billing.conf
nano /var/spool/cron/a2billing (Add the following lines:)
# update the currency table
0 6 * * * php /usr/local/src/a2billing/Cronjobs/currencies_update_yahoo.php
# manage the monthly services subscription
0 6 1 * * php /usr/local/src/a2billing/Cronjobs/a2billing_subscription_fee.php
# To check account of each Users and send an email if the balance is less than the user have choice.
0 * * * * php /usr/local/src/a2billing/Cronjobs/a2billing_notify_account.php
# To check all the accounts and send an notification email if the balance is less than the first argument.
0 */6 * * php /usr/local/src/a2billing/Cronjobs/a2billing_check_account.php
# this script will browse all the DID that are reserve and check if the customer need to pay for it
# bill them or warn them per email to know if they want to pay in order to keep their DIDs
0 2 * * * php /usr/local/src/a2billing/Cronjobs/a2billing_bill_diduse.php
# This script will take care of the recurring service.
0 12 * * * php /usr/local/src/a2billing/Cronjobs/a2billing_batch_process.php
# To generate invoices and for each user.
0 6 * * * php /usr/local/src/a2billing/Cronjobs/a2billing_invoice_cront.php
# to proceed the autodialer
*/5 * * * * php /usr/local/src/a2billing/Cronjobs/a2billing_batch_autodialer.php
# manage alarms
0 * * * * php /usr/local/src/a2billing/Cronjobs/a2billing_alarm.php
mkdir /var/log/a2billing
touch /var/log/a2billing/a2billing_agi.log
touch /var/log/a2billing/a2billing_api_callback_request.log
touch /var/log/a2billing/a2billing_api_card.log
touch /var/log/a2billing/a2billing_api_ecommerce_request.log
touch /var/log/a2billing/a2billing_epayment.log
touch /var/log/a2billing/a2billing_paypal.log
touch /var/log/a2billing/cront_a2b_alarm.log
touch /var/log/a2billing/cront_a2b_archive_data.log
touch /var/log/a2billing/cront_a2b_autorefill.log
touch /var/log/a2billing/cront_a2b_batch_process.log
touch /var/log/a2billing/cront_a2b_bill_diduse.log
touch /var/log/a2billing/cront_a2b_check_account.log
touch /var/log/a2billing/cront_a2b_currency_update.log
touch /var/log/a2billing/cront_a2b_invoice.log
touch /var/log/a2billing/cront_a2b_subscription_fee.log
yum install python-setuptools MySQL-python python-psycopg2 python-sqlalchemy
cd /usr/local/src/a2billing/CallBack
easy_install --upgrade SQLAlchemy
LOAD_LOC=/usr/local/src/a2billing
cd $LOAD_LOC/CallBack/callback-daemon-py
cp callback_daemon/a2b-callback-daemon.rc /etc/init.d/a2b-callback-daemon
chmod +x /etc/init.d/a2b-callback-daemon
cp dist/callback_daemon-1.0.prod-r1528.tar.gz /tmp
cd /tmp
tar xvfz callback_daemon-1.0.prod-r1528.tar.gz
cd callback_daemon-1.0.prod-r1528
python setup.py build
python setup.py bdist_egg
easy_install dist/callback_daemon-1.0.prod_r1528-py2.4.egg
chkconfig --add a2b-callback-daemon
service a2b-callback-daemon start
chkconfig a2b-callback-daemon on
mv /etc/rc.d/rc0.d/K60a2b-callback-daemon /etc/rc.d/rc0.d/K02a2b-callback-daemon
mv /etc/rc.d/rc1.d/K60a2b-callback-daemon /etc/rc.d/rc1.d/S022za2b-callback-daemon
mv /etc/rc.d/rc3.d/S40a2b-callback-daemon /etc/rc.d/rc3.d/S98za2b-callback-daemon
mv /etc/rc.d/rc4.d/S40a2b-callback-daemon /etc/rc.d/rc4.d/S98za2b-callback-daemon
mv /etc/rc.d/rc5.d/S40a2b-callback-daemon /etc/rc.d/rc5.d/S98za2b-callback-daemon
mv /etc/rc.d/rc6.d/K60a2b-callback-daemon /etc/rc.d/rc6.d/K02a2b-callback-daemonTuesday, March 23, 2010
PFSense 1.2.3 BSD and traffic splitting between 2 ISPs
I was once working on a this project in the attempt to migrate from IPCOP... but instead I went for DD-WRT on Linksys, and this project died a quite dead... This was done to split traffic between "Local" and "International" in South Africa, due to that "Local" internet traffic that's much cheaper. Anyways, here is the code:
Install stock PFSense 1.2.3
vi /usr/local/etc/mpd5/mpd.conf
The problem still exists that I do not know how to do the routing between these two PPP interfaces to make this work. I do get only local access this way. PFSense uses the Packet Filter Firewall... and here is where I've lost track and went for DD-WRT that uses iptables...
Install stock PFSense 1.2.3
pkg_add -v -r mpd5 wget#!/bin/sh
WORKDIR="/tmp"
DATE=`date`
cd $WORKDIR
#Retrieve the local routes file
/usr/local/bin/wget "http://developers.locality.co.za/routes.txt" -O $WORKDIR/routes.raw
cat $WORKDIR/routes.raw | grep "/" | /usr/bin/awk '{print "route add -net "$1" -interface ng0"}' > $WORKDIR/routes.dat
# Make sure downloaded routes file exists
# If file does not exist Restore the backup
if [ ! -s $WORKDIR/routes.dat ]; then
/usr/bin/logger -t ROUTESET "Local routes download failed. Using backup if routes.dat.bak exists..."
cp -f $WORKDIR/routes.dat.bak $WORKDIR/routes.dat
else
/usr/bin/logger -t ROUTESET "Local routes - routes.dat successfully created."
#Backup new downloaded routes.dat file
cp $WORKDIR/routes.dat $WORKDIR/routes.dat.bak
#Add the new local routes
chmod 777 $WORKDIR/routes.dat
route flush
$WORKDIR/routes.dat
/usr/bin/logger -t ROUTESET "Local routes sucessfully added."
#Clean up
rm -f $WORKDIR/routes.raw $WORKDIR/routes.txt $WORKDIR/routes.dat
fivi /usr/local/etc/mpd5/mpd.conf
startup:
default:
load local
load international
local:
create bundle static Local
set iface route default
set iface up-script /usr/local/sbin/ppp-linkup
set ipcp ranges 0.0.0.0/0 0.0.0.0/0
create link static Local pppoe
set link action bundle Local
set auth authname your_local_account_username
set auth password your_local_account_password
set link max-redial 0
set link mtu 1462
set link mru 1462
set link keep-alive 10 60
set pppoe iface fxp0
set pppoe service "Local"
open
international:
create bundle static International
set iface route default
set iface up-script /usr/local/sbin/ppp-linkup
set ipcp ranges 0.0.0.0/0 0.0.0.0/0
create link static International pppoe
set link action bundle International
set auth authname your_international_account_username
set auth password your_international_account_password
set link max-redial 0
set link mtu 1462
set link mru 1462
set link keep-alive 10 60
set pppoe iface fxp0
set pppoe service "International"
openThe problem still exists that I do not know how to do the routing between these two PPP interfaces to make this work. I do get only local access this way. PFSense uses the Packet Filter Firewall... and here is where I've lost track and went for DD-WRT that uses iptables...
Decrypt Cisco IOS type 7 passwords on a router
I saw this once on the net and thought it could come in handy... Pitty it can't be done with type-5 passwords.
Turn on type-7 encryption for local passwords and create a temp username:
key 1 -- text "testuser:decyptedpassword"
accept lifetime (always valid) - (always valid) [valid now]
send lifetime (always valid) - (always valid) [valid now]
Turn on type-7 encryption for local passwords and create a temp username:
Router1(config)#service password-encryption
Router1(config)#username tempuser password !@&*^&*^$#Router1(config)#do show run | include username username tempuser password 7 -encrypted string-Router1(config)#key chain decrypt
Router1(config-keychain)#key 1
Router1(config-keychain-key)#key-string 7 -encrypted string-Router1(config-keychain-key)#do show key chain decryptkey 1 -- text "testuser:decyptedpassword"
accept lifetime (always valid) - (always valid) [valid now]
send lifetime (always valid) - (always valid) [valid now]
Windows domain admins and sudoers group Linux
I have struggled to make our domain admins have sudo rights on one of our Linux boxes. The change was actually simple at the end. Add the following line to your sudoers file on the Linux box. Replace DOMAIN with your domain name.
%DOMAIN\\domain^adminsEasy Route Summarization / Supernetting...
Some people get really confused when it comes to route summarization, probably more so with the different names given to it:
Route Summarization
Supernetting
Aggregate Address
Summary Address
Actually, I get more confused typing out this thing as being English I want to replace the z in "summarization" with an s, but as it's Cisco I best keep the z in. I also get this with "neighbor" versus "neighbour". Anyway, I digress. The above terms all mean the same thing.
What is summarization?
The process of taking a range of IP addresses and advertising them in one address block. The most well-known summarization/supernet is the RFC1918 Class B Range. More commonly we know the range to be 172.16.0.0 - 172.31.255.255, however the supernet is 172.16.0.0/12. You see what has happened there? We've taken a range of addresses and squashed it into one advertisement.
What are the benefits of summarization?
Quite clearly, if we have just one address instead of lots of individual addresses then the routing table is going to be smaller. This in turn means that memory requirements are reduced. The less obvious benefit is that summarization means you're tracking whether or not you're connected to some subnets of a summary, not the up/down state of every link. Thus when the link goes up or down, you don't have a flurry of traffic announcing the state change.
How to summarize/supernet?
This is what you really want to know isn't it? Well it's dead simple. The first method shows you the long way.
1. Starting from the left of the IP address, identify the first octet that has a change of address in it. For example, the Class B RFC1918 range, the IP address first changes in the second octet (i.e. 172.16.x.x - 172.31.x.x).
2. Write out the binary equivalent of the address up to and including the changing octet. So for example the range above is:
10101100.00010000 = 172.16
10101100.00010001 = 172.17
10101100.00010010 = 172.18
10101100.00010011 = 172.19
10101100.00010100 = 172.20
10101100.00010101 = 172.21
10101100.00010110 = 172.22
10101100.00010111 = 172.23
10101100.00011000 = 172.24
10101100.00011001 = 172.25
10101100.00011010 = 172.26
10101100.00011011 = 172.27
10101100.00011100 = 172.28
10101100.00011101 = 172.29
10101100.00011110 = 172.30
10101100.00011111 = 172.31
3. From this list, count from the left how many bits are the same in each address. If we look at it we see that the first 12 bits for each address is the same so that gives us our mask in slash notation. We therefore start at our first address 172.16.0.0 and append our mask so the summary address is 172.16.0.0/12.
Well that was quite simple. But can we be quicker? Yes we can is the good news, after all, you don't want to eat up time in the exam by writing out addresses in binary. So here goes:
1. How many subnets are in the range? The RFC1918 Class B range is 16 subnets.
2. What power of 2 equals our range? 16 subnets = 24 so the answer is four.
3. Subtract the figure from step 2 from the default mask of our address range. In this example our default mask is 16 so the mask after subtracting 4 is /12.
4. Add this mask to the first address in the range - 172.16.0.0/12 in this example
Quick, eh? This is how it works in my head, "mmmm, 16 addresses, 2 to the 4 is 16, mask is 16, minus 4 is 12, so summary address must be first address with /12 mask."
One last example:
Summarize the following:
192.168.0.0/24
192.168.1.0/24
192.168.2.0/24
192.168.3.0/24
There are 4 subnets. 2 to the power of 2 gives us 4 so default mask of 24, minus 2, gives us /22. Address is therefore 192.168.0.0/22.
More difficult supernetting question
There are, however, a few pitfalls with supernetting/summarization. Sometimes you may not be able to get all of the addresses into a supernet without wasting addresses. Experience with supernetting questions will help you to identify this. An example below shows you how this could happen:
You need to summarize the following range:
10.16.31.0/24
10.16.32.0/24
10.16.33.0/24
10.16.34.0/24
10.16.35.0/24
10.16.36.0/24
10.16.37.0/24
10.16.38.0/24
10.16.39.0/24
10.16.40.0/24
What summary address should you use? Well there's 10 subnets. 2 to the power of 3 only gives us 8 subnets which is too small so we need to look at 2 to the power of 4 which is 16. The problem is that if we count in 16s our addresses straddle two subnets: 10.16.16.0 to 10.16.31.255 and 10.16.32.0 to 10.16.47.255. We have the same problem if we use the power of 5 giving us a range of 32 addresses (10.16.31.0 is in a different subnet than the other addresses in the range). We therefore have to go out to 2 to the power of 6 = 64 in order to get all of our addresses in the
range (i.e. 10.16.0.0 to 10.16.63.255). What a waste of address space!! The best answer is the following:
Break the space down into three ranges. We can summarize 10.16.32.0 to 10.16.39.255 with 3 bits (i.e. there are 8 subnets and 2 to the power of 3 is 8). We simply leave the other two address as they are. We have therefore avoided any wasted address space.
Reference: Please also see the comments!
http://subnettingmadeeasy.blogspot.com/2007/11/router-summarization.html
More Examples:
Question:
"Given the addresses 10.1.138.0/27, 10.1.138.64/26, and 10.1.138.32/27, which of the following is the best summary?"
Answer:
10.1.138.0/27 covers 10.1.138.0 to 10.1.138.31
10.1.138.32/27 covers 10.1.138.32 to 10.1.138.63
10.1.138.64/26 covers 10.1.138.64 to 10.1.138.127
Therefore you have to find out which summary covers 10.1.138.0 to 10.128.38.127. This is 128 addresses (1 network address, 1 broadcast address, and 126 host addresses). We therefore need to reserve enough bits to cover 128 addresses. We know that 2^7 = 128 so we must not subnet the last 7 bits of the address. As there are 32 bits in an IP address we subtract 7 from 32 to give us 25. Our summary address is therefore 10.128.38.0/25
Question:
A router has a summary route to network 192.168.32.0/20 installed in its routing table. What range of networks are summarized by this route?
Answer:
You have a /20 which is a block size of 16 in the third octet (i.e. 2^(24-20) = 16). Count in block sizes of 16 in the third octet so you would have 192.168.0.0, 192.168.16.0, 192.168.32.0, 192.168.48.0 etc Your summary will therefore cover 192.168.32.0 to 192.168.47.255 To prove this you could always use binary. If we just concentrate on the third octet and pick 32 (the subnet address, in binary 00100000) and the mask for that octet is 11110000 (i.e. the full mask for a /20 is 111111111.11111111.11110000.00000000)
Perform an AND on that octet:
00100000
11110000
=
00100000
=
32
What if we use 47 in the 3rd octet (binary 00101111)?
Perform an AND:
00101111
11110000
=
00100000
=
32
They both resolve to the same value in the third octet so we know it is in the same summary.
Let's go to 48 in the third octet (binary 00110000) and perform the same AND with a /20 mask:
00110000
11110000
=
00110000
=
48
This value is different and therefore is not in the summary. The binary way is the longest method but can be useful for you to see what is happening with the bits.
Question:
Which address can be used to summarize networks 172.16.0.0/24 thru 172.16.7.0/24?
Answer:
In this case you still follow the same principals as in the tutorial but subtract the number of bits required to cover the subnet range from the mask given in the question. The question has 8 subnets in all. 3 bits will give us 8 subnets as 2 ^ 3 = 8. Subtract 3 from the mask in the question (24 - 3) which equals 21. Take the first address in your range and change the mask to the new mask and that gives you the summarized address (i.e. 172.16.0.0/21)
Route Summarization
Supernetting
Aggregate Address
Summary Address
Actually, I get more confused typing out this thing as being English I want to replace the z in "summarization" with an s, but as it's Cisco I best keep the z in. I also get this with "neighbor" versus "neighbour". Anyway, I digress. The above terms all mean the same thing.
What is summarization?
The process of taking a range of IP addresses and advertising them in one address block. The most well-known summarization/supernet is the RFC1918 Class B Range. More commonly we know the range to be 172.16.0.0 - 172.31.255.255, however the supernet is 172.16.0.0/12. You see what has happened there? We've taken a range of addresses and squashed it into one advertisement.
What are the benefits of summarization?
Quite clearly, if we have just one address instead of lots of individual addresses then the routing table is going to be smaller. This in turn means that memory requirements are reduced. The less obvious benefit is that summarization means you're tracking whether or not you're connected to some subnets of a summary, not the up/down state of every link. Thus when the link goes up or down, you don't have a flurry of traffic announcing the state change.
How to summarize/supernet?
This is what you really want to know isn't it? Well it's dead simple. The first method shows you the long way.
1. Starting from the left of the IP address, identify the first octet that has a change of address in it. For example, the Class B RFC1918 range, the IP address first changes in the second octet (i.e. 172.16.x.x - 172.31.x.x).
2. Write out the binary equivalent of the address up to and including the changing octet. So for example the range above is:
10101100.00010000 = 172.16
10101100.00010001 = 172.17
10101100.00010010 = 172.18
10101100.00010011 = 172.19
10101100.00010100 = 172.20
10101100.00010101 = 172.21
10101100.00010110 = 172.22
10101100.00010111 = 172.23
10101100.00011000 = 172.24
10101100.00011001 = 172.25
10101100.00011010 = 172.26
10101100.00011011 = 172.27
10101100.00011100 = 172.28
10101100.00011101 = 172.29
10101100.00011110 = 172.30
10101100.00011111 = 172.31
3. From this list, count from the left how many bits are the same in each address. If we look at it we see that the first 12 bits for each address is the same so that gives us our mask in slash notation. We therefore start at our first address 172.16.0.0 and append our mask so the summary address is 172.16.0.0/12.
Well that was quite simple. But can we be quicker? Yes we can is the good news, after all, you don't want to eat up time in the exam by writing out addresses in binary. So here goes:
1. How many subnets are in the range? The RFC1918 Class B range is 16 subnets.
2. What power of 2 equals our range? 16 subnets = 24 so the answer is four.
3. Subtract the figure from step 2 from the default mask of our address range. In this example our default mask is 16 so the mask after subtracting 4 is /12.
4. Add this mask to the first address in the range - 172.16.0.0/12 in this example
Quick, eh? This is how it works in my head, "mmmm, 16 addresses, 2 to the 4 is 16, mask is 16, minus 4 is 12, so summary address must be first address with /12 mask."
One last example:
Summarize the following:
192.168.0.0/24
192.168.1.0/24
192.168.2.0/24
192.168.3.0/24
There are 4 subnets. 2 to the power of 2 gives us 4 so default mask of 24, minus 2, gives us /22. Address is therefore 192.168.0.0/22.
More difficult supernetting question
There are, however, a few pitfalls with supernetting/summarization. Sometimes you may not be able to get all of the addresses into a supernet without wasting addresses. Experience with supernetting questions will help you to identify this. An example below shows you how this could happen:
You need to summarize the following range:
10.16.31.0/24
10.16.32.0/24
10.16.33.0/24
10.16.34.0/24
10.16.35.0/24
10.16.36.0/24
10.16.37.0/24
10.16.38.0/24
10.16.39.0/24
10.16.40.0/24
What summary address should you use? Well there's 10 subnets. 2 to the power of 3 only gives us 8 subnets which is too small so we need to look at 2 to the power of 4 which is 16. The problem is that if we count in 16s our addresses straddle two subnets: 10.16.16.0 to 10.16.31.255 and 10.16.32.0 to 10.16.47.255. We have the same problem if we use the power of 5 giving us a range of 32 addresses (10.16.31.0 is in a different subnet than the other addresses in the range). We therefore have to go out to 2 to the power of 6 = 64 in order to get all of our addresses in the
range (i.e. 10.16.0.0 to 10.16.63.255). What a waste of address space!! The best answer is the following:
Break the space down into three ranges. We can summarize 10.16.32.0 to 10.16.39.255 with 3 bits (i.e. there are 8 subnets and 2 to the power of 3 is 8). We simply leave the other two address as they are. We have therefore avoided any wasted address space.
Reference: Please also see the comments!
http://subnettingmadeeasy.blogspot.com/2007/11/router-summarization.html
More Examples:
Question:
"Given the addresses 10.1.138.0/27, 10.1.138.64/26, and 10.1.138.32/27, which of the following is the best summary?"
Answer:
10.1.138.0/27 covers 10.1.138.0 to 10.1.138.31
10.1.138.32/27 covers 10.1.138.32 to 10.1.138.63
10.1.138.64/26 covers 10.1.138.64 to 10.1.138.127
Therefore you have to find out which summary covers 10.1.138.0 to 10.128.38.127. This is 128 addresses (1 network address, 1 broadcast address, and 126 host addresses). We therefore need to reserve enough bits to cover 128 addresses. We know that 2^7 = 128 so we must not subnet the last 7 bits of the address. As there are 32 bits in an IP address we subtract 7 from 32 to give us 25. Our summary address is therefore 10.128.38.0/25
Question:
A router has a summary route to network 192.168.32.0/20 installed in its routing table. What range of networks are summarized by this route?
Answer:
You have a /20 which is a block size of 16 in the third octet (i.e. 2^(24-20) = 16). Count in block sizes of 16 in the third octet so you would have 192.168.0.0, 192.168.16.0, 192.168.32.0, 192.168.48.0 etc Your summary will therefore cover 192.168.32.0 to 192.168.47.255 To prove this you could always use binary. If we just concentrate on the third octet and pick 32 (the subnet address, in binary 00100000) and the mask for that octet is 11110000 (i.e. the full mask for a /20 is 111111111.11111111.11110000.00000000)
Perform an AND on that octet:
00100000
11110000
=
00100000
=
32
What if we use 47 in the 3rd octet (binary 00101111)?
Perform an AND:
00101111
11110000
=
00100000
=
32
They both resolve to the same value in the third octet so we know it is in the same summary.
Let's go to 48 in the third octet (binary 00110000) and perform the same AND with a /20 mask:
00110000
11110000
=
00110000
=
48
This value is different and therefore is not in the summary. The binary way is the longest method but can be useful for you to see what is happening with the bits.
Question:
Which address can be used to summarize networks 172.16.0.0/24 thru 172.16.7.0/24?
Answer:
In this case you still follow the same principals as in the tutorial but subtract the number of bits required to cover the subnet range from the mask given in the question. The question has 8 subnets in all. 3 bits will give us 8 subnets as 2 ^ 3 = 8. Subtract 3 from the mask in the question (24 - 3) which equals 21. Take the first address in your range and change the mask to the new mask and that gives you the summarized address (i.e. 172.16.0.0/21)
Easy Subnetting...
This technique requires you to know how to work with the powers of 2. We need to start with the fundamentals of IP addressing. An IP address is made up of 32 bits, split into 4 octets (oct = 8). Some bits are reserved for identifying the network and the other bits are left to identify the host.
There are 3 main classes of IP address that we are concerned with.
Class A Range 0 - 127 in the first octet (0 and 127 are reserved)
Class B Range 128 - 191 in the first octet
Class C Range 192 - 223 in the first octet
Below shows you how, for each class, the address is split in terms of network (N) and host (H) portions.
NNNNNNNN . HHHHHHHH . HHHHHHHH . HHHHHHHH Class A
NNNNNNNN . NNNNNNNN . HHHHHHHH . HHHHHHHH Class B
NNNNNNNN . NNNNNNNN . NNNNNNNN . HHHHHHHH Class C
At each dot I like to think that there is a boundary, therefore there are boundaries after bits 8, 16, 24, and 32. This is an important concept to remember.
We will now look at typical questions that you may see on subnetting. More often than not they ask what a host range is for a specific address or which subnet a certain address is located on.
Examples:
What subnet does 192.168.12.78/29 belong to?
You may wonder where to begin. Well to start with let's find the next boundary of this address. Our mask is a /29. The next boundary is 32. So 32 - 29 = 3. Now 2^3 = 8 which gives us our block size i.e. 2 to the power of 3 equals 8.
We have borrowed from the last octet as the 29th bit is in the last octet. We start from zero and count up in our block size. Therefore it follows that the subnets are:
192.168.12.0
192.168.12.8
192.168.12.16
192.168.12.24
192.168.12.32
192.168.12.40
192.168.12.48
192.168.12.56
192.168.12.64
192.168.12.72
192.168.12.80
.............etc
Our address is 192.168.12.78 so it must sit on the 192.168.12.72 subnet.
What subnet does 172.16.116.4/19 belongs to?
Our mask is /19 and our next boundary is 24. Therefore 24 - 19 = 5. The block size is 2^5 = 32. We have borrowed into the third octet as bit 19 is in the third octet so we count up our block size in that octet. The subnets are:
172.16.0.0
172.16.32.0
172.16.64.0
172.16.96.0
172.16.128.0
172.16.160.0
.............etc
Our address is 172.16.116.4 so it must sit on the 172.16.96.0 subnet.
What subnet does 10.34.67.234/12 sit on?
Our mask is 12. Our next boundary is 16. Therefore 16 - 12 = 4. 2^4 = 16 which gives us our block size. We have borrowed from the second octet as bit 12 sits in the second octet so we count up the block size in that octet. The subnets are:
10.0.0.0
10.16.0.0
10.32.0.0
10.48.0.0
.............etc
Our address is 10.34.67.234 which must sit on the 10.32.0.0 subnet.
We will now change the type of question so that we have to give a particular host range of a subnet.
What is the valid host range of of the 4th subnet of 192.168.10.0/28?
The block size is 16 since 32 - 28 = 4 and 2^4 = 16. We need to count up in the block size in the last octet as bit 28 is in the last octet.
192.168.10.0
192.168.10.16
192.168.10.32
192.168.10.48
192.168.10.64
.................etc
Therefore the 4th subnet is 192.168.10.48 and the host range must be 192.168.10.49 to 192.168.10.62, remembering that the subnet and broadcast address cannot be used.
What is the valid host range of the 1st subnet of 172.16.0.0/17?
/17 tells us that the block size is 2^(24-17) = 2^7 = 128. We are borrowing in the 3rd octet as bit 17 is in the 3rd octet. Our subnets are:
172.16.0.0
172.16.128.0
The first subnet is 172.16.0.0 and the valid host range is 172.16.0.1 to 172.16.127.254. You must remember not to include the subnet address (172.16.0.0) and the broadcast address (172.16.127.255).
What is the valid host range of the 7th subnet of address 10.0.0.0/14?
The block size is 4, from 16 - 14 = 2 then 22 = 4. We are borrowing in the second octet so count in the block size from 0 seven times to get the seventh subnet.
The seventh subnet is 10.24.0.0. Our valid host range must be 10.24.0.1 to 10.27.255.254 again remembering not to include our subnet (10.24.0.0) and the broadcast address (10.27.255.255).
What if you're given the subnet mask in dotted decimal?
If you're lucky and they give you a mask in dotted decimal format then you should have an even easier time. All you need again is your block size. Let's say they have given a mask of 255.255.255.248 and you wish to know the block size. Here's the technique:
1. Starting from the left of the mask find which is the first octet to NOT have 255 in it.
2. Subtract the number in that octet from 256 to get your block size e.g. above it is 256 - 248 = block size of 8.
3. Count up from zero in your block size in the octet identified in step 1 as you have learned above (the example above would be in the last octet).
Another example is a mask of 255.255.192.0 - you would simply count up in 256 - 192 = 64 in the third octet.
One more example is 255.224.0.0 - block size is 256 - 224 = 32 in the second octet
There are 3 main classes of IP address that we are concerned with.
Class A Range 0 - 127 in the first octet (0 and 127 are reserved)
Class B Range 128 - 191 in the first octet
Class C Range 192 - 223 in the first octet
Below shows you how, for each class, the address is split in terms of network (N) and host (H) portions.
NNNNNNNN . HHHHHHHH . HHHHHHHH . HHHHHHHH Class A
NNNNNNNN . NNNNNNNN . HHHHHHHH . HHHHHHHH Class B
NNNNNNNN . NNNNNNNN . NNNNNNNN . HHHHHHHH Class C
At each dot I like to think that there is a boundary, therefore there are boundaries after bits 8, 16, 24, and 32. This is an important concept to remember.
We will now look at typical questions that you may see on subnetting. More often than not they ask what a host range is for a specific address or which subnet a certain address is located on.
Examples:
What subnet does 192.168.12.78/29 belong to?
You may wonder where to begin. Well to start with let's find the next boundary of this address. Our mask is a /29. The next boundary is 32. So 32 - 29 = 3. Now 2^3 = 8 which gives us our block size i.e. 2 to the power of 3 equals 8.
We have borrowed from the last octet as the 29th bit is in the last octet. We start from zero and count up in our block size. Therefore it follows that the subnets are:
192.168.12.0
192.168.12.8
192.168.12.16
192.168.12.24
192.168.12.32
192.168.12.40
192.168.12.48
192.168.12.56
192.168.12.64
192.168.12.72
192.168.12.80
.............etc
Our address is 192.168.12.78 so it must sit on the 192.168.12.72 subnet.
What subnet does 172.16.116.4/19 belongs to?
Our mask is /19 and our next boundary is 24. Therefore 24 - 19 = 5. The block size is 2^5 = 32. We have borrowed into the third octet as bit 19 is in the third octet so we count up our block size in that octet. The subnets are:
172.16.0.0
172.16.32.0
172.16.64.0
172.16.96.0
172.16.128.0
172.16.160.0
.............etc
Our address is 172.16.116.4 so it must sit on the 172.16.96.0 subnet.
What subnet does 10.34.67.234/12 sit on?
Our mask is 12. Our next boundary is 16. Therefore 16 - 12 = 4. 2^4 = 16 which gives us our block size. We have borrowed from the second octet as bit 12 sits in the second octet so we count up the block size in that octet. The subnets are:
10.0.0.0
10.16.0.0
10.32.0.0
10.48.0.0
.............etc
Our address is 10.34.67.234 which must sit on the 10.32.0.0 subnet.
We will now change the type of question so that we have to give a particular host range of a subnet.
What is the valid host range of of the 4th subnet of 192.168.10.0/28?
The block size is 16 since 32 - 28 = 4 and 2^4 = 16. We need to count up in the block size in the last octet as bit 28 is in the last octet.
192.168.10.0
192.168.10.16
192.168.10.32
192.168.10.48
192.168.10.64
.................etc
Therefore the 4th subnet is 192.168.10.48 and the host range must be 192.168.10.49 to 192.168.10.62, remembering that the subnet and broadcast address cannot be used.
What is the valid host range of the 1st subnet of 172.16.0.0/17?
/17 tells us that the block size is 2^(24-17) = 2^7 = 128. We are borrowing in the 3rd octet as bit 17 is in the 3rd octet. Our subnets are:
172.16.0.0
172.16.128.0
The first subnet is 172.16.0.0 and the valid host range is 172.16.0.1 to 172.16.127.254. You must remember not to include the subnet address (172.16.0.0) and the broadcast address (172.16.127.255).
What is the valid host range of the 7th subnet of address 10.0.0.0/14?
The block size is 4, from 16 - 14 = 2 then 22 = 4. We are borrowing in the second octet so count in the block size from 0 seven times to get the seventh subnet.
The seventh subnet is 10.24.0.0. Our valid host range must be 10.24.0.1 to 10.27.255.254 again remembering not to include our subnet (10.24.0.0) and the broadcast address (10.27.255.255).
What if you're given the subnet mask in dotted decimal?
If you're lucky and they give you a mask in dotted decimal format then you should have an even easier time. All you need again is your block size. Let's say they have given a mask of 255.255.255.248 and you wish to know the block size. Here's the technique:
1. Starting from the left of the mask find which is the first octet to NOT have 255 in it.
2. Subtract the number in that octet from 256 to get your block size e.g. above it is 256 - 248 = block size of 8.
3. Count up from zero in your block size in the octet identified in step 1 as you have learned above (the example above would be in the last octet).
Another example is a mask of 255.255.192.0 - you would simply count up in 256 - 192 = 64 in the third octet.
One more example is 255.224.0.0 - block size is 256 - 224 = 32 in the second octet
Mounting LVM volumes from live CD
These instructions are for when you need to get data from a hard disk, but the disk is configured with LVM volumes. I've used a Gentoo minimal install/Live disk:
Mounting the LVM Volume:
Unmounting the LVM Volume:
Mounting the LVM Volume:
vgchange -a y
lvscan
mount -t ext3 /dev/VolGroup00/LogVol00 /mnt/Unmounting the LVM Volume:
umount /mnt/
vgchange -a yMonday, March 22, 2010
Minimal Centos 5 Server install
You only need CD #1 to do the basic install.
Minimal Install Steps
1. Boot to CD #1
2. At the Boot: prompt, type in "linux text" to get the text installation setup
3. Proceed normally with the installation until it asks which packages to install
4. Deselect all of the packages and then click on the "customize package selection" check box
5. Hold down the "-" (dash) key, which scrolls through all of the package options and deselects them all
6. Finish the installation
7. Do a "yum update" to get latest versions of everything
8. Do a "yum install " for what ever other packages you need
Free Resources on a Server:
chkconfig anacron off
chkconfig apmd off
chkconfig atd off
chkconfig autofs off
chkconfig cpuspeed off
chkconfig cups off
chkconfig cups-config-daemon off
chkconfig gpm off
chkconfig isdn off
chkconfig netfs off
chkconfig nfslock off
chkconfig openibd off
chkconfig pcmcia off
chkconfig portmap off
chkconfig rawdevices off
chkconfig readahead_early off
chkconfig rpcgssd off
chkconfig rpcidmapd off
chkconfig smartd off
chkconfig xfs off
chkconfig ip6tables off
chkconfig avahi-daemon off
chkconfig firstboot off
chkconfig yum-updatesd off
chkconfig sendmail off
chkconfig mcstrans off
chkconfig pcscd off
chkconfig bluetooth off
chkconfig hidd off
NOTES:
The next group of services is more useful to servers.
--- xinetd
- may be needed for some servers
--- acpid
- needed for power button to shut down server gently
--- microcode_ctl
- not needed on AMD machines
--- irqbalance
- not needed unless running SMP
- multiple cores, multiple processors, hyperthreading
--- haldaemon and messagebus
- support for plug and play devices
--- mdmonitor
- not needed unless running software RAID
Evaluate their worth even more closely before disabling them.
chkconfig xinetd off
chkconfig acpid off
chkconfig microcode_ctl off
chkconfig irqbalance off
chkconfig haldaemon off
chkconfig messagebus off
chkconfig mdmonitor off
Run the following to see what else is enabled:
chkconfig --list |grep "3:on" |awk '{print $1}' |sort
If you want to compare the list before and after, you can:
chkconfig --list |grep "3:on" |awk '{print $1}' |sort > before
and
chkconfig --list |grep "3:on" |awk '{print $1}' |sort > after
Virtual Terminals
You may also minimize the virtual terminals. The default is six virtual terminals. You
can probably do with two.
To disable them, edit the /etc/inittab file and comment out the ones that you don't
want running like this:
# Run gettys in standard runlevels
1:2345:respawn:/sbin/mingetty tty1
2:2345:respawn:/sbin/mingetty tty2
#3:2345:respawn:/sbin/mingetty tty3
#4:2345:respawn:/sbin/mingetty tty4
#5:2345:respawn:/sbin/mingetty tty5
#6:2345:respawn:/sbin/mingetty tty6
Updating system and Rebooting
yum update
init 6
References:
http://www.sonoracomm.com/support/18-support/202-centos-min
http://www.sonoracomm.com/support/18-support/114-minimal-svcs
http://www.hscripts.com/tutorials/linux-services/
Minimal Install Steps
1. Boot to CD #1
2. At the Boot: prompt, type in "linux text" to get the text installation setup
3. Proceed normally with the installation until it asks which packages to install
4. Deselect all of the packages and then click on the "customize package selection" check box
5. Hold down the "-" (dash) key, which scrolls through all of the package options and deselects them all
6. Finish the installation
7. Do a "yum update" to get latest versions of everything
8. Do a "yum install " for what ever other packages you need
Free Resources on a Server:
chkconfig anacron off
chkconfig apmd off
chkconfig atd off
chkconfig autofs off
chkconfig cpuspeed off
chkconfig cups off
chkconfig cups-config-daemon off
chkconfig gpm off
chkconfig isdn off
chkconfig netfs off
chkconfig nfslock off
chkconfig openibd off
chkconfig pcmcia off
chkconfig portmap off
chkconfig rawdevices off
chkconfig readahead_early off
chkconfig rpcgssd off
chkconfig rpcidmapd off
chkconfig smartd off
chkconfig xfs off
chkconfig ip6tables off
chkconfig avahi-daemon off
chkconfig firstboot off
chkconfig yum-updatesd off
chkconfig sendmail off
chkconfig mcstrans off
chkconfig pcscd off
chkconfig bluetooth off
chkconfig hidd off
NOTES:
The next group of services is more useful to servers.
--- xinetd
- may be needed for some servers
--- acpid
- needed for power button to shut down server gently
--- microcode_ctl
- not needed on AMD machines
--- irqbalance
- not needed unless running SMP
- multiple cores, multiple processors, hyperthreading
--- haldaemon and messagebus
- support for plug and play devices
--- mdmonitor
- not needed unless running software RAID
Evaluate their worth even more closely before disabling them.
chkconfig xinetd off
chkconfig acpid off
chkconfig microcode_ctl off
chkconfig irqbalance off
chkconfig haldaemon off
chkconfig messagebus off
chkconfig mdmonitor off
Run the following to see what else is enabled:
chkconfig --list |grep "3:on" |awk '{print $1}' |sort
If you want to compare the list before and after, you can:
chkconfig --list |grep "3:on" |awk '{print $1}' |sort > before
and
chkconfig --list |grep "3:on" |awk '{print $1}' |sort > after
Virtual Terminals
You may also minimize the virtual terminals. The default is six virtual terminals. You
can probably do with two.
To disable them, edit the /etc/inittab file and comment out the ones that you don't
want running like this:
# Run gettys in standard runlevels
1:2345:respawn:/sbin/mingetty tty1
2:2345:respawn:/sbin/mingetty tty2
#3:2345:respawn:/sbin/mingetty tty3
#4:2345:respawn:/sbin/mingetty tty4
#5:2345:respawn:/sbin/mingetty tty5
#6:2345:respawn:/sbin/mingetty tty6
Updating system and Rebooting
yum update
init 6
References:
http://www.sonoracomm.com/support/18-support/202-centos-min
http://www.sonoracomm.com/support/18-support/114-minimal-svcs
http://www.hscripts.com/tutorials/linux-services/
Sunday, March 21, 2010
Impressive indeed...
26 Billion pixels! The world's largest image! Visit Paris like never before!
http://www.paris-26-gigapixels.com/
http://www.paris-26-gigapixels.com/
Linksys WRT-54GL 1.1, Traffic splitting between 2 ISPs, Traffic accounting
This was done for data least cost routing, in South Africa, due to much cheaper "Local" bandwidth.
NOTE: You will need to have the following SD mod installed on your router:
http://www.hendlsofen.de/WRT54GL/eng/WRT54GL_SDMod.html
Firmware used, eko branch:
http://www.dd-wrt.com/dd-wrtv2/downloads/others/eko/V24_TNG/svn13491-snow/NEWD/dd-wrt.v24-13491_NEWD_std.bin
MMC/SD Card Support must be enabled on the router’s web interface:
GPIO pins select – Manual
GPIO pins DI:2 D0:4 CLK:3 CS:7
Install BWLOG:
SSH to your router
On the router’s web interface,
Administration --> Commands --> Startup
Startup script:
Firewall script:
Reboot your router
NOTE: You will need to have the following SD mod installed on your router:
http://www.hendlsofen.de/WRT54GL/eng/WRT54GL_SDMod.html
Firmware used, eko branch:
http://www.dd-wrt.com/dd-wrtv2/downloads/others/eko/V24_TNG/svn13491-snow/NEWD/dd-wrt.v24-13491_NEWD_std.bin
MMC/SD Card Support must be enabled on the router’s web interface:
GPIO pins select – Manual
GPIO pins DI:2 D0:4 CLK:3 CS:7
Install BWLOG:
SSH to your router
cd /mmc/jffs/scripts
wget http://www.krikkit.net/download/wrtbwlog_cust_exp.tgz
tar -zxvf wrtbwlog_cust_exp.tgzOn the router’s web interface,
Administration --> Commands --> Startup
Startup script:
#!/bin/sh
PATH=/usr/sbin:/sbin:/usr/bin:$PATH
umount /jffs
mount --bind /mmc/jffs /jffs
killall redial
killall pppd
#INTERNATIONAL
INTLUSER=isp1_username
INTLPASS=isp1_password
#LOCAL
LOCALUSER=isp2_username
LOCALPASS=isp2_password
#OTHER SETTINGS
INTRFACE=nic-vlan1
SAIXSMTP=196.43.2.142
ROUTESERVER=196.38.40.110
INTL=ppp0
LOCL=ppp1
TIMEOUT=120
setintlroutes () {
echo ...setting International routes
route add -host $ROUTESERVER $INTL
route add -host $SAIXSMTP $INTL
}
setdefaultroute () {
echo ...applying default route
route del default
route del default
route del default
route add default $INTL
}
getloclroutes () {
echo Downloading Local routes...
sleep 5
wget -T 15 "http://developers.locality.co.za/routes.txt" -O /tmp/routes.dat
sleep 7
if [ ! -f /tmp/routes.dat ]
then
echo ...restoring backup routes.txt file
cp /mmc/jffs/scripts/routes.dat.bak /tmp/routes.dat
sleep 7
fi
}
backuploclroutes () {
echo ...backing up existing routes.txt file
cp /tmp/routes.dat /mmc/jffs/scripts/routes.dat.bak
rm -rf /tmp/routes.dat
}
setloclroutes () {
echo ...setting Local routes
for IP in `cat /tmp/routes.dat`
do
gpio enable 7
route add -net $IP $LOCL
gpio disable 7
done
}
connect () {
gpio disable 3; sleep 1
pppd plugin /usr/lib/rp-pppoe.so $INTRFACE noipdefault noauth nodefaultroute noaccomp noccp nobsdcomp nodeflate nopcomp novj novjccomp nomppe nomppc usepeerdns user $1 password $2 default-asyncmap mtu 1492 mru 1492 persist lcp-echo-interval 60 lcp-echo-failure 10 maxfail 0 unit $3
gpio enable 3; sleep 1
}
connlinkintl () {
while true
do
if [ `ip link show dev ppp0 |grep ppp0 |awk '{ print $2 }'` == "ppp0:" ]
then
echo ...International ppp link is up
break
else
echo ...waiting for International to connect
gpio disable 3; sleep 1
gpio enable 3; sleep 1
fi
done
}
connlinklocl () {
while true
do
if [ `ip link show dev ppp1 |grep ppp1 |awk '{ print $2 }'` == "ppp1:" ]
then
echo ...Local ppp link is up
break
else
echo ...waiting for Local to connect
gpio disable 3; sleep 1
gpio enable 3; sleep 1
fi
done
}
sleep 20
cd /mmc/jffs/scripts/bwlog/
./start.sh &
echo Starting up Traffic Splitting... Please wait...
sleep 40
while true
do
if [ `ip link show dev ppp0 |grep ppp0 |awk '{ print $2 }'` == "ppp0:" ]
then
echo ...International ppp link is up
else
connect $INTLUSER $INTLPASS 0
connlinkintl
sleep 10
setintlroutes
setdefaultroute
fi
if [ `ip link show dev ppp1 |grep ppp1 |awk '{ print $2 }'` == "ppp1:" ]
then
echo ...Local ppp link is up
else
connect $LOCALUSER $LOCALPASS 1
connlinklocl
sleep 10
setdefaultroute
getloclroutes
setloclroutes
backuploclroutes
setdefaultroute
fi
if [ `ip link show dev ppp2 |grep ppp2 |awk '{ print $2 }'` == "ppp2:" ]
then
echo ...Resetting all ppp connections
killall redial
killall pppd
else
echo all ppp connections seems good
fi
echo returning to main loop...
sleep $TIMEOUT
doneFirewall script:
#!/bin/sh
PATH=/usr/sbin:/sbin:/usr/bin:$PATH
iptables -t nat -I POSTROUTING -o ppp+ -j MASQUERADEReboot your router
Saturday, March 20, 2010
Netatalk 2.0.5-3, Ubuntu 9.10 minimal install and Snow Leopard Time Machine
wget http://ftp.us.debian.org/debian/pool/main/d/db/libdb4.8_4.8.26-1_i386.deb
dpkg -i libdb4.8_4.8.26-1_i386.deb
wget http://ftp.us.debian.org/debian/pool/main/libg/libgcrypt11/libgcrypt11_1.4.5-2_i386.deb
dpkg -i libgcrypt11_1.4.5-2_i386.deb
apt-get install libcrack2
wget http://ftp.us.debian.org/debian/pool/main/n/netatalk/netatalk_2.0.5-3_i386.deb
dpkg -i netatalk_2.0.5-3_i386.deb
mkdir /storage/TimeMachine
chmod a+rw /storage/TimeMachinechange the last part to look like this:
# By default all users have access to their home directories.
#~/ "Home Directory"
/storage/TimeMachine "TimeMachine" options:tm/etc/init.d/netatalk restart
apt-get install avahi-daemon
apt-get install libnss-mdnsadd "mdns to end of line to look like this:
hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4 mdnsPaste the following code and save:
<!--*-nxml-*-->
<service-group>
<name replace-wildcards="yes">%h</name>
<service>
<type>_afpovertcp._tcp</type>
<port>548</port>
</service>
<service>
<type>_device-info._tcp</type>
<port>0</port>
<txt-record>model=Xserve</txt-record>
</service>
</service-group>init 6After the machine returns from reboot, you can check to see if everything is running:
ps -ef | grep afpd
ps -ef | grep avahi
Should you need to manually connect to server via finder, you can:
Go --> Connect to Server and type afp://your-server-ip
If you were not able to log in, you can check in /var/log/daemon.log on your linux server
for any debug messages.
Subscribe to:
Posts (Atom)