Sunday, March 30, 2008
Linux How To's
Tutorials
- How To: DHCP Server (1)
- How To: DHCP Server Logs (1)
- How To: MySQL Server Installation (1)
- How To: Apache Web Server (1)
- How To: Caching DNS (1)
- How To: IPTABLES Configuration (1)
- How To: IPTABLES Installation (1)
- How To: IPTABLES Scenario 1 (1)
- How To: IPTABLES Scenario 1.1 (1)
- How To: IPTABLES Scenario 2 (1)
- How To: IPTABLES Scenario 2.1 (1)
- How To: IPTABLES Tip (1)
- How To: PHP (1)
- How To: Squid Proxy (1)
- How To: Squid Proxy Authentication (1)
- How To: Squid Proxy Restricting Site (1)
- How To: Squid Proxy Transparent (1)
- How To: Squid Proxy using ACL (1)
- How To: VSFTP Server (1)
Network Tip No. 40: Show Available Memory
Show Used and Available Memory of your Cisco router or switch
A router can be limited by its available memory. To show the used and available memory,
Router#show proc mem At the beginning of the output, look for a line like this:
Total: 200234528, Used: 70508188, Free: 129726340
Network Tip No. 39: Show Processor Load
Show proccessor load of your router or switch,which can be limited by its processing power. To show the processor utilization,
Router#show proc cpu
At the beginning of the output, look for a line like this:
CPU utilization for five seconds: 37%/30%; one minute: 39%; five minutes: 40%
Network Tip No. 38: CLI Editing Tips
Learn the command-line editing keys.
Control A Goes to the beginning of the line
Control E Goes to the end of the line
Control K Deletes everything to the right of the cursor
Control P Recalls the previous command in the history buffer
Control N Recalls the next command in the history buffer
Network Tip No. 37: ACL on DNS
No browsing.... A common access-list pitfall is when people forget to allow DNS (Domain Name Servers) from their internal network to the provider's DNS servers. Mainly this is a problem on home or small office routers where you might not have an internal DNS server running. The following command allows DNS access from your hosts to the outside DNS server. In this example, our outside DNS servers are 192.168.30.11 and 192.168.30.12
access-list 110 permit udp host 192.168.30.11 eq domain any gt 1023
access-list 110 permit udp host 192.168.30.12 eq domain any gt 1023
Network Tip No. 36: ACL on ICMP
Some are having some problems on the ICMP access-list. Try this oneallow pings into the network
access-list 110 permit icmp any any echo
! allow ping responses
access-list 110 permit icmp any any echo-reply
! allow ICMP source-quench
access-list 110 permit icmp any any source-quench
! allow path MTU discovery
access-list 110 permit icmp any any packet-too-big
! allow time-exceeded, which is useful for traceroute
access-list 110 permit icmp any any time-exceeded
! deny all other ICMP packets
access-list 110 deny icmp any any
Network Tip No. 35: Stopping the router from crazy output
Stopping the router from crazy output... An annoying problem output everytime you mistype a command and the router thinks you just typed a hostname. For example: The way to handle this is to change the preferred transport method: The output shows the lack of a failed connection based on our mistyped keyword:
Router#shwo
Translating "shwo"...domain server (10.1.1.1)
% Unknown command or computer name, or unable to find computer address
Router#
! Console port
line con 0
transport preferred none
! VTY Ports
line vty 0 5
transport preferred none
Router#shwo
^
% Invalid input detected at '^' marker.
Network Tip No. 34: The reload command
When everything fails.... hehe
Router#reload in 3
Reload scheduled in 3 minutes
Proceed with reload? [confirm]y
Wednesday, March 26, 2008
Linux Tip No. 36: How to Enable IP Forwarding
Enable IP Forwarding
1. Check if IP Forwarding is enabled
Using sysctl:
[root@proxy ~]# sysctl net.ipv4.ip_forward
net.ipv4.ip_forward = 0
or just checking out the value in the /proc system:
[root@proxy ~]# cat /proc/sys/net/ipv4/ip_forward
0Value 0 means it is disabled.
2. Enable IP Forwarding on the fly
[root@proxy ~]#sysctl -w net.ipv4.ip_forward=1or
[root@proxy ~]#echo 1 > /proc/sys/net/ipv4/ip_forward
the setting is changed instantly; the result will not be preserved after rebooting the system.
3. Permanent setting using /etc/sysctl.conf
If we want to make this configuration permanent the best way to do it is using the file /etc/sysctl.conf where we can add a line containing net.ipv4.ip_forward = 1
[root@proxy ~]#vi/etc/sysctl.conf
# Controls IP packet forwarding
net.ipv4.ip_forward = 1
if you already have an entry net.ipv4.ip_forward with the value 0 you can change that 1.
To enable the changes made in sysctl.conf you will need to run the command:
[root@proxy ~]#sysctl -p /etc/sysctl.conf
Restart the network service
[root@proxy ~]#service network restart
Linux Tip No. 35: Enable service at boot up
To Check:
[root@jepoy ~]# chkconfig --list |grep httpd
httpd 0:off 1:off 2:on 3:on 4:on 5:on 6:off
To enable at boot up:
[root@jepoy ~]# chkconfig httpd on
Linux Tip No. 34: How to Check Services
This command is used to start/stop your services.
service start/stop/restart/status [root@jepoy ~]# service httpd start
To Stop:
[root@jepoy ~]# service httpd stop
To Restart:
[root@jepoy ~]# service httpd restart
To check:
[root@jepoy ~]# service httpd status
Monday, March 24, 2008
Linux Tip No. 33: How to check your DHCP server
This command tells you what DHCP server you are using.
[root@jepoy ~]# grep dhcp-server-identifier /var/lib/dhcp/dhclient.leases
option dhcp-server-identifier 192.168.0.254;
Linux Tip No. 32: Checking the top 10 directories
Top 10 directories eating up your disk space:
[root@mail etc]# du -cksh * | sort -rn | head -10
852K sysconfig
784K termcap
704K selinux
704K makedev.d
632K firmware
552K X11
544K pam.d
472K prelink.cache
460K alsa
444K postfix
Linux Tip No. 31: Renew/Release DHCP client
[root@proxy ~]# dhclient -r
[root@proxy ~]# dhclient
Internet Systems Consortium DHCP Client V3.0.2
Copyright 2004 Internet Systems Consortium.
All rights reserved.
For info, please visit http://www.isc.org/products/DHCP
The -r flag
explicitly releases the current lease, and once the lease has been released, the client exits.
Sunday, March 23, 2008
Network Tip No. 33: Troubleshootin IGRP
Troubleshooting IGRP Issues
| Router#debug ip igrp events | Shows all IGRP events in real time |
| Router#debug ip igrp transactions | Shows IGRP updates between routers |
Network Tip No. 32: IGRP Routing Optional Commands
Network Tip No. 31: IGRP Routing Commands
IGRP Routing: Mandatory Commands
| Router(config)#router igrp as-number | Enables IGRP routing process. The autonomous system number (AS-number) used in the IGRP routing process must match all other routers that are going to share routing updates in order for communication to take place |
| Router(config-router)#network w.x.y.z | w.x.y.z is the network number of the directly connected network you want to advertise |
Note:
You need to advertise only the classful network number, not a subnet:
Router(config-router)#network 172.17.0.0 not
Router(config-router)#network 172.17.10.0 If you advertise a subnet, you will not receive an error message, because the router will automatically convert the subnet to the classful network address.
