Network
How to activate Serial Console on Debian Squeeze
Activating a Serial Console starting at the bootloader all the way up to a tty login requires just a few steps, but it took me some time to figure out all the knobs. Here’s how to do it with Debian Squeeze:
To have configruation changes persistent in Debian, you may not edit /boot/grub/grub.cfg directly, but need to edit/add the appropiate lines in /etc/defaults/grub:
GRUB_CMDLINE_LINUX_DEFAULT="console=tty0 console=ttyS0,9600n8" GRUB_TERMINAL=console GRUB_SERIAL_COMMAND="serial --speed=9600 --unit=0 --word=8 --parity=no --stop=1"
Now run update-grub and you’ll get the Bootloader and all Kernel and Init messages on your serial console the next time you boot.
To get a login promt on serial you need to modify /etc/inittab to:
1:2345:respawn:/sbin/getty 38400 tty1 2:23:respawn:/sbin/getty 38400 tty2 3:23:respawn:/sbin/getty 38400 tty3 4:23:respawn:/sbin/getty 38400 tty4 5:23:respawn:/sbin/getty 38400 tty5 6:23:respawn:/sbin/getty 38400 tty6 # Serial console s0:2345:respawn:/sbin/getty -L 9600 ttyS0 vt102
That’s it. run init q to reload init and activate serial login, or simply reboot.
How to DSL and UMTS Failover on OpenBSD
OpenBSD. Is. Awesome. pf, carp, pfsync, ifstated, openbgp, openospfd… awesome. 
Here is my ifstated.conf to fail-over between DSL and UMTS connections. Note that this only really works with OpenBSD >=4.9, because earlier versions seem to have issues where set-state is executed before init finished, which causes UMTS to start on every 24h disconnect of the DSL line.
init-state auto
# pppoe0 is my DSL connection
pppoe0_up = "pppoe0.link.up"
# figure out which state to start with
state auto {
if $pppoe0_up {
set-state dsl_up
}
if !$pppoe0_up {
set-state dsl_down
}
}
# DSL is up. Don't do anything until it fails.
state dsl_up {
init {
run "/sbin/ifconfig | mail -s 'DSL up' root"
}
if !$pppoe0_up {
set-state dsl_down
}
}
# DSL is down. Wait a few seconds (24h disconnect).
# Then go ahead and start UMTS, but only if DSL isn't back up!
state dsl_down {
init {
run "/bin/sleep 30; /sbin/ifconfig | mail -s 'DSL down' root"
}
if $pppoe0_up {
set-state dsl_up
}
if !$pppoe0_up {
set-state umts_start
}
}
# Start pppd and bring UMTS up, until pppoe0 is still down
state umts_start {
init {
run "/usr/sbin/pppd call o2"
run "sleep 30; /sbin/ifconfig | mail -s 'Starting UMTS' root"
}
if $pppoe0_up {
set-state umts_stop
}
}
# If pppoe0 is back up, kill pppd and switch back to dsl_up
state umts_stop {
init {
run "/usr/bin/pkill pppd"
run "/sbin/ifconfig | mail -s 'Stopping UMTS' root"
}
set-state dsl_up
}
How to OpenBSD with Huawei E1750 UMTS
Getting my OpenBSD (4.8) box to talk an Huawei E1750 USB UMTS Stick as a backup solution turned out to be not very straight forward, so in case you are in a similar situation…
Have a look at man umsm to see which devices are supported by OpenBSD.
The UMTS (USB)-Sticks are registered as /dev/cuaUX, where X is the number of your device… You’ll need userland pppd to connect. Place your peer configuration in /etc/ppp/peers/o2 for example:
cuaU0 connect /etc/ppp/connect.o2 disconnect /etc/ppp/disconnect.o2 nocrtscts xonxoff #:0.0.0.2 because 0.0.0.1 is the alias for my DSL default gateway :0.0.0.2 noipdefault ipcp-accept-local defaultroute novj nobsdcomp novjccomp nopcomp noaccomp noauth nomagic persist
You’ll also need Chat scripts to connect and disconnect the connection. Note that you’ll need to at least adjust /etc/ppp/connect.o2 to suit your provider:
#!/bin/sh chat -vs \ ABORT 'NO CARRIER' \ ABORT 'NO DIALTONE' \ ABORT ERROR \ ABORT 'NO ANSWER' \ ABORT BUSY '' \ at OK \ atz OK \ # uncomment the following if your SIM is PIN protected # and replace **** with your PIN #at+cpin=**** OK \ 'AT+CGDCONT=1,"IP","pinternet.interkom.de"' OK \ 'atdt*99***1#' CONNECT
And /etc/ppp/disconnect.o2 looks like:
#!/bin/sh chat -vs \ ABORT 'NO CARRIER' \ ABORT 'NO DIALTONE' \ ABORT ERROR \ ABORT 'NO ANSWER' \ ABORT BUSY '' \ '\K' '' '+++ATH'
Now make sure ppp0 is initialized on startup…
touch /etc/hostname.ppp0 sh /etc/netstart ppp0
… and to connect simply run pppd call o2 and pkill pppd to disconnect. Run ifconfig ppp0 to see if your connection is up and running:
ppp0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1500
priority: 0
groups: ppp egress
inet 10.150.81.109 --> 0.0.0.2 netmask 0xfffffffc
Next post will be about auto fail-over between this and my regular DSL connection.
Shared Hosting vs. Virtual Server – Performance
Earlier this year I moved this blog from a shared hosting at Hetzner to a Virtual Server. Although the Vserver is rather low-end, the page load improvements are impressive! See this Pingdom chart:
OpenVPN over TCP is BAD
I use OpenVPN in a road-warrior setup over often slow and unreliable wireless connections. That on it’s own makes using interactive applications pretty hard.
But if you’re now additionally running OpenVPN in TCP mode over these links things get worse. The reason is, that TCP uses some kind of a three-way handshake to make sure all packets arrive in time and re-transmits those packets that don’t. With OpenVPN over TCP you now have your application’s TCP session encapsulated in your VPN”s TCP session, doubling your ACKs and re-transmissions (if needed).
Now I switched to UDP on the VPN’s session and if the link starts to loose packets, the VPN will too, but the application’s TCP session will make sure those packets are being re-transmitted. All in all everything feels much faster – at least for a crappy 3G connection.
See this link for a more detailed explanation.
How to PXE boot GRML and OpenBSD without NFS (like boot.kernel.org)
I was looking for a way to install/rescue a couple of embedded devices in different (remote) locations. PXE booting a Linux system comes to mind, but that usually requires NFS, which is a pain in the ass when it comes to firewalls…
Most Linux based LiveCDs use Busybox and Squashfs for booting… Busybox has wget built in, so it’s possible to skip the NFS part, use wget and HTTP and load the squashfs to RAM. One still has to get TFTP trough firewalls, since it is needed to load the Kernel and Busybox, but OpenBSD for example has tftp-proxy built-in… So you need:
- DHCP to supply PXE options
- TFTP to serve the base system(s)
- PXELINUX as a kind of bootloader
- HTTPd to serve the rest of the system(s)
I want to have my favorite LiveCD GRML handy for rescue and Linux install purposes and OpenBSD of course 
Let’s start with the Server you want to use to boot from:
Install tftpd-hpa, syslinux and a httpd, start tftpd-hpa with the ‘secure’ flag and place a copy of pxelinux.0 (usually in /usr/lib/syslinux/ in your $tftproot.
For GRML you’ll need to place linux26 and minirt.gz from the grml_netboot_package in your $tftproot. You’ll also need grml.squashfs from either grml-small, grml-medium or grml. I’d suggest grml-small as it needs to fit in your RAM. Place it in your $httproot.
Now configure (ISC) DHCPd to supply PXE informations:
next-server 10.1.32.1; filename "/pxelinux.0";
Create a file called ‘default’ in a folder pxelinux.cfg in your $tftproot:
label GRML kernel linux26 append initrd=minirt.gz fetch=http://<serverip>/grml.squashfs boot=live
Most PXE Loaders will try to find a file with the name of their IP Address, written in hex, then remove one case after another and fall back to ‘default’ if it doesn’t find anything. So symlink the appropriate files if you want to speed things up. ‘fetch’ tells GRML’s busybox to load it’s system files from the URL given.
To also serve the OpenBSD installer you need to download pxeboot and place it as pxeboot.0 in your $tftproot. You also need bsd.rd from any Release/Snapshot you want to serve. Call them whatever you want and also place them in your $tftproot. To serve pxeboot.0 (The OpenBSD Bootloader btw) add these two lines to ‘default’ in pxelinux.cfg:
label OpenBSD kernel pxeboot.0
You’re done. Try booting your System from PXE. You’ll get a ‘boot>’ promt. Select your system, by typing whatever you supplied as ‘label’ in your ‘default’ config… e.g. GRML or OpenBSD… in case of OpenBSD you’ll then need to supply bsd.rd to boot, or whatever you renamed that file to…
If you encounter any problems, grep the logs, use ‘tcpdump’ and have a look at the SYSLINUX Wiki…
How to Create your own ‘DynDNS’ Service
First off: This is not DynDNS as you might know it from dyndns.org. You can’t use clients like ddclient. I’m using DNSSEC and ‘nsupdate’. You’ll need to be familiar with Bind and some shell scripting… Also I only got this working on *nix and I don’t have any intention to try it on Windows.
Let’s start with what you have to do on your client:
$ dnssec-keygen -a HMAC-MD5 -b 512 -n USER -r /dev/urandom host1.dyn.example.org
Now copy Khost1.dyn.example.org.+157+39064.key (your pubkey) to your server’s configdir (in case of Debian: /etc/bind) and define it as follows:
key host1.dyn.example.org. {
algorithm HMAC-MD5;
secret "<put key from Khost1.dyn.example.org.+157+39064.private here>";
};
zone "dyn.example.org" {
type master;
file "master/dyn.example.org";
allow-update { key host1.dyn.example.org.; };
};
This allows everyone with the Ktest.unixhosts.org.+157+39064.private key, to update zone ‘dyn.example.org’. Feel free to find out how to do privilege separation on your own Back to your client: Since we can’t use ddclient or similar clients, I wrote my own small script:
#!/bin/sh
dir=$(dirname $0)
old_ip=$(cat $dir/ip_cur.txt)
new_ip=$(ifconfig pppoe0 | grep -E 'inet.[0-9]' | \
grep -v '127.0.0.1' | awk '{ print $2}')
if [ $old_ip != $new_ip ];
then
echo $new_ip >> $dir/ip_log.txt
echo "server <yourserver>\nzone dyn.example.org \
\nupdate delete host1.dyn.example.org. A\
\nupdate add host1.dyn.example.org. 60 A $new_ip \
\nsend" > $dir/ip_nsupdate_instructions.txt
nsupdate -k $dir/Kfhost1.dyn.example.org.+157+25504.private \
$dir/ip_nsupdate_instructions.txt || exit 1
echo $new_ip > $dir/ip_cur.txt
fi
My script get’s the current IP Address of pppoe0, compares it to the one from it’s previous run and executes ‘nsupdate’ if they mismatch. ‘nsupdate’ doesn’t accept it’s configuration from stdin, that’s why I needed to hack around with echo… If ‘nsupdate’ fails (due to connection issues or something like that) my script exits. If update was successful it writes the current ip into ip_cur.txt, so the script only executes ‘nsupdate’ on IP Address change and not every time your run it. Add my script to crontab to run it once a minute or so…
* * * * * ip_update.sh
How to Set up a ‘hidden primary’ DNS
I just had to guide a friend of mine trough the setup of a ‘hidden primary’ or ‘hidden master’ via mail, so I thought I’d also post a quick summary here to keep my blog alive ;P
First off: A ‘hidden primary’ setup, uses one server for all zone-file changes that isn’t listed anywhere and doesn’t get any queries from clients, and two or more ‘slaves’ that do the actual work. Have a look at this example zone-file:
$ORIGIN unixhosts.org.
unixhosts.org. IN SOA amy.unixhosts.org. hostmaster.unixhosts.org. (
201102111 ; serial
3h ; refresh
1m ; retry
1w ; expire
1m) ; minimum
IN NS ns.inwx.de.
IN NS ns2.inwx.de.
IN NS ns3.inwx.de.
The host amy.unixhosts.org is my ‘hidden primary’. As you can see, it’s not listed as NS, so it won’t get queries from actual client resolvers. ns[2,3].inwx.de are my name-servers for this zone, configured as slaves.
The ‘hidden primary’ config looks like:
zone "unixhosts.org" {
type master;
file "master/unixhosts.org";
allow-transfer { unixhosts; inwx; };
also-notify { 10.0.1.1; 10.0.2.1; 10.0.3.1; };
};
Whereas a ‘slave’ config looks like:
zone "unixhosts.org" {
type slave;
file "slave/unixhosts.org";
masters { 10.0.0.1; };
allow-transfer { clients; };
};
If your Infrastructure isn’t large enough to take responsibility for 3 public DNS servers, you might want to have a look at InterNetworX. I’m running their servers as ‘slaves’ for a few months now. Their support team is great and I haven’t had any issue within years!
How to Fix “The file server has closed down” issues in Mac OS and netatalk
Netatalk versions older than 2.1.3 had some issues with the TCP/IP Stack on Linux which resulted in errors like
Luckily they seem to have fixed this in 2.1.3 as the ChangeLog states: fix a serious error in networking IO code.
So the solution is as easy as upgrading. I am running Ubuntu, but two months after netatalk-2.1.3 has been released, they don’t even have it in unstable. Lucky Gentoo users you! I needed to fix this very quickly as it started to disrupt my workflow. Sadly I currently don’t have the time to dig into the packaging system of Debian or Ubuntu, so I looked up Debian’s configure options and just compiled from source:
cp -a /etc/netatalk/ ~ aptitude purge netatalk apt-get build-dep netatalk wget http://sourceforge.net/projects/netatalk/files/netatalk/2.1.3/netatalk-2.1.3.tar.bz2/download tar xjvf netatalk-2.1.3.tar.bz2 cd netatalk-2.1.3 ./configure --with-shadow --enable-fhs --enable-tcp-wrappers --enable-timelord --enable-overwrite --with-pkgconfdir=/etc/netatalk --enable-krb4-uam --enable-krbV-uam --with-cnid-dbd-txn --with-libgcrypt-dir --with-cracklib=/var/cache/cracklib/cracklib_dict --enable-debian --disable-srvloc --enable-zeroconf --with-ssl-dir --enable-pgp-uam --prefix=/usr/local/netatalk/ make sudo make install mv ~/netatalk /etc/ /etc/init.d/netatalk start
This saves a copy of your running netatalk configuration to your home directory, removes netatalk, downloads all necessary libraries to build netatalk, downloads netatalk from SourceForge, extracts it, configures it, builds it, installs it, restores the configuration and starts it as usual.
I am running netatalk 2.1.3 for a week now and the error seems to be gone
If you know how to easily create a Debian package, feel free to post in the comments.
How to Fast VNC alternativ to Remote Desktop to a Mac using NoMachine
I am a very happy Mac OS user with a Mac mini and a MacBook Pro coming soon, but one things I really miss about Mac OS X is the lack of a fast and standards based remote desktop solution. The VNC server built into Mac OS X isn’t really compatible with all clients, and I still haven’t figured out if it’s possible to run it with a different resolution and color depth than the real screen!!!
But, I recently re-discovered a solution I got to know in my Linux time on a desktop: NoMachine. You’ll need a server running a recent Linux distribution or OpenSolaris which will act as a kind of a proxy and the setup is a bit complex, but it does work well. I’ll show you how to do it running Ubuntu Lucid.
First go to http://www.nomachine.com/select-package.php?os=linux&id=1 select your architecture and download all three files: client, node and server.
Then install them in the following order, fix the missing dependecies and install a vnclient plus vncpassword:
sudo dpkg -i nxclient_3.4.0-7_x86_64.deb sudo dpkg -i nxnode_3.4.0-11_x86_64.deb sudo dpkg -i nxserver_3.4.0-12_x86_64.deb sudo aptitude -f install sudo aptitude install xvnc4viewer vnc4-common
Since it’s really advisable I hope you already have PasswordAuthentication no in your sshd_config to disable Password authentication and to only allow key-based authentication. You’ll need to tweak nxserver a bit to get it working with key-based auth. Edit /usr/NX/etc/server.cfg to…
EnablePasswordDB = "1"
…edit the following line in /usr/NX/etc/node.cfg to enable VNC…
CommandStartRFB = "/usr/bin/vncviewer -fullscreen"
…create a key for your key-based authentication and restart nxserver.
sudo /usr/NX/bin/nxserver --keygen sudo service nxserver restart
Your new key is placed at /usr/NX/share/keys/default.id_dsa.key. Copy it the device you want to connect from using scp or similar tools. Now all you need to do is enable the users you wan’t in nxserver:
sudo /usr/NX/bin/nxserver --useradd <user>
This enables the user in NX’s database and copies the previously generated key to the user’s authorized_keys file.
Now just enable VNC on your Mac. Go to “System Preferences”, select “Sharing” and enable “Screen Sharing”:
Now you’ll need to configure your client. Read more…
Search this Site
Hi, my name is Chris. I am a wannabe photog, traveler & geek that lives in Hesse, Germany. more about me...
follow me on TwitterMy flickr Fotos
Sponsoring
