It’s been awhile

Posted on December 19, 2006 by Hoosier

It’s been quite some time since I’ve put anything up here, so this may end up being a rambling mess.

Hoopeston Area lost a good superintendent last Saturday to an apparent heart attack, Mr. Conolly will be missed.

At CITES, I’ve been working on an RFP for a solution to support our DNS infrastructure. The most I can do is to link to a similar effort being run by The University of Michigan. Hopefully ours will be on the street sometime in January, then I get to work on a committee to evaluate the proposals and maybe some evaluation equipment.

On consulting sites:

Hoopeston Public Library has a recently reinstalled IPMasq/Squid box and new “free” wireless service powered by PublicIP’s ZoneCD.
Crown Ford and the other dealerships in Hoopeston are now using OpenVPN for securing the traffic between them and we are actively monitoring the bandwidth usage on those links.

The holidays are coming up, I’m not sure what to get anyone, as usual. Hopefully the utilitarian gifts and gift certificates will work again this year. Now, if we can just make it home without borrowing a trailer to haul Robin’s gifts in.

And, as usual, I’m way behind on getting pictures of Robin posted. Maybe next week after we’re done driving all over the Illiana area…

RedHat Certified

Posted on November 11, 2006 by Hoosier

I’m now a RedHat Certfied Engineer (RHCE). I spent the last week in a session of RH300 on campus. I didn’t have a perfect score, but I came close, 100/100, 100/100 and 92.9/100. I’ve got a few ideas about what I missed, but there’s no way to know.

Now if I could only get that 9% raise that I’ve seen mentioned online when getting the cert…

Making VLANs work on Bering

Posted on August 27, 2006 by Hoosier

Or any other distribution that uses Debian network scripts:
$ cat /etc/network/interfaces # The loopback network interface auto lo iface lo inet loopback # The primary network interface auto eth0 iface eth0 inet dhcp # VLAN 100 auto eth0.100 iface eth0.100 inet static address 10.0.15.1 netmask 255.255.255.0 broadcast 10.0.15.255 pre-up /sbin/ifconfig eth0 up pre-up /sbin/vconfig add eth0 100

Grabbed from some random searching

Or, you could try the method mentioned here:
auto lo iface lo inet loopback auto eth0 eth1 vlan2 vlan3 vlan4 vlan5 iface eth0 inet dhcp # VLAN 1 - native management VLAN iface eth1 inet static address 10.0.0.1 netmask 255.255.255.224 vlan_raw_device eth1 # VLAN 2 - DMZ iface vlan2 inet static address 10.0.0.33 netmask 255.255.255.224 vlan_raw_device eth1

And if you want to get really crafty: Transparent vlan bridging firewall with debian

Installing LEAF on a PC Engines WRAP board

Posted on August 26, 2006 by Hoosier

Starting with the walkthrough from the Q*Box project, I’ve gotten a base Bering uClibc 2.4.2 image installed on a Compact Flash card in a PC Engines WRAP board.
Continue reading →

Gentoo breakage

Posted on June 25, 2006 by Hoosier

I run Gentoo on my home linux box. Generally, it’s stable enough for what I use it for: webserver, wireless+ipsec gateway, squid test machine.

Short story, it broke yesterday and I fixed it today, after much reading and typing. Long story after the break.
Continue reading →

Uptime

Posted on November 21, 2005 by Hoosier

This wins my uptime trophy. Proxyarp firewalls seem to be amazingly stable.
[xxxxxx@xxxxxxx betka]$ uptime 9:26pm up 1004 days, 3:51, 1 user, load average: 0.00, 0.00, 0.00

SQL 7.0 server failure

Posted on August 24, 2005 by Hoosier

Today was not a good day, but it wasn’t a bad day either.
We’ve got a couple legacy vendor apps that still have to run on MS SQL 7, one of which “brands” the server on install. So, we’ve been hesitant to move it off the 4+ year old NT4 server that it was originally installed on. That got hurried along today, as the RAID1 logical drive the OS was installed on suffered a simulataneous failure of both drives.
Luckily, the OS was still functional enough to:

Stop the SQL server service
Copy off the SQL data files

After grabbing those, we proceded to install a new server (glad we had some spare new hardware laying around) with Windows 2000 and SQL 7. Because we kept the drive layout identical to the failed server, we could change the raw database files “under the hood” and it would still work (cross your fingers). After patching it up to the same level as the failed server, stop the SQL service, move the existing Data, Logs and Backups folder out of the MSSQL7 folder and move the copies off the failed server in, start the service….Bingo, users, data, sps, maintanence plans, the whole shebang came along just fine….

Yay for applications that don’t use the registry to store all their configuration data. I’ve got to give some of the credit for this to Marty, he first tried this when migrating another one of our database servers from Windows 2000 to Windows Server 2003. It worked flawlessly on SQL 2000, I figured it was worth a try on SQL 7 also.

Then this afternoon I got to shift gears completely and work on proxyarp on a LEAF router I installed as a consulting job. Now I just hope the ISP can make their registration system work with our kludge.

RHEL3, amavisd-new-2.3.2, perl-Time-HiRes and perl(Digest::MD5)

Posted on August 1, 2005 by Hoosier

Oh my, this is a mess. Trying to keep amavisd-new up to date, using the fine RPMs provided by Dag Wieers. First, apt-get tells me that amavisd-new is being held back because perl-Time-HiRes is less than 1.55. RHEL4 has an updated RPM, so download the SRPM from RedHat Network and rpmbuild --rebuild it, all is better, right? Nope, amavisd-new still needs perl(Digest::MD5) > 2.22. No handy rpm from RHEL4, it’s part of the main perl package. So, maybe I can just update it with CPAN (perl -MCPAN -e shell). After configuring CPAN, and remembering the odd commands to try an install, I get this error when doing install Digest::MD5:
Makefile:84: *** missing separator. Stop
Luckily, google seems to have indexed some new mailing list pages since the last time I searched for this, and I found this mailing list post. So, drop out of CPAN, export LANG=en_US, climb back into CPAN and now the build works. Silly broken multilang support.

Yay, up to date on amavisd-new. Now to get the other packages up to date and update the primary mail host.

iptables logging

Posted on December 17, 2004 by Hoosier

Tired of reading iptables looking for bad packets? Wish all that confusing mumbo-jumbo was just a table in a database? Well, today folks, you are in luck, twice over!

If you just want to read the syslog output with a “tail –follow” (and deal with the cpu overhead), then the IPTables Log Analyzer is for you. The php web interface is quite nice and the database structure isn’t bad, but reading the log continuously might not scale well if you have lots of bad packets to log.

The more whiz-bang, bells and whistles loaded method is to use the ULOG target in iptables rules and ulogd and it’s associated plugins to log to MySQL. The lacking part here is a nice web interface. Maybe I can adapt the other interface to use this database layout.

This has applications in both jobs. One has a public side firewall that cries out for better log analysis, the other has boxes running portsentry as an early warning system for infected machines scanning hosts, primarily Windows ports.

Update: I’m reinventing the wheel for no reason, see Webfwlog

gentoo profile updates

Posted on November 3, 2004 by Hoosier

Taking my brain away from the election boondoggle this morning, after an emerge --sync, I was greeted with this:

!!! Your current profile is deprecated and not supported anymore.
!!! Please upgrade to the following profile if possible:
        default-linux/x86/2004.0
To upgrade do the following steps:
# emerge -n '>=sys-apps/portage-2.0.51'
# cd /etc/
# rm make.profile
# ln -s ../usr/portage/profiles/default-linux/x86/2004.0 make.profile

Searching the forums led to one post in german about this. Since I’ve got the luxury of more than one non-production test machine, I went ahead and followed the instructions. All seems to be fine.
A little more poking around in the gentoo documentation, and I found some pretty good advice on this upgrade, seems to be just a file system layout/naming convention change.

Land of the Lemmings v2

common sense and reasoning will not be tolerated

Category Archives: Linux