nareshovの日記

(TL note: nareshov's diary)

Archive for the ‘LAN’ Category

OpenVZ on a Softlayer managed server

leave a comment »

A post to record list of changes that were made to the configuration to get networking to work within the VZ containers on a managed hardware node.

Softlayer provisions CentOS machines with two bonded network interfaces: bond0 connected to their private network and bond1 to the public. We got a “portable” private network subnet and got them converted to “routed to subnet” so that all IPs in that subnet are usable (instead of 3 of them getting reserved into a broadcast IP, gateway IP and broadcast IP).

OpenVZ sends ARP requests when it’s trying to initialise a container and the interface to which the requests are to be sent has to be explicitly specified in this multi-network case. So, fix the NEIGHBOUR_DEVS variable in /etc/vz/vz.conf before you pick IPs from your portable subnet pool and start assigning it to your containers.

With that, you should be able to ping these containers from other nodes in your primary private subnet and vice versa. But you won’t be able to ping public IPs from within the containers yet. This doesn’t require you to assign public IPs to the containers too. A NAT rule on the host node should fix this: iptables -t nat -A POSTROUTING -o bond1 -j MASQUERADE

Took me a while to recall/realise that the lack of ARP requests in SL’s network was necessary. The NAT rule was something I found later on on the internet.

Advertisements

Written by Naresh

April 19, 2012 at 4:04 pm

Posted in LAN, Software

Using Dnsmasq to serve from a central /etc/hosts

leave a comment »

Recently at $work, I came across a situation where: a. public DNS records are served off of a GoDaddy account and b. a couple of domain names needed a office network-wide override pointing it to IPs in the local network.

i.e.

dig +short @8.8.8.8 qa.example.com

<returns public IP>

dig +short qa.example.com

<returns private IP>

If there aren’t too many consumers for this name resolution, we could’ve done with putting in entries into /etc/hosts on each consumer host. But our consumer hosts included a lot of android phones. And we didn’t want to root them all to be able to modify their /etc/hosts.

If we were running our own DNS server in our DMZ, we could’ve configured the infamous split-DNS setup through BIND or tinydns. (Un)fortunately, we didn’t.

The first "workaround" to this was to maintain a duplicate zone for example.com on our local DNS server (the one served by our DHCP server) and override the records as required. This would soon start to suck.

A colleague of mine – who didn’t take my word that the above two methods are our only options available – persevered through the PowerDNS docs and found an option where it could serve off the host’s /etc/hosts file. Now what was brilliant about this was, adding a ‘192.168.1.223 qa.example.com’ into /etc/hosts effectively solved the problem we had!

We didn’t really needed a full-fledged DNS server like PowerDNS and I looked if dnsmasq could solve the same problem – and it does.

[root@blr-vbox1 ~]# egrep -v ‘^#|^\B+’ /etc/dnsmasq.conf
bogus-priv
resolv-file=/etc/resolv.conf.isp
interface=eth0
no-dhcp-interface=eth0
no-dhcp-interface=lo0
conf-dir=/etc/dnsmasq.d

Our ISP’s DNS servers go into /etc/resolv.conf.isp

Ensure that the host that’s running dnsmasq has only ‘nameserver 127.0.0.1’ in /etc/resolv.conf and put in all your entries to be served into /etc/hosts.

Written by Naresh

December 2, 2011 at 12:12 pm

Posted in LAN, Work Life

Updates as of 25th Feb., ’09

with 3 comments

Hello. I’ve got some fresh news here – http://timesofindia.indiatimes.com/India/Bloggers-can-be-nailed-for-views/articleshow/4178823.cms

Getting back to the post, a lot of things, as usual, have happened in the past couple of months. FOSSKriti- IITK’s FOSS event during Techkriti was once again organised this year and turned out pretty well. Here‘s a longer account.

More interesting updates in the campus include the introduction of a modern internet service in the campus. I can now stop looking for alternatives to necessary applications with HTTP(connect) proxy support. Our campus can now boast of a 1GBps internet connection (the whole country’s bandwidth is apparently 33GBps). Back then (four years ago), we started off with a measly 2MBps connection which went higher and higher up with time – eventually leading us all to this pleasant surprise. Well, pleasant or not is another day’s debate… approx 4.5 crores p.a. for such bandwidth (turns out to about 1lac per day!).

OS update: Used Windows Vista for more than a semester, then Windows 7 Beta for about a couple of weeks or more. Now on Debian 5.

Music update: check my last.fm page.

Written by Naresh

February 25, 2009 at 5:37 pm

Sad state of affairs in IITK

with one comment

This institute’s administration is as pathetic as it can be. Most people in the administration work without thinking even a little about what they’re doing. They give you the “I was told to do so by my superiors” line even when it is clearly visible that they don’t understand why they’re doing it. Let’s start with something as useless as the SiS. SiS is a private security organisation in the campus. They do some of the most stupidest things possible and whatever they do, the thefts continue to happen. A week ago, in a neighbouring wing, 3rd storey, a theft occured late in the night. Sunil was sleeping with his door open (the weather is very hot and humid these days) for the cool air to drive out the heat and humidity from his room. He didn’t expect a thief to go all the way up to his room in the 3rd storey and steal his whole wallet (maybe a cell-phone was lost too). His wallet not only had money, but his institute ID-card. Yet again, the SiS fails.

If you happen to have a laptop and use a typical long-strapped laptop-bag, you’re in bad luck. You’ll be asked to enter your name, time of entry and exit, and sign in a worn-out register every time you visit your lab or leave/enter your own hall. God only knows if those guards make any sense at all of what you’ve written with your hands which are more used to computers than a pen. The funny part is here: carry your laptop in a backpack kind of bag and they won’t ask you a thing. Carry even an empty laptop-bag and you’ll spend two minutes explaining to them that your bag is empty.

Hall 1 has three gates. One of them is open round the clock, the other was sealed off by the Director some years ago during a summer (no idea why it was done even though it’s the closest gate to the academic area) and the other one, that is closer to the CSE lab area, is closed after 22:30. Now why does this happen? I don’t really know. Many of us who leave the lab long after 22:30 are out of luck, we simply have to walk all the way to the gate on the other side of the Hall. Back in my old school, we had security cameras which could rotate in any angle and monitor movements. I wonder why a “high-tech” institute such as ours never considered that over the mostly useless SiS.

Let’s get to the UG office now. Nobody can be more annoying than these pricks here. They fail at even counting the number of backlogs you have. This particular “Programme Advisor” (yeah, right) of the Y4 batch who even signed my manual-registration form last summer for a science-elective now claims that SEs aren’t offered during the summers and therefore I’m considering this SE as an OE(!). I’ve tried explaining to him that I don’t have any OE backlogs and his stupid decision (which I think he made by himself) is shoving another OE down my throat. He refuses to talk anymore about it and asked me to get (yet another) letter from the DUGC.

I haven’t registered for any courses this summer, I didn’t want to go through this confusing, pointless exercise with these morons again. I decided to stay for another year and take it slow and easy, without having to deal with these monkeys. I really think Prof. Dheeraj Sanghi’s tenure as the SUGC was the best. He’s the kind of person who doesn’t mind thinking a bit, even if it breaks a little sweat. During his tenure, we could easily swap future courses from our template to-and-fro and do it the way convenient to us (very handy when your programme is a bit screwed and time-clashes or pre-requisite conditions doesn’t let you follow the prescribed course-structure). This time, the current SUGC (sorry, neither can I spell his name nor pronounce it, I just remember a “Ghost” in his name) refuses to think even a bit and let the students with backlogs do future courses from their templates that are offered during the summer. Roughly 40 students went empty handed because of this on the day of registration. Oh, and courses mysteriously pop out of nowhere at the last minute. One of my friends who spent the whole duration for which registrations were open running around never realised that a course he had a backlog in was offered in the last minute. By total chance he stumbles upon it from a junior whom we met when we were heading towards the CR for lunch the next day. More nonsense: instructors are supposed to evaluate the end-semester answerbooks and give out the grades in a time-frame of 72 hours after the end-semester exams. They do come up with grades and submit them to the UG Office and the Counseling Service. It’s been over a few weeks now and I still don’t know my grades. Only the ones I got an F in (I got one this time) were informed to me through my DUGC a few weeks after the end-sems. Thankfully, that was before the summer registration day, or people wouldn’t know if they could re-take those courses in the summer term. Couple of my juniors have a skewed programme ahead of them simply because they weren’t allowed to take a future course in the summer. The things that happen when the authority refuses to think and simply take the easy way out by following the rule-book or going by what their superiors say.

Talking about superiors, the Director is somewhat like a little Hitler here. There have been about 5 to 6 suicides (sense the apathy here?) in the campus during my stay here (4 years now). The Director has formed committees over committees and so has the Students’ Senate to come up with steps to take to curb these mishaps. The Director isn’t happy with any of them after the latest suicide (a few weeks ago, during the end-semester exams) and has taken decision making into his own hands and poof, no internet for you after 00:00 in the student dormitories. No internet – yes, no LAN – no. Although inter-hall LAN doesn’t work, intra-hall is still lively and dare I say, the gaming and late-night movie watching has increased! And, yes, most halls have their own direct-connect hubs now that function during the 00:00 to 06:00 internet curfew. People continue to watch movies, play games, whatever. It’s people like me who aren’t really into movies or games and use the internet for, again, dare I say, useful purposes that suffer. More on this at Arun’s post here. Sigh, all this makes me just as sick (or more) than it makes Arun. Even my friend from NIT-Suratkal who’s here for the summer doing a project says that his campus’s internet policies are way better. Heck, I don’t get it one bit, what is our adminstration thinking? They recently upgraded the internet bandwidth to 100MBps, removed the HTTP proxy accounting (you can download as much as you want! – it used to be 500MB per month, which was increased to 1GB and then 3GB and now -infinity-). Pirated movies, tv-serials, music, games, software continue to pour in in such quantities that there are two internal torrent trackers (and three main direct-connect hubs) in our LAN.

It’s a sad, boring, lazy life here. Most seem to have gotten over the internet-curfew already.

Written by Naresh

May 21, 2008 at 1:05 pm

Getting Kopete to work* on KDE 3.x

with 2 comments

To work* – My work environment’s network is a LAN shared by about 2000 users. We don’t have the neat NAT’ed type connections or transparent proxy setups other universities in the rest of the world enjoy. Our access to the remaining world is through a HTTP caching proxy which supports connect-over-http.

Step 1:
$ sudo aptitude install tor dante-client

Step 2:
$ sudo vim /etc/tor/torrc

Have the following text inside it:

SocksPort 9050 # what port to open for local application connections
SocksListenAddress 127.0.0.1 # accept connections only from localhost


HttpProxy 172.31.1.233:3128
HttpProxyAuthenticator username:password


HttpsProxy 172.31.1.233:3128
HttpsProxyAuthenticator username:password

Step 3:
$ sudo vim /etc/dante.conf

Add the following:

route {
from: 0.0.0.0/0 to: 0.0.0.0/0 via: 127.0.0.1 port = 9050
protocol: tcp udp # server supports tcp and udp.
proxyprotocol: socks_v4 socks_v5 # server supports socks v4 and v5.
method: none #username # we are willing to authenticate via
# method "none", not "username".
}

You might want to allow from: 127.0.0.1/8 alone.

Step 4:
$ sudo invoke-rc.d tor restart

Step 5: Go to KDE’s Control Centre and enable SOCKS (select Dante) under Network Settings > Proxy

Step 6: Configure Kopete – use the ip of talk.google.com

Step 7: Get cursed for those extra-spaces Kopete sends by Pidgin users 😛

Written by Naresh

January 20, 2008 at 7:21 pm

Been a while again!

with 3 comments

So, I’ve been away from blogging for a while now. Several things have happened around me during this period.

Formation of the SSCVC:

We called for what might have been the first informal Anime-club meet at the campus. Most of were present (bheekling was asleep) and presented our idea for forming a formal club under the Students’ Gymkhana. We hadn’t thought of a name yet and we hadn’t met people either. The following weekend, we arranged for a show in the hall1 TV room. We were a little late and some people had turned back. But then, we went and called some people to come and watch :D. We screened the first two episodes of “NHK ni youkoso” and “GITS: GIG 1”. (Lord Vash’s wide-screen and , BigBong’s laptop were used). We couldn’t bear it anymore and basilisk and I decided to meet Amitabha Mukherjee (a prof. in the CSE dept., who we reportedly heard from Nishant Singh that he was into anime(!), which turned out to be false). He pointed us to Satyaki Roy’s direction >_>. Next stop was Suchitra Mathur ;). Bheekling got us appointment and LordVash, himself and I met her. She was interested with the plan and all that and we still hadn’t come up with the name. I remembered Genshiken and how it was about an anime club. I quickly googled to get its full-form. It was the SSMVC – Society for Study of Modern Visual Culture. In a day, we met with Satyaki and he suggested that we change it to SSCVC – Society for Study of Contemporary Visual Culture. Woah! We still haven’t put out our proposal for the club yet. Hopefully the iitk-animesociety should help us out here 😉

Revamp of my data:

I have two hard-disks. Started off with a Samsung 160GB SATA disk three years ago. It had a warranty of period of one year as compared to Seagate and I yet went with it :\. Something I soon realised was that Samsung and LG were these two Korean companies that dumped junk in India for a while (only recently have they set up their own plants in the country and get decent products). Another thing being – to not buy computer products such as hard-disks, motherboards or CPUs in Kanpur (and maybe in the whole of UP!) . One – I have personally come across cases where a dealer takes screwed up disks from you, refurnishes them and sell them to someone else. Same is the case with mobos and CPUs. A model of RAM you bought at one time won’t be available a few months later (suppose you have 512MB and wanted another identical stick – tough luck).

Some time ago (during the summers, I think), I had repartitioned my data and set up ZFS via FUSE on linux. Wasn’t production ready and very shaky at times. Couldn’t share my whole data on DC++. During the past few days, basilisk had tried to install Gentoo and ended up cleaning up his 250Gb harddisk with Ubuntu :P. I transferred all my Anime, Movie and TV onto his disk, the Music went into a confidential location. Set up four partitions on my reliable ATA Seagate disk, one Boot, one Root (20GB), one Swap and one large Home. The other unreliable disk is one big reisrefs partition 🙂 Removed my FreeBSD and that extended partition windows had created. I had played around with FreeBSD too to get good ZFS performance before I removed it. Updated to 7.0-CURRENT and zpool segfaulted at zpool import :\ Considering the hassles I’d have to go through if I had stuck with FreeBSD amd64, I decided to stay with Linux itself. If at all I need to experiment with any of those at a later point of time, they’ll be on a different hardware :X! (Notes: don’t ask me how I went to 7.0-CURRENT from within the campus)

Food:

Yes, I’ve been eating mostly in the canteen or at the gate. I spent a lot of money. Just for food. (I payed off my earlier debts too)

Classes(!):

I haven’t been to classes for a couple of weeks. It’s a bad thing. It suddenly turned cold here and you feel like staying in your bed like nothing else’s important. Exams are coming soon – 8th Oct.! I have to do whatever has to be done. This sucks 😐 For now, I should try not to waste time on anything else (:P).

Written by Naresh

September 29, 2007 at 12:28 am

A New Semester

leave a comment »

Been a week since the new semester began. All the initial registration/post-registration/add-drop exercise is finally over (damn! we need to replace those UG office clerks by software :X).

The first week tends to be a little boring and happens to give me time to check out distros 🙂 (Has this become a semesterly-routine after I’ve started using Gentoo :})
This semester’s distro check was special. Tired of endless compiles on my 1800Ghz AMD64 machine I went out looking for candidates that could replace my Gentoo.
First, it was OpenSUSE. The last time I tried OpenSUSE was version 10.0 – had given up after experiencing KDE apps crashing. This time, it was beranger’s blog that prompted me to give it another shot and 10.2 ended up occupying my harddisk for a couple of days :P.

OpenSUSE seems to not respect GNOME’s default look and try customise it with mono-goodness (sarcasm? maybe). Novell is into UI and Interaction design research and all that, maybe they are doing a better job. Probably just me not able to cope up with a new default GNOME look-feel-experience after using upstream’s for a long time. OpenSUSE did have a lot of packages and yet there were several unofficial repositories floating around. IIRC there was privoxy in one of them but no tor 😐 (which I need in order to browse sites such as Orkut in my campus). For some reason, the beagled seemed to use up a lot of CPU although I thought it must’ve finished the first-time crawl after the install. The package-manager (Yast2) did a nasty job (refreshing mirror info) at every fireup – was annoying.

Next up was OpenBSD. I had tried this one out once during it’s 3.8 days. Now it’s 4.1 and expected my sound device to work. Unfortunately it didn’t. All that disabling and enabling USB etc. just made me give up on this. Their packages are sweet though. KDE was well packaged (except for konqueror crashing at times when I’m browsing the openbsd ftp mirror). GNOME was stuck up at 2.8 I think.
Ah yes, I tried FreeBSD before this and after too. I had done a silly thing with

setenv ftp_proxy username:passwd@proxy:3128

and blamed fetch for timing out 😛 (that was silly of me, I even managed to get people flaming on wget vs. fetch on ##FreeBSD =P.
The correct scheme was

setenv ftp_proxy http://username:passwd@proxy:3128

. For some reason portsnap never worked for me. (It could fetch, but not extract). Was a little weary of the i386 packages. Thought they were suboptimal. Tried out amd64 too. No ease. FreeBSD doesn’t satisfy my desktop-usage needs.

After seeing Rohit going ga ga over freeculture and fedora thought I’d try fedora too! Oh yeah, Manu Vajpai was distro-hunting too. He too was “let’s try this one out dude”. Since my DVD writer doesn’t seem to write properly I started using my brains a little and downloaded the fedora install cd’s kernel image and initrd and put in on my /boot. I quickly downloaded the F-7 DVD from one of the mirrors on LAN onto my hard disk. Next boot was a simple grub command line invocation to boot fedora’s installer kernel and point at my DVD iso on the hard disk. Installation was fast :}. The fun ends soon though. For some reason I wasn’t comfortable even after disabling SELinux. There was no linuxdcpp in the repositories – which gives you a clue that there is something missing here, more like, “this distro is so damn US-centric that it doesn’t even have a p2p program that’s immensely popular in Europe and LANs in India”. Probably something else. They’re one of the few distros that have Indic fonts.

It looked like I missed an important distro. Yes – Debian. I was playing with debian when amd64 port was still unofficial. Now the port is not only official but has plenty of packages that interest me. No need for unofficial repositories and all related hassle. I used a netinstallation CD which was a weekly snapshot of the testing version. Unlike Fedora or OpenSUSE, this netinstall CD has support for (authenticating) proxy! This is amazing for us “third world” countries who depend on proxy servers while some institutes enjoy class A networks. Well, let’s leave that for another day. I upgraded to sid/unstable and nothing has broken so far – unlike ubuntu in the < 6.04 days (haven’t used the recent versions and don’t plan to).
Debian is maturing. It’s always been. Today, I see useful apps such as the module-assistant. Handy when it comes to dealing with nvidia drivers. The Iceweasel and Icedove is something else. Doesn’t matter to me as long as it does my job like Firefox and Thunderbird did.

TODO: get ZFS-fuse working 🙂

Written by Naresh

August 8, 2007 at 11:49 pm