Random stuff

I’ve made a few changes to the sidebar of my blog, I’ve added last.fm Recent Tracks listing and a Meebome widget. The meebome widget is a very nice flash application that let’s you chat with visitors of your site while being online on meebo. I was introduced to meebo sometime ago by thatha. It is an “Instant Messaging Portal”, you create an account and then you can log in to your msn, icq, yahoo, aim, jabber and gtalk account. I use it whenever I am away from my pc, since I find it a lot more “comfortable” to log in to the networks I am interested through meebo than through Portable Gaim that I keep on my usb flash drive.

btw…Gaim is so broken these days…Looks like noone is interested to fix the aging problems it has. No nat-to-nat transfers, random crashes even on normal filetransfers. Even the developer(s) suggest that you use the beta version to log in to msn. How dumb is this ? What are they waiting for ? Since even the developer promotes the beta in favor to the “stable”..shouldn’t the beta be named as “stable” now ? Noone is still using Gaim 1.5.0 …all the latest gnome based distros use 2.0-betaX…

I’ve steadily become more and more unsupportive of OLPC. There are many reasons to this. First of all I think that it made by western people believing that they know what is better for africans or asians. That’s plain wrong. In my view the OLPC is something that western rich kids will enjoy far more than poor africans or asians. It’s a “western toy” for “western rich kids”. Then comes the “open-ness” of the whole project. In the beggining everything looked very promising, then came the closed source drivers and firmwares. I don’t care for whatever reasons Marvell doesn’t open source the wifi driver, but if someone touts for a “complete open source project”, then e v e r y t h i n g must be open source. Not whatever we like. Oh, and then came the added sd card slot in order for the OLPC to be able to run a version of windows. That’s open source too right ? More bashing of the OLPC on beranger.

No space left on device

Last night I decided to do some tests with portage inside a virtual machine using iloog livecd. I fired up vmware player (it’s free) and created one 1Gb partition, type Linux and one 1Gb partition, type swap with fdisk. Then I issued :

#mke2fs -j /dev/hda1
#mkdir /mnt/hda1
#mount /dev/hda1 /mnt/hda1
#mkdir /mnt/hda1/portage
#mkdir /usr/portage
#mount --bind /mnt/hda1/portage /usr/portage
#emerge --sync

The syncing with gentoo portage had started.. After a while though, my screen got full off errors about not having enough space left on the device. That was a bit weird since 1Gb is more than enough for just the portage without any distfiles or packages… Issuing a “df -HT” gave me something like this:

/dev/hda1 ext3 985M 557M 379M 60% /mnt/hda1

So, I do have space free…where was the problem ? Luckilly some friends on IRC gave me the answer…

#df -i
/dev/hda1 120000 120000 0 100% /mnt/hda1

I was out of inodes…The portage has so many small files that made me run out of inodes and the only solution was to run mke2fs again but with options that look like the following, in order to increase the inode number by decreasing the block size:
mke2fs -j -b 1024 -i 1024 /dev/hda1

That gave me enough inodes to store the portage 🙂

Ευρωπαικά Ερευνητικά Δίκτυα

Στα πλαίσια της τελευταίας εκδήλωσης του ΕΔΕΤ Grnet Tech Event o κ. Μάγκλαρης, πρόεδρος του NREN-PC έδωσε μια ομιλία για τα ευρωπαικά ερευνητικά δίκτυα, μέλος των οποίων είναι το ΕΔΕΤ. Εξηγεί αρκετά καλά την ιστορία των δικτύων στην Ευρώπη καθώς και ποιες είναι οι τάσεις αυτό το καιρό (10-40-100Gbit, dark fiber, virtual open source routers, κτλ).

Δείτε το Video για να καταλάβετε τον νέο “ψηφιακό πόλεμο” και το “ψηφιακό χάσμα” στην “δημοκρατική Ευρώπη”.

dynamic hostname updates with DHCPd + BIND

The following text describes the way to make DHCPd create DNS records of dhcp clients. This scenario is usually called a DDNS server.

We will first setup up BIND and then DHCPd.
1) We need to create a “key”. A key is a password that allows dhcpd to update bind… imagine something like an authentication scheme. In order to create such a key file to the following:
# rndc-confgen -a
A key file will be created. On Gentoo Linux this file is put inside /etc/bind/ and is called “rndc.key”.
Now open up your named.conf file and put these line inside:
include "/etc/bind/rndc.key";
controls {
inet 127.0.0.1 allow { localhost; } keys { rndc-key; };
};

If you already have a controls section just modify it to include the keys { } directive.

Now, in your zones that you want to be dynamically updated modify them to look like this:

zone "0.168.192.in-addr.arpa" {
type master;
file "pri/192.168.0.zone";
allow-update { key "rndc-key"; };
notify yes;
};
zone "home-sweet-home.gr" {
type master;
file "pri/home-sweet-home.gr.zone";
allow-update { key "rndc-key"; };
notify yes;
};

The “allow-update” is the crucial part here.
If you’ve done that changes we are finished from the BIND configuration. Restart the service and you are done.

2)Time for DHCPd configuration.
Remember your rndc-key file ? Open it and paste it contents inside your dhcpd.conf file so it looks a bit like this:
key "rndc-key" {
algorithm hmac-md5;
secret "goa6aw7a9WwapCyai0naZQ==";
};

Among others you have to put the zone files that you want to be updated. Following my previous zone declaration in named.conf and supposing that the primary nameserver is 192.168.0.50, that should be:

zone home-sweet-home.gr {
primary 192.168.0.50;
key rndc-key;
}
zone 0.168.192.in-addr.arpa. {
primary 192.168.0.50;
key rndc-key;
}

Now some generic configuration stuff to allow dynamic dns updates:

ddns-update-style interim;
ddns-domainname "home-sweet-home.gr.";
use-host-decl-names on;
allow client-updates;
option oe-key code 159 = string;
option oe-gateway code 160 = ip-address;
on commit {
if (not static and
((config-option server.ddns-updates = null) or
(config-option server.ddns-updates != 0))) {
if exists oe-key {
set ddns-rev-name =
concat (binary-to-ascii (10, 8, ".",
reverse (1, leased-address)), ".",
pick (config-option server.ddns-rev-domainname,
"in-addr.arpa."));
set full-oe-key = option oe-key;
switch (ns-update (delete (IN, 25, ddns-rev-name, null),
add (IN, 25, ddns-rev-name, full-oe-key,
lease-time / 2)))
{
default:
unset ddns-rev-name;
break;
case NOERROR:
on release or expiry {
switch (ns-update (delete (IN, 25, ddns-rev-name, null))) {
case NOERROR:
unset ddns-rev-name;
break;
}
}
}
}
}
}

(weird huh ? Nope that’s not mine … I just copied it from someplace on the web)

I will now show you my subnet configuration. Change it to fit your needs:

subnet 192.168.0.1 netmask 255.255.255.0 {
range 192.168.0.100 192.168.0.200;
option domain-name-servers 192.168.0.50;
option domain-name "home-sweet-home.gr";
option routers 192.168.0.10;
default-lease-time 600;
max-lease-time 7200;
update-static-leases on;
host PC1 {
hardware ethernet 00:12:34:56:78:ab;
fixed-address 192.168.0.21;
option host-name "PC1";
DDNS-hostname "PC1";
}
}

With this configuration, all clients on the subnet will be given IP addresses in the range 192.168.0.100 – 192.168.0.200, except from the PC with MAC address 00:12:34:56:78:ab that will be given IP 192.168.0.21. The ” update-static-leases on;” is very important for PC1. Unless it is defined no updates to DNS records would be created for it.

Now restart DHCPd, make a client DHCP request and check your log file (/var/log/messages probably) for the results.

You can read more about the ddns server subject at the following places:
http://kristijan.org/?q=node/69
http://alex.kruijff.org/FreeBSD/Dynamic_DNS.html
http://www.ops.ietf.org/dns/dynupd/secure-ddns-howto.html
http://www.southwestern.edu/pipermail/netreg/2005-October/001074.html

It’s quite usefull if you have a need for it 🙂

Netroute firmware 577

After asking some people, I have finally decided to post netroute’s firmware version 577 on my blog.

I hope I won’t be forced to remove it any time soon…so here it is: netroute-firmware-577.tar.gz

I won’t publish any update instructions. You are on your own…I don’t want to be held responsible if you bork your router…

Audacious 1.2 encoding problems with gentoo

Yesterday I updated audacious on my gentoo box from ver 1.1 to ver 1.2.1. The result that was all my songs with greek tags became unreadable.
It seems that in the 1.2.1 version a new use flag was introduced: “chardet”.. So the solution is:

echo "media-sound/audacious chardet" >> /etc/portage/package.use
echo "media-plugins/audacious-plugins chardet" >> /etc/portage/package.use
emerge -avt audacious audacious-plugins

then open audacious–>Preferences–>Playlist–>Metadata–>”Fallback Character encodings” ISO-8859-7

hope it helps some of you…

Guli LiveCD

It’s been a while now, since May 2006, that me and some others from the local Ioannina LUG are trying to create a new livecd, the Guli LiveCD. This livecd is geared mostly towards students, scientists and developers. It’s geared towards us…it’s something that will make our lives easier while travelling or while visiting a friend or … or … or …

It is Gentoo based, severy influenced by DSL (damn small linux) as well as other minimalistic livecds, but it’s size has grown to a full CD due to the hundreds of applications we wanted to add. There is of course X windows support, with fluxbox as a window manager, but it is not started by default, yet.

There are a few main categories of applications:

  • Networking
  • There are a lot of networking tools inside this livecd what will help you identify and correct problems inside your network. These include scanners, packet sniffers, tunneling software, and so on…

  • Scientific
  • Scientific applications were included in order for some of us to be able to travel and still have a way to implement a new idea that strikes us. The main interest so far is Chemistry, Mathematics and Physics. Full tex/latex support is included.

  • Developing
  • Since many of the ILUG members are students of the Computer Science department it was inevitable that many development tools would be included. There is support for many languages (C, fortran, Java, Haskell, prolog, php, python, perl, ruby,etc), with their compilers and debuggers. The full man pages are also kept so that they serve as a reference for those who want them.

  • Disaster recovery
  • Last but not least we have included a lot of tools that could salvage your system in case of an emergency. These are file recovery tools, password reset tools (even for windows) and lots of others.

    There are of course applications like firefox, sylpheed, abiword, gnucalc, gaim, skype, etc included on Guli for everyday tasks.

    The total number of executables on this LiveCD is quite large, a double tab pressing on the console will give you something like this:
    Display all 3355 possibilities? (y or n)

    And there are more to come…

    The current version was released yesterday and it is an anniversary edition for ILUG’s 1 year of existence. You can find more information, full list of packages and the download link about this live cd at ILUG’s forums (currently only in Greek, until Guli gets a proper website).

    This liveCD is not geared towards new users who want to see a fancy livecd with XGL and stuff like that. People who have never before used linux might find it a bit diffucult to navigate through the livecd.

    We would appreciate any comments/bugs either on the forum or on the bug tracker

    Legal Selling – Illegal Use

    I was at an electronics store this morning and a guy walks in and asks for a wireless monitoring/security camera. The salesman happily starts showing him some products. The cameras ranged from 400mW to 1W power operating at 2.4GHz. The salesman told him that the 400mW is for a distance of “2 floors” and the 1W is for a whole building (!?!?!). These cameras are probably using the same frequencies that community wi-fi networks are allowed to use.
    Say that you don’t care about community wireless networks and the interference that such a device would cause to them, there still is a HUGE issue behind this sale:
    If the guy buys one of them, and operates it he is instantly doing something illegal, since the maximum power of wireless devices at 2.4GHz in Greece is set at 100mW. So the salesman has the right to sell something illegal that the buyer is not supposed to use, or could be imprisoned if he used it. That’s like legalizing the sales of drugs but imprisoning people that use them. This kind of scenario used to happen with the “anti-police-radars”. Lots of electronics shops used to sell them, but if you got caught byt the police owning one of those devices you could go to jail. So the government lets shops make money out of selling something illegal that could cause customers law problems. Shouldn’t shops be also punished for selling these “electronic drugs” ?

    Go Greece go! Excellent trade laws.

    Μπανανια.bn

    Διαβάζοντας κάποιος το http://www.knowhow.gr/ecPage.asp?id=34859&nt=105 θα υποθέσει πως η Ελλάδα είναι από τις χώρες που προστατεύουν την ελεύθερη διακίνηση ιδεών στο Internet..

    Σήμερα έχουμε όμως το εξής απίστευτο: To blogme.gr δέχθηκε μύνηση!!

    Συνοπτικά:
    Προσφάτως, δημόσιο πρόσωπο μήνυσε το Blogme.gr για δυσφήμιση και άσεμνο σατυρικό περιεχόμενο.
    Το πρόσωπο αυτό σατιρίζονταν μέσα από τις σελίδες κάποιου άλλου blog, το οποίο ήταν καταχωρημένο στο directory του Blogme και στις υπηρεσίες ροής RSS. Ως αποτέλεσμα των παραπάνω, ακολούθησαν: διαδικασία του αυτοφώρου, κατάσχεση του σκληρού δίσκου, παραμονή στο κρατητήριο και προσαγωγή στην εισαγγελία.

    Περισσότερα στο http://e-roosters.blogspot.com/2006/10/blogme.html και στο http://www.blogme.gr/blog/post/index/21/BLOGME
    Από ότι λέει ο κόσμος το δημόσιο αυτό πρόσωπο είναι ο κ. Λ…

    Και θυμάμαι εγώ τώρα ότι η “Διάσκεψη Κορυφής για την Κοινωνία της Πληροφορίας” που έγινε πέρυσι, και στην οποία αποφασίστηκε ότι η Ελλάδα θα διοργανώσει το “1ο Παγκόσμιο Φόρουμ για τη Διακυβέρνηση του Διαδικτύου”, επιλέχτηκε να γίνει στην Τύνιδα επειδή εκεί υπήρχαν προβλήματα λογοκρισίας…ώστε να ενισχυθούν οι ελεύθερες φωνές/γνώμες. Και πάμε εμείς τώρα που κάνουμε μυνήσεις σε άσχετο κόσμο να πούμε στον κόσμο για την διακυβέρνηση στο Internet. Μια από τα ίδια είμαστε και εμείς…τα ίδια και χειρότερα γιατί εμείς νομίζουμε κιόλας ότι όλα εδώ πάνε καλά…Αυτό είναι ακόμα πιο επικίνδυνο από το να ξέρεις ότι δεν πάνε καλά τα πράγματα…

    edit: slashdotted!! http://yro.slashdot.org/yro/06/10/29/2040220.shtml
    way to go!

    Επίσης χθες ο τηλε-ευαγγελιστής Εισαγγελάτος στην εκπομπή του άρχισε να τρομοκρατεί τον κόσμο λέγοντας πώς μπορεί κάποιος να βάλει διάφορα στο κινητό του και να παρακολουθεί τον καθένα με την ελάχιστη δυνατή προσπάθεια. Ας σπείρουμε τον φόβο στον κόσμο λέγοντάς του μισές αλήθειες…εύγε… περισσότερα και πιο αναλυτικά στο http://www.myphone.gr/forum/showthread.php?t=154376

    Και για να επιστρέψω στο πρώτο θέμα…μήπως θα ήταν καλή ιδέα να μαζευτούν οι bloggers στο Φόρουμ αυτό που ξεκινάει στις 30/10 και να πουν τι έγινε προχθές μπροστά στον υπόλοιπο κόσμο που θα παρακολουθεί ?

    Προτείνω επίσης να ζητήσουμε από το Brunei το TLD του…το .bn και να τους δώσουμε το δικό μας..το .gr

    Μπανανία.bn … μας πάει καλύτερα…

    Second Life economy

    I really don’t know to which category this post belongs. I am just amazed at what “Second Life” has become.

    The statistics from it are insane…

    US$ Spent Last 24 Hrs: 433,454

    This is a LOT of money spent on “virtually something” = nothing…

    Now Reuters has “created” a special reporter just for Second Life. Take a look: http://secondlife.reuters.com/.

    Are people so much bored of their current lives that they prefer they were somebody else and eventually pay real money to become one ? I really can’t understand them…

    so pathetic…

    A disk cataloger with sql support!

    I’ve written before about me looking for a disk cataloging tool in linux. I think I’ve finally found what I wanted. It’s called gcdkatalog.

    The good things about it:
    1) It has mysql/sqlite support
    2) It’s FAST
    3) does not crash while searching (at least did not crash yet 😛 )

    The bad things:
    1) No documentation AT ALL
    2) I have no idea whether the author stills maintains it or not. You can’t even find a link to download the latest version from his homepage. I’ve found it by guessing…
    2) The code is written by a polish guy and the code comments are also in polish. This can be a problem if you want to change something in the code.

    Anyway…I’ve posted an ebuild of gcdkatalog on Gentoo bugzilla. The ebuild is currently only for ~x86 since I have no amd64 machine to test if it compiles, if you do own one and have 2 spare minutes, please test it and inform me about it. Let’s hope it will eventually make it inside the portage tree. Until then grab the ebuild from bugzilla.

    gcdkatalog ebuild for Gentoo

    P.S. Before gcdkatalog I used Gwhere, but it is lacking sql support. If you don’t mind about it…it’s by far the most advanced cataloging tool for linux I’ve seen.

    Netroute2 stats with rrdtool

    On my previous port about netroute2 I said that it was really easy to grab some stats with mrtg about line activity. This has a small drawback, you must have your collector/server that will run mrtg always open so that it can constantly get the snmp statistics from the modem/router. So my quest was to figure out a way to keep the statistics on the modem and be able to get them when I want and create the graphs that I like. This is not something mrtg can do, this is an rrdtool job 🙂

    Most things said here are based on my previous post about netroute2: Intracom netroute2 hacks. You will definitely need to have read it before continuing…

    Tweaking the Netroute2:
    The first thing was to create a script to give me information about incoming and outgoing traffic on ppp0 interface. I also to export these stats on a file “parsable” by rrdtool. The following script does exactly that:


    #!/bin/sh
    ifconfig="/sbin/ifconfig"
    grep="/bin/grep"
    date="/bin/date"
    cut="/usr/bin/cut"
    tail="/usr/bin/tail"
    delim=":"
    OUTPUT="/tmp/var/for_rrd.log"
    RX=`$ifconfig ppp0 | $grep -A 6 ppp0 | $tail -n 1 | $cut -d":" -f2 | $cut -d" " -f1`
    TX=`$ifconfig ppp0 | $grep -A 6 ppp0 | $tail -n 1 | $cut -d":" -f3 | $cut -d" " -f1`
    echo `$date +%s`"$delim$RX$delim$TX" >> $OUTPUT

    What this script does is parse the output of ifconfig ppp0, find the number of bytes for incoming and outgoing and store them to /tmp/var/for_rrd.log. Remember that netroute2 has /tmp writable, so we can use/abuse it 🙂
    The output of the script is something like this:

    TIMESTAMP:OUTGOING:INCOMING

    1160651881:7938452:1310405

    So now we can have the stats stored someplace. It’s time to tell netroute2’s cron to do it every X minutes.

    # cat /etc/cron.d/cron_rrdscript
    */1 * * * * root /etc/rrdscript.sh > /dev/null 2>&1

    Now, every 1 minute our log is going to be filled with our traffic. You did remember to run /etc/init.d/checkpoint … didn’t you ? If you don’t know why you should do it…DON’T continue reading on!!! Go back and read this: Intracom netroute2 hacks

    RRDTool time now…
    I suppose you have already installed rrdtool on your favorite distro somehow (emerge,apt-get,rpm,blahblahblah). First thing we need to do is create an rrd database to keep our stats. Save the following in create_netroute2_rate.txt

    rrdtool create netroute_rate.rrd --start 1159455804 \
    DS:IN:COUNTER:600:0:12500000 \
    DS:OUT:COUNTER:600:0:12500000 \
    --step 60 \
    RRA:AVERAGE:0.5:1:2000 \
    RRA:AVERAGE:0.5:6:2000 \
    RRA:AVERAGE:0.5:24:2000 \
    RRA:AVERAGE:0.5:288:2000 \
    RRA:MAX:0.5:1:2000 \
    RRA:MAX:0.5:6:2000 \
    RRA:MAX:0.5:24:2000 \
    RRA:MAX:0.5:288:2000

    BIG FAT WARNING!! You HAVE to change the timestamp –start 1159455804 with the current timestamp if you want to get accurate stats. 1159455804 was when I started getting my stats. You MUST change this with your current one. The command “date +%s” is your friend in this…

    Now execute sth like this: “/bin/sh create_netroute2_rate.txt”. You should have a beautiful netroute_rate.rrd file inside your current dir. Time to fill up this database with information from the file “for_rrd.log”.
    If you don’t have yet public key authentication with your netroute2, now is the crucial time to do it. Paragraph F) of my previous post (Intracom netroute2 hacks) is exactly that.

    (timelapse)

    I am supposing you already did it…To check if it’s working issue something like this:
    ssh -l root -p 22 PUT.IP.OF.NETROUTE2.HERE uname -a
    Hopefully you’ll get prompted with something like: “Linux netroute- 2.4.30-netta2 #2 Tue Mar 21 10:51:17 EET 2006 ppc unknown”. If not check again what went wrong…

    Now a command like the following will grab “for_rrd.log” from netroute2 and put it in /var/rrds/ (that’s the dir I am using to store my rrd databases, logs, scripts, etc)
    scp root@PUT.IP.OF.NETROUTE2.HERE:/tmp/var/for_rrd.log /var/rrds/for_rrd.log

    Now..parsing time! This is my netroute-rrd.sh:

    #!/bin/sh
    cd /var/rrds/
    NEWFILE="for_rrd.log"
    OLDFILE="for_rrd.log.old"
    if [ ! -f $NEWFILE ]; then
    echo "No new file found"
    exit 1
    fi
    diff $OLDFILE $NEWFILE | grep -v "," | sed 's/^>[ \t]\+//' > to_parse
    cat to_parse |while read line;
    do
    echo "${line}";
    rrdtool update netroute_rate.rrd $line
    echo "$?"
    done
    rm -f to_parse
    mv for_rrd.log for_rrd.log.old

    If you execute this script it will compare this script with the older one you had downloaded, diff them and parse the output with rrdtool. I do that to ensure that rrdtool only parses what was not parsed before. It’s really stupid to parse the log file everytime from the beggining…

    Now you have your database filled up with values…so what ? how can you see the results ? With a script that takes advantage of rrdgraph 🙂 This script is quite big, more than 150lines so I will not copy/paste it here but I will provide you with a tarball of it and all the previously mentioned scripts ment to be stored on your box.
    Netroute2 RRDTool Scripts

    Combine all these together with a cron job from your pc like the following:
    */5 * * * * scp root@PUT.IP.OF.NETROUTE2.HERE:/tmp/var/for_rrd.log /var/rrds/for_rrd.log ; /etc/scripts/netroute-rrd.sh; /etc/scripts/netroute-rrd-graph.sh

    and you will have a /var/rrds/index.html with 5 graphs: Hourly, Daily, Weekly, Monthly and Yearly.

    Now you can monitor your Internet traffic even when your stats collector is offline.
    There is a chance that you will get some spikes when netroute2 reboots. To eliminate them read this: HOWTO remove spikes from RRD graphs

    If you are greek and want to know some more stuff about rrdtool there’s a tutorial here: RRD [HOWTO]

    Intracom netroute2 hacks

    Since I now own my own dsl I am using an intracom netroute2 as a dsl modem/router. What really rocks about it is that it is linux (busybox) based, so one can change a lot of how stuff works in it. The bad news about it is that Intracom no longer produces it! The good news is that someone might be able to get some second hand of those modems really cheap. I wonder who was the idiot to stop the production of those modems in Intracom…

    Anyway…I’ll post here some of the changes I did to it . I am using firmware version 577 so everything I say here might not work on older ones.

    A) Fix ntp.
    The modem/router on boot reads /etc/date and changes the date according to that file. My version dated from april 2006 made the modem on boot to think that it was april. It is easy to fix this using an ntpclient cronjob. So create a file inside /etc/cron.d/ named cron_ntpclient and paste the following inside it:
    0,15,30,45 * * * * root /usr/bin/ntpclient -s -h ntp.grnet.gr > /dev/null 2>&1
    This will sync the time on the modem every 15minutes.
    If you want to be even more accurate like I do check out the following. I had noticed that my modem takes about 1 min and 20 secs from the time I plugged it in till the time it got IP from my ISP. So if I could make it to ntp sync immediately after getting an IP it would be pretty cool. So, I edited /etc/date and replaced the contents of the file with the following:
    091918002006
    This makes the modem to set its date at 18:00 19-September-2006.

    Then change the cron script to this:
    02,15,30,45 * * * * root /usr/bin/ntpclient -s -h ntp.grnet.gr > /dev/null 2>&1

    Now the modem syncs the date on the next minute after it gets IP from the ISP. This is really helpfull if you use syslog (read on for this).

    BEWARE though that BEFORE you reboot you MUST run /etc/init.d/checkpoint. This command is VITAL! It saves the changes you do inside the configuration files so they are not overwritten on the reboot by the stuff inside /etc-ro/.

    B) This version has snmpd installed but not started by default. So let’s make it start when netroute2 boots.
    The only thing that needs to be done for this is add an entry inside /etc/net.conf. You need to add somewhere around the end an entry like this:

    SNMP_RO_COMMUNITY=YOUR_SNMP_COMMUNITY

    Change ‘YOUR_SNMP_COMMUNITY’ with a password of your choice. You can use vi to do it. Run /etc/init.d/checkpoint afterwards to save your changes.

    You can now reboot Netroute2 and if you type ‘ps aux’ on it’s shell you will probably see something like this:
    408 root 840 S /sbin/snmpd -c /etc/snmpd.conf -l /dev/null
    That means snmpd is now listening for connections. You can now monitor the traffic with mrtg if you want from another PC. I’ll post my own mrtg.conf for the netroute2 but it does not necessarily mean that it will work for you too. It depends on which ethernet devices you use to connect it to your network. I use eth0.
    Here’s the mrtg.conf for my netroute2: netroute2-mrtg.conf

    Use it with your other mrtg scripts, I won’t tell you how here…if you don’t know…google for it. It’s realy simple. Here’s a HOWTO from the Gentoo Wiki HOWTO_SNMP_and_MRTG_Made_Easy for the lazy ones.

    C) Syslog activation.
    A syslog daemon is also included but not started in netroute2. It is primarily thought to be logging remotely to another machine. But netroute2 has 10Mb of free space at /tmp…so we can make it store some logs there. On reboot these logs are lost, so it’s only usefull if you netroute is on a UPS or if you want to monitor what’s going on while netroute is working. It’s not for watching what happened and your netroute2 crashed. If you want such behaviour you must activate remote syslog logging, and if you want that you must be able to easily find out how to do it, you don’t need my advice 🙂

    First of all fire up vi and edit /etc/syslog.conf. Change all entries that start with /var/log to /tmp/var/log/. Then go find /etc/init.d/rc-syslog and edit it with vi. Find line 13. It should say something like this:

    /bin/echo "Invalid Syslog Server IP!"
    exit 1

    Change it to:

    /bin/echo "Invalid Syslog Server IP!"
    /bin/echo "Logging Locally!"
    mkdir -p /tmp/var/log/
    #exit 1

    What happens here is this, the script searches /etc/net.conf for a variable named SYSLOG_SERVER_IP. If it finds it it enables remote syslogging to that IP (damn!.. I’ve said it), but we want to enable local logging so we have to bypass it. We first create the /tmp/var/log directory and then put a “#” in front of the exit command so the script does not stop when it can’t find SYSLOG_SERVER_IP.

    /etc/init.d/checkpoint again….reboot…and if all went fine if you “ps aux” you should see something like:

    166 root 336 S /sbin/syslogd
    169 root 264 S /sbin/klogd -c 3 -x

    If you cd to /tmp/var/log you can find the log files. You can more them, tail them, grep them, whatever…it’s up to you now.

    D) Enable iptables logging.
    Netroute2 features iptables firewalling and tc for QoS!!! You can easily modify the firewall script to make it suit your needs better. What I am going to describe here is how to make iptables log to syslog so you can view what is being blocked by iptables.

    First thing you have to do is go to the web interface (yes it IS sloooooooow but who cares ? You won’t be needing much anyway 🙂 ), go to “Wan Connections” and click on Firewall. Go where it says “Expert Configuration” (don’t you already feel l33t ? heh) and add a dummy line like this:

    iptables -A INPUT -i ppp0 -p tcp --dport 135 -j DROP

    Click on apply and wait a bit until it refreshes the firewall webpage.
    This line, even it is totally useless (if you know a bit of iptables and see the rest of the firewall listing I am sure you already know why), it will force netroute2 to create a seperate firewall file for your connection and not use its default one.

    Now go back to netroute2's shell. If you don't know/remember the name of your connection do an
    ls /etc/wan/current/
    and it will show you it's name. Then go to /etc/wan/firewall/ and edit the file with your connection name. You will see inside it the full listing of iptables rules.

    Lines 25-27 should a bit like these:

    :INPUT ACCEPT [0:0]
    :FORWARD ACCEPT [43:9993]
    :OUTPUT ACCEPT [73:33579]

    Add below the last one a line like the following:

    :LOG_DROP - [0:0]

    Around line 65 there should be something like this:

    -A INPUT -i ppp0 -j DROP

    change it to:

    -A INPUT -i ppp0 -j LOG_DROP

    Then finally find the last line of the file that says COMMIT and add above it these two lines:

    -A LOG_DROP -j LOG
    -A LOG_DROP -j DROP

    The editing is finished. DON’T forget to /etc/init.d/checkpoint….reboot and you are ready.

    If you had previously enabled syslog logging correctly you can do a:
    tail -f /tmp/var/log/kernel.log

    and if you firewall blocks something you might see a line that looks like this:
    Sep 24 02:16:57 (none) kernel: IN=ppp0 OUT= MAC= SRC=XX.XX.XX.XX DST=YY.YY.YY.YY LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=30976 DF PROTO=TCP SPT=3935 DPT=135 WINDOW=65535 RES=0x00 SYN URGP=0

    You can change all the other “-j DROP” settings inside your firewall config with “-j LOG_DROP” to gather more information about what gets dropped. If you do that though it might be necessary to refine your /etc/syslog.conf to create more accurate log files..Which log files keeps what kinds of logs…play with it.

    E) Netroute has some advanced commands that are not inside the PATH.
    Look for some very interesting binaries like tcpdump, tc, etc inside /usr/sbin

    F) Public key auth with dropbear:
    on client machine:

    ssh-keygen -t rsa
    scp .ssh/id_rsa.pub root@netroute.ip:

    on netroute2:

    mkdir .ssh
    mv id_rsa.pub .ssh/authorized_keys
    chmod 400 ~/.ssh/authorized_keys
    chmod 700 ~/.ssh
    /etc/init.d/checkpoint

    If everything is done properly you will now be able to ssh from your client to netroute2 without password.

    I wish I could find more of these great machines. 2 Ethernet ports, usb, serial console, 2 FXS, it’s own small sip compatible PBX … what else can one need ? A usb port for an external disk and a torrent client probably… 🙂

    Trackers, torrents and politicians

    This must be another greek unique phenomenon. Politicians (or probably wannabe politicians) placed yesterday some advertisment of theirs on a greek torrent tracker, probably the biggest one.

    You can’t believe it ?? I probably wouldn’t believe it either if I didn’t see a screenshot. So check this out!

    This act has been said to be severely criticized by a number of members of the tracker, but the administrators said yesterday that “since they paid money why shouldn’t they be advertised ?” The weird thing is that this morning the advertisement was gone. Maybe some people thought that it was not such a good idea after all…

    I am a bit curious though.. and I will place here some of the questions I have:

    1) How did these politicians made contact to the administrators ?
    2) Do they know what a torrent tracker is and what the content of the specific tracker is ? Do they politically support what is going on there ?
    3) How much did they pay ? And to whom ? Don’t politicians have to justify every single cent of their advertisement expenses ? Is that tracker a company providing legit receipts ?
    4) If the administrators said last night that it was OK to host them there, why did they remove them today ?

    Btw, since you did not have to be a member of the site to see the advertisement, it was on the very first page of the site that even unregistered users could see, I thought that it was unecessary to blurify/hide more parts of the screenshot I was given, apart from the url. Even that might be unecessary.

    XTerm*saveLines possible problem ?

    I just noticed a somewhat strange behaviour of xterm. When savelines option is set to a high number, say above 10000, the output of xterm is REALLY REALY slow.

    Check the following examples on maximized xterm windows:
    File: .xsession-errors 200074 (200kbytes)

    % wc -l .xsession-errors
    4103 .xsession-errors
    % xterm -v
    XTerm(218)
    % mrxvt --help
    Mrxvt v0.5.1
    Options: XPM,Jpeg,PNG,transparent,fade,tint,textshadow,utmp,menubar,XIM,multichar_languages,scrollbars=rxvt+NeXT+xterm+sgi+plain,
    xft,Greek,frills,linespace,24bit,selectionscrolling,256colour,cursorBlink,pointerBlank,session management,Resources

    XTerm*saveLines: 500
    % time cat .xsession-errors
    cat .xsession-errors 0.00s user 0.00s system 0% cpu 0.933 total

    XTerm*saveLines: 1000
    % time cat .xsession-errors
    cat .xsession-errors 0.00s user 0.00s system 0% cpu 1.029 total

    XTerm*saveLines: 2500
    % time cat .xsession-errors
    cat .xsession-errors 0.00s user 0.01s system 0% cpu 1.286 total

    XTerm*saveLines: 5000
    % time cat .xsession-errors
    cat .xsession-errors 0.00s user 0.00s system 0% cpu 1.382 total

    XTerm*saveLines: 10000
    % time cat .xsession-errors
    cat .xsession-errors 0.00s user 0.00s system 0% cpu 1.969 total

    XTerm*saveLines: 11000
    % time cat .xsession-errors
    cat .xsession-errors 0.00s user 0.00s system 0% cpu 3.038 total

    XTerm*saveLines: 20000
    % time cat .xsession-errors
    cat .xsession-errors 0.00s user 0.00s system 0% cpu 8.341 total

    XTerm*saveLines: 32767
    % time cat .xsession-errors
    cat .xsession-errors 0.00s user 0.01s system 0% cpu 12.798 total

    On my faithfull mrxvt with 32767 buffer lines this gives me:
    mrxvt*saveLines: 32767
    % time cat .xsession-errors
    cat .xsession-errors 0.00s user 0.01s system 0% cpu 1.494 total

    I hope you notice the difference…

    “bug” or “feature” ? who knows…