Sunday, March 30, 2008

Network Tip No. 36: ACL on ICMP

Some are having some problems on the ICMP access-list. Try this one

allow pings into the network
   access-list 110 permit icmp any any echo
   ! allow ping responses
   access-list 110 permit icmp any any echo-reply
   ! allow ICMP source-quench
   access-list 110 permit icmp any any source-quench
   ! allow path MTU discovery
   access-list 110 permit icmp any any packet-too-big
   ! allow time-exceeded, which is useful for traceroute
   access-list 110 permit icmp any any time-exceeded
   ! deny all other ICMP packets
   access-list 110 deny icmp any any

Network Tip No. 35: Stopping the router from crazy output

Stopping the router from crazy output...

An annoying problem output everytime you mistype a command and the router thinks you just typed a hostname. For example:


  Router#shwo
  Translating "shwo"...domain server (10.1.1.1)
  % Unknown command or computer name, or unable to find computer address
  Router#

The way to handle this is to change the preferred transport method:


  ! Console port
  line con 0
      transport preferred none
  ! VTY Ports
  line vty 0 5
      transport preferred none

The output shows the lack of a failed connection based on our mistyped keyword:


  Router#shwo
      ^
  % Invalid input detected at '^' marker.

Network Tip No. 34: The reload command

When everything fails.... hehe


   Router#reload in 3
       Reload scheduled in 3 minutes
   Proceed with reload? [confirm]y

Wednesday, March 26, 2008

Linux Tip No. 36: How to Enable IP Forwarding

Enable IP Forwarding

1. Check if IP Forwarding is enabled

Using sysctl:

[root@proxy ~]# sysctl net.ipv4.ip_forward
net.ipv4.ip_forward = 0

or just checking out the value in the /proc system:

[root@proxy ~]# cat /proc/sys/net/ipv4/ip_forward
0

Value 0 means it is disabled.

2. Enable IP Forwarding on the fly

[root@proxy ~]#sysctl -w net.ipv4.ip_forward=1

[root@proxy ~]#echo 1 > /proc/sys/net/ipv4/ip_forward

the setting is changed instantly; the result will not be preserved after rebooting the system.

3. Permanent setting using /etc/sysctl.conf

If we want to make this configuration permanent the best way to do it is using the file /etc/sysctl.conf where we can add a line containing net.ipv4.ip_forward = 1

[root@proxy ~]#vi /etc/sysctl.conf 
# Controls IP packet forwarding
net.ipv4.ip_forward = 1

if you already have an entry net.ipv4.ip_forward with the value 0 you can change that 1.

To enable the changes made in sysctl.conf you will need to run the command:

[root@proxy ~]#sysctl -p /etc/sysctl.conf

Restart the network service

[root@proxy ~]#service network restart

Linux Tip No. 35: Enable service at boot up

To Check:
[root@jepoy ~]# chkconfig --list |grep httpd
httpd 0:off 1:off 2:on 3:on 4:on 5:on 6:off

To enable at boot up:
[root@jepoy ~]# chkconfig httpd on

Linux Tip No. 34: How to Check Services

This command is used to start/stop your services.

service   start/stop/restart/status

To Start:
[root@jepoy ~]# service httpd start

To Stop:
[root@jepoy ~]# service httpd stop

To Restart:
[root@jepoy ~]# service httpd restart

To check:
[root@jepoy ~]# service httpd status

Monday, March 24, 2008

Linux Tip No. 33: How to check your DHCP server

This command tells you what DHCP server you are using.

[root@jepoy ~]# grep dhcp-server-identifier /var/lib/dhcp/dhclient.leases
option dhcp-server-identifier 192.168.0.254;

Linux Tip No. 32: Checking the top 10 directories

Top 10 directories eating up your disk space:

[root@mail etc]# du -cksh * | sort -rn | head -10
852K sysconfig
784K termcap
704K selinux
704K makedev.d
632K firmware
552K X11
544K pam.d
472K prelink.cache
460K alsa
444K postfix

Linux Tip No. 31: Renew/Release DHCP client

[root@proxy ~]# dhclient -r

[root@proxy ~]# dhclient
Internet Systems Consortium DHCP Client V3.0.2
Copyright 2004 Internet Systems Consortium.
All rights reserved.
For info, please visit http://www.isc.org/products/DHCP

The -r flag
explicitly releases the current lease, and once the lease has been released, the client exits.

Sunday, March 23, 2008

Network Tip No. 33: Troubleshootin IGRP

Troubleshooting IGRP Issues

Router#debug ip igrp events	Shows all IGRP events in real time
Router#debug ip igrp transactions	Shows IGRP updates between routers

Network Tip No. 32: IGRP Routing Optional Commands

IGRP Routing: Optional Commands

`Router(config)#no router igrp` `as-number`	Disables the IGRP routing process
`Router(config-router)#no network` `w.x.y.z`	Removes network w.x.y.z from the IGRP routing process
`Router(config-if)#bandwidth` `x`	Sets the bandwidth of this interface to x kilobits to allow IGRP to make a better routing decision
`Router(config-router)#variance` `x`	Allows IGRP to accept unequal-cost routes

Network Tip No. 31: IGRP Routing Commands

IGRP Routing: Mandatory Commands

Router(config)#router igrp as-number	Enables IGRP routing process. The autonomous system number (AS-number) used in the IGRP routing process must match all other routers that are going to share routing updates in order for communication to take place
Router(config-router)#network w.x.y.z	w.x.y.z is the network number of the directly connected network you want to advertise

Note:

You need to advertise only the classful network number, not a subnet:

Router(config-router)#network 172.17.0.0

not

Router(config-router)#network 172.17.10.0

If you advertise a subnet, you will not receive an error message, because the router will automatically convert the subnet to the classful network address.

MS How To's

http://howtowindows.blogspot.com/

Linux How To's

http://howtonixnux.blogspot.com/

Tuesday, March 18, 2008

Linux Tip No. 30: Managing Disk Space

[root@mail ~]# fdisk -l

Disk /dev/sda: 36.4 GB, 36419584000 bytes
255 heads, 63 sectors/track, 4427 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes

Device Boot Start End Blocks Id System
/dev/sda1 * 1 63 506016 83 Linux
/dev/sda2 64 3905 30860865 83 Linux
/dev/sda3 3906 4427 4192965 82 Linux swap

Disk /dev/sdb: 36.4 GB, 36419584000 bytes
255 heads, 63 sectors/track, 4427 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes

Device Boot Start End Blocks Id System
/dev/sdb1 * 1 4427 35559846 83 Linux

Linux Tip No. 29: Becoming a Super User

Becoming Super User (The su Command)

[docadmin@mail ~]$ su
Password: ******
[root@mail docadmin]#

When you are prompted, type in the root user's password. The prompt for the regular user ($) will be changed to the super user prompt (#). At this point, you have full permission to run any command and use any file on the system. However, one thing that the su command doesn't do when used this way is read in the root user's environment. As a result, you may type a command that you know is available and get the message "command not found." To fix this problem, you can use the su command with the dash (-) option instead, as follows:

[docadmin@mail ~]$ su -
Password:
[root@mail docadmin]#

When you are prompted, type in the root user's password. The prompt for the regular user ($) will be changed to the super user prompt (#). At this point, you have full permission to run any command and use any file on the system. However, one thing that the su command doesn't do when used this way is read in the root user's environment. As a result, you may type a command that you know is available and get the message "command not found." To fix this problem, you can use the su command with the dash (-) option instead, as follows:

$ su -
Password: ******
#

Linux Tip No. 28: Command-Line Recall

Command-Line Recall

After you type a command line, that entire command line is saved in your shell's history list. The list is stored in a history file, from which any command can be recalled to run again.

[docadmin@mail ~]$ history 20
526 exit
527 su -
528 cd /etc
529 more inittab
530 exit
531 su
532 lspcis
533 lspci
534 su
535 su -
536 su
537 su -
538 su -
539 su -
540 su -
541 id
542 su jepoy
543 history
544 history 10
545 history 20

Network Tip No. 30: RIP Version 2: Optional Commands

RIP Version 2: Optional Commands

Router(config-router)#no version 2	Changes back to RIP-1
Router(config-router)#version 1	Changes RIP routing to RIP-1
Router(config-router)#no auto-summary	RIP-2 summarizes networks at the classful boundary. This command turns autosummarization off
Router(config-router)#auto-summary	Re-enables autosummarization at the classful boundary

Network Tip No. 29: RIP Version 2: Mandatory Commands

RIP Version 2: Mandatory Commands

Router(config)#router rip	Turns on the RIP routing process; the same command as used for RIP Version 1 (RIP-1)
Router(config-router)#version 2	Turns on Version 2 of the routing process. Version 1 is default
Router(config-router)#network w.x.y.z	w.x.y.z is the network number of the directly connected classful network you want to advertise

Network Tip No. 28: Troubleshooting RIP Issues

Troubleshooting RIP Issues

Router#debug ip rip	Displays all RIP activity in real time
Router#show ip rip database	Displays contents of the RIP database

Network Tip No. 27: RIP Version 2

RIP Version 2

Router(config-router)#version 2	RIP will now send and receive RIP-2 packets globally
Router(config-if)#ip rip send version 1	Interface will send only RIP-1 packets
Router(config-if)#ip rip send version 2	Interface will send only RIP-2 packets
Router(config-if)#ip rip send version 1 2	Interface will send both RIP-1 and RIP-2 packets
Router(config-if)#ip rip receive version 1	Interface will receive only RIP-1 packets
Router(config-if)#ip rip receive version 2	Interface will receive only RIP-2 packets
Router(config-if)#ip rip receive version 1 2	Interface will receive both RIP-1 and RIP-2 packets

Linux Tip No. 27: Exiting the Shell

Exiting the Shell

To exit the shell when you are done, type exit or press Ctrl+D.

[jepoy@mail ~]$ exit
exit
There are stopped jobs.

Linux Tip No. 26: Checking Directories

To find out what your current directory is, type the pwd command:

$ pwd
/usr/bin

To find out the name of your home directory, type the echo command, followed by the $HOME variable:

$ echo $HOME
/home/jepoy

To change your directory, use the cd command. You could also use the tilde (~) character to indicate the home directory. So cd ~ would have the same resultas just cd.

$ cd /var/log
$ pwd
/var/log

To check if its a directory, use the ls -la command. "d" means its a directory.
[jepoy@mail ~]$ ls -al
total 33048
drwx------ 7 jepoy jepoy 4096 Mar 15 12:12 .
drwxr-xr-x 85 root root 4096 Jan 28 13:35 ..
-rw-r--r-- 1 jepoy jepoy 304 Jul 27 2007 .bash_logout
-rw-r--r-- 1 jepoy jepoy 191 Jul 27 2007 .bash_profile
-rw-r--r-- 1 jepoy jepoy 124 Jul 27 2007 .bashrc
drwxr-xr-x 3 jepoy jepoy 4096 Aug 29 2007
dr-x------ 2 jepoy jepoy 4096 Mar 14 15:50 download_only
drwxr-xr-x 2 jepoy jepoy 4096 Aug 16 2007 DVBH
drwxr-xr-x 2 jepoy jepoy 4096 Aug 16 2007 Dynamips

Linux Tip No. 25: Checking Your Login Session

To find out information about your identity, use the id command as follows:

[jepoy@mail docadmin]$ id
uid=10023(jepoy) gid=10023(jepoy) groups=10023(jepoy)

Network Tip No. 26: RIP Routing Optional Commands

RIP Routing: Optional Commands

Router(config)#no router rip	Turns off the RIP routing process
Router(config-router)#no network w.x.y.z	Removes network w.x.y.z from the RIP routing process
Router(config-router)#passive-interface s0/0	RIP updates will not be sent out this interface
Router(config-router)#neighbor a.b.c.d	Defines a specific neighbor with which to exchange information
Router(config-router)#no ip split-horizon	Turns off split horizon (on by default)
Router(config-router)#ip split-horizon	Re-enables split horizon
Router(config-router#timers basic 30 90 180 270 360	Changes timers in RIP:
	30 = Update timer (in seconds)
	90 = Invalid timer (in seconds)
	180 = Hold-down timer (in seconds)
	270 = Flush timer (in seconds)
	360 = Sleep time (in milliseconds)
Router(config-router)#maximum-paths x	Limits the number of paths for load balancing to x (4 = default, 6 = maximum)
Router(config-router)#default-information originate	Generates a default route into RIP

Thursday, March 13, 2008

Linux Tip No. 24: How to check speed/duplex of your NIC

How to determine the speed/negotiation of your NIC
a. dmesg
[root@mail ~]# dmesg | grep -i duplex
tg3: eth1: Link is up at 100 Mbps, full duplex.

b. ethtool
[root@mail ~]# ethtool eth1
Settings for eth1:
Supported ports: [ MII ]
Supported link modes: 10baseT/Half 10baseT/Full
100baseT/Half 100baseT/Full
1000baseT/Half 1000baseT/Full
Supports auto-negotiation: Yes
Advertised link modes: 10baseT/Half 10baseT/Full
100baseT/Half 100baseT/Full
1000baseT/Half 1000baseT/Full
Advertised auto-negotiation: Yes
Speed: 100Mb/s
Duplex: Full
Port: Twisted Pair
PHYAD: 1
Transceiver: internal
Auto-negotiation: on
Supports Wake-on: g
Wake-on: d
Current message level: 0x000000ff (255)
Link detected: yes

c. mii-tool
[root@mail ~]# mii-tool eth1
eth1: negotiated 100baseTx-FD, link ok

Network Tip No. 25: RIP Routing Commands

RIP Routing Commands

Router(config)#router rip	Enables RIP as a routing protocol
Router(config-router)#network 192.168.10.0	192.168.10.0 is the network number of the directly connected network you want to advertise

Note:

You need to advertise only the classful network number, not a subnet:

Router(config-router)#network 172.17.0.0

not

Router(config-router)#network 172.17.10.0

If you advertise a subnet, you will not receive an error message, because the router will automatically convert the subnet to the classful network address.

Wednesday, March 12, 2008

Network Tip No. 24: IP Classless

IP Classless

Router(config)#ip classless	Instructs IOS to forward packets destined for an unknown subnet to the best supernet route
Router(config)#no ip classless	Turns off the ip classless command

Linux Tip No. 23: How to check your NIC

How to check your NIC
[root@mail docadmin]# /sbin/lspci |grep -i eth
00:04.0 Ethernet controller: Broadcom Corporation NetXtreme BCM5702X Gigabit Ethernet (rev 02)
02:01.0 Ethernet controller: Intel Corporation 82557/8/9 [Ethernet Pro 100] (rev 08)

Tuesday, March 11, 2008

Network Tip No. 23: Verifying Static Routes

Verifying Static Routes

Router#show ip route	Displays contents of IP routing table

Thursday, March 6, 2008

Network Tip No. 22: Static Routing-Permanent Option

The permanent Keyword (Optional)

Router(config)#ip route 172.16.20.0 255.255.255.0 172.16.10.2 permanent	Specifies that the route will not be removed, even if the interface shuts down

Network Tip No. 21: Static Routing

Static Routing

`Router(config)#ip route 172.16.20.0 255.255.255.0 172.16.10.2`	172.16.20.0 = destination network
	255.255.255.0 = subnet mask
	172.16.10.2 = next-hop address
	Read this to say: To get to the destination network of 172.16.20.0, with a subnet mask of 255.255.255.0, send all packets to 172.16.10.2

`Router(config)#ip route 172.16.20.0 255.255.255.0 s0/0`	172.16.20.0 = destination network
	255.255.255.0 = subnet mask
	s0/0 = exit interface
	Read this to say: To get to the destination network of 172.16.20.0, with a subnet mask of 255.255.255.0, send all packets out interface Serial 0/0

Network Tip No. 20: Default Routing

Default Routing

Router(config)#ip route 0.0.0.0 0.0.0.0 192.168.10.2	Send all packets destined for networks not in my routing table to 192.168.10.2
Router(config)#ip route 0.0.0.0 0.0.0.0 s0/0	Send all packets destined for networks not in my routing table out my Serial 0/0 interface

Linux Tip No. 22: How to check your sound card

[root@proxy /]# arecord -l
**** List of CAPTURE Hardware Devices ****
card 0: AudioPCI [Ensoniq AudioPCI], device 0: ES1371/1 [ES1371 DAC2/ADC]
Subdevices: 1/1
Subdevice #0: subdevice #0
[root@proxy /]#

Network Tip No. 19: Erasing Configurations

Erasing Configurations

Router#erase start	Deletes the startup-config file from NVRAM

Network Tip No. 18: Saving configurations

Saving Configurations

Router#copy run start	Saves the running-config to local NVRAM
Router#copy run tftp	Saves the running-config remotely to TFTP server

Wednesday, March 5, 2008

Linux Tip No. 21: How to check your video card

a. Check the graphics card
[root@mail docadmin]# /sbin/lspci |grep -i vga
00:03.0 VGA compatible controller: ATI Technologies Inc Rage XL (rev 27)

b. Check the video card memory size
[root@mail docadmin]# /sbin/lspci -v -s 00:03.0
00:03.0 VGA compatible controller: ATI Technologies Inc Rage XL (rev 27) (prog-if 00 [VGA])
Subsystem: Compaq Computer Corporation: Unknown device 001e
Flags: bus master, stepping, medium devsel, latency 64
Memory at f6000000 (32-bit, non-prefetchable) [size=16M]
I/O ports at 2c00 [size=256]
Memory at f5ff0000 (32-bit, non-prefetchable) [size=4K]
Capabilities: [5c] Power Management version 2

Network Tip No. 17: exec-timeout

exec-timeout Command

Router(config)#line con 0
Router(config-line)#exec-timeout 0 0	Sets time limit when console automatically logs off. Set to 0 0 (minutes seconds) means console never logs off
Router(config-line)#

Tuesday, March 4, 2008

Network Tip No. 16: logging synchronous

logging synchronous Command

Router(config)#line con 0
Router(config-line)#logging synchronous	Turns on synchronous logging. Information items sent to console will not interrupt the command you are typing. The command will be moved to a new line

Monday, March 3, 2008

Network Tip No. 15: no ip domain-lookup

no ip domain-lookup Command

Router(config)#no ip domain-lookup Router(config)#	Turns off trying to automatically resolve an unrecognized command to a local host name

Sunday, March 2, 2008

Network Tip No. 14: Assigning a Local Hostname to IP Address

Assigning a Local Host Name to an IP Address

Router(config)#ip host marbea 192.1.1.1	Assigns a host name to the IP address.
Router#ping marbea
=
Router#ping 192.1.1.1

Network Tip No. 13: Creating a Banner

Creating an MOTD Banner

Router(config)#banner motd # This is a secure
 system. Authorized Personnel Only!  #
Router(config)#

# is known as a delimiting character.

Friday, February 29, 2008

Network Tip No. 12: Configuring an Ethernet/Fast Ethernet Interface

Configuring an Ethernet/Fast Ethernet Interface

Router(config)#int fa0/0	Moves to Fast Ethernet 0/0 interface mode
Router(config-if)#description Sales LAN	Optional descriptor of the link is locally significant
Router(config-if)#ip address 192.168.0.1 255.255.255.0	Assigns address and subnet mask to interface

Thursday, February 28, 2008

Network Tip No. 11: Configuring a Serial Interface

Configuring a Serial Interface

`Router(config)#int s0/0`	Moves to interface Serial 0/0 mode
`Router(config-if)#description Link to ISP`	Optional descriptor of the link is locally significant
`Router(config-if)#ip address 192.168.10.1 255.255.255.0`	Assigns address and subnet mask to interface
`Router(config-if)#clock rate 56000`	Assigns a clock rate for the interface
`Router(config-if)#no shut`	Turns interface on

Network Tip No. 10: Moving Between Interfaces

Moving Between Interfaces

`Router(config)#int s0`	`Router(config)#int s0`	Moves to interface S0 mode
`Router(config-if)#exit`	`Router(config-if)#int e0`	In int S0, move to E0
`Router(config)#int e0`	`Router(config-if)#`	In E0 mode now
`Router(config-if)#`		Prompt does not change; be careful

Wednesday, February 27, 2008

Network Tip No. 9: show Commands

show Commands

`Router#show ?`	Lists all show commands available
`Router#show interfaces`	Displays statistics for all interfaces
`Router#show interface serial 0`	Displays statistics for a specific interface, in this case Serial 0
`Router#show ip interface brief`	Displays a summary of all interfaces, including status and IP address assigned
`Router#show controllers serial 0`	Displays statistics for interface hardware. Statistics display if the clock rate is set and if the cable is DCE, DTE, or not attached
`Router#show clock`	Displays time set on device
`Router#show hosts`	Displays local host-to-IP address cache. These are the names and addresses of hosts on the network to which you can connect
`Router#show users`	Displays all users connected to device
`Router#show history`	Displays history of commands used at this edit level
`Router#show flash`	Displays info about Flash memory
`Router#show version`	Displays info about loaded software version
`Router#show arp`	Displays the ARP table
`Router#show protocols`	Displays status of configured Layer 3 protocols
`Router#show startup-config`	Displays configuration saved in NVRAM
`Router#show running-config`	Displays configuration currently running in RAM

Tuesday, February 26, 2008

Monday, February 25, 2008

Network Tip No. 6: Configuring a Router Name

Configuring a Router Name

This command works on both routers and switches.

`Router(config)#hostname jepoy`	Name can be any word you choose
`jepoy(config)#`

Friday, February 22, 2008

Network Tip No. 5: disable Command

disable Command

Router#disable Router>	Moves you from privileged mode back to user mode

Thursday, February 21, 2008

Network Tip No. 4: exit Command

exit Command

`Router#exit` `or Router>exit`	Logs a user off
Router(config-if)#exit Router (config)#	Moves you back one level
Router(config)#exit Router#	Moves you back one level

Network Tip No.3: Global Configuration Mode

`Router>`	Limited viewing of config cannot make changes in this mode.
`Router#`	Can see config and move to make changes
Router#(config) t Router(config)#	Moves to global config mode. This prompt indicates that you can start making changes

Wednesday, February 20, 2008

Network Tip No.2: Enable Command

enable Command

Router>enable Router#	Moves user from user mode to privileged mode

Tuesday, February 19, 2008

Linux Tip No. 20: Change your Default Gateway

How to Change Your Default Gateway

Temporary
[root@jepoy /]# route add default gw 192.168.1.1 eth0

Permanent

Config file: /etc/sysconfig/network

NETWORKING=yes
HOSTNAME=jepoy
GATEWAY=192.168.1.1

Monday, February 18, 2008

Linux Tip No. 19: View your routing table

[root@proxy ~]# netstat -nr
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
203.189.11.64 0.0.0.0 255.255.255.224 U 0 0 0 eth0
192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth1
0.0.0.0 203.189.11.65 0.0.0.0 UG 0 0 0 eth0

Sunday, February 17, 2008

Linux Tip No. 18: Restart Network Service

[root@proxy docadmin]# /sbin/service network restart
Shutting down interface eth0: [ OK ]
Shutting down interface eth1: [ OK ]
Shutting down loopback interface: [ OK ]
Disabling IPv4 packet forwarding: net.ipv4.ip_forward = 0
[ OK ]
Bringing up loopback interface: [ OK ]
Bringing up interface eth0: [ OK ]
Bringing up interface eth1: [ OK ]

Thursday, February 14, 2008

Linux Tip No. 17: Enable/Disable interface

[root@jepoy]# ifdown eth0
[root@jepoy]# ifup eth0

Wednesday, February 13, 2008

Linux Tip No. 16 IP Address Aliasing - Permanent

IP Address Aliasing - Permanent

Edit you config file

Config file: /etc/sysconfig/network-scripts/ifcfg-eth0:0

DEVICE=eth0:0
ONBOOT=yes
BOOTPROTO=static
BROADCAST=192.168.10.255
IPADDR=192.168.10.12
NETMASK=255.255.255.0
NETWORK=192.168.10.0
ONBOOT=yes

Tuesday, February 12, 2008

Linux Tip No.15: IP Address Aliasing - Temporary

Network IP aliasing

ifconfig eth0 XXX.XXX.XXX.XXX netmask 255.255.255.0 broadcast XXX.XXX.XXX.255

route add -host XXX.XXX.XXX.XXX dev eth0

ifconfig eth0:0 192.168.10.12 netmask 255.255.255.0 broadcast 192.168.10.255
ifconfig eth0:1 192.168.10.14 netmask 255.255.255.0 broadcast 192.168.10.255

route add -host 192.168.10.12 dev eth0
route add -host 192.168.10.14 dev eth0

Monday, February 11, 2008

Linux Tip No.14: Locally resolve hosts

Locally resolve hosts

File: /etc/hosts

[root@proxy etc]# more hosts

# Do not remove the following line, or various programs

# that require network functionality will fail.

127.0.0.1 localhost.localdomain localhost

203.189.xxx.xxx proxy.jepoy.net

192.168.0.254 proxy

192.168.0.36 winxp

[root@proxy etc]# ping winxp

PING winxp (192.168.0.36) 56(84) bytes of data.

[root@proxy etc]# ping proxy

PING proxy (192.168.0.254) 56(84) bytes of data.

64 bytes from proxy (192.168.0.254): icmp_seq=0 ttl=64 time=0.092 ms

Sunday, February 10, 2008

Linux Tip No.13: Setting your resolver

Setting your resolver – DNS Entries

File: /etc/resolv.conf

search name-of-domain.com - Name of your domain or ISP's domain if using their name server

nameserver XXX.XXX.XXX.XXX - IP address of primary name server

nameserver XXX.XXX.XXX.XXX - IP address of secondary name server

Example:

search jepoy.net

nameserver 203.189.xxx.xxx

Thursday, February 7, 2008

Linux Tip No. 12: DHCP client configuration

DHCP client configuration

/etc/sysconfig/network-scripts/ifcfg-eth0

DEVICE=eth0

ONBOOT=yes

BOOTPROTO=dhcp

Tuesday, February 5, 2008

Linux Tip No. 11: Changing your IP Address - Permanent

Changing your IP Address – Permanent

Files: /etc/sysconfig/network-scripts/

[root@proxy network-scripts]# ls -l

total 360

-rw-r--r-- 3 root root 190 Feb 28 2007 ifcfg-eth0

-rw-r--r-- 3 root root 191 Nov 8 2005 ifcfg-eth1

-rw-r--r-- 1 root root 254 Jun 21 2001 ifcfg-lo

Pattern:

DEVICE=eth0/eth1/eth3

ONBOOT=yes/no

BOOTPROTO=static/none

IPADDR=xxx.xxx.xxx.xxx

NETMASK=xxx.xxx.xxx.xxx.

GATEWAY=xxx.xxx.xxx

Edit ifcfg-eth0:

/etc/sysconfig/network-scripts/ifcfg-eth0

DEVICE=eth0

BOOTPROTO=static

ONBOOT=yes

IPADDR=10.10.10.10

NETMASK=255.255.255.0

GATEWAY=10.10.10.1

Monday, February 4, 2008

Linux Tip No. 10: Changing your IP Address - Temporary

Changing your IP Address - Temporary

Syntax:

Ifconfig netmask

[root@bigboy tmp]# ifconfig eth0 10.0.0.1 netmask 255.255.255.0 up

The ifconfig command does NOT store this information permanently. Upon reboot this information is lost. (Manually add the commands to the end of the file /etc/rc.d/rc.local to execute them upon boot.)

Thursday, January 31, 2008

Linux Tip No. 9: Setting your hostname

Setting your hostname

File: /etc/sysconfig/network

[root@proxy sysconfig]# more network

NETWORKING=yes

HOSTNAME=localhost.localdomain

Example:

Edit the file

[root@proxy docadmin]# cat /etc/sysconfig/network

NETWORKING=yes

HOSTNAME=proxy.jepoy.net

[root@proxy docadmin]# hostname

proxy.jepoy.net

Tuesday, January 15, 2008

Linux Tip No. 8: Tcpdump to capture traffic

Using tcpdump to capture the traffic

[root@proxy /]# /usr/sbin/tcpdump -i eth0 port 80
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
09:17:49.575590 IP proxy.jepoy.ph.56790 > nxdomain.guide.opendns.com.http: S 583111147:583111147(0) win 5840
09:17:49.755526 IP nxdomain.guide.opendns.com.http > proxy.jepoy.ph.56790: S 1378975104:1378975104(0) ack 583111148 win 16384
09:17:49.755592 IP proxy.jepoy.ph.56790 > nxdomain.guide.opendns.com.http: . ack 1 win 1460
09:17:49.756126 IP proxy.jepoy.ph.56790 > nxdomain.guide.opendns.com.http: P 1:248(247) ack 1 win 1460

Monday, January 7, 2008

Linux Tip No. 7: Print System Info

uname - print system info

Example:
[admin@proxy ~]$ uname -a
Linux proxy 2.6.11-1.1369_FC4 #1 Thu Jun 2 22:55:56 EDT 2005 i686 i686 i386 GNU/Linux

Sunday, January 6, 2008

Linux Tip No. 6: Creating a Logical Link

Create a File as a Logical Link to Another File

[root@mail admin]#ln -s existingFile newFile

Example:
Link the maillog to your home directory

[root@mail admin]#ln -fs /var/log/maillog .
[root@mail admin]#ls -al
lrwxrwxrwx 1 root root 16 Jan 7 14:48 maillog -> /var/log/maillog

Wednesday, January 2, 2008

Linux Tip No. 5: Determining the uptime

[root@mail admin]# uptime
10:45:52 up 89 days, 10:26, 1 user, load average: 0.00, 0.02, 0.00

Wednesday, December 26, 2007

Linux Tip No. 4: Sorting the Biggest Directory

This command will show the biggest directory.

[root@nuxmachine admin]# du -Sh | sort -n
4.0K ./backup
9.8M ./backup/web
11G ./backup/home
16K ./.ssh
28K ./backup/Dovecot
28K ./backup/users/last-full
36K .
36K ./backup/users
40K ./backup-sh
328K ./backup/Postfix
628K ./backup/MailScanner

Monday, December 17, 2007

Linux Tip No. 3: How to Check NIC Settings in Tru64

How to Check NIC Speed and Negotiation

#hwmgr get attr -cat network | grep -E "name|speed|duplex"

Thursday, December 13, 2007

Linux Tip No. 2: Combining Tail and Awk

- you can use this command to provide a nice output of logs.

Command:
>tail -f logs.log | grep -e "word" | awk '{ print $12 "\t" $13' }'

"word" - any line containing "word" will be captured
$12 - column 12
"\t" - space

Tuesday, December 11, 2007

How To: Foward Tape Content in Tru64

How To: Forward Tape Content in Tru64

root@machine01:/home/data/backup/databases# mt fsf 1
root@machine01:/home/data/backup/databases# vrestore -t -f /dev/ntape/tape0
vrestore: Date of the vdump save-set: Mon Nov 5 22:22:07 2007
vrestore: Save-set source directory : /home/data/backup/
vrestore: Target directory : /usr1/data/backup/

Tuesday, December 4, 2007

Devices on AIX

Devices on AIX

Devices Information on AIX

1.List all devices on a system
lsdev
Device states are: Undefined; Supported Device, Defined; Not usable
(once seen), Available; Usable

2.List all disk devices on a system (Some other devices are: adapter,
driver, logical volume, processor)
lsdev -Cc disk

3.List all customized (existing) device classes (-P for complete list)
lsdev -C -r class

4.Remove hdisk5
rmdev -dl hdisk5

5.Get device address of hdisk1
getconf DISK DEVNAME hdisk1 or bootinfo -o hdisk1

6.Get the size (in MB) of hdisk1
getconf DISK SIZE hdisk1 or bootinfo -s hdisk1

7.Find the slot of a PCI Ethernet adapter
lsslot -c pci -l ent0

8.Find the (virtual) location of an Ethernet adapter
lscfg -l ent1

9.Find the location codes of all devices in the system
lscfg

10.List all MPIO paths for hdisk0
lspath -l hdisk0

11.Find the WWN of the fcs0 HBA adapter
lscfg -vl fcs0 | grep Network

12.Temporarily change console output to /console.out
swcons /console.out (Use swcons to change back.)

Monday, December 3, 2007

Router: Traffic Shaping

Traffic Shaping

class-map match-any IB-11.70
match access-group name IB-11.70
!
class-map match-any OB-11.70
match access-group name OB-11.70
!
!
policy-map To-Public
class OB-11.70
shape average 256000
!
policy-map To-Lan
class IB-11.70
shape average 256000
!
!
interface FastEthernet0
description ***LAN side***
ip address 20.18.11.65 255.255.255.224
service-policy output To-Lan
speed auto
!
interface Serial0
description *** To Public Serial 2/1 ***
bandwidth 2000000
ip address 20.18.11.98 255.255.255.252
service-policy output To-Public
load-interval 30
clockrate 2000000
!
ip route 0.0.0.0 0.0.0.0 20.18.11.97
!
!
ip access-list extended IB-11.70
permit ip any host 20.18.11.70
ip access-list extended OB-11.70
permit ip host 20.18.11.70 any

Note:
The service is always in the OUTPUT policy.
Service Policy To-LAN is inbound of LAN.
Service Pplicy To-Public is outbound of LAN.

Linux Tip No. 1: Change Timezone

Change Timezone on AIX
chtz (timezone eg GMT0BST) - Changes the timezone in /etc/environment file

Thursday, November 29, 2007

Router: NAT with DHCP

ip dhcp excluded-address 192.168.0.1 192.168.0.127
!
ip dhcp pool LANDHCP
network 192.168.0.0 255.255.255.0
domain-name jefferson.com
dns-server 20.18.11.34
netbios-name-server 20.18.11.34
default-router 192.168.0.1
!
interface Ethernet0/0
description **** To Public Interace Fa0/1 ****
ip address 20.18.10.2 255.255.255.252
ip nat outside
ip virtual-reassembly
full-duplex
!
interface Ethernet1/0
description ***Connection To LAN ***
ip address 192.168.0.1 255.255.255.0 secondary
ip address 20.18.10.129 255.255.255.128
ip nat inside
ip virtual-reassembly
full-duplex

ip route 0.0.0.0 0.0.0.0 20.18.10.1
!
ip nat inside source list 10 interface Ethernet0/0 overload
!
access-list 10 permit 192.168.0.0 0.0.0.255
access-list 10 deny any

Wednesday, November 28, 2007

Router: NAT with Secondary IP Address

interface Ethernet0/0
description **** To Public Address ****
ip address 20.18.10.2 255.255.255.252
ip nat outside
ip virtual-reassembly
full-duplex
!
interface Ethernet1/0
description ***Connection To LAN ***
ip address 192.168.0.1 255.255.255.0 secondary
ip address 20.18.10.129 255.255.255.128
ip nat inside
ip virtual-reassembly
full-duplex

ip route 0.0.0.0 0.0.0.0 20.18.10.1
!
ip nat inside source list 10 interface Ethernet0/0 overload
!
access-list 10 permit 192.168.0.0 0.0.0.255
access-list 10 deny any

Monday, November 19, 2007

Tape Commands in AIX

Useful Tape commands in AIX

1.Rewind and eject the rmt0 tape drive
# tctl -f /dev/rmt0 offline

2.Rewind the rmt0 tape drive
# mt -f /dev/rmt0 rewind

3.Check the content of the tape
#tctl -f /dev/rmt0.1 -b 1024 -n read

Tape Commands in Tru64

*****************************
Useful Tape Commands in Tru64
*****************************

Rewind and unload the tape
mt -t /dev/ntape/tape0 offline

1. rewind the tape
#mt -f /dev/ntape/tape0 rewind
or
#mt rewind

2. check the content
#vrestore -t -f /de/ntape/tape0

3. for interactive resotre
#vrestore -i

add - add the file
restore -restore the file

4. for manual restore
Example: restore jeff02.backup.log file from tape /dev/ntape/tape0/jeff02 to the current directory
# vrestore -x /jeff02/jeff02.backup.log

#vrestore -x -D /tmp /jeff02/jeff02.backup.log
root@jeff02:/tmp# cd /home
root@jeff02:/home# vrestore -x -D /tmp /jeff02/jeff02.backup.log
vrestore: Date of the vdump save-set: Mon Oct 22 20:33:06 2007
vrestore: Save-set source directory : /
vrestore: Target directory : /tmp

Monday, November 5, 2007

AIX as NTP Client

AIX as NTP Client
On machine that will be the client:
1. In file /etc/ntp.conf

Add:
server

prefer
driftfile /etc/ntp.drift
tracefile /etc/ntp.trace

2. Issue command:
ntpdate

NOTE:If it doesn't say "No server suitable for synchronization found" proceed
to next step.

3. Start using:
#smitty xntpd -> Start at both system restart and now
or
#startsrc -s xntpd

and uncomment the line in /etc/rc.tcpip
start /usr/sbin/xntpd -x "$src_running"

Let the daemon run for 6 miuntes before proceeding to the next step - or
may get stratum 16 error.

4.
#lssrc -ls xntpd
Stratum should show between 3-4, but longer is okay so long as not 16.

#ntpdate -d

(to sync server to client)
# ntpq -p

remote refid st t when poll reach delay offset jitter
=====================================================================
LOCAL(0) LOCAL(0) 3 l 9 64 377 0.000 0.000 0.000
*swisstime.ethz. .DCFa. 1 u 17 64 377 25.088 -10.040 1.071

Thursday, October 25, 2007

NTP on UNIXTru64

NTP Information

NTP Version
1-ntpd daemon
2-xntpd
3-xntpd

SYSMAN
# /usr/bin/sysman ntp_config

# ntpq -p

remote refid st t when poll reach delay offset jitter
=====================================================================
LOCAL(0) LOCAL(0) 3 l 9 64 377 0.000 0.000 0.000
*xyzabc.ethz. .DCFa. 1 u 17 64 377 25.088 -10.040 1.071

% xntpdc -p
remote refid st when poll reach delay offset disp
==========================================================================
*hosta.corp.com hostj.corp.co 2 47 64 377 31.3 93.94 16.5
+hostb.corp.com hoste.corp.com 3 212 1024 377 33.8 89.58 16.9
.hostc.corp.com hostf.phi.edu 2 111 1024 377 39.1 46.98 17.7

Edit the configuration file /etc/ntp.conf

server 127.127.1.0 # local clock
server 129.132.2.21 # swisstime.ethz.ch (stratum 1)
driftfile /etc/ntp/drift
multicastclient # listen on default 224.0.1.1
broadcastdelay 0.008

Start NTP Server and check /var/log/messages
# /etc/rc.d/init.d/ntpd start

You can use sysman to configure NTP client.
Edit /etc/ntp.conf and add:

server version 3
server version 3
server version 3

In /etc/rc.config set:

XNTPD_CONF="YES"
XNTP_SERV1="ntp_server1"
export XNTP_SERV1
XNTP_SERV2="ntp_server2"
export XNTP_SERV2
XNTP_SERV3="ntp_server3"
export XNTP_SERV3

# ntpdc monlist

to get the lis

#ntpdate -b

How To: AIX Networking

Network Administration on AIX

1.TCP/IP related daemon startup script
/etc/rc.tcpip

2.To view the route table
netstat -r

3.To view the route table from the ODM DB
lsattr -EHl inet0 -a route

4.Temporarily add a default route
route add default 192.168.1.1

5.Temporarily add an address to an interface
ifconfig en0 192.168.1.2 netmask 255.255.255.0

6.Temporarily add an alias to an interface
ifconfig en0 192.168.1.3 netmask 255.255.255.0 alias

7.To permanently add an IP address to the en1 interface
chdev -l en1 -a netaddr=192.168.1.1 -a netmask=0xffffff00

8.Permanently add an alias to an interface
chdev -l en0 -a alias4=192.168.1.3,255.255.255.0

9.Remove a permanently added alias from an interface
chdev -l en0 -a delalias4=192.168.1.3,255.255.255.0

10.List ODM (next boot) IP conguration for interface
lsattr -El en0

11.Permanently set the hostname
chdev -l inet0 -a hostname=www.tablesace.net

12.Turn on routing by putting this in rc.net
no -o ipforwarding=1

13.List networking devices
lsdev -Cc tcpip

14.List Network Interfaces
lsdev -Cc if

15.List attributes of inet0
lsattr -Ehl inet0

16.List (physical layer) attributes of ent0
lsattr -El ent0

17.List (networking layer) attributes of en0
lsattr -El en0

18.Speed is found through the entX device
lsattr -El ent0 -a media speed

19.Set the ent0 link to Gig full duplex
(Auto Negotiation is another option)
chdev -l ent0 -a media speed=1000 Full Duplex -P

20.Turn off Interface Specic Network Options
no -p -o use isno=0

21.Get (long) statistics for the ent0 device (no -d is shorter)
entstat -d ent0javascript:void(0)
Save Now

22.List all open, and in use TCP and UDP ports
netstat -anf inet

23.List all LISTENing TCP ports
netstat -na | grep LISTEN

Timezone on Tru64

Change Timezone on Unix Tru64
/etc/zoneinfo
/etc/zoneinfo/localtime
/etc/zoneinfo/sources
zic(8)

Changing localtime to New York
# ln -sf /etc/zoneinfo/America/New_York /etc/zoneinfo/localtime
# ln -sf /etc/zoneinfo/Hongkong /etc/zoneinfo/localtime

GOOGLE Search