Category Archives: Linux

Linux tips; mainly Ubuntu

Hetzner – Proxmox / ESX – Sophos / pfSense additional IP network config – working & solved

Posted on by
2

Got a root server at Hetzner with 1 extra public IP address (next to the one provided). Wanted to install Debian and Proxmox on it so I can have a cheap Virtual Machine host. You can also install VMware ESX but then you need to ask them to attach a KVM-over-IP unit and didn’t want to bother.

Networking was a bit of a pain but I got it all configured:

– Proxmox is using the first public IP address so you can manage it externally.
– The second public IP address is needed to assign it to Sophos UTM / pfSense or any firewall of your choice.

This firewall will then NAT incoming traffic to your internal VM’s. In this example, 188.45.45.87 is the MAIN public IP address and 188.45.45.81 is the ADDITIONAL one.

Proxmox network config: 

# network interface settings
auto lo
iface lo inet loopback
iface eth0 inet manual
iface eth0 inet6 static
 address 2b01:4g8:140:14d7::2
 netmask 64
 gateway fe80::1
auto vmbr0 ## Public IP address for Proxmox
iface vmbr0 inet static
 address 188.45.45.87
 netmask 255.255.255.192
 gateway 188.45.45.65
 bridge_ports eth0
 bridge_stp off
 bridge_fd 0
auto vmbr1 ## Interface for internal LAN networking
iface vmbr1 inet static
 address 192.168.0.254
 netmask 255.255.255.0
 gateway 192.168.0.1
 bridge_ports none
 bridge_stp off
 bridge_fd 0

Check if you can reach your Proxmox server on your public IP address. Now, get an additional IP address using Hetzner’s Robot control panel. Once assigned, make sure you request a separate MAC address for the new IP address !!! In this example, 188.45.45.81 has a separate MAC address of 00:50:xx:00:xx:EE

Screen Shot 2015-03-18 at 14.15.12

In Proxmox, create a new VM and assign 2 network cards. One will be used for the LAN (vmbr1) and the other one for the WAN (vmbr0). Screen Shot 2015-03-18 at 14.15.03   The MAC address of the WAN address needs to match the MAC address you’ve requested previously using Hetzner’s Robot ! Screen Shot 2015-03-18 at 14.16.56       To configure your Sophos or pfSense firewall, you’ll need to create a SSH tunnel to the internal IP address of the firewall, as it won’t yet have the additional public IP address configured and probably need to finish the configuration using SSH or a browser. So, use this command (please adjust for your IP settings):

sudo ssh -L 4444:192.168.0.1:4444 root@188.45.45.87

In your browser, navigate to https://localhost:4444/ and finish configuring your firewall. Important: your WAN IP address is the additional IP address. Gateway and netmask are the same as the MAIN IP address.

Enable a DHCP server on your LAN and that’s it! Now you can install your VM’s and get an internal private IP address (as long as you assign vmbr01 in Proxmox to the VM) and use your firewall to NAT outside traffic to the inside.

Post to Twitter Tweet Post to Delicious Post to Delicious Post to Facebook Post to Facebook

Postfix smtp relay on OS X Yosemite 10.10

Posted on by
4

I’m lazy, and for email testing this is great. Who doesn’t need an email relay at some point? As there was no off the shelf solution, here it is for Yosemite.

Define the relay host:
sudo vim /etc/postfix/main.cf
Add section after the existing ‘relayhost’ example:
relayhost = [smtp.gmail.com]:587
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous
smtp_use_tls = yes
smtp_sasl_mechanism_filter = plain

Add your account for the relay to use.
sudo vim /etc/postfix/sasl_passwd
add:
[smtp.gmail.com]:587 name@somedomain.org:password

Make sure it starts at boot. If you don’t want this, skip this!
sudo vi /System/Library/LaunchDaemons/org.postfix.master.plist
after:
</dict>
add this:
<key>RunAtLoad</key>
<true/>

Finally:
sudo chmod 600 /etc/postfix/sasl_passwd
sudo postmap /etc/postfix/sasl_passwd

Then stop postfix:
sudo launchctl stop org.postfix.master
And start it again (so it reads the config changes):
sudo launchctl start org.postfix.master
sudo postfix start

Check it’s listening:
netstat -an | grep LISTEN | grep 25
It should output something like this:
tcp6 0 0 ::1.25 *.* LISTEN
tcp4 0 0 127.0.0.1.25 *.* LISTEN

You can test it like so:
df -kH | mail -s “contents” your@yourdomain.com

Disclaimer:
1) You can screw your postfix if you don’t pay attention. Be carefull.
2) gmail was used as an example. I’m not endorsed, sponsored or whatever.

This is based on:
Using MacOSX Lion command line mail with Gmail as SMTP
Mac OS X 10.10 Yosemite Postfix SASL authentication failed

Post to Twitter Tweet Post to Delicious Post to Delicious Post to Facebook Post to Facebook

How to setup NTPd on OS X

Posted on by
Reply

So if you would like to have a Mac acting as a ntp server, the steps are pretty straightforward. This works on all recent client and server versions of OS X.

1) Unload the ntp plist (most definitely needed on the server OS):
launchctl unload /System/Library/LaunchDaemons/org.ntp.ntpd.plist

2) Modify the ntp-restrict.conf
The following lines in the file:
restrict default kod nomodify notrap nopeer noquery
restrict -6 default kod nomodify notrap nopeer noquery
Should become:
restrict default kod nomodify notrap nopeer
restrict -6 default kod nomodify notrap nopeer

Basically the ‘noquery’ needs to be removed.

3) Load the ntp plist.
launchctl load /System/Library/LaunchDaemons/org.ntp.ntpd.plist

That’s it! Piece of raw brownie (better than cake, trust me).
Then modify whatever box that needs an ntp server to point to you freshly modified Mac.

Post to Twitter Tweet Post to Delicious Post to Delicious Post to Facebook Post to Facebook

Solved: “[Firmware Bug] ACPI No _BQC method”, initial brightness problem when installing Linux

Posted on by
1

Tried to install OpenElec and Ubuntu on a mini-ITX Sapphire White system and every time I tried to run the installer, I got a blank screen.
So I booted OpenElec (and Ubuntu) without the ‘quiet’ option from the kernel parameters and I was able to see this error:

[Firmware Bug] ACPI No _BQC method, cannot determine initial brightness

IMG_4599

My system is NOT a laptop so I don’t care about brightness. Searching for a solution on the internet got me nowhere; it involved recompiling kernels but that’s not very useful when I still need to install the Linux distribution.

But I found a solution! Forcing this entry into the kernel parameters while booting the installer:

acpi_backlight=vendor

… it solved my problems! So, OpenElec and Ubuntu are now installing without problems.

BUT, don’t forget to modify your installed distro to reflect the same parameter! If you use OpenElec, you’ll need to manually add the parameter when booting it, SSH into your box and remount the /flash mount as RW (mount -o remount,rw /flash), so you can edit the syslinux.cfg file and add the parameter.

Post to Twitter Tweet Post to Delicious Post to Delicious Post to Facebook Post to Facebook

Debian 6 and slow DNS lookup & resolving

Posted on by
Reply

Just installed a basic Debian 6 server and was amazed about how much time it took to resolve any domain name; at least 4 seconds. But I found the solution: if you don’t use IPv6 then disable it.

Check the IPv6 alias:

grep ipv6 /etc/modprobe.d/aliases

This should give you this entry:

# alias net-pf-10 ipv6

Edit that file and change the line to:

alias net-pf-10 off ipv6

Then reboot. As always, YMMV.

Post to Twitter Tweet Post to Delicious Post to Delicious Post to Facebook Post to Facebook

VNCserver with GParted on headless Ubuntu server

Posted on by
Reply

I need to grow a disk on my Ubuntu server but only have SSH access to the machine and need GParted to do that.

Here’s how I’ve done it:

sudo apt-get install vnc4server openbox gparted
vnc4server 
vnc4server -kill :1
sed -i -e 's/x-window-manager/openbox-session/g' ~/.vnc/xstartup
vnc4server

Open port 5901 incoming, and access with a VNC client. Right-click to start the terminal within openbox, and you’ll be able to run any GTK+ apps, including gparted.

Post to Twitter Tweet Post to Delicious Post to Delicious Post to Facebook Post to Facebook

Synology DSM 4.1’s VideoStation and DVB-T channels list fix

Posted on by
3

Tried to get my EyeTV Diversity DVB-T USB stick to work with my Synology DS-1512 and the VideoStation program.
DSM recognises the USB stick but when I tried a channel scan (selecting Country: Italy and Region: Italy), nothing came up.

So, it must be a faulty channel list then. DSM VideoStation uses this list:

/volume1/@appstore/VideoStation/etc/synodvb_t/Italy

and this contains:

# T freq bw fec_hi fec_lo mod transmission-mode guard-interval hierarchy

### VHF - Band III ###
# 5
T 177500000 7MHz 2/3 NONE QAM64 8k 1/32 NONE
# 6
T 184500000 7MHz 2/3 NONE QAM64 8k 1/32 NONE
# 7
T 191500000 7MHz 2/3 NONE QAM64 8k 1/32 NONE
# 8
T 198500000 7MHz 2/3 NONE QAM64 8k 1/32 NONE
# 9
T 205500000 7MHz 2/3 NONE QAM64 8k 1/32 NONE
# 10
T 212500000 7MHz 2/3 NONE QAM64 8k 1/32 NONE
# 11
T 219500000 7MHz 2/3 NONE QAM64 8k 1/32 NONE
# 12
T 226500000 7MHz 2/3 NONE QAM64 8k 1/32 NONE

… etcetera, etcetera. Using this (Italian) channel site http://www.dgtvi.it/copertura.php, I looked up the stations that are available in my are (Monte Fasce) and put them manually in a new file called ‘My Region’:

/volume1/@appstore/VideoStation/etc/synodvb_t/My Region
T 682000000 8MHz AUTO AUTO AUTO AUTO AUTO NONE
T 786000000 8MHz AUTO AUTO AUTO AUTO AUTO NONE
T 642000000 8MHz AUTO AUTO AUTO AUTO AUTO NONE
T 674000000 8MHz AUTO AUTO AUTO AUTO AUTO NONE
T 546000000 8MHz AUTO AUTO AUTO AUTO AUTO NONE
T 514000000 8MHz AUTO AUTO AUTO AUTO AUTO NONE
T 626000000 8MHz AUTO AUTO AUTO AUTO AUTO NONE
T 722000000 8MHz AUTO AUTO AUTO AUTO AUTO NONE
T 594000000 8MHz AUTO AUTO AUTO AUTO AUTO NONE
T 698000000 8MHz AUTO AUTO AUTO AUTO AUTO NONE
T 758000000 8MHz AUTO AUTO AUTO AUTO AUTO NONE

Now, turning back to VideoStation, I was able to select this new region file and WOW: it’s working!
VideoStation is now happily scanning for channels.

Post to Twitter Tweet Post to Delicious Post to Delicious Post to Facebook Post to Facebook

HP Smart Array RAID management on ESXi 5 – hpacucli

Posted on by
4

I’ve got a nice ESXi 5 whitebox with a HP P400 RAID controller wich I would like to configure and monitor. But, HP won’t let you install there software if the Hardware Vendor ID is not from HP. You’ll get errors like this when try to install:

/tmp # esxcli software vib install -f -v /tmp/hpacucli-9.10-22.0.vib
[NoMatchError]
BIOS vendor HP is required but host BIOS vendor is To Be Filled By O.E.M.
BIOS vendor Hewlett-Packard Company is required but host BIOS vendor is To Be Filled By O.E.M.
BIOS vendor Hewlett-Packard is required but host BIOS vendor is To Be Filled By O.E.M.
BIOS vendor hp is required but host BIOS vendor is To Be Filled By O.E.M.
id = (Updated) ESXi-5.0.0-20120302001-standard
Please refer to the log file for more details.

There are tips on the internet where you can download the software, un-7Zip the .vib, modify the descriptor.xml by removing any hardware reference to HP, recreate the .deb package, move it to the ESXi server, renaming it to .vib and voilà, a lot of work later you installed the tool.

Or just get my pre-modified package and install 🙂

Download, scp to your server, ssh into your server and run:

esxcli software vib install -f -v /tmp/hpacucli-9.10-22.0-esxi_mod.vib

Post to Twitter Tweet Post to Delicious Post to Delicious Post to Facebook Post to Facebook

VMware ESXi 5 and LSI1068E controller crap

Posted on by
1

Had lots of problems using my IBM BR10i and Dell SAS 5I/r controllers; performance under ESXi 5 was terrible.
Just 3.5 MB/s on write. Under Linux, write performance was around 110-120 MB/s. So WTF ?

I thought that all this was needed (disable Interrupt Routing):

# esxcli system settings kernel list -o iovDisableIR
# esxcfg-advcfg -k TRUE iovDisableIR (just the above command wasn't enough)
# auto-backup.sh
# auto-backup.sh (yes, twice!)
# reboot

Check:

# esxcfg-advcfg -j iovDisableIR
# esxcli system settings kernel list -o iovDisableIR


But in the end, this wasn’t it. Seems that LSI1068E based controllers disable all disk caching built into the drives by default.

If the server has battery backup you can enable basic drive caching on the Logical Volumes without risk (or, without a battery, WITH risk).

Goto www.LSI.com (The controller is made by LSI) and download and install MegaRAID Storage Manager. In short, install the VIB on your ESXi machine, the Manager on a Windows or Linux machine, sync their host names and enable all ports on the ESXi firewall for incoming TCP traffic.

Highlight the Virtual Raid Volume, right click, properties. Enable Cache and save. You have to do this on every logical raid volume.

Your performance difference is incredible.

And I just lost a day of looking for the solution. Crap.

Post to Twitter Tweet Post to Delicious Post to Delicious Post to Facebook Post to Facebook

Publish the Daily Garfield on Facebook shell script

Posted on by
1

For years now, I’m posting the daily Garfield and Dilbert comic on my Facebook page.

This is the (clumsy) script that does that:

#!/bin/sh
URLBASE="http://comics.kamens.brookline.ma.us/cgi-bin/comics?which=specified&Garfield=include&specified=Garfield&numdays=1&width=&height=&noheaders=on&reload=reload"
wget -O page.html -erobots=off ${URLBASE}/
IMGURL=`grep "assets.amuniversal.com" page.html | awk -F'"' '{print $8}' | head -1`
wget -O garfield.gif ${IMGURL}
./mail.pl garfield.gif your-mobile-FB-emailaddress "Daily Garfield"
rm -rf page.html && rm -rf garfield.gif

Since I don’t want to use Mutt or sendmail, I’m using perl and Mail::Sender:

Mail.pl:

#!/usr/bin/perl -w
# Usage: ./mail.pl attachment to-address subject
my $file = $ARGV[0];
my $tolist = $ARGV[1];
my $subject = $ARGV[2];
my $datum= `date "+%d-%m-%Y"`; # optional
use Mail::Sender;
$sender = new Mail::Sender;if ($sender->MailFile({ 
smtp => 'localhost', 
from => 'fromuser@domain.com', 
to => "$tolist", 
subject => "$subject - $datum", 
msg => " ", 
file => "$file", 
}) < 0) { 
die "$Mail::Sender::Error\n"; 
} 
print "Mail sent OK.\n";

As always, YMMV.

Post to Twitter Tweet Post to Delicious Post to Delicious Post to Facebook Post to Facebook