blog'o thnet

To content | To menu | To search

Tag - network

Entries feed - Comments feed

Monday 15 August 2005

Upgrade the 3366-ENT ADSL Gateway

By Julien Gabel on Monday 15 August 2005, 23:31 - thnet

Decided to upgrade the Cayman 3366-ENT ADSL Gateway from Netopia, currently hosting the public link for the Thilelli.NET Project. All went smooth and well. The gateway is now at the latest firmware level available (8.5.0 at the time of this writing).

At the same time, try to avoid some recurrent problem on the link (seems ok but doesn't let real traffic to pass through it) helped by the 24-Hour Scheduled Connection procedure. Waiting to see if it really works for our site... thanks to our ISP for providing a nice administration and status page.

no comment

Wednesday 29 June 2005

Static Route Management for Hosts in the Demilitarized Zone (DMZ)

By Julien Gabel on Wednesday 29 June 2005, 11:39 - Solaris

Based on existing procedures, here is a new tool which aim is to help adding centralized managed static routes for all servers hosted in the demilitarized zone. As for the Password Management for Hosts in the Demilitarized Zone (DMZ), this script is managed using the cvs(1) concurrent management system.

Follow are the three necessary files:

  1. dmz_routes.sh this one is able to get, push and apply new static route(s) remotely
  2. route_admin this script can list and apply new static route(s) locally and is used from rc script at boot time
  3. route_admin.cfg current static routes commented configuration file; used by route_admin

Assuming that the environment variables ${CVSROOT} and ${CVS_RSH} are properly sets, here are little samples of usage:

# cvs checkout -P dmz_route && cd dmz_route
#
# sh ./dmz_route.sh
usage: dmz_route.sh [-hd] [-s servername,...] [-c config_file] [-i init.d_file] {push|add|status}
#
# sh ./dmz_route.sh -s beastie status
* server: beastie
 => state of files:
/data/system/etc/
/data/system/etc/init.d/
/data/system/etc/route_admin.cfg:
     $Id: route_admin.cfg,v 1.10 2005/02/14 14:14:14 root Exp $
/data/system/etc/init.d/route_admin:
     $Id: route_admin,v 1.9 2004/09/14 08:19:29 root Exp $
 => show the routing tables:IRE Table: IPv4
  Destination             Mask           Gateway          Device Mxfrg  Rtt  Ref Flg  Out  In/Fwd
-------------------- --------------- -------------------- ------ ----- ----- --- --- ----- ------
10.126.220.40        255.255.255.255 192.168.138.33               1500*    0   1 UGH    790     0
10.126.220.41        255.255.255.255 192.168.138.33               1500*    0   1 UGH   2862     0
10.126.215.162       255.255.255.255 192.168.138.33               1500*    0   1 UGH     65     0
[...]
#
# sh ./dmz_route.sh -s beastie push
* server: beastie
 => last configuration backuped
 => route_admin.cfg pushed
 => route_admin pushed

Need more help?... See the command line help switch:

# sh ./dmz_route.sh -h

no comment

Saturday 18 June 2005

Use the NIS and NFS Infrastructure on AIX 5L

By Julien Gabel on Saturday 18 June 2005, 11:39 - AIX

Here are the steps to be able to use the current NIS and NFS infrastructure from an AIX server:

# cat /etc/resolv.conf  
domain          dev.example.com
nameserver      10.239.208.24
nameserver      10.251.140.96
search          dev.example.com int.example.com prod.example.com
#
# TERM=vt220 smitty
/*
 * Communications Applications and Services
 *  TCP/IP
 *   Further Configuration
 *    Name Resolution
 *     Hosts Table (/etc/hosts)
 *      Add a Host
 *       INTERNET ADDRESS (dotted decimal)               [10.254.234.22]
 *       HOST NAME                                       [neptune.dev.example.com]
 *       ALIAS(ES) (if any - separated by blank space)   [neptune]
 *       COMMENT (if any - for the host entry)           [NIS server for domain devex]
 *  NFS
 *   Network Information Service (NIS)
 *    Configure / Modify NIS
 *     Change NIS Domain Name of this Host
 *      Domain name of this host                        [devex]
 *     Configure this Host as a NIS Client
 *      NIS server - required if there are              [neptune]
 *   Network File System (NFS)
 *    Configure NFS on This System
 *     Start Automounter
 *      PARAMETERS to be used for the automount daemon  [-n]
 */

Launch the automountd at run-level #2:

# cat << EOF > /etc/rc.d/rc2.d/Sautomountd
#!/usr/bin/env ksh
#################################################################
# name: {K|S}automountd
# purpose: script that will start or stop the automountd service.
#################################################################

case "$1" in
start)
  /usr/sbin/automount -n
  ;;
stop)
  stopsrc -g autofs
  ;;
*)
  echo "Usage: $0 {start|stop}"
  exit 1
esac

exit 0
EOF
# ln /etc/rc.d/rc2.d/Sautomountd /etc/rc.d/rc2.d/Kautomountd
# chmod 754 /etc/rc.d/rc2.d/?automountd

In the same time, modify the automountd service to add some arguments that must be passed to the program. This is a necessary step to be able to automount the correct remote path using our customized autofs server. Here is how to do so:

# chssys -s automountd -a "-DOSNAME=`uname -s` -DCPU=`uname -p` -DNATISA=`bootinfo -K` -DOSREL=`uname -v`.`uname -r`"
# stopsrc -g autofs
# /usr/sbin/automount -n

Very important

To resolve information correctly, it was needed to explicitly specify the ordering of name resolution and hosts setting in /etc/netsvc.conf. This file corresponds to /etc/nsswitch.conf under Solaris, GNU/Linux or the BSDs for hosts name resolution. For example:

# cat << EOF >> /etc/netsvc.conf
hosts = local, nis, bind
EOF

no comment

Sunday 12 June 2005

Replacement for the Network Configuration Scripts (netune, neconf)

By Julien Gabel on Sunday 12 June 2005, 11:39 - Solaris

This tool aims to replace the old netune and neconf scripts, collecting and enhancing in one tool the best of both world. The typical layout for this tool is as follow:

  • /etc/init.d/ifinit represents the general and only global script which contains the all different drivers configuration capabilities and the implementation of the available actions
  • /etc/ifinit.conf this is the local configuration file to be sourced and lists which interface(s) to set and how (mode, speed, etc.)
  • /etc/rc2.d/S68ifinit -> /etc/init.d/ifinit at which run-level must start this script

Here are little samples of usage:

# sh /tmp/ifinit -f /tmp/ifinit.conf 
Usage: ifinit [-f cf_file] {start|status|diag}
#
# sh /tmp/ifinit -f /tmp/ifinit.conf start
Setting interface hme instance 0: done
Setting network stack parameters: done
#
# sh /tmp/ifinit -f /tmp/ifinit.conf status
Local link information for interface hme instance 0:
  transceiver_inuse: 0 (0=internal_rj45_connector,1=external_mii_transceiver)
  link_status: 1 (0=down,1=up)
  link_speed: 1 (0=10Mbytes,1=100Mbytes)
  link_mode: 1 (0=half-duplex,1=full-duplex)
  carrier_errors: 0 (number_of)
  collisions: 0 (number_of)
  retry_error: 0 (number_of)
#
# sh /tmp/ifinit -f /tmp/ifinit.conf diag
Local link information for interface hme instance 0:
  transceiver_inuse: 0 (0=internal_rj45_connector,1=external_mii_transceiver)
  link_status: 1 (0=down,1=up)
  link_speed: 1 (0=10Mbytes,1=100Mbytes)
  link_mode: 1 (0=half-duplex,1=full-duplex)
  carrier_errors: 0 (number_of)
  collisions: 0 (number_of)
  retry_error: 0 (number_of)

Configuration of interface hme instance 0:
  adv_100fdx_cap: 1
  adv_100hdx_cap: 1
  adv_10fdx_cap: 1
  adv_10hdx_cap: 1
  adv_100T4_cap: 0
  adv_autoneg_cap: 1

Configuration of the network stack tunables:
  ip_forward_directed_broadcasts: 0
  ip_forward_src_routed: 0
  ip_ignore_redirect: 0
  ip_respond_to_address_mask_broadcast: 0
  ip_respond_to_echo_broadcast: 1
  ip_respond_to_timestamp: 0
  ip_respond_to_timestamp_broadcast: 0
  ip_send_redirects: 1
  ip_strict_dst_multihoming: 0
  ip_ire_arp_interval: 1200000
  tcp_xmit_hiwat: 49152
  tcp_recv_hiwat: 49152
  tcp_cwnd_max: 1048576
  tcp_rexmit_interval_max: 60000
  tcp_rexmit_interval_min: 400
  tcp_rexmit_interval_initial: 3000
  tcp_slow_start_initial: 4
  tcp_conn_req_max_q: 128
  tcp_conn_req_max_q0: 1024
  tcp_smallest_anon_port: 32768
  tcp_largest_anon_port: 65535
  tcp_smallest_nonpriv_port: 1024
  tcp_extra_priv_ports: 2049 4045 9010
  tcp_time_wait_interval: 60000
  tcp_rev_src_routes: 0
  udp_recv_hiwat: 57344
  udp_xmit_hiwat: 57344
  udp_smallest_anon_port: 32768
  udp_largest_anon_port: 65535
  udp_smallest_nonpriv_port: 1024
  udp_extra_priv_ports: 2049 4045
  arp_cleanup_interval: 300000

Please replace /tmp with /etc/init.d and /etc, accordingly.

no comment

page 2 of 2 -