Entries Tagged as 'How-to'

RADIUS Server on Fedora

RADIUS Server is commonly used in network AAA. It provides authentication by UDP port 1812, accounting by UDP port 1813 and proxy by UDP 1814. To setup RADIUS Server on Fedora is simply.

First, we need install Free Radius to Fedora

sudo yum -y install freeradius

Then, we need to configure client.conf file

vi /etc/raddb/client.conf

client 192.168.50.60/24 {
secret = 1a2b3c4d
shortname = freeradius
}

Then, we need assign user name and password

vi /etc/raddb/users

“John Smith” ClearText-Password := “cowsgomoon”

Later on, we can start radius deamon by -X option for debugging purpose.

radiusd -X

Of course, you can start radius server by using service command

service radiusd start

Tags: How-to, Linux by hengdu
No Comments »

Start to be network expert

Today is very meaningful to me. I have been Canadian Citizenship from now on. Although there are only 33 million people lived in here, I will be free as bird to be a citizenship.

Also, I decided to start to pursue to be a network expert. This blog will be my notes for every knowledge point.

The following will be my first one.

To prepare lab, we need Cisco simulators. All CCIEs around me, (I mean, truly, they are sitting around me), recommend dynamips. You can get some detailed information from dynagen. You can start your router simulators separately in one local machine, or, you can use dynagen to have central management from CLI interface. I prefer start router separately. The command is to start a brand new router (Cisco 3660) with NM-4T module. You also need to setup –idle-pc value if you don’t want to use the whole CPU. You can bind fa0/0 and fa0/1 to your physical interface. Then, just enjoy your trip.

dynamips -P 3600 -i 2 -X -r 256 ./3660.image -t 3660 –idle-pc=0x60680cb0 -s 0:0:linux_eth:eth3 -s 0:1:linux_eth:eth0 -p 1:NM-4T

Tags: How-to by hengdu
No Comments »

Happy Mom and Dad’s Day – The Living Years

Long time no listen. Finally found out. Happy Mom and Dad’s Day.

YouTube – Mike & The Mechanics – The Living Years

Tags: How-to by hengdu
No Comments »

FTP Active Mode vs. Passive Mode

Since we need to deal with firewall between FTP clients and server, the following diagram shows that two modes of FTP. So, we can design more accuracy firewall policy by applying different modes.

FTP Active vs. Passive

The following is quoted the pros and cons:

Active FTP is beneficial to the FTP server admin, but detrimental to the client side admin. The FTP server attempts to make connections to random high ports on the client, which would almost certainly be blocked by a firewall on the client side. Passive FTP is beneficial to the client, but detrimental to the FTP server admin. The client will make both connections to the server, but one of them will be to a random high port, which would almost certainly be blocked by a firewall on the server side.

Tags: How-to, Linux, Networks by hengdu
No Comments »

vsftpd put “553 Could not create file” solution

I set up a new FTP server by using vsftpd. I observed that I could get file but failed to upload file. After investigation, I found out there are three points I should concern about.

First, write_enable=YES in /etc/vsftpd/vsftpd.conf

Second, system-config-firewall to enable command port 21 and data port 20.

Last, system-config-selinux to set Boolean ftp_home_dir to 1

After service vsftpd restart, I can get and put file in my home directory.

Tags: How-to, Linux by hengdu
2 Comments »

tftpboot directory changed in FC9

One change in FC9 is tftpboot directory. In the previous release, after installed tftp-server, it created /tftpboot directory. In FC9, the directory change to /var/lib/tftpboot/. The reason I guess is to keep root directory more clear.

Tags: How-to, Linux by hengdu
No Comments »

C/C++: srand() and rand() to get random numbers

We can simply design a 6/49 lottery selector by randomly get numbers from 1 to 49. We will use srand() and rand().

srand() initializes random generator by argument seed. Normally, we use time() as seed.

srand( (unsigned int) time( (time_t *) NULL) );

rand() is function call to generate numbers which initialized some distinctive value using srand(). We can get number from 1 to 49 by mod 49 and plus 1.

(rand() % 49) + 1;

Tags: Coding, How-to by hengdu
No Comments »

Quick LVM

The following is to quickly configure new added hard drive for CentOS 5.

This creates a partition for the disk

#fdisk /dev/sda

This creates a volume group descriptor at the start of disk.

# pvcreate /dev/sda

This creates a volume group descriptor at the start of the /dev/sda1 partition.

# pvcreate /dev/sda1

This creates a voluem group

# vgcreate NewVolGroup /dev/sda1

If you want to create an logic volume that uses the entire volume group, use vgdisplay to find the “Total PE” size, then use that when running lvcreate.

# vgdisplay NewVolGroup | grep “Total PE”
Total PE 10230
# lvcreate -l 10230 NewVolGroup -n NewLogicVol

This creates a file system

# mkfs.ext3 -b 4096 /dev/NewVolGroup/NewLogicVol

Mount to somewhere

# mkdir /somewhere
# mount /dev/NewVolGroup/NewLogicVol /somewhere

Add one line to /etc/fstab

/dev/NewVolGroup/NewLogicVol /somewhere ext3 defaults 1 2

Done

I also would like to add a diagram from linuxconfig.org

Lvm

Tags: How-to, Linux by hengdu
No Comments »

Nslookup vs. Dig

Sadly, I heard nslookup will be gone with the wind. But luckily, we have dig to get more detailed information about domain name. The following are comparison of two commands for www.google.com

[root@hengdu ~]# dig www.google.com

; <<>> DiG 9.5.0b1 <<>> www.google.com
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 37711
;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 7, ADDITIONAL: 7

;; QUESTION SECTION:
;www.google.com. IN A

;; ANSWER SECTION:
www.google.com. 105861 IN CNAME www.l.google.com.
www.l.google.com. 300 IN A 66.249.91.99
www.l.google.com. 300 IN A 66.249.91.103
www.l.google.com. 300 IN A 66.249.91.104
www.l.google.com. 300 IN A 66.249.91.147

;; AUTHORITY SECTION:
l.google.com. 24160 IN NS e.l.google.com.
l.google.com. 24160 IN NS f.l.google.com.
l.google.com. 24160 IN NS g.l.google.com.
l.google.com. 24160 IN NS a.l.google.com.
l.google.com. 24160 IN NS b.l.google.com.
l.google.com. 24160 IN NS c.l.google.com.
l.google.com. 24160 IN NS d.l.google.com.

;; ADDITIONAL SECTION:
a.l.google.com. 24373 IN A 209.85.139.9
b.l.google.com. 24255 IN A 64.233.179.9
c.l.google.com. 24160 IN A 64.233.161.9
d.l.google.com. 24373 IN A 66.249.93.9
e.l.google.com. 24311 IN A 209.85.137.9
f.l.google.com. 38846 IN A 72.14.235.9
g.l.google.com. 24553 IN A 64.233.167.9

;; Query time: 13 msec
;; SERVER: 65.39.139.53#53(65.39.139.53)
;; WHEN: Tue Feb 19 10:40:52 2008
;; MSG SIZE rcvd: 340

[root@hengdu ~]# nslookup www.google.com
Server: 65.39.139.53
Address: 65.39.139.53#53

Non-authoritative answer:
www.google.com canonical name = www.l.google.com.
Name: www.l.google.com
Address: 66.249.91.147
Name: www.l.google.com
Address: 66.249.91.99
Name: www.l.google.com
Address: 66.249.91.103
Name: www.l.google.com
Address: 66.249.91.104

Tags: How-to by hengdu
No Comments »

How to get percentage of package loss

Due to testing on the network, the package lost rate is needed. The following bash script shows how to get percentage of package loss. I split IP address to four segments since it will be easy to manipulate for loop.

PINGTMP=/tmp/ping.tmp

IP_1=`echo $IPADDRESS | awk -F”.” ‘{print $1}’`
IP_2=`echo $IPADDRESS | awk -F”.” ‘{print $2}’`
IP_3=`echo $IPADDRESS | awk -F”.” ‘{print $3}’`
IP_4=`echo $IPADDRESS | awk -F”.” ‘{print $4}’`
ping -t 5 -c 2 $IP_1.$IP_2.$IP_3.$IP_4 > $PINGTMP
pack_loss=`awk ‘/statistics/{getline;print $6}’ $PINGTMP`
echo $pack_loss

Tags: Coding, How-to, Linux by hengdu
No Comments »

« Previous PageNext Page »