jarmund - Developer IT

Default route not on LAN

- by jarmund

I have a network that in principle looks like this: H1---\ /----Inet1 H2---->---GW1---< H3---/ \----GW2-----Inet2 H1 and H2 = Hosts that need access to internet with GW1 Inet1 = Internet link over 3G connection Inet2 = 5GHz link to Internet (not always up) GW1 = Works as a router, automatically picking the "best" connection between Inet1 and Inet2 (the latter via GW2). GW2 = 5GHz wifi router And here's the problem: H3 only needs internet access when Inet2 is up. What i was thinking of doing was a routing table that looks like this: route to GW2 via GW1 default route is via GW2 I first set the route to GW2 via GW1 without a problem. But when i try route add default gw 1.2.3.4 (1.2.3.4 being the IP of GW2), it complains "SIOCADDRT: No such device" Is the problem that the default gw i'm trying to set is not reachable directly? Is there a different approach that would allow me to achieve this? An alternative (and hypothetical) approach: Since H3 will be using a static IP, is it possible to do some magic with iptables on GW1 to forward any packets from H3 to GW3, thereby "tricking" H3 into using GW2 as its default router?

Read the article

Making lighttpd redirect from www.exampe.com to www.example.com/cgi-bin/index.pl

- by jarmund

What the title says.. www.example.com is defined in lighttpd.conf as a virtual host: $HTTP["host"] =~ "(^|\.)example.com$" { server.document-root = "/usr/www/example.com/http" accesslog.filename = "/var/log/www/example.com/access.log" $HTTP["url"] =~ ".pl$" { cgi.assign = (".pl" => "/usr/bin/perl" ) } } However, instead of going by the files listed in index-file.names (the usual index.html, default.html, etc), i want all requests to the root of the virtual host to be forwarded to /cgi-bin/index.pl. What's the easiest/best way of doing this? This need is a special case, and will only apply to this virtualhost. Is it possible to have that particular virtualhost send a redirect in the header?

Read the article

dhcpd pool exhaustion - What's the result?

- by jarmund

I have a DHCP server that serves leases to several houndred, maybe up to a thousand, different clients on an average day. The pool consists of 242 IPs, and due to the highly dynamic nature of the network, it's enough 99% of the time (most devices are gone from the network in a few minutes), despite having a lease time of 3600. Now, imagine if more clients than that connect to the network during an hour. The sollution is obvious: Decrease lease time, or increase the DHCP pool, however, what i would like to know: What happens when dhcpd has exhausted the pool? Are new DHCP requests simply ignored?

Read the article

moving files and directories between two machine, via a third, preserving permissions and usernames

- by Jarmund

The situation is as follows: Machine A has a file repository accessible via rsync Machine B needs the above mentioned files with all permissions and ownerships intact (including groups etc) Machine C has access to both A and B, but has a completely different set of users. Normally, i would just rsync everything over, directly between A and B, but due to severely limited bandwidth at the moment, i need something different, as rsync times out after building the list of the 430 files (49Mb uncompressed... can be compressed down to ~7Mb). What i've tried so far: rsync everything over from A to C, tar it, copy the tarball over, and then untar it, however, this messes up the ownership and/or the permissions. To rsync it from A to C, i run this command: rsync --numeric-ids --password-file=/root/rsync_pwd_file -oaPvu rsync://[email protected]/portal_2/ ./portal_2/ ...and from the looks of things, they do end up on C with the correct ownerships/permissions/flags/everything (not 100% sure, though.. are there any more switches i can throw in there? did i miss something?) copying the tarball over is simple enough (slow as a one-legged turtle due to the bandwidth, but it checksums out alright) What i'm unsure of is the flags and switches for creating and extracting the tarball, so could someone please provide the full commands for creating a tarball from /root/portal_2 on machine C (with everything intact) and extracting the tarball into /var/ex/portal_2 on machine B? ? Also, are there any other approaches worth mentioning that could allow me to perform this? I have root access to A and C, whereas i only have rsync access to B. PS: I'm running rsync v2.6.9 on machine B, and unfortunately i do not have the oportunity to upgrade to v3

Read the article

Preventing endless forwarding with two routers

- by jarmund

The network in quesiton looks basically like this: /----Inet1 / H1---[111.0/24]---GW1---[99.0/24] \----GW2-----Inet2 Device explaination H1: Host with IP 192.168.111.47 GW1: Linux box with IPs 192.168.111.1 and 192.168.99.2, as well as its own route to the internet. GW2: Generic wireless router with IP 192.168.99.1 and its own route to the internet. Inet1 & Inet2: Two possible routes to the internet In short: H has more than one possible route to the internet. H is supposed to only access the internet via GW2 when that link is up, so GW1 has some policy based routing special just for H1: ip rule add from 192.168.111.47 table 991 ip route add default via 192.168.99.1 table 991 While this works as long as GW2 has a direct link to the internet, the problem occurs when that link is down. What then happens is that GW2 forwards the packet back to GW1, which again forwards back to GW2, creating an endless loop of TCP-pingpong. The preferred result would be that the packet was just dropped. Is there something that can be done with iptables on GW1 to prevent this? Basically, an iptables-friendly version of "If packet comes from GW2, but originated from H1, drop it" Note1: It is preferable not to change anything on GW2. Note2: H1 needs to be able to talk to both GW1 and GW2, and vice versa, but only GW2 should lead to the internet TLDR; H1 should only be allowed internet access via GW2, but still needs to be able to talk to both GW1 and GW2. EDIT: The interfaces for GW1 are br0.105 for the '99' network, and br0.111 for the '111' network. The sollution may or may not be obnoxiously simple, but i have not been able to produce the proper iptables syntax myself, so help would be most appreciated. PS: This is a follow-up question from this question

Read the article

Checking if an SSH tunnel is up and running

- by Jarmund

I have a perl script which, when destilled a bit, looks like this: my $randport = int(10000 + rand(1000)); # Random port as other scripts like this run at the same time my $localip = '192.168.100.' . ($port - 4000); # Don't ask... backwards compatibility system("ssh -NL $randport:$localip:23 root\@$ip -o ConnectTimeout=60 -i somekey &"); # create the tunnel in the background sleep 10; # Give the tunnel some time to come up # Create the telnet object my $telnet = new Net::Telnet( Timeout => 10, Host => 'localhost', Port => $randport, Telnetmode => 0, Errmode => \&fail, ); # SNIPPED... a bunch of parsing data from $telnet The thing is that the target $ip is on a link with very unpredictable bandwidth, so the tunnel might come up right away, it might take a while, it might not come up at all. So a sleep is necessary to give the tunnel some time to get up and running. So the question is: How can i test if the tunnel is up and running? 10 seconds is a really undesirable delay if the tunnel comes up straight away. Ideally, i would like to check if it's up and continue with creating the telnet object once it is, to a maximum of, say, 30 seconds.

Developer IT