Networking

Getting OpenSuSE to ping and resolve local hosts

Recently I installed OpenSuSE on my notebook. It’s been awhile since I used any SuSE products but I thought since my next contract is supporting SuSE servers I should bone up on the distribution. Most things went as expected. Except that I couldn’t ping or resolve local hosts.

That’s correct. I couldn’t ping them nor could I access them via a web browser. Bummer. I access my management consoles and mp3 server through a browser.

The dig utility would resolve them ok. Just not any user or administrative applications such as those mentioned above. After doing some digging around on the web and reading some man pages I found that there two files that need to be edited, or at least checked.

Now we need to edit the /etc/nsswitch.conf and /etc/host.conf file. Note that I said the /etc/host.conf file not /etc/hosts as some people have done.

Change the /etc/nsswitch.conf hosts entry to read:

hosts: files dns

and the /etc/host.conf file to read:

order bind, hosts
multi off
mdns off
.
You may need to reboot after doing this. Now I could ping and resolve the local hosts normally.

Be careful what posts that you use to solve this or any other problem. I read one post that said if the domain ends in .local, which mine does, then this is problematic with SuSE. One poster even recommended changing the domain name. That’s right. I’m going to change the FQDN of all of my machines. Not.

The problem simply lies with the settings that SuSE ships with their products, specifically with the /etc/host.conf file. See the man page for more details. It specifically points out the use of .local domains and what to set the entries to in the file, the critical one being the mdns entry.

-j

Quick Subnetting and IP calculations Part 2

In my last post I discussed how to make quick subnetting and IP calculations. This post is will help us determine how many hosts on a network.

Suppose that you know your IP address and an abbreviated notation subnet mask. What you need to find out is the IP of your default gateway.

The address that you are given is 192.168.200.120/26. The last assignable IP is your gateway. Before we get started a quick note about abbreviated subnet masks. You can determine the standard subnet mask by dividing the abbreviated notation by 8 and using the remainder to add together that number of bits starting from the leftmost bit in a subnet mask. In our case 8 will go into 26 three times with two left over. Adding together the two leftmost bits in a subnet mask, 128+64 gives us 192. So our standard subnet mask is 255.255.255.192.

To start solving our gateway problem we first the 192 into bit values which = 11000000.

The smallest bit is 64 so our subnets are incremented by 64. Recall from the previous post how we laid this out:

Network Address Range
0 192.168.200.1 through 63
64 192.168.200.65 through 127
128 192.168.200.129 through 191
192 192.168.200.193 through 255


As we can see from above our machine falls into the second address range with an IP of 192.168.200.120. The first addressable IP is 192.168.200.65 and the broadcast address is 192.168.200.127. Remember that the broadcast address for a network is the last IP shown for that range. This makes the default gateway one less than the broadcast address giving us 192.168.200.126 for the gateway. There are 62 host IP address available on your network segment after taking out the network and broadcast IP.

So there it is. You have now found your default gateway and know how many hosts are on your network segment and what their IP addresses are.

-j

Quick Subnetting and IP calculations Part 1

With all of the ip and subnetting calculators all over the internet it might seem to some that learning subnetting is unnecessary. I think that it is a skill that is underused and should be learned by all network administrators. It’s really not that hard to get the basics down.

In this article and the next I am going to show you how to do two things quickly and easily with subnetting. I’m going to show you how to build a custom subnet from scratch and how to calculate how many hosts on a network. The only part of the binary code of this that I’m going to discuss is this which we should all know:

128 64 32 16 8 4 2 1

The above numbers represent the 8 bits in a subnet mask.

To start building our custom subnet we are going to assume a class C network. With this we know that our default mask covers the first 24 bits which would make it 255.255.255.0. Notice that 255 is the sum of all of the numbers above. Second let’s assume that our class C address in 192.168.10.0 and that we want to build 6 subnets from this to cover six of our departments.

First convert the number of subnets to binary. We can see that adding bits 2 and 4 above make 6. We will turn all of the bits on that are to the right of the 4:

00000111

Next flip the entire octet from end to end:

11100000

Add the bits together that are on the left end of the bits shown in the 1st code box:

128+64+32=224

So now we know that 224 is our new subnet mask and that we can get 6 networks out of this. The 32 in this scenario is known as the Least Significant Bit or LSB. Pretty straightforward isn’t it?

Now we need to get our network, host and broadcast addresses. To do this take the Least Significant Bit from the three bits that we used above. This would be 32. So starting with 0 we start setting up our networks like so:

Network Address Range Broadcast
0 192.16.10.1 thru 30 192.168.10.31
32 192.16.10.33 thru 62 192.168.10.63
64 192.16.10.65 thru 94 192.168.10.95
96 192.16.10.97 thru 126 192.168.10.127
128
160
192
224

and so on. As you can see each network starts with 0 and then the LSB is the increment to the next network so we have 0 32 64 and so on. The broadcast address is 1 less than the next network number. This leaves the host addresses as the network number plus 1 through the broadcast address less 1 giving us 30 hosts per network

Next post we’ll see how to determine how many hosts on a network.

-j

Open Source products that add to the bottom line

I have often wondered when the thought processes of people would shift from equating Linux and Open Source as one and the same. I need not wonder any longer as that time is here. And this is a good thing.

In the past people, more often than not, spoke of Linux and Open Source in a way that would lead one to believe that they are one and the same. Until a year or two ago this was probably true as most open source applications were only available on Linux. Now though, open source applications are standing on their own and are becoming known as Open Source applications not Linux applications.

Kudos to the developers for causing this shift. Why? The open source developers, unlike Windows developers, are creating cross platform applications that will either run on Windows or run Windows software. They are doing this at breakneck speed as well. It is easy to understand why when you look at the economic business models of open source.

The business models of open source generate revenue by selling update and support services as opposed to selling licenses. It is the nature of open source to not sell licenses as the source code is open. There would be no point in it.

Now take a look at the economy. It’s not rocket science to see that spending, even IT spending, is slowing down. Now, if I have a product that I will let you have for free and even give you the choice of whether or not to by updates and service with it, and it will run on Windows or Linux, what are you going to do? Go buy the Windows only application with all of it’s license fees plus the annual “maintenance” fee that is 20% of the original license fee? Only if you don’t have the sense God gave a baboon.

I’ll give you some examples of open source applications that fill the need for productive and secure applications that can be done at an open source cost.

Vyatta open source routers. From their website: “Vyatta solutions combine the features, performance, and reliability of an enterprise router and firewall with the cost savings, flexibility, and security of open source to introduce new levels of economics, choice, and control into the network.”. If you interpret “enterprise router and firewall” as Cisco or HP you are probably right on the money. No pun intended.

How about Jitterbit open source integration software? Jitterbit handles integration of data between heterogeneous applications so that the information is combined. With a customer list that includes NASA and Continental Airlines who would think that they shouldn’t use open source software?

There are many others out there including Alfresco that competes with Microsoft’s Sharepoint to the point of integrating with Microsoft Office and offering shared drives. Take the Zimbra Collaboration Suite that has seamless compatibility with clients like Microsoft Outlook, Apple desktop suite, and Mozilla Thunderbird, add in the connectors for Blackberry, Smartphone and Alfresco and you have a collaboration suite that rivals any on the market for functionality and beats them on cost whether or not you purchase their services.

So given today’s economy and the fact the company needs to generate a profit to keep from laying off people, I believe you should strongly consider what open source has to offer.

-j

The difference between Cloud Computing and SaaS

I have often wondered what is the difference between Cloud Computing and SaaS (Software as a Service). Tonight I decided to look into this and see if I could come up with some clear definition. Let’s see what we can find.

According to Wikipedia “Cloud computing is Internet (’cloud’) based development and use of computer technology (’computing’).” Well that makes sense. The internet has always been depicted as a cloud in network diagrams. Development of computer applications and the use of computer technology to use those applications makes up the ‘Computing’ part of our question.

So let’s take a look at the definition of SaaS from Wikipedia. “Software as a service (SaaS, typically pronounced ’sass’) is a model of software deployment where an application is hosted as a service provided to customers across the Internet.” Uh oh. It seems to me that ‘an application is hosted as a service provided to customers across the Internet’ is pretty much the same as ‘an application is hosted as a service provided to customers across the Internet’ through the internet cloud of Cloud Computing.

I could have stopped here and decided that they mean the same thing. But what kept nagging at me are some companies selling SaaS services and some selling Cloud Computing services. Let’s take a look at some of these and see if we can come up with some differentiation.

So that we have a picture of what Cloud Computing architecture looks like I borrowed a graphic from Citrix. This graphic represents what Citrix calls it C3 or Citrix Cloud Center architecture.

One of the most well known of either of these terms appears to be Google Apps. On their home page they bill themselves as ‘Software-as-a-service for business email, information sharing and security’. Their applications provide the listed services on Google owned servers. Google is responsible for the hardware and software updates so that burden is lifted from the user organization. Ok so that covers SaaS. Now let’s look at Cloud Computing.

Amazon comes up on the radar as a Cloud Computing provider. On their service page they bill themselves as ‘The cloud you can depend on…At Amazon, we run one of the world’s largest networks of web sites, serving millions of customers every month, and executing millions of transactions for our customers and sellers. Over time, we’ve developed significant expertise in building, operating, and maintaining the worldwide infrastructure required to power this business. With Amazon Web Services, you benefit from our expertise.’ Amazon Web Services (AWS) is the marketing name of Amazon’s cloud services.

Amazon provides backup services, real time database transaction services, resizable compute capacity, queue for storing messages as they travel between computers.

There you have it. While the services are different the idea is the same. The Cloud Computing or SaaS organization provides a technology over the internet cloud as a service. Whether it is a backup or word processor application the customer is still using software and hardware resources of servers maintained by someone else. Ultimately it appears that they are both the same. It just depends on what service you need and whether the provider calls itself a Cloud Computing vendor or a SaaS vendor.

-j

Create an Apache Virtual Host

Creating Apache virtual hosts allow you to use a single IP address for many web servers. I use mine for general web serving as well as secure WebDav over HTTPS. The Apache web server is arguably the most popular web server on the internet and has been since 1996.

Ok let’s get started setting up your Apache virtual host. I am using Centos 5.x for our operating system. The apache server is the stock install using YUM.

Edit the /etc/httpd/conf/httpd.conf file. The virtual hosts section is towards the bottom.
Uncomment the NameVirtualHost *:80 directive If you want virtual hosts accessed over SSL you will need to add the NameVirtualHost *:443 directive as well.

For virtual hosts over SSL the virtual host containers should be added to the /etc/httpd/conf.d/ssl.conf file.

Almost any Apache directive may go into a VirtualHost container. Following is a sample virtual host container. Use the auth directives if you want authentication for your host. The users are set up with the htpasswd command. See man htpasswd for more info.

When apache receives a web site request on the IP address it looks to the configuration files
to determine if it has the host. If it has the host it then looks to the DocumentRoot of the host to determine what pages and directories are available and serves them to the client.

ServerAdmin  webmaster at www.luvlinux.net #email address on error pages
DocumentRoot /var/www/vhosts/luvlinux #where apache looks for web site documents
ServerName www.luvlinux.net #dns name of server (Web site host name)
ErrorLog logs/www.luvlinux.net-error_log #logs are located relative to serverroot
CustomLog logs/www.luvlinux.net-access_log common
#put options in here
Options Indexes Multiviews #shows an index of files if no index.html
# AuthType Basic #authentication type
# AuthName “My this site” #name that shows on login dialogue
# AuthUserFile /etc/httpd/webpass #name of the password file
# Require user engineer1 #name of authorized user(s)

ServerAdmin  webmaster at www.example.net
DocumentRoot /var/www/vhosts/example.net
ServerName www.example.net
ErrorLog logs/www.example.net-error_log
CustomLog logs/www.example.net-access_log common

Options Indexes Multiviews

Use the following command to check your virtual host configuration:
httpd -D DUMP_VHOSTS

You will get output similar to the following indicating that everything is ok.

VirtualHost configuration:
wildcard NameVirtualHosts and _default_ servers:
*:443  myhost.example.com (/etc/httpd/conf.d/ssl.conf:82)
*:80 is a NameVirtualHost
default server www.example.net (/etc/httpd/conf/httpd.conf:993)
port 80 namevhost www.example.net (/etc/httpd/conf/httpd.conf:993)
Syntax OK

Use the following to check the general syntax of your configuration files:
httpd -t
Syntax OK

Congratulations! You should now have your Virtual Host setup. Don’t forget to make your hosts and/or DNS entries for accessing your web server. Enjoy!

-j

Squid proxy server quick start

Here is a quick start plan for installing the squid-cache.org proxy server. Squid is a caching proxy server that uses HTTP, HTTPS and FTP for caching web pages from the internet. By caching web pages locally the squid server helps you save on bandwidth and increases page response time for web surfing.

When you first open the squid configuration file it can be overwhelming with over 4000 lines. Many of these are comments but there are still hundreds of configuration choices. I am going to reduce these down to a solid foundation which will get you up and running quickly. This will give you some time to study the other configuration choices that may be necessary for your use. For most people some form of the configuration entries that we use here will be enough to control and proxy your web access.

Squid can be installed on Linux, Unix or Windows. For our purposes here we are installing on Centos 5.x.

Let’s get started:

Install the Squid package
yum install squid

cd to the configuration directory
cd /etc/squid

The default squid config file contains over 4000 lines. Remove the comments so that the file
is a workable size
Copy the squid.conf file to dist.conf.squid to preserve the comments for reference
cp squid.conf dist.squid.conf
The following sed command edits the squid.conf file in place removing comments and empty lines
sed -i.tmp '/^#/d; /^$/d' squid.conf
This will produce a file that contains the following entries:


http_port 3128
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
cache deny QUERY
acl apache rep_header Server ^Apache
broken_vary_encoding allow apache
access_log /var/log/squid/access.log squid
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost
http_access deny all
http_reply_access allow all
icp_access allow all
coredump_dir /var/spool/squid


After doing this you will need to add some lines to the squid file for your environment

vim squid.conf
visible_hostname
acl our_networks src / /
as in 192.168.1.0/24 192.168.2.0/24
http_access our_networks

Save your changes and exit the squid.conf file.

Create the squid cache directories in /var/spool/squid
quid -z

Set squid to start on reboot
chkconfig squid on

Start squid
service squid start

This should work out of the box after pointing the clients to the correct proxy server and port.

Additional configuration directives can be issued through the /etc/sysconfig/squid file and the /etc/init.d/squid script.

I hope this helps you get squid up and running quickly. Enjoy!

-j

Ubuntuserver is unbelievably stupid

Yes you read the title right. Ubunutserver is unbelievably stupid.

Ok let’s take it from the top. I had Ubuntuserver 7.0.4 installed as my WebDAV secure server, my son’s baseball team’s website, samba and so on. I run this server headless and without a gui. Note here that the normal install is without a gui and is touted loudly by the folks who develop ubuntuserver. This is all well and good.

Lately it’s been on my mind to look into and install a collaboration suite. Having searched around I finally landed on Zimbra.

After reading the documentation I see that Zimbra is certified on Ubuntu 8.04 LTS. Ok, well this is as good of a time to upgrade as any. This is where the fun (read stupidity) begins.

I ssh into my server as normal. I do all of the pre-distribution upgrade stuff, reboot and begin the distribution upgrade. The first thing I get is a message saying something to the effect of “We do not recommend using SSH while you upgrade. If you lose a connection it is difficult to recover.” Ok. I’m not doing this over a WAN link but on my local LAN. I haven’t had any network outages since I don’t know when, the sun is shining so no power outages looming. Things are looking good.

The upgrade proceeds smoothly. On several occasions I am asked if I want to replace any of my configuration files. This include the sshd configuration file. On all of these I take the default which is “Do not replace, I want to keep the configuration file that I am currently using” . That’s paraphrased but that is what it meant.

The distribution upgrade finishes. I get a nice message saying everything went well and asking me if I want to reboot. Of course I do. I type y and off we go. After waiting the appropriate amount of time I try to SSH back in. I am pretty excited at this point about getting my Zimbra install started.

Uhoh. No such luck. The dreaded “ssh: connect to host 10.10.15.105 port 22: Connection refused” message. What?!? Are you kidding me? No way. I try pinging the server. Yep, network came back ok. I try again. Nope. And several times after that. Now I’m writing this rant.

You see, here is why I think this is stupid. The server installs without a gui. That implies that no one is going to use this for a workstation. If no one is going to use it for a workstation, why then, should it have a monitor on it? If it doesn’t have a monitor on it, why would you not want someone to upgrade using SSH? Would the Ubuntuserver people prefer telnet instead? If the upgrade process is smart enough to know that you are upgrading over SSH then why not start SSHD on the reboot? If that is in fact the problem since I haven’t dragged a monitor over there to see.

I made a decision not long ago not to scrap my Ubuntuserver in favor of CentOS. I am starting to regret that decision. You see there is at least one other annoyance with Ubuntusever that I don’t find appealing either. This is the fact that they have decided that using an inittab is old fashioned or something. While this doesn’t have much affect on a server, at least one not running a gui, have you tried to boot into runlevel 3 lately? It’s not nearly as easy as it is with a GRUB boot loader where you can edit it, type in 3, hit enter and b and boot to runlevel 3.

Ok, I’m done. Next free time that I have I’m putting CentOS on there (as soon as I drag a monitor to the server and get SSHD started that is).

-j

Single signon with Clipperz

Clipperz provides single signon capabilities using a web browser for all of your web based sites. Clipperz is an open source project started in 2005 by Marco and Giulio Cesare. I have been using Clipperz now for about six months on a daily basis.

From an end user perspective the process is quite simple. Go to Clipperz and register. After registering you can then start adding the sites that you visit that require a password.

Once you are on the logged into Clipperz click on the Tools link on the orange tool bar on the right hand side. Once on that page scroll down and drag and drop the Add to Clipperz widget to you book marks bar.

Now browse to a web site that requires that you login. While at the login page click on the Add to Clipperz link in the bookmarks toolbar. A small pop-up window will open with some code inside. Copy this code and click on the tab (you are using tabbed browsing aren’t you?) where you are logged into Clipperz. Scroll down to the bottom of the page and click the radio button next to Direct login. Now paste the copied code from the pop-up window into the box title Direct login configuration and then click the create button.

After clicking the create button a new text box will show. This is where you put in your login and password information for the web site that you are adding to Clipperz. After you put this in and create it the web site will show on the middle and left hand side of your screen.

Click on the web site link listed on the left hand side of your screen. This will open up a new tab and automatically log you into the site. If you want to edit the title or change the pasword (or if you got it wrong when creating the link) click on the link in the middle of the page. This will allow you to edit your login information. It even has a facility to decrypt your password if you want to see what it is or just make sure that your are typing it correctly.

For the more technical or paranoid among us Clipperz uses Ajax and JavaScript technologies built into your browser to encrypt your passwords. The encryption takes place locally on your computer before being sent to the Clipperz servers. Thus the only thing sent over the internet or stored on their servers are the scrambled bits of your password.

With the advent of SaaS and Cloud Computing you need a secure single signon solution for your web based sites where you store photos, financial data and other electronic data. Clippez fills this need as well as working as a password manager and a vault for confidential data. Give it a spin today!

Full disclosure: I have no affiliation with Clipperz other than being a satisfied user.

-j