Search Results

Search found 19676 results on 788 pages for 'setup cd'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 111/788 | < Previous Page | 107 108 109 110 111 112 113 114 115 116 117 118  | Next Page >

  • Why is it necessary to install EFI/rEFInd/UEFI/... on a SD Card since the Macbook Pro seems to already have it?

    - by user170794
    Dear askubuntu members, I own a Macbook Pro (late 2009) and when I boot the laptop and hold the alt key meanwhile, there is a EFI screen, so EFI is installed on... the firmware? I had a few troubles with my hard disk, so I had to change it, but I haven't installed OS X, I have only installed Ubuntu and still the EFI screen is there which is surely a good thing. As the new hard disk is making troubles again, I am using Puppy Linux, booting from a CD each time, which is unconfortable. So I am trying to have Ubuntu installed on a SD Card. After having spent many months on the internet grabing informations anywhere I can and trying several things, I applied this method: http://www.weihermueller.de/mac/ I succeeded in making one SD Card recognizable by the EFI of my laptop (holding alt key @ boot), but nothing installed on it yet as I fear to lose the recognizable-by-EFI part. I haven't succeded in producing the same result on another SD Card. I have a bootable USB key of Ubuntu (yipee) which works like a live CD, made with the help of Universal Linux UDF Creator, found there: http://www.pendrivelinux.com/universal-usb-installer-easy-as-1-2-3/ on which I have put Ubuntu 13.04 64bit, retrieved from the official deposits. Eventhough I have to add the "nouveau.noaccel=1" option to the grub command line launching Linux, it works (yipee again) properly as a live cd. When installing Ubuntu I come across the "where do I wanna put Ubuntu" window, I partition another SD Card in: the EFI part (40MB) the Linux part (15GB< <16GB) The installation works fine and finishes with no problem. But at the reboot, the SD Card where Linux is installed is not recognized by the EFI, the icons are : the CD (Puppy Linux), the USB stick (from Linux UDF Creator), the hard drive (the formerly-working Ubuntu 12) but no fourth icon of the SD Card whatsoever. As the title of this thread suggests, I am wondering: why there is a need for EFI to be installed on the SD Card since EFI seems to be on my laptop anyway? why EFI has to be on a different partition than the Linux's one? How do both parts communicate? why the EFI part on the SD Card made with the help of the live-USB key isn't recognized? on the EFI partition, there is a folder named "EFI" which contains another folder named "ubuntu" which contains a file named "grubx64.efi", why is there a thing called grub? Is it the Linux's grub where one can chose either to boot, to boot in safe mode, etc.? Thank you for your patience, looking forward for any kind of answer, Julien

    Read the article

  • Ruby Script Runner for Ubuntu Gedit

    - by Ygam
    I have this Java script runner installed in my gedit external tools: #!/bin/sh cd $GEDIT_CURRENT_DOCUMENT_DIR if javac $GEDIT_CURRENT_DOCUMENT_NAME; then java ${GEDIT_CURRENT_DOCUMENT_NAME%\.java} else echo "Failed to compile" fi I tried modifying to it to something like this #!/bin/sh cd $GEDIT_CURRENT_DOCUMENT_DIR ruby ${GEDIT_CURRENT_DOCUMENT_NAME%\.rb} but it doesn't work. I may have missed something, I don't know what because I don't do bash scripting. Hehe

    Read the article

  • bashrc script not accepting space in directory name

    - by faizal
    I have added a variable at the end of my ~/.basrc file : export xyz = /home/faizal/DEV/ADT workspace/xyz But if i open a new terminal, i get the error : bash: export: 'workspace/xyz': not a valid identifier So i try a variety of alternatives : export xyz=/home/faizal/DEV/ADT\ workspace/xyz export xyz="/home/faizal/DEV/ADT workspace/xyz" export xyz="/home/faizal/DEV/ADT\ workspace/xyz" export xyz='/home/faizal/DEV/ADT workspace/xyz' export xyz='/home/faizal/DEV/ADT\ workspace/xyz' They all give me the error when i try cd $xyz: bash: cd: /home/faizal/DEV/ADT: No such file or directory What am i doing wrong?

    Read the article

  • I can't install Ubuntu 12.04.1 on iMac G5

    - by user89004
    So, I have this iMac G5 that doesn't have iSight, only a small light sensor I think undernieth, machine model 8.2. I tried burning a Ubuntu 12.04.1 PowerPC 64bit .iso to a cd but the computer just won't boot it, I don't know why. Next I tried with a USB but it wouldn't let me boot that either, I created the usb on my dad's win7 laptop as the process was way easier than on freakin Mac or Ubuntu (no command typing AT ALL on windows) I'm able to get into openfirmware and type boot usb and it does show some weird writing that scrolls so fast I can't see anything and then it just gives me this huge no sign like a stop sign and freezez. The sign is grey and the line in the middle is tilted towards the left. An other issue I'm having with hdiutil is that I can't convert the stupid .iso I just downloaded into a .img because the file keeps on dissapearing right when it's done converting it. I used the syntax from Ubuntu support how to create a bootable usb drive under Mac OS X. I even didn't include the 2 stupid ~ that are shown in the syntax that are completly worthless, God only know why they put them there, and I even tried running the whole thing as root with sudo su before the command. The funny thing is that if I convert something smaller it works. The command I was using is hdiutil convert -format UDRW -o /path/to/target.img /path/to/ubuntu.iso I even tried hdiutil convert /path/to/ubuntu.iso -format UDRW -o /path/to/target.img but the same thing happens, the dummy .img.dmg file dissapears when the conversion is done no matter where I set the output file to go. I have tried several different folders, the same thing happens with all of them. I also tried burning a Ubuntu mini iso on a cd, can't remember if it was 11.10 or 12.10 but even thoguh holding c when the iMac boots up does show me the cd and I can boot from it, I get this weird error upon hitting install, it says something like invalid memory access, release keys and error strings I can't read. I don't have any original DVDs from this iMac and can't run hardware diagnostics. WHatever option I try at the command prompt from the mini ubuntu cd I get the same result, error code and openfirmware backdrop that's frozen. I noticed that the pen drive I created on my dads Win7 laptop is formated with MS-DOS but I can still mount it no problem, so it shouldn't have a problem booting it, right? I used the advice on ubuntu.com to make it, from here. Also, my partition is HFS+ so I can't use it as a hard drive and boot from it. I don' have 2 partitions either, just one HDD, one partition. Please help!!!

    Read the article

  • Unable to boot ubuntu 11.10 from external usb drive

    - by user45006
    I'm new to Ubuntu (and actually all things Linux) as of this morning, so please excuse any stupid mistakes I may be making. I recently bought an external hard drive for my newly built PC (that is running windows 7 if it matters). I would like to install Ubuntu onto the external drive and boot from there. I downloaded Ubuntu 11.10 and made a bootable cd, unplugged my internal HDDs, plugged in the external drive, installed Ubuntu 11.10 on the external drive via the installer, and replugged in my internal HDDs. Then I set my bios boot order to: Boot from USB-HDD - Boot from Hard Disk - Boot from CD/DVD. Now when I restart I get the message "Starting Operating System..." (or something like that, I forget exactly what it says) that lingers on the screen for a moment and then windows starts. Any idea what the problem may be? ~Relevant info~ BIOS version: Award Software International, Inc. F2, 2/22/2011 Ubuntu Version: 11.10 External Hard Drive: Western Digital My Passport Essential 500GB Portable Hard Drive (Black) ~Things I've already tried~ 1) Unplug internal HDDs so that only external drive was plugged in via usb. Same thing happened only obviously my BIOS could not detect any hard drives besides the external one. When booting received error "Could not detect operating system" 2) Formatted external hard drive and re installed. It didn't make a difference, however interestingly when I booted from cd the ubuntu installer said it detected ubuntu 11.10 on the external hard drive. 3) Within BIOS I've messed around with every boot order combo I could think of both in the "Hard Disk boot order" screen and the "Boot order" screen. I'm a little confused of why there are two screens for this. 4) Held F12 during startup which opens (what I think is) the one time boot screen and it gave me the options "Hard Drive", "cd/dvd", "USB-FDD", "USB-cdrom", "USB-HDD", and "USB-something else I can't remember what it was". I tried all of them, but the same thing as before happened each time. ~References~ I noticed several people on askubuntu have tried to do something similar if not the exact same. In fact, I even found a post that pretty much outlines step by step exactly what I did... only their's worked. /jealous. Linky: Install Ubuntu or Kubuntu on a External USB Drive I'm willing to try a different version of ubuntu - it's not like my heart is set on 11.10, but it's a pain to open my case and unplug my internal hard drives so I'd prefer not to do this unless someone is reasonably confident it'll work. Thank you for all of your help in advance! I'm really looking forward to exploring Ubuntu!

    Read the article

  • lubuntu DVD not boot

    - by tuxi
    I downloaded from first link on http://lubuntu.net/ Burned a DVD with CD Burner XP in another PC , and at the main computer changed BIOS boot setting to look at CD DVD driver first. Now at the main computer there is an old Ubuntu 8 Hardy Heron. There is no direction when i put new burned DVD at DVD driver. Where am i wrong? Is there something that i misunderstand, for example lubuntu is really an OS which can be installed on harddisk?

    Read the article

  • Can I just download the Ubuntu ISO file to my USB and run it straight away with no installers?

    - by Paul Clarke
    I don't have access to running any installer at the minute so I knew that if running from the CD you just burn the iso file to the CD and your ready to go..but can I download this iso file to my USB and run it straight away when I change my bios to boot from USB?..or do I have to use the installer?..I can't use the installer for different reasons and I'm not really looking to install ubuntu just yet I just want to run it off my USB to try it out..so is it possible not to use the installer to put it on my USB? (I downloaded Ubuntu 12.10)

    Read the article

  • Read-only filesystem

    - by János Harsányi
    I've resized a partition (ext4) from a Live CD with GParted, and after reboot it says that the file system is read-only. I've rebooted again from the CD and checked it with GParted with no errors. How could I find out why does it re-mount the file system in read-only mode? edit: It starts normally, but after some time, the "/" mount point gets remounted with read only settings, so I think it does have errors eventually. Is there any other way to repair it?

    Read the article

  • How to resize a LVM partition?

    - by iiddaannyy
    I want to shrink my second (lvm) partition, so I can create a new partition in the freespace. I am using Live-CD to do so, because I know I can't resize/move this partition while it is in use. When I opened GParted in Live-CD, I realized that I could not resize the partition, because when I right-click it, the option "resize/move" is disabled. I tried to unmount it, to "lazy" unmount it (umount -l /dev/sda2) but it didn't work. A screenshot from GParted:

    Read the article

  • Installing Ubuntu by writing on the Hard Drive

    - by Alexandros Marinos
    I have a laptop whose CD drive is not operational and is too old to boot from a flash stick. I have bought a new hard drive for it for which I have an enclosure. Is there a way to configure the disk as an external to my current ubuntu setup, copy some form of ubuntu on the hard drive, place the HD in the old laptop, and have ubuntu install ubuntu from there? Effectively what I am asking about is some sort of live cd that installs on itself (since the HD is writeable).

    Read the article

  • Chrome Countdown Extension [migrated]

    - by Mike Saffold
    I have modified this countdown script to countdown to 4:20pm everyday. I have attempted to create a Google Chrome app that displays the countdown. The javascript is supposed replace a paragraph tag with id of "note" with the time left. It works when I load the page in chrome, but does not work when I load the extension. Example, if I put: <p id="note">asdf</a> I get just the text, "asdf", but when I open the html file I get the countdown. Here is the manifest.json file: { "name": "My First Extension", "version": "1.0", "manifest_version": 2, "description": "The first extension that I made.", "browser_action": { "default_icon": "icon.png", "default_popup": "popup.html" } } Here is the popup.html code: <html> <head> <title>4:20PM Countdown</title> <!-- Our CSS stylesheet file --> <link rel="stylesheet" href="http://fonts.googleapis.com/css?family=Open+Sans+Condensed:300" /> <link rel="stylesheet" href="http://treesmoke.com/cd/assets/css/styles.css" /> <link rel="stylesheet" href="http://treesmoke.com/cd/assets/countdown/jquery.countdown.css" /> </head> <body> <p id="note">asdf</p> <!-- JavaScript includes --> <script type="text/javascript" src="http://code.jquery.com/jquery-1.7.1.min.js"></script> <script type="text/javascript" src="http://treesmoke.com/cd/assets/countdown/jquery.countdown.js"></script> <script type="text/javascript" src="http://treesmoke.com/cd/assets/js/script.js"></script> </body> </html> Here's the popup.html page, showing that the script works. Thanks guys, it isn't that big of a deal if I can't get it to work. I was just bored and decided to learn a little.

    Read the article

  • GRUB problem after uninstalling mint

    - by Yehonatan Tsirolnik
    I've uninstalled Linux Mint 13 today from my netbook. The netbook was running Windows XP and Linux Mint on dual boot. I've deleted the Linux's partition and now whenever I turn on the computer I get "Partitation not found" grub error... I have no CD drive so I can't insert any repair CDs or XP CD. I'm currently hopeless. And now I can't even load Linux Mint from my USB drive... Can someone help me?

    Read the article

  • Minecraft help?

    - by Michael Duke
    I have tried several ways to get Minecraft to work I have had no results. I would much appreciate help. i have tried downloading it from Minecraft.net changing the permission and running it in terminal it crashed the second it opened so manually opened it from terminal using cd and bash commands it then said michael@MichaelsLaptop:~$ cd Downloads michael@MichaelsLaptop:~/Downloads$ bash Minecraft_Installer_20.sh Minecraft_Installer_20.sh: line 1: syntax error near unexpected token newline' Minecraft_Installer_20.sh: line 1:'

    Read the article

  • Updating Ubuntu

    - by Richard
    I installed 9.04 from a disc but apparently need to download a new image then burn a CD to get n upgrade to later versions (v12) as there is no supported upgrade from 9.04. When I try to download the latest version I find my partition hasn't got sufficient space, but have no idea if (or how) I can resize the partition to store the image before I can burn the CD to update my version. Caught in a bit of a viscious circle here! Any suggestions please?

    Read the article

  • Virtual CloneDrive - Free Utility

    - by TATWORTH
    At http://www.slysoft.com/en/virtual-clonedrive.html, SlySoft have made available, Virtual Clone Drive."Virtual CloneDrive works and behaves just like a physical CD/DVD drive, however it exists only virtually. Image files generated with CloneDVD or CloneCD can be mounted onto a virtual drive from your hard-disk or from a network drive and used in the same manner as inserting them into a normal CD/DVD drive. Probably the best virtual drive software, Virtual CloneDrive allows you to enjoy the freedom of a virtual drive and is completely free."

    Read the article

  • How to create a JMS durable subscriber in WebLogic Server?

    - by lmestre
    WebLogic Server Provides a set of examples that are very helpful to get started with Weblogic ServerHere you can check how to install the examples:http://docs.oracle.com/cd/E23943_01/doc.1111/e14142/prepare.htmAfter you have installed the examples, you can find the example you want to review, in this case TopicReceive, here:wlserver_10.3/samples/server/examples/src/examples/jms/topicTo review details of the specific example, you can open:wlserver_10.3/samples/server/examples/src/examples/jms/topic/instructions.htmlTo create a Durable Subscriber, you can just set the client ID  and invoke createDurableSubscriber instead of calling createSubscriber, i.e.:    tconFactory = (TopicConnectionFactory)       PortableRemoteObject.narrow(ctx.lookup(JMS_FACTORY),                                   TopicConnectionFactory.class);    tcon = tconFactory.createTopicConnection();    //Set Client ID for this Durable Subscriber    tcon.setClientID("GT2");    tsession = tcon.createTopicSession(false, Session.AUTO_ACKNOWLEDGE);    topic = (Topic)       PortableRemoteObject.narrow(ctx.lookup(topicName),                                   Topic.class);    // Create Durable Subscription    tsubscriber = tsession.createDurableSubscriber(topic, "Test");    tsubscriber.setMessageListener(this);    tcon.start(); Enjoy!   You can read more about this here:http://docs.oracle.com/cd/E23943_01/web.1111/e13727/advpubsub.htm#CHDEBABChttp://docs.oracle.com/cd/E23943_01/web.1111/e13727/manage_apps.htm#i1097671    http://docs.oracle.com/cd/E23943_01/apirefs.1111/e13943/WebLogic.Messaging.ISession.CreateDurableSubscriber_overload_2.html

    Read the article

  • Network Based Ubuntu Installations

    <b>Packt:</b> "This article by Christer Edwards, outlines how to install Ubuntu using the network installer. This utility allows you to install directly over the network, instead of using a CD or DVD image. It does require a small CD boot image, but beyond that it is entirely network dependent."

    Read the article

  • Installed without the usual menus. Now I can't log in

    - by Martha
    I tried to install from CD. The computer wouldn't boot from the CD, so I clicked on the 'boot helper', and rebooted the machine. And the first thing I see is do I want to open Windows or Ubuntu (without it asking me whether I wanted to install it alongside Windows or replace it), and when I click on Ubuntu, after a very long time, I finally get a login screen. But I don't have a login, because I never set one up. Help!

    Read the article

  • Ubuntu not being displayed in the windows boot manager

    - by Anmol
    I download an iso file and installed Ubuntu 12.04 from a USB , i had windows -7 installed already on C drive , i installed ubuntu on E drive (sda5) , after the installation completed , it asked to restart , then i restarted , but the machine automatically loads windows-7 , ubuntu doesn't show up , help me out please ! Okk , my machine doesn't support CD's , so can i do this boot repair without any Live CD !

    Read the article

  • apt-get -f install removed software center and several other files

    - by user287858
    I ran sudo apt-get -f install and several files and programs were removed including software center. Is there a way to re-download everything as if ubuntu was new again without a cd? This computer does not have a cd-rom drive. I'd be fine with losing all the data on this computer. Also, when I run sudo apt-get install (almost anything) I get errors about dependencies and files not being available. Thanks to anyone who can help.

    Read the article

  • ????·???????! ?WebLogic Scripting Tool????WebLogic Server???/???????|WebLogic Channel|??????

    - by ???02
    Web???????????/?????????????????????????????????????????????? ??????????????????????????????????????????????????????????????????????????????WebLogic Server?????????????????WebLogic Scripting Tool??????????2011?11????????Oracle DAB & Developers Days 2011?????????????????????????!WebLogic Scripting Tool?????WLS???·????????????WebLogic Scripting Tool?????????????????(???)?WebLogic Server???/????????WebLogic Scripting Tool WebLogic Scripting Tool(WLST)??????????????WebLogic Server???????????????????????????????????????????????????????????????????????????WLST???????????????????????????????????????????????????????????????????????????WebLogic Server????????????????????? WLST??Java?Python?????Jython?????????????WebLogic Server?MBean?????????????????????MBean???"????(Managed)Bean"??????WebLogic Server??????????????Java??????????????JDBC????·???????????MBean??JMS(Java Message Service)????????MBean????????MBean???????????MBean???????????????????????????????WLST????UNIX??????????cd???ls?????????????????????????????MBean??? MBean??????MBean?????????????MBean??2?????????????????????MBean?????????????????????????????????????????????????????????????????????????MBean?????·????????????????????????????????????? ???WebLogic Server?MBean??????(MBean???)????????????????????MBean?????????????????MBean?????????????????????MBean????????????????????????????????????????MBean??????? ????????MBean?????????????????????????????????????MBean????????????????WLST????????? WebLogic Server?????????MBean?WLST??????????????Java???????????????????????????????????????????????????????????????????·??????????WLST???????????????????????????????????????????????????????????????????/???????????? WLST????????????????????????2??????????????????????????????????[????????]java weblogic.WLST[???????????]java weblogic.WLST XXXX.py ?????????i??????????????????????????????????????????[????????????????]java weblogic.WLST -i XXX.py ???WLST???????????????·???????????·????????????????????·????????????????????????MBean??????????MBean???????????MBean??????????????????????·????????????????????????????????????????????????????????????????????????????????????????????·????????? ???????????????????WebLogic Server???????????????????????????????????????????????WebLogic Server???????????????????WLST ???????????????????????WLST????????????????????????????????????Java????????????Python?????????????????? ???????????????????????????cmo???????????????????MBean???????????????????????????????????WLST??????????serverRuntime()??????????????????????MBean??????????????cmo????????????????????????MBean???API??????????????????????????????? ??1?????????????????????????????????????????????????????????????????????????????????????????????????????????????WLST????????????????????????????????????????MBean???? ??????WLST????????????????MBean?????????????????????? ?????????????????????????????????????????????MBean???????????????WLST?MBean?????????????????????????MBean????????????????????????????????? ???MBean?????????????????????????????????????????Java????????????????????????????????????????????????·?????????????????????????????????????????MBean?????????????????? ?????????MBean?????????????????MBean????????????????????????????Java???????????JVM Runtime MBean???Heap Free Current????????????????????????????Read Only??????????long???????????????? ?????MBean?????????????????RuntimeMBean??????????????????JVMRuntimeMBean??????RuntimeMBean???????????????MBean?????????????????????????MBean?????????WLST??????????????????????????????Java???????????[???????????????]wls:/mydomain/serverConfig> serverRuntime()???????serverRuntime???????????????ServerRuntimeMBean???????????????????[find() ????? MBean ?????????]wls:/mydomain/serverRuntime> find('JVMRuntime')Finding 'JVMRuntime' in all registered MBean instances .../ JVMRuntimecom.bea:ServerRuntime=AdminServer,Name=AdminServer,Type=JVMRuntime ?[getPath() ???????????????]wls:/mydomain/serverRuntime> getPath('com.bea:ServerRuntime=AdminServer,Name=AdminServer,Type=JVMRuntime')'JVMRuntime/AdminServer'[cd() ???????????]wls:/mydomain/serverRuntime> cd('JVMRuntime/AdminServer')wls:/mydomain/serverRuntime/JVMRuntime/AdminServer>[get() ????? ls() ????? MBean ?????? ]wls:/mydomain/serverRuntime/JVMRuntime/AdminServer> get('HeapFreeCurrent')152358560Lwls:/mydomain/serverRuntime/JVMRuntime/AdminServer> ls()-r-- HeapFreeCurrent 152358560-r-- HeapFreePercent 79-r-- HeapSizeCurrent 259588096-r-- HeapSizeMax 518979584-r-- Type JVMRuntime... ??????????????????????????????from java.lang.Thread import *connect('username','password','t3://localhost:7001')serverRuntime()cd('JVMRuntime/AdminServer')print('---- HeapFreeCurrent ---')while(1):   print(get('HeapFreeCurrent'))   Thread.sleep(60000) ??????????3?????????????????????MBean????????????????????????While???Heap Free Current??????????Java?????sleep??????????????????????????WLST?2????? ????????????·?????????WLST?2???????????? 1????????????????????????????????????????????????????????????WLST???????????????????????????????????????????WebLogic Server????????????????????????????????????????????????????????????????????? ???2??????????????????????????????????????????????????????????????????????????????? ????????????????????????HTTP???????????????????????????????????????????????????????????????????????????????????????????????????????????HTTP??????????????????????????????????????????????????????????? ????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????WLST???????????????? ???2??????????·?????????????????PDF????????????????????????????????????????????Oracle Technology Network:?????????????! WebLogic Scripting Tool?????WLS???·?????···????·????????????????????

    Read the article

  • Nginx and client certificates from hierarchical OpenSSL-based certification authorities

    - by Fmy Oen
    I'm trying to set up root certification authority, subordinate certification authority and to generate the client certificates signed by any of this CA that nginx 0.7.67 on Debian Squeeze will accept. My problem is that root CA signed client certificate works fine while subordinate CA signed one results in "400 Bad Request. The SSL certificate error". Step 1: nginx virtual host configuration: server { server_name test.local; access_log /var/log/nginx/test.access.log; listen 443 default ssl; keepalive_timeout 70; ssl_protocols SSLv3 TLSv1; ssl_ciphers AES128-SHA:AES256-SHA:RC4-SHA:DES-CBC3-SHA:RC4-MD5; ssl_certificate /etc/nginx/ssl/server.crt; ssl_certificate_key /etc/nginx/ssl/server.key; ssl_client_certificate /etc/nginx/ssl/client.pem; ssl_verify_client on; ssl_session_cache shared:SSL:10m; ssl_session_timeout 5m; location / { proxy_pass http://testsite.local/; } } Step 2: PKI infrastructure organization for both root and subordinate CA (based on this article): # mkdir ~/pki && cd ~/pki # mkdir rootCA subCA # cp -v /etc/ssl/openssl.cnf rootCA/ # cd rootCA/ # mkdir certs private crl newcerts; touch serial; echo 01 > serial; touch index.txt; touch crlnumber; echo 01 > crlnumber # cp -Rvp * ../subCA/ Almost no changes was made to rootCA/openssl.cnf: [ CA_default ] dir = . # Where everything is kept ... certificate = $dir/certs/rootca.crt # The CA certificate ... private_key = $dir/private/rootca.key # The private key and to subCA/openssl.cnf: [ CA_default ] dir = . # Where everything is kept ... certificate = $dir/certs/subca.crt # The CA certificate ... private_key = $dir/private/subca.key # The private key Step 3: Self-signed root CA certificate generation: # openssl genrsa -out ./private/rootca.key -des3 2048 # openssl req -x509 -new -key ./private/rootca.key -out certs/rootca.crt -config openssl.cnf Enter pass phrase for ./private/rootca.key: You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]: State or Province Name (full name) [Some-State]: Locality Name (eg, city) []: Organization Name (eg, company) [Internet Widgits Pty Ltd]: Organizational Unit Name (eg, section) []: Common Name (eg, YOUR name) []:rootca Email Address []: Step 4: Subordinate CA certificate generation: # cd ../subCA # openssl genrsa -out ./private/subca.key -des3 2048 # openssl req -new -key ./private/subca.key -out subca.csr -config openssl.cnf Enter pass phrase for ./private/subca.key: You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]: State or Province Name (full name) [Some-State]: Locality Name (eg, city) []: Organization Name (eg, company) [Internet Widgits Pty Ltd]: Organizational Unit Name (eg, section) []: Common Name (eg, YOUR name) []:subca Email Address []: Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []: Step 5: Subordinate CA certificate signing by root CA certificate: # cd ../rootCA/ # openssl ca -in ../subCA/subca.csr -extensions v3_ca -config openssl.cnf Using configuration from openssl.cnf Enter pass phrase for ./private/rootca.key: Check that the request matches the signature Signature ok Certificate Details: Serial Number: 1 (0x1) Validity Not Before: Feb 4 10:49:43 2013 GMT Not After : Feb 4 10:49:43 2014 GMT Subject: countryName = AU stateOrProvinceName = Some-State organizationName = Internet Widgits Pty Ltd commonName = subca X509v3 extensions: X509v3 Subject Key Identifier: C9:E2:AC:31:53:81:86:3F:CD:F8:3D:47:10:FC:E5:8E:C2:DA:A9:20 X509v3 Authority Key Identifier: keyid:E9:50:E6:BF:57:03:EA:6E:8F:21:23:86:BB:44:3D:9F:8F:4A:8B:F2 DirName:/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=rootca serial:9F:FB:56:66:8D:D3:8F:11 X509v3 Basic Constraints: CA:TRUE Certificate is to be certified until Feb 4 10:49:43 2014 GMT (365 days) Sign the certificate? [y/n]:y 1 out of 1 certificate requests certified, commit? [y/n]y ... # cd ../subCA/ # cp -v ../rootCA/newcerts/01.pem certs/subca.crt Step 6: Server certificate generation and signing by root CA (for nginx virtual host): # cd ../rootCA # openssl genrsa -out ./private/server.key -des3 2048 # openssl req -new -key ./private/server.key -out server.csr -config openssl.cnf Enter pass phrase for ./private/server.key: You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]: State or Province Name (full name) [Some-State]: Locality Name (eg, city) []: Organization Name (eg, company) [Internet Widgits Pty Ltd]: Organizational Unit Name (eg, section) []: Common Name (eg, YOUR name) []:test.local Email Address []: Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []: # openssl ca -in server.csr -out certs/server.crt -config openssl.cnf Step 7: Client #1 certificate generation and signing by root CA: # openssl genrsa -out ./private/client1.key -des3 2048 # openssl req -new -key ./private/client1.key -out client1.csr -config openssl.cnf Enter pass phrase for ./private/client1.key: You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]: State or Province Name (full name) [Some-State]: Locality Name (eg, city) []: Organization Name (eg, company) [Internet Widgits Pty Ltd]: Organizational Unit Name (eg, section) []: Common Name (eg, YOUR name) []:Client #1 Email Address []: Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []: # openssl ca -in client1.csr -out certs/client1.crt -config openssl.cnf Step 8: Client #1 certificate converting to PKCS12 format: # openssl pkcs12 -export -out certs/client1.p12 -inkey private/client1.key -in certs/client1.crt -certfile certs/rootca.crt Step 9: Client #2 certificate generation and signing by subordinate CA: # cd ../subCA/ # openssl genrsa -out ./private/client2.key -des3 2048 # openssl req -new -key ./private/client2.key -out client2.csr -config openssl.cnf Enter pass phrase for ./private/client2.key: You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]: State or Province Name (full name) [Some-State]: Locality Name (eg, city) []: Organization Name (eg, company) [Internet Widgits Pty Ltd]: Organizational Unit Name (eg, section) []: Common Name (eg, YOUR name) []:Client #2 Email Address []: Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []: # openssl ca -in client2.csr -out certs/client2.crt -config openssl.cnf Step 10: Client #2 certificate converting to PKCS12 format: # openssl pkcs12 -export -out certs/client2.p12 -inkey private/client2.key -in certs/client2.crt -certfile certs/subca.crt Step 11: Passing server certificate and private key to nginx (performed with OS superuser privileges): # cd ../rootCA/ # cp -v certs/server.crt /etc/nginx/ssl/ # cp -v private/server.key /etc/nginx/ssl/ Step 12: Passing root and subordinate CA certificates to nginx (performed with OS superuser privileges): # cat certs/rootca.crt > /etc/nginx/ssl/client.pem # cat ../subCA/certs/subca.crt >> /etc/nginx/ssl/client.pem client.pem file look like this: # cat /etc/nginx/ssl/client.pem -----BEGIN CERTIFICATE----- MIID6TCCAtGgAwIBAgIJAJ/7VmaN048RMA0GCSqGSIb3DQEBBQUAMFYxCzAJBgNV BAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX aWRnaXRzIFB0eSBMdGQxDzANBgNVBAMTBnJvb3RjYTAeFw0xMzAyMDQxMDM1NTda ... -----END CERTIFICATE----- Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) ... -----BEGIN CERTIFICATE----- MIID4DCCAsigAwIBAgIBATANBgkqhkiG9w0BAQUFADBWMQswCQYDVQQGEwJBVTET MBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQ dHkgTHRkMQ8wDQYDVQQDEwZyb290Y2EwHhcNMTMwMjA0MTA0OTQzWhcNMTQwMjA0 ... -----END CERTIFICATE----- It looks like everything is working fine: # service nginx reload # Reloading nginx configuration: Enter PEM pass phrase: # nginx. # Step 13: Installing *.p12 certificates in browser (Firefox in my case) gives the problem I've mentioned above. Client #1 = 200 OK, Client #2 = 400 Bad request/The SSL certificate error. Any ideas what should I do? Update 1: Results of SSL connection test attempts: # openssl s_client -connect test.local:443 -CAfile ~/pki/rootCA/certs/rootca.crt -cert ~/pki/rootCA/certs/client1.crt -key ~/pki/rootCA/private/client1.key -showcerts Enter pass phrase for tmp/testcert/client1.key: CONNECTED(00000003) depth=1 C = AU, ST = Some-State, O = Internet Widgits Pty Ltd, CN = rootca verify return:1 depth=0 C = AU, ST = Some-State, O = Internet Widgits Pty Ltd, CN = test.local verify return:1 --- Certificate chain 0 s:/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=test.local i:/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=rootca -----BEGIN CERTIFICATE----- MIIDpjCCAo6gAwIBAgIBAjANBgkqhkiG9w0BAQUFADBWMQswCQYDVQQGEwJBVTET MBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQ dHkgTHRkMQ8wDQYDVQQDEwZyb290Y2EwHhcNMTMwMjA0MTEwNjAzWhcNMTQwMjA0 ... -----END CERTIFICATE----- 1 s:/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=rootca i:/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=rootca -----BEGIN CERTIFICATE----- MIID6TCCAtGgAwIBAgIJAJ/7VmaN048RMA0GCSqGSIb3DQEBBQUAMFYxCzAJBgNV BAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX aWRnaXRzIFB0eSBMdGQxDzANBgNVBAMTBnJvb3RjYTAeFw0xMzAyMDQxMDM1NTda ... -----END CERTIFICATE----- --- Server certificate subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=test.local issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=rootca --- Acceptable client certificate CA names /C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=rootca /C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=subca --- SSL handshake has read 3395 bytes and written 2779 bytes --- New, TLSv1/SSLv3, Cipher is AES256-SHA Server public key is 2048 bit Secure Renegotiation IS supported Compression: zlib compression Expansion: zlib compression SSL-Session: Protocol : TLSv1 Cipher : AES256-SHA Session-ID: 15BFC2029691262542FAE95A48078305E76EEE7D586400F8C4F7C516B0F9D967 Session-ID-ctx: Master-Key: 23246CF166E8F3900793F0A2561879E5DB07291F32E99591BA1CF53E6229491FEAE6858BFC9AACAF271D9C3706F139C7 Key-Arg : None PSK identity: None PSK identity hint: None SRP username: None TLS session ticket: 0000 - c2 5e 1d d2 b5 6d 40 23-b2 40 89 e4 35 75 70 07 .^...m@#[email protected]. 0010 - 1b bb 2b e6 e0 b5 ab 10-10 bf 46 6e aa 67 7f 58 ..+.......Fn.g.X 0020 - cf 0e 65 a4 67 5a 15 ba-aa 93 4e dd 3d 6e 73 4c ..e.gZ....N.=nsL 0030 - c5 56 f6 06 24 0f 48 e6-38 36 de f1 b5 31 c5 86 .V..$.H.86...1.. ... 0440 - 4c 53 39 e3 92 84 d2 d0-e5 e2 f5 8a 6a a8 86 b1 LS9.........j... Compression: 1 (zlib compression) Start Time: 1359989684 Timeout : 300 (sec) Verify return code: 0 (ok) --- Everything seems fine with Client #2 and root CA certificate but request returns 400 Bad Request error: # openssl s_client -connect test.local:443 -CAfile ~/pki/rootCA/certs/rootca.crt -cert ~/pki/subCA/certs/client2.crt -key ~/pki/subCA/private/client2.key -showcerts Enter pass phrase for tmp/testcert/client2.key: CONNECTED(00000003) depth=1 C = AU, ST = Some-State, O = Internet Widgits Pty Ltd, CN = rootca verify return:1 depth=0 C = AU, ST = Some-State, O = Internet Widgits Pty Ltd, CN = test.local verify return:1 ... Compression: 1 (zlib compression) Start Time: 1359989989 Timeout : 300 (sec) Verify return code: 0 (ok) --- GET / HTTP/1.0 HTTP/1.1 400 Bad Request Server: nginx/0.7.67 Date: Mon, 04 Feb 2013 15:00:43 GMT Content-Type: text/html Content-Length: 231 Connection: close <html> <head><title>400 The SSL certificate error</title></head> <body bgcolor="white"> <center><h1>400 Bad Request</h1></center> <center>The SSL certificate error</center> <hr><center>nginx/0.7.67</center> </body> </html> closed Verification fails with Client #2 certificate and subordinate CA certificate: # openssl s_client -connect test.local:443 -CAfile ~/pki/subCA/certs/subca.crt -cert ~/pki/subCA/certs/client2.crt -key ~/pki/subCA/private/client2.key -showcerts Enter pass phrase for tmp/testcert/client2.key: CONNECTED(00000003) depth=1 C = AU, ST = Some-State, O = Internet Widgits Pty Ltd, CN = rootca verify error:num=19:self signed certificate in certificate chain verify return:0 ... Compression: 1 (zlib compression) Start Time: 1359990354 Timeout : 300 (sec) Verify return code: 19 (self signed certificate in certificate chain) --- GET / HTTP/1.0 HTTP/1.1 400 Bad Request ... Still getting 400 Bad Request error with concatenated CA certificates and Client #2 (but still everything ok with Client #1): # cat certs/rootca.crt ../subCA/certs/subca.crt > certs/concatenatedca.crt # openssl s_client -connect test.local:443 -CAfile ~/pki/rootCA/certs/concatenatedca.crt -cert ~/pki/subCA/certs/client2.crt -key ~/pki/subCA/private/client2.key -showcerts Enter pass phrase for tmp/testcert/client2.key: CONNECTED(00000003) depth=1 C = AU, ST = Some-State, O = Internet Widgits Pty Ltd, CN = rootca verify return:1 depth=0 C = AU, ST = Some-State, O = Internet Widgits Pty Ltd, CN = test.local verify return:1 --- ... Compression: 1 (zlib compression) Start Time: 1359990772 Timeout : 300 (sec) Verify return code: 0 (ok) --- GET / HTTP/1.0 HTTP/1.1 400 Bad Request ... Update 2: I've managed to recompile nginx with enabled debug. Here is the part of successfull conection by Client #1 track: 2013/02/05 14:08:23 [debug] 38701#0: *119 accept: <MY IP ADDRESS> fd:3 2013/02/05 14:08:23 [debug] 38701#0: *119 event timer add: 3: 60000:2856497512 2013/02/05 14:08:23 [debug] 38701#0: *119 kevent set event: 3: ft:-1 fl:0025 2013/02/05 14:08:23 [debug] 38701#0: *119 malloc: 28805200:660 2013/02/05 14:08:23 [debug] 38701#0: *119 malloc: 28834400:1024 2013/02/05 14:08:23 [debug] 38701#0: *119 posix_memalign: 28860000:4096 @16 2013/02/05 14:08:23 [debug] 38701#0: *119 http check ssl handshake 2013/02/05 14:08:23 [debug] 38701#0: *119 https ssl handshake: 0x16 2013/02/05 14:08:23 [debug] 38701#0: *119 SSL server name: "test.local" 2013/02/05 14:08:23 [debug] 38701#0: *119 SSL_do_handshake: -1 2013/02/05 14:08:23 [debug] 38701#0: *119 SSL_get_error: 2 2013/02/05 14:08:23 [debug] 38701#0: *119 SSL handshake handler: 0 2013/02/05 14:08:23 [debug] 38701#0: *119 verify:1, error:0, depth:1, subject:"/C=AU /ST=Some-State/O=Internet Widgits Pty Ltd/CN=rootca",issuer: "/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=rootca" 2013/02/05 14:08:23 [debug] 38701#0: *119 verify:1, error:0, depth:0, subject:"/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=Client #1",issuer: "/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=rootca" 2013/02/05 14:08:23 [debug] 38701#0: *119 SSL_do_handshake: 1 2013/02/05 14:08:23 [debug] 38701#0: *119 SSL: TLSv1, cipher: "AES256-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA1" 2013/02/05 14:08:23 [debug] 38701#0: *119 http process request line 2013/02/05 14:08:23 [debug] 38701#0: *119 SSL_read: -1 2013/02/05 14:08:23 [debug] 38701#0: *119 SSL_get_error: 2 2013/02/05 14:08:23 [debug] 38701#0: *119 http process request line 2013/02/05 14:08:23 [debug] 38701#0: *119 SSL_read: 1 2013/02/05 14:08:23 [debug] 38701#0: *119 SSL_read: 524 2013/02/05 14:08:23 [debug] 38701#0: *119 SSL_read: -1 2013/02/05 14:08:23 [debug] 38701#0: *119 SSL_get_error: 2 2013/02/05 14:08:23 [debug] 38701#0: *119 http request line: "GET / HTTP/1.1" And here is the part of unsuccessfull conection by Client #2 track: 2013/02/05 13:51:34 [debug] 38701#0: *112 accept: <MY_IP_ADDRESS> fd:3 2013/02/05 13:51:34 [debug] 38701#0: *112 event timer add: 3: 60000:2855488975 2013/02/05 13:51:34 [debug] 38701#0: *112 kevent set event: 3: ft:-1 fl:0025 2013/02/05 13:51:34 [debug] 38701#0: *112 malloc: 28805200:660 2013/02/05 13:51:34 [debug] 38701#0: *112 malloc: 28834400:1024 2013/02/05 13:51:34 [debug] 38701#0: *112 posix_memalign: 28860000:4096 @16 2013/02/05 13:51:34 [debug] 38701#0: *112 http check ssl handshake 2013/02/05 13:51:34 [debug] 38701#0: *112 https ssl handshake: 0x16 2013/02/05 13:51:34 [debug] 38701#0: *112 SSL server name: "test.local" 2013/02/05 13:51:34 [debug] 38701#0: *112 SSL_do_handshake: -1 2013/02/05 13:51:34 [debug] 38701#0: *112 SSL_get_error: 2 2013/02/05 13:51:34 [debug] 38701#0: *112 SSL handshake handler: 0 2013/02/05 13:51:34 [debug] 38701#0: *112 SSL_do_handshake: -1 2013/02/05 13:51:34 [debug] 38701#0: *112 SSL_get_error: 2 2013/02/05 13:51:34 [debug] 38701#0: *112 SSL handshake handler: 0 2013/02/05 13:51:34 [debug] 38701#0: *112 verify:0, error:20, depth:1, subject:"/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=subca",issuer: "/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=rootca" 2013/02/05 13:51:34 [debug] 38701#0: *112 verify:0, error:27, depth:1, subject:"/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=subca",issuer: "/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=rootca" 2013/02/05 13:51:34 [debug] 38701#0: *112 verify:1, error:27, depth:0, subject:"/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=Client #2",issuer: "/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=subca" 2013/02/05 13:51:34 [debug] 38701#0: *112 SSL_do_handshake: 1 2013/02/05 13:51:34 [debug] 38701#0: *112 SSL: TLSv1, cipher: "AES256-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA1" 2013/02/05 13:51:34 [debug] 38701#0: *112 http process request line 2013/02/05 13:51:34 [debug] 38701#0: *112 SSL_read: 1 2013/02/05 13:51:34 [debug] 38701#0: *112 SSL_read: 524 2013/02/05 13:51:34 [debug] 38701#0: *112 SSL_read: -1 2013/02/05 13:51:34 [debug] 38701#0: *112 SSL_get_error: 2 2013/02/05 13:51:34 [debug] 38701#0: *112 http request line: "GET / HTTP/1.1" So I'm getting OpenSSL error #20 and then #27. According to verify documentation: 20 X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY: unable to get local issuer certificate the issuer certificate could not be found: this occurs if the issuer certificate of an untrusted certificate cannot be found. 27 X509_V_ERR_CERT_UNTRUSTED: certificate not trusted the root CA is not marked as trusted for the specified purpose.

    Read the article

  • Magento hosting on a budget

    - by spa
    I have to do a setup for Magento. My constraint is primarily ease of setup and fault tolerance/fail over. Furthermore costs are an issue. I have three identical physical servers to get the job done. Each server node has an i7 quad core, 16GB RAM, and 2x3TB HD in a software RAID 1 configuration. Each node runs Ubuntu 12.04. right now. I have an additional IP address which can be routed to any of these nodes. The Magento shop has max. 1000 products, 50% of it are bundle products. I would estimate that max. 100 users are active at once. This leads me to the conclusion, that performance is not top priority here. My first setup idea One node (lb) runs nginx as a load balancer. The additional IP is used with domain name and routed to this node by default. Nginx distributes the load equally to the other two nodes (shop1, shop2). Shop1 and shop2 are configured equally: each server runs Apache2 and MySQL. The Mysqls are configured with master/slave replication. My failover strategy: Lb fails = Route IP to shop1 (MySQL master), continue. Shop1 fails = Lb will handle that automatically, promote MySQL slave on shop2 to master, reconfigure Magento to use shop2 for writes, continue. Shop2 fails = Lb will handle that automatically, continue. Is this a sane strategy? Has anyone done a similar setup with Magento? My second setup idea Another way to do it would be to use drbd for storing the MySQL data files on shop1 and shop2. I understand that in this scenario only one node/MySQL instance can be active and the other is used as hot standby. So in case shop1 fails, I would start up MySQL on shop2, route the IP to shop2, and continue. I like that as the MySQL setup is easier and the nodes can be configured 99% identical. So in this case the load balancer becomes useless and I have a spare server. My third setup idea The third way might be master-master replication of MySQL databases. However, in my optinion this might be tricky, as Magento isn't build for this scenario (e.g. conflicting ids for new rows). I would not do that until I have heard of a working example. Could you give me an advice which route to follow? There seems not one "good" way to do it. E.g. I read blog posts which describe a MySQL master/slave setup for Magento, but elsewhere I read, that data might get duplicated when the slave lags behind the master (e.g. when an order is placed, a customer might get created twice). I'm kind of lost here.

    Read the article

  • How to Reuse Your Old Wi-Fi Router as a Network Switch

    - by Jason Fitzpatrick
    Just because your old Wi-Fi router has been replaced by a newer model doesn’t mean it needs to gather dust in the closet. Read on as we show you how to take an old and underpowered Wi-Fi router and turn it into a respectable network switch (saving your $20 in the process). Image by mmgallan. Why Do I Want To Do This? Wi-Fi technology has changed significantly in the last ten years but Ethernet-based networking has changed very little. As such, a Wi-Fi router with 2006-era guts is lagging significantly behind current Wi-Fi router technology, but the Ethernet networking component of the device is just as useful as ever; aside from potentially being only 100Mbs instead of 1000Mbs capable (which for 99% of home applications is irrelevant) Ethernet is Ethernet. What does this matter to you, the consumer? It means that even though your old router doesn’t hack it for your Wi-Fi needs any longer the device is still a perfectly serviceable (and high quality) network switch. When do you need a network switch? Any time you want to share an Ethernet cable among multiple devices, you need a switch. For example, let’s say you have a single Ethernet wall jack behind your entertainment center. Unfortunately you have four devices that you want to link to your local network via hardline including your smart HDTV, DVR, Xbox, and a little Raspberry Pi running XBMC. Instead of spending $20-30 to purchase a brand new switch of comparable build quality to your old Wi-Fi router it makes financial sense (and is environmentally friendly) to invest five minutes of your time tweaking the settings on the old router to turn it from a Wi-Fi access point and routing tool into a network switch–perfect for dropping behind your entertainment center so that your DVR, Xbox, and media center computer can all share an Ethernet connection. What Do I Need? For this tutorial you’ll need a few things, all of which you likely have readily on hand or are free for download. To follow the basic portion of the tutorial, you’ll need the following: 1 Wi-Fi router with Ethernet ports 1 Computer with Ethernet jack 1 Ethernet cable For the advanced tutorial you’ll need all of those things, plus: 1 copy of DD-WRT firmware for your Wi-Fi router We’re conducting the experiment with a Linksys WRT54GL Wi-Fi router. The WRT54 series is one of the best selling Wi-Fi router series of all time and there’s a good chance a significant number of readers have one (or more) of them stuffed in an office closet. Even if you don’t have one of the WRT54 series routers, however, the principles we’re outlining here apply to all Wi-Fi routers; as long as your router administration panel allows the necessary changes you can follow right along with us. A quick note on the difference between the basic and advanced versions of this tutorial before we proceed. Your typical Wi-Fi router has 5 Ethernet ports on the back: 1 labeled “Internet”, “WAN”, or a variation thereof and intended to be connected to your DSL/Cable modem, and 4 labeled 1-4 intended to connect Ethernet devices like computers, printers, and game consoles directly to the Wi-Fi router. When you convert a Wi-Fi router to a switch, in most situations, you’ll lose two port as the “Internet” port cannot be used as a normal switch port and one of the switch ports becomes the input port for the Ethernet cable linking the switch to the main network. This means, referencing the diagram above, you’d lose the WAN port and LAN port 1, but retain LAN ports 2, 3, and 4 for use. If you only need to switch for 2-3 devices this may be satisfactory. However, for those of you that would prefer a more traditional switch setup where there is a dedicated WAN port and the rest of the ports are accessible, you’ll need to flash a third-party router firmware like the powerful DD-WRT onto your device. Doing so opens up the router to a greater degree of modification and allows you to assign the previously reserved WAN port to the switch, thus opening up LAN ports 1-4. Even if you don’t intend to use that extra port, DD-WRT offers you so many more options that it’s worth the extra few steps. Preparing Your Router for Life as a Switch Before we jump right in to shutting down the Wi-Fi functionality and repurposing your device as a network switch, there are a few important prep steps to attend to. First, you want to reset the router (if you just flashed a new firmware to your router, skip this step). Following the reset procedures for your particular router or go with what is known as the “Peacock Method” wherein you hold down the reset button for thirty seconds, unplug the router and wait (while still holding the reset button) for thirty seconds, and then plug it in while, again, continuing to hold down the rest button. Over the life of a router there are a variety of changes made, big and small, so it’s best to wipe them all back to the factory default before repurposing the router as a switch. Second, after resetting, we need to change the IP address of the device on the local network to an address which does not directly conflict with the new router. The typical default IP address for a home router is 192.168.1.1; if you ever need to get back into the administration panel of the router-turned-switch to check on things or make changes it will be a real hassle if the IP address of the device conflicts with the new home router. The simplest way to deal with this is to assign an address close to the actual router address but outside the range of addresses that your router will assign via the DHCP client; a good pick then is 192.168.1.2. Once the router is reset (or re-flashed) and has been assigned a new IP address, it’s time to configure it as a switch. Basic Router to Switch Configuration If you don’t want to (or need to) flash new firmware onto your device to open up that extra port, this is the section of the tutorial for you: we’ll cover how to take a stock router, our previously mentioned WRT54 series Linksys, and convert it to a switch. Hook the Wi-Fi router up to the network via one of the LAN ports (consider the WAN port as good as dead from this point forward, unless you start using the router in its traditional function again or later flash a more advanced firmware to the device, the port is officially retired at this point). Open the administration control panel via  web browser on a connected computer. Before we get started two things: first,  anything we don’t explicitly instruct you to change should be left in the default factory-reset setting as you find it, and two, change the settings in the order we list them as some settings can’t be changed after certain features are disabled. To start, let’s navigate to Setup ->Basic Setup. Here you need to change the following things: Local IP Address: [different than the primary router, e.g. 192.168.1.2] Subnet Mask: [same as the primary router, e.g. 255.255.255.0] DHCP Server: Disable Save with the “Save Settings” button and then navigate to Setup -> Advanced Routing: Operating Mode: Router This particular setting is very counterintuitive. The “Operating Mode” toggle tells the device whether or not it should enable the Network Address Translation (NAT)  feature. Because we’re turning a smart piece of networking hardware into a relatively dumb one, we don’t need this feature so we switch from Gateway mode (NAT on) to Router mode (NAT off). Our next stop is Wireless -> Basic Wireless Settings: Wireless SSID Broadcast: Disable Wireless Network Mode: Disabled After disabling the wireless we’re going to, again, do something counterintuitive. Navigate to Wireless -> Wireless Security and set the following parameters: Security Mode: WPA2 Personal WPA Algorithms: TKIP+AES WPA Shared Key: [select some random string of letters, numbers, and symbols like JF#d$di!Hdgio890] Now you may be asking yourself, why on Earth are we setting a rather secure Wi-Fi configuration on a Wi-Fi router we’re not going to use as a Wi-Fi node? On the off chance that something strange happens after, say, a power outage when your router-turned-switch cycles on and off a bunch of times and the Wi-Fi functionality is activated we don’t want to be running the Wi-Fi node wide open and granting unfettered access to your network. While the chances of this are next-to-nonexistent, it takes only a few seconds to apply the security measure so there’s little reason not to. Save your changes and navigate to Security ->Firewall. Uncheck everything but Filter Multicast Firewall Protect: Disable At this point you can save your changes again, review the changes you’ve made to ensure they all stuck, and then deploy your “new” switch wherever it is needed. Advanced Router to Switch Configuration For the advanced configuration, you’ll need a copy of DD-WRT installed on your router. Although doing so is an extra few steps, it gives you a lot more control over the process and liberates an extra port on the device. Hook the Wi-Fi router up to the network via one of the LAN ports (later you can switch the cable to the WAN port). Open the administration control panel via web browser on the connected computer. Navigate to the Setup -> Basic Setup tab to get started. In the Basic Setup tab, ensure the following settings are adjusted. The setting changes are not optional and are required to turn the Wi-Fi router into a switch. WAN Connection Type: Disabled Local IP Address: [different than the primary router, e.g. 192.168.1.2] Subnet Mask: [same as the primary router, e.g. 255.255.255.0] DHCP Server: Disable In addition to disabling the DHCP server, also uncheck all the DNSMasq boxes as the bottom of the DHCP sub-menu. If you want to activate the extra port (and why wouldn’t you), in the WAN port section: Assign WAN Port to Switch [X] At this point the router has become a switch and you have access to the WAN port so the LAN ports are all free. Since we’re already in the control panel, however, we might as well flip a few optional toggles that further lock down the switch and prevent something odd from happening. The optional settings are arranged via the menu you find them in. Remember to save your settings with the save button before moving onto a new tab. While still in the Setup -> Basic Setup menu, change the following: Gateway/Local DNS : [IP address of primary router, e.g. 192.168.1.1] NTP Client : Disable The next step is to turn off the radio completely (which not only kills the Wi-Fi but actually powers the physical radio chip off). Navigate to Wireless -> Advanced Settings -> Radio Time Restrictions: Radio Scheduling: Enable Select “Always Off” There’s no need to create a potential security problem by leaving the Wi-Fi radio on, the above toggle turns it completely off. Under Services -> Services: DNSMasq : Disable ttraff Daemon : Disable Under the Security -> Firewall tab, uncheck every box except “Filter Multicast”, as seen in the screenshot above, and then disable SPI Firewall. Once you’re done here save and move on to the Administration tab. Under Administration -> Management:  Info Site Password Protection : Enable Info Site MAC Masking : Disable CRON : Disable 802.1x : Disable Routing : Disable After this final round of tweaks, save and then apply your settings. Your router has now been, strategically, dumbed down enough to plod along as a very dependable little switch. Time to stuff it behind your desk or entertainment center and streamline your cabling.     

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 107 108 109 110 111 112 113 114 115 116 117 118  | Next Page >