Tue, 22 Dec 2009

poptop and iptables rules for nat

after setting up an instance of poptop vpn it was clearly necessary to nat traffic through the vpn. I used to the following to route traffic coming in from the ppp interface onto the local network interface.


iptables -A FORWARD -i ppp+ -o eth1 -m state --state NEW -j ACCEPT -s 192.168.30.0/24
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A POSTROUTING -t nat -j MASQUERADE

i'm not certain if it actually helps but i do have ip forwarding enable in the kernel as well

echo "1" > /proc/sys/net/ipv4/ip_forward

then to enable it permenantly, set the following in /etc/sysctl.conf

net.ipv4.ip_forward =1

posted at: 19:39 | Tags | path: /sysadmin | permanent link to this entry

Wed, 29 Jul 2009

The IN-N-OUT plate

BEHOLD.
PLATE
The closest thing to garbage plate available at in n out burger. It consists of a flying dutchman on top of an order of animal style fries.

posted at: 04:42 | Tags , , | path: /plate | permanent link to this entry

Sat, 25 Jul 2009

quick file transfer

needing to transfer a large in a reasonable amount of time, its time for quick and simple transfer with netcat.
Important thing to note, this is being done in a datacenter not over the internet.
First setup the server:
tar c directory | nc -w 10 -l 7878
then setup the client:
nc -w 10 server 7878 | tar -x
transfer times on this are roughly 100 mbs a second on a gigabit switch

posted at: 01:50 | Tags , , | path: /sysadmin | permanent link to this entry

Wed, 15 Jul 2009

a fun and bizarre problem with building an rpm

After building an rpm and tossing it into the local repo at work, an attempt to install it was made. Then the following awesome line reared its head. 

Running rpm_check_debug
python: rpmte.c:589: rpmteColorDS: Assertion `ix < Count' failed.
zsh: abort      sudo yum install splunk
this of course makes absolutely no sense. one could reference this picture in fact .
I found the solution is adding the tag 
 AutoReqProv: no
fixed it.

posted at: 00:23 | Tags | path: /sysadmin | permanent link to this entry

Tue, 05 May 2009

Vlans on a Cisco 7200 Router

In bringing up some new network gear putting a router's interface on a vlan was required. Sadly google was not readily forthcoming with this info. Also i readily acknowledge i could be bad at googling. So here is the info.

Step 1. log into router, enable and go to config terminal
Step 2. hit int FastEthernet 1/0.42 using all of your proper info
Step 3. assign the ip for this interface ip address your.ip.goes.here with.your.subnet.mask
Step 4. wherein the vlan is created, encapsulation isl 42 again using whatever is your correct info

After that the interface should be up and ready, check with 'show ip int brief'

posted at: 17:41 | Tags | path: /networking | permanent link to this entry

Tue, 31 Mar 2009

pxebooting on centos/rhel

Setting up pxebooting is simple and incredibly useful. To do so you need to install a dhcp server and a tftp server, and a dns server fairly nice in this situation as well.


So step 1, install a dhcp server

 # yum install dhcp

configuration is fairly simple, a config like this is fine
ddns-update-style interim;
ignore client-updates;
option domain-name                              "example.domain";

subnet 10.0.42.0 netmask 255.255.255.0 {
        range   10.0.42.20      10.0.42.250;
        option subnet-mask                              255.255.255.0;
        option domain-name-servers              10.0.42.1;
        next-server     10.0.42.1;	#ip of tftp server
        filename "pxelinux.0";		#filename that will be grabbed from tftp
        default-lease-time                              3600;
        max-lease-time                                  7200;
}

also a few notes on the dhcp config, next-server isnt explictly required if dhcp and tftp are on the same box, but it doesnt hurt to specify. Also dhcpd will only run on interfaces that are on dhcp hosted subnets.

Next up is installing and configuring tftp
install tftp with yum 

 # yum install tftp-server

this will also install xinetd, running tftp off this is simple, as is configuration
service tftp
{
        socket_type             = dgram
        protocol                = udp
        wait                    = yes
        user                    = root
        server                  = /usr/sbin/in.tftpd
        server_args             = -s /tftpboot
        disable                 = no
        per_source              = 11
        cps                     = 100 2
        flags                   = IPv4
}

pretty much all that needs to be done here is the disable line to "no" from "yes"

now its just setting up files, copy pxelinux.0 from /usr/lib/syslinux/ 

# cp /usr/lib/syslinux/pxelinux.0 /tftpboot

note, /tftpboot will be created when you install tftp-server. At this point its a good idea to test your tftp setup.
 tftp ip.of.server
	tftp> get pxelinux.0

now pxelinux config needs to be setup, create a directory called "pxelinux.cfg" and put a file inside called "default". default should look something like this:
prompt 1
default basic
timeout 100

label basic
kernel kernfile
append initrd=initrd.img ramdisk_Size=9216

kernfile and the initrd.img mentioned in the config should be copied into /tftpboot . at this point its time to fire up a machine to test with, if things dont boot up , try testing with the dhcp options with scapy's dhcp_request function

posted at: 06:56 | Tags | path: /sysadmin | permanent link to this entry

Mon, 30 Mar 2009

sentry gun mount

Out of boredom and hatred of raccoons getting into my i've started working on an airsoft sentry gun. The building of the mount is as follows.

WARNING: GIANT PICTURES TO FOLLOW

First I got a 1x8x6 plank of pine wood, 2 lazy susan mounts, 4 angle brackets and some spray paint.


Overall my plan is to have to points of movement, for this i needed 2 chunks of wood to mount the lazy susans on. For this i cut 2 6 inch long chunks of wood.

then i need a 10 inch piece for elevation to mount the gun platform and to allow for space to mount the second servo. Addtionally i need a 20 inch piece to mount the gun to, and then remainder of the wood is used as a base for the entire system

Next up is mount the lazy susans






Then mount the 10 inch piece to the base





posted at: 07:43 | Tags | path: /sentrygun | permanent link to this entry

Wed, 17 Dec 2008

fun with diskspace

with in the span of about 8 hours i've run into two separate files not having their disk usage released. one a process was holding open and just needed a restart. the second was on a nas and the files had been deleted but the filesystem hadnt been synced, so running sync explictly was needed


so first hit lsof then try sync if rm isnt giving back space, then probably check for hard links if either of these didnt do it

posted at: 07:46 | Tags , | path: /sysadmin | permanent link to this entry

Mon, 15 Dec 2008

Netmap - Django network map

At my current job we have no solid documentation of what ip's are in use and if any have been reserved for upcoming projects or have been taken as virtual or fallback ips. so my remmedy to this was to create a quick django app to record hosts and display available ips.


Netmap uses a cronjob running nmap to dump network info in to files in /tmp, after a file is recorded its parsed and logged, also the nmap scan should be run as a standard user. Ips displayed with the django app hold info regarding hostname, status, if the ip has been reserved, a generic note field, and which network the ip is on.



netmap.tar.gz

posted at: 07:33 | Tags | path: /sysadmin | permanent link to this entry

Fri, 03 Oct 2008

openldap + replication + rhel = fuck redhat

Recently at work I've been putting a centralized auth server with ldap and kerberos, for the first stage of the role out this has gone smoothly. stage 2 has been to setup slave servers and replication for both kerberos and ldap. Kerberos aside from an acl issue and some weirdity with server names went pretty quickly. ldap on the other hand was a pain in the ass of titanic proportions.

I began by setting up the master server to push out changes via slapd and all other necessary changes for replication, this went quickly once i figured out that ldap configs are whitespace dependant. then the time came to setup the slave, this machine already had ldap installed so all i needed to do was copy over the configs from the master and remove the lines refering to replication and blast the existing database. Now the time to came to copy the existing database over from the master, a few minutes of scp and i had the database.

this is where the fun came in.

with everything in place i start the slave server up, error on the database due to a bdb version error, the slave machine is rhel 4 with bdb 4.2 and the master is rhel 5.2 with bdb 4.3 installed. so i upgrade bdb on the slave and start up the server again, only to have it fail complaining about bdb errors again. This confused the fuck out of my as they only version of libdb on the system was 4.3. At this point a friend suggested i run ldd on slapd and check how everything was linked. this is what i found.

slave:
ldd /usr/local/libexec/slapd 
	libdb-4.4.so => /usr/lib/libdb-4.4.so (0x0087e000)
	libpthread.so.0 => /lib/tls/libpthread.so.0 (0x00672000)
	libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0x005bc000)
	libdl.so.2 => /lib/libdl.so.2 (0x005b6000)
	libcrypt.so.1 => /lib/libcrypt.so.1 (0x00603000)
	libssl.so.4 => /lib/libssl.so.4 (0x00111000)
	libcrypto.so.4 => /lib/libcrypto.so.4 (0x00145000)
	libresolv.so.2 => /lib/libresolv.so.2 (0x00633000)
	libc.so.6 => /lib/tls/libc.so.6 (0x00489000)
	/lib/ld-linux.so.2 (0x0046b000)
	libgssapi_krb5.so.2 => /usr/lib/libgssapi_krb5.so.2 (0x00c6d000)
	libkrb5.so.3 => /usr/lib/libkrb5.so.3 (0x00cd8000)
	libcom_err.so.2 => /lib/libcom_err.so.2 (0x00484000)
	libk5crypto.so.3 => /usr/lib/libk5crypto.so.3 (0x00831000)
	libz.so.1 => /usr/lib/libz.so.1 (0x006bc000)

master:
ldd /usr/sbin/slapd
	linux-gate.so.1 =>  (0x00634000)
	libslapd_db-4.4.so => /usr/lib/tls/i686/libslapd_db-4.4.so (0x001ad000)
	libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0x00f1c000)
	libssl.so.6 => /lib/libssl.so.6 (0x00110000)
	libcrypto.so.6 => /lib/libcrypto.so.6 (0x002a9000)
	libcrypt.so.1 => /lib/libcrypt.so.1 (0x003dc000)
	libresolv.so.2 => /lib/libresolv.so.2 (0x00181000)
	libpthread.so.0 => /lib/libpthread.so.0 (0x00a3b000)
	libltdl.so.3 => /usr/lib/libltdl.so.3 (0x0068b000)
	libdl.so.2 => /lib/libdl.so.2 (0x005da000)
	libwrap.so.0 => /usr/lib/libwrap.so.0 (0x006c6000)
	libc.so.6 => /lib/libc.so.6 (0x00afe000)
	libgssapi_krb5.so.2 => /usr/lib/libgssapi_krb5.so.2 (0x00f88000)
	libkrb5.so.3 => /usr/lib/libkrb5.so.3 (0x0040e000)
	libcom_err.so.2 => /lib/libcom_err.so.2 (0x0059f000)
	libk5crypto.so.3 => /usr/lib/libk5crypto.so.3 (0x00db0000)
	libz.so.1 => /usr/lib/libz.so.1 (0x00194000)
	/lib/ld-linux.so.2 (0x00165000)
	libnsl.so.1 => /lib/libnsl.so.1 (0x004a1000)
	libkrb5support.so.0 => /usr/lib/libkrb5support.so.0 (0x00701000)
	libkeyutils.so.1 => /lib/libkeyutils.so.1 (0x00155000)
	libselinux.so.1 => /lib/libselinux.so.1 (0x00a76000)
	libsepol.so.1 => /lib/libsepol.so.1 (0x00773000)

the fuck is this libslapd_db-4.4.so => /usr/lib/tls/i686/libslapd_db-4.4.so (0x001ad000) redhat decided it was awesome to compile ldap against version 4.4 of bdb and then install another lib , why for fuck sake would they do that. if there is a legit problem with bdb 4.3 why not just upgrade the version the rest of the os uses. fuck redhat

posted at: 04:56 | Tags | path: /sysadmin | permanent link to this entry