Simple dual uplink configuration

Last week I switched from ADSL to EuroDOCSIS cable. I couldn't just shut down the DSL connection as several services were still connecting to that IP. So I made my home router (Fedora 15) kind of multihomed.

Configuration

I haven't even taken the time to seperate the ADSL and cable modems, I just hooked them up to the same network interface. Of course, they got their own IP range.

ADSL modem: 192.168.2.254/24
Cable modem: 192.168.1.1/24

Step 1: Add ip
ip addr add 192.168.1.2 dev eth0

Step 2: Routing
By default we send all outgoing packages to the default gateway at 192.168.2.254. Only packets that are answers to incoming packets on the 192.168.1.x network must be routed back to 192.168.1.1
ip rule add from 192.168.1.0/24 lookup 1001
ip route add default gw 192.168.1.1 table 1001

That's all. Of course, above setup only takes care of answering to incoming packets. If you want to load-balance or have a fail-over setup, I suggest you read the Linux Advanced Routing & Traffic Control HOWTO.

© GeekLabInfo Simple dual uplink configuration is a post from GeekLab.info. You are free to copy materials from GeekLab.info, but you are required to link back to http://www.geeklab.info

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading...

Backup your website over FTP

One of my customers is being hosted at a crappy hosting provider, which I do not trust at all. In fact, I have actually seen that I made changes to the website, which were reverted a couple of days later.

To never lose any data on the FTP, I wrote a script to make backups of the FTP, while not wasting too much bandwidth or disk space. I based this script on the principle that rsnapshot uses: hardlinks and rotation.

#!/bin/bash    
 
for i in `seq 100 -1 2`; do
        if [ -d $i ]; then
                echo mv $i $((i+1))                                                                 
                mv $i $((i+1))
        fi
done
echo cp -al 1 2
cp -al 1 2
 
HOST="type-hostname-here.com"
USER="type-username-here"
PASS="type-password-here"
LCD="/backups/1"
RCD="/remote/path/httpdocs"
 
mkdir -p $LCD            
lftp -c "set ftp:list-options -a;
set ftp:ssl-force;
open ftp://$USER:$PASS@$HOST;
lcd $LCD;
cd $RCD;
mirror --verbose \
       --delete \
       --exclude-glob __old \
       --exclude-glob phpmyadmin

In this example the directory __old is not copied, nor is phpmyadmin. What is does, is move the directory 99 to 100, then it moves 98 to 99, 97 to 98 etc until 2 is moved to 3. It then hardlinks the directory 1 to 2. This way, a 100Mb file that is not modified can exist in all 100 directories while only using one single block of 100Mb of disk space.

Finally, the script uses lftp to download all modified files from the remote ftp server. Luckily, lftp doesn't just open a local file to modify its contents: instead remotely modified files are first unlinked locally, then re-downloaded. This way, lftp does not interfere with the hardlink system.

Database backup

This method does NOT backup your database. Don't forget to backup your database!

© GeekLabInfo Backup your website over FTP is a post from GeekLab.info. You are free to copy materials from GeekLab.info, but you are required to link back to http://www.geeklab.info

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading...

Install mod_auth_ntlm_winbind on CentOS 6.0

Step 1. Install ntp and synchronize clocks

We'll be using winbind, kerberos and ntlm to authenticate the user. This requires the clocks of the AD server and the proxy server to be synchronized.

yum -y install ntp
sed -i "s/^server /#server /g" /etc/ntp.conf
echo "server YOURSERVERNAME" >> /etc/ntp.conf
ntpdate YOURSERVERNAME #synchronize right now
service ntpd start #and keep in sync
chkconfig ntpd on #after reboot as well

Step 2. Update system and install required software

yum update
yum install mc vim httpd php svn httpd-devel make autoconf gcc ntp krb5-workstation \
samba-common authconfig samba-winbind

Step 3. Connect to active directory

Please note that MYCOMPANY.local and mycompany.local may be different domains due to the upper/lowercase.
ADSERVER=sbs.MYCOMPANY.local
DOMAIN=MYCOMPANY.local
WORKGROUP=MYCOMPANY
authconfig --enableshadow --enablemd5 --passalgo=md5 --krb5kdc=$ADSERVER \
--krb5realm=$DOMAIN --smbservers=$ADSERVER --smbworkgroup=$WORKGROUP \
--enablewinbind --enablewinbindauth --smbsecurity=ads --smbrealm=$DOMAIN \
--smbidmapuid="16777216-33554431" --smbidmapgid="16777216-33554431" --winbindseparator="+" \
--winbindtemplateshell="/bin/false" --enablewinbindusedefaultdomain --disablewinbindoffline \
--winbindjoin=Administrator --disablewins --disablecache --enablelocauthorize --updateall
service winbind start ; chkconfig winbind on
setsebool -P allow_httpd_mod_auth_ntlm_winbind on

Now check your winbind connection using the following commands:
wbinfo -u
wbinfo -g

The socket /var/lib/samba/winbindd_privileged/pipe should be writable by the webserver. To allow that access, I add user apache to the group wbpriv: usermod -G wbpriv apache

Step 4. Download and compile mod_auth_ntlm_winbind

svn co svn://svnanon.samba.org/lorikeet/trunk/mod_auth_ntlm_winbind mod_auth_ntlm_winbind
cd mod_auth_ntlm_winbind/
autoconf
./configure
apxs -DAPACHE2 -c -i mod_auth_ntlm_winbind.c

Step 5. Configure it

In /etc/httpd/conf.d/mod_auth_ntlm_winbind.conf I put the following configuration
LoadModule auth_ntlm_winbind_module /usr/lib64/httpd/modules/mod_auth_ntlm_winbind.so

Options ExecCGI
AllowOverride None
Order allow,deny
Allow from all
AuthName "NTLM Authentication"
AuthType NTLM
Require valid-user
NTLMAuth on
NTLMAuthHelper "/usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp"
NTLMBasicAuthoritative on

In /etc/httpd/conf/httpd.conf, change KeepAlive Off to KeepAlive On. Preferably, also set MaxKeepAliveRequests and KeepAliveTimeout to a high value. On my intranet server, they're set to 1000 requests and 600 seconds.:w

Step 6. Change your firewall to enable incoming HTTP

iptables -I INPUT -p tcp --dport 80 -j ACCEPT
service iptables save

Step 7. Go!

Run service httpd restart, make httpd start on reboot using chkconfig httpd on and test your configuration.

© GeekLabInfo Install mod_auth_ntlm_winbind on CentOS 6.0 is a post from GeekLab.info. You are free to copy materials from GeekLab.info, but you are required to link back to http://www.geeklab.info

1 Star2 Stars3 Stars4 Stars5 Stars (1 votes, average: 5.00 out of 5)
Loading...

Android: Calendar items set to tentative

Yay, I got myself a Samsung Galaxy SII. Great phone running Android!

There's just one thing that annoys the shit out of me: When I create a new agenda item in my google agenda, it shows up in my thunderbird as "tentative". These items will have a lower opacity, which makes the agenda harder to read.

I've google'd around, and found a lot of complaints about this problem, but there's no solution to make appointments confirmed right away. And I'm definitely not opening all items in thunderbird to confirm them by hand.

There's a simple solution to this problem: I made Thunderbird render the agenda differently. Using the file userChrome.css, I set opacity to 100%. (If you don't know what userChrome.css is, read this page at mozilla.org.) The actual CSS is:
calendar-event-box[invitation-status="TENTATIVE"],
calendar-editable-item[invitation-status="TENTATIVE"],
calendar-month-day-box-item[invitation-status="TENTATIVE"],
calendar-event-box[status="TENTATIVE"],
calendar-editable-item[status="TENTATIVE"],
calendar-month-day-box-item[status="TENTATIVE"]
{
opacity: 1 !important;
}

Restart thunderbird and you're done.

This "solution" does not set any appointments to "confirmed". It just renders tentative appointments the same as confirmed items, so that you don't see the difference anymore.

© GeekLabInfo Android: Calendar items set to tentative is a post from GeekLab.info. You are free to copy materials from GeekLab.info, but you are required to link back to http://www.geeklab.info

1 Star2 Stars3 Stars4 Stars5 Stars (9 votes, average: 5.00 out of 5)
Loading...

X11 over SSH

CentOS 5's and Fedora 15's base installations are pretty good prepared to use X11 over SSH. You just need to install one more package on the server you're connecting to: xorg-x11-xauth. According to yum info, the purpose of this package is:
xauth is used to edit and display the authorization information used in connecting to an X server.
This editting probably means synchronising X11 authority cookies between SSH peers.

Installing is done using:
yum install xorg-x11-xauth

Then ssh into the box using:
ssh -X [servername]

© GeekLabInfo X11 over SSH is a post from GeekLab.info. You are free to copy materials from GeekLab.info, but you are required to link back to http://www.geeklab.info

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading...

Funny: Change the HP Laserjet ‘ready’ message

To change the 'ready' message of a HP Laserjet, you can use the following script.

#!/usr/bin/perl
use strict;
use warnings;
 
unless (@ARGV) { print "usage: $0 <ip address> \"<message>\"\n" ; exit }
 
my $ip = $ARGV[0];
shift(@ARGV);
chomp $ip;
 
use IO::Socket;
my $socket = IO::Socket::INET->new(
	PeerAddr  => $ip, PeerPort  => "9100",
	Proto     => "tcp", Type      => SOCK_STREAM
	) or die "Could not create socket: $!";
 
print $socket "\e%-12345X\@PJL JOB\n\@PJL RDYMSG DISPLAY=\"@ARGV\"\n\@PJL EOJ\n\e%-12345X\n";

I've used this at the office, with a lot of hilarious reactions from my colleagues. Messages like:

  • Please insert kitten in tray 1
  • Please insert [name of colleague] in tray 1
  • Virus detected
© GeekLabInfo Funny: Change the HP Laserjet 'ready' message is a post from GeekLab.info. You are free to copy materials from GeekLab.info, but you are required to link back to http://www.geeklab.info

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading...

Viewing a V4L2 webcam with mplayer

The great mplayer can be used to view movies, play dvd's, and even to watch the webcam. For my Logitech QuickCam Pro 4000, I use the following command:
mplayer -cache 128 -tv driver=v4l2:width=640:height=480:outfmt=i420 -vc rawi420 -vo xv tv://

If you have multiple v4l2 devices, you can choose which device you want to use by adding 'device=/dev/videoX' to the options:
mplayer -cache 128 -tv driver=v4l:width=640:height=480:outfmt=i420:device=/dev/video1 -vc rawi420 -vo xv tv://

© GeekLabInfo Viewing a V4L2 webcam with mplayer is a post from GeekLab.info. You are free to copy materials from GeekLab.info, but you are required to link back to http://www.geeklab.info

1 Star2 Stars3 Stars4 Stars5 Stars (2 votes, average: 2.50 out of 5)
Loading...