VMWare Server Tips

VMWare Server on Linux (VMWare Server 1.04 on Ubuntu 7.10 Server)

- Physical Network Interfaces that will only be used by VMWare Guests:

Even though you may have a physical interface that a Host will not use, you need to set-it-up in /etc/network/interfaces. This will activate the network interface for the Host, which will only then allow the Guest system to utilize it. I am sure there may be a more elegant and secure way to accomplish this – I just haven’t had the time to do it myself. So, as a work around, I assign a static IP address, with a 32-bit subnet mask. This activates the interface, without providing a IP capabilities on the network.

There is probably a better/ more secure way to do this… let me know.

Network Troubleshooting Tools

My toolbox – an incomplete list:

MTR – Link Diagnostics
IPerf – bandwidth test
TCPTrack – track tcp connections per interface

MTR:
An indespensbile trouble shooting tool is MTR. It is already a part of my favorite distro, Ubuntu. It combines the functions of ping and traceroute, and the info provided is excellent for diagnostics. More at: http://www.bitwizard.nl/mtr/

Just use it in place of ‘ping’. For example:

mtr 10.10.10.1

This will update your terminal display with:

- Packet Loss %

- Packets Sent

- Ping, Last Response Time

- Ping, Average Response Time

- Ping, Best Response Time

- Ping, Worst Response Tim

and my favorite

- Ping, Standard Deviation

IPerf:

The gold standard for bandwidth testing. In Ubuntu:

sudo apt-get install iperf

To use, you need one session running as the server, and another (or several) as the client.

A quick example:

Server:

iperf -s -D

this command will run the server

Client:

iperf -c 10.10.100.1 -r -t 30 -P 3

this will connect to a server at IP 10.10.100.1, and perform a two-way test for 30 seconds each. The -P 3 is interesting, as it will run 3 parallel processes to get full bandwidth results. This is especially useful on a Windows system, and a single connection test won’t be able to pump out the full bandwidth capabilities.

The results are quite useful.

TCPTrack:

Quick reference to active connects on an interface.  Excellent on a proxy/ router to monitor who might be using to much traffic

Linux System Monitoring from the CLI using LM-Sensors

Check out http://www.lm-sensors.org  an open source project for embedded “sensors” for your Linux system.

I needed an easy way to check the CPU temperature for my new PC from the command line.  This is yet another great example of what open source has to offer.

On my Ubuntu 7.10 server, it was too easy:

sudo apt-get install lm-sensors

sudo sensors-detect

This will test your system to see which sensors should be installed.  Near the end, allow it to auto-add the kernel modules for you (make a note, in case you want to yank them later – for me, once I am done with the testing, I may remove them.)

Reboot your system

Once rebooted, type:

sensors

This gave me what I was looking for – CPU temp.  And a bonus – fan RPM.

I am sure there are many other uses for this – I have just scratched the surface.

Install Webmin

Real quick – Webmin on Ubuntu 7.10.

Get Dependencies:

sudo apt-get install perl libnet-ssleay-perl openssl libauthen-pam-perl libpam-runtime libio-pty-perl libmd5-perl

Download:

sudo wget http://prdownloads.sourceforge.net/webadmin/webmin_1.380_all.deb

(or whatever version is latest – browse to the webmin site, and paste the link for the current version download)

Install:

sudo dpkg -i webmin_1.380_all.deb

Advanced Software/ Package Management with Wajig

I was installing Evolution to my laptop recently (see article on Evolution, the best Outlook replacement).  After firing up Evolution, I didn’t have the option for Exchange.  I found that the Exchange connector is listed as a suggested package, so my command of “apt-get install evolution” only retrieved the basics.

I’ve seen this problem before: I want to install the full application with the features I need, but some of the packages are listed as suggested or recommended.  If using the GUI package manager (Synaptic or Adept) it is easy enough to click them – but it is a pain to type them all in on a terminal.

That is where Wajig comes in:

First, install it:

  sudo apt-get install wajig

Now, you can use it in place of apt-get to select recommended and/or suggested packages.  For example, I want to install Evolution, so I have 4 options:

sudo apt-get install evolution
- This installs Evolution alone

sudo wajig installr evolution
- This installs Evolution with recommended packages (see the “r”)

sudo wajig installs evolution
- This installs Evolution with suggested packages (see the “s”)

sudo wajig installrs evolution
- This installs Evolution with recommended and suggested packages (see the “rs”)

Way cool…

Advanced Networking – BGP and OSPF with Quagga

I’ve been in the IT industry for almost 15 years, and worked with both large and small companies. I have never had an opportunity to work with the BGP protocol, until now. My experience with it has been fun (for a nerd), and I have now expanded my networking knowledge, just a little bit, so I want to share with you what I have found. I am by no means a BGP expert now, but can confidently understand and configure a somewhat complex arrangement with it.

As with all things for me, it would have helped immensely if there was a step-by-step example of how to complete my project. I learn by example, and can understand something if I can see the completed work first. So, I will provide that for you here.

Of course, I will be using open source tools – old hardware on Ubuntu Server 7.10, with Quagga. Clean, simple, stable, reliable.

Details to follow soon…

Network Interface examples

I found this sample file on the net, so I thought I’d post it here.  There are some excellent and complexconfig examples here:
It has a few good examples of configurations for your interfaces file.    See Also: http://www.cyberciti.biz/faq/setting-up-an-network-interfaces-file/ #/etc/network/interfaces — configuration file for ifup(8), ifdown(8)
#
# A “#” character in the very first column makes the rest of the line
# be ignored. Blank lines are ignored. Lines may be indented freely.
# A “\” character at the very end of the line indicates the next line
# should be treated as a continuation of the current one.
#
# The “pre-up”, “up”, “down” and “post-down” options are valid for all
# interfaces, and may be specified multiple times. All other options
# may only be specified once.
#
# See the interfaces(5) manpage for information on what options are
# available.
######################################################################

# We always want the loopback interface.
#
# auto lo
# iface lo inet loopback

# An example ethernet card setup: (broadcast and gateway are optional)
#
# auto eth0
# iface eth0 inet static
#     address 192.168.0.42
#     network 192.168.0.0
#     netmask 255.255.255.0
#     broadcast 192.168.0.255
#     gateway 192.168.0.1

# A more complicated ethernet setup, with a less common netmask, and a downright
# weird broadcast address: (the “up” lines are executed verbatim when the
# interface is brought up, the “down” lines when it’s brought down)
#
# auto eth0
# iface eth0 inet static
#     address 192.168.1.42
#     network 192.168.1.0
#     netmask 255.255.255.128
#     broadcast 192.168.1.0
#     up route add -net 192.168.1.128 netmask 255.255.255.128 gw 192.168.1.2
#     up route add default gw 192.168.1.200
#     down route del default gw 192.168.1.200
#     down route del -net 192.168.1.128 netmask 255.255.255.128 gw 192.168.1.2

# A more complicated ethernet setup with a single ethernet card with
# two interfaces.
# Note: This happens to work since ifconfig handles it that way, not because
# ifup/down handles the ‘:’ any differently.
# Warning: There is a known bug if you do this, since the state will not
# be properly defined if you try to ‘ifdown eth0′ when both interfaces
# are up. The ifconfig program will not remove eth0 but it will be
# removed from the interfaces state so you will see it up until you execute:
# ‘ifdown eth0:1 ; ifup eth0; ifdown eth0′
# BTW, this is “bug” #193679 (it’s not really a bug, it’s more of a
# limitation)
#
# auto eth0 eth0:1
# iface eth0 inet static
#     address 192.168.0.100
#     network 192.168.0.0
#     netmask 255.255.255.0
#     broadcast 192.168.0.255
#     gateway 192.168.0.1
# iface eth0:1 inet static
#     address 192.168.0.200
#     network 192.168.0.0
#     netmask 255.255.255.0

# “pre-up” and “post-down” commands are also available. In addition, the
# exit status of these commands are checked, and if any fail, configuration
# (or deconfiguration) is aborted. So:
#
# auto eth0
# iface eth0 inet dhcp
#     pre-up [ -f /etc/network/local-network-ok ]
#
# will allow you to only have eth0 brought up when the file
# /etc/network/local-network-ok exists.

# Two ethernet interfaces, one connected to a trusted LAN, the other to
# the untrusted Internet. If their MAC addresses get swapped (because an
# updated kernel uses a different order when probing for network cards,
# say), then they don’t get brought up at all.
#
# auto eth0 eth1
# iface eth0 inet static
#     address 192.168.42.1
#     netmask 255.255.255.0
#     pre-up /path/to/check-mac-address.sh eth0 11:22:33:44:55:66
#     pre-up /usr/local/sbin/enable-masq
# iface eth1 inet dhcp
#     pre-up /path/to/check-mac-address.sh eth1 AA:BB:CC:DD:EE:FF
#     pre-up /usr/local/sbin/firewall

# Two ethernet interfaces, one connected to a trusted LAN, the other to
# the untrusted Internet, identified by MAC address rather than interface
# name:
#
# auto eth0 eth1
# mapping eth0 eth1
#     script /path/to/get-mac-address.sh
#     map 11:22:33:44:55:66 lan
#     map AA:BB:CC:DD:EE:FF internet
# iface lan inet static
#     address 192.168.42.1
#     netmask 255.255.255.0
#     pre-up /usr/local/sbin/enable-masq $IFACE
# iface internet inet dhcp
#     pre-up /usr/local/sbin/firewall $IFACE

# A PCMCIA interface for a laptop that is used in different locations:
# (note the lack of an “auto” line for any of these)
#
# mapping eth0
#    script /path/to/pcmcia-compat.sh
#    map home,*,*,*                  home
#    map work,*,*,00:11:22:33:44:55  work-wireless
#    map work,*,*,01:12:23:34:45:50  work-static
#
# iface home inet dhcp
# iface work-wireless bootp
# iface work-static static
#     address 10.15.43.23
#     netmask 255.255.255.0
#     gateway 10.15.43.1
#
# Note, this won’t work unless you specifically change the file
# /etc/pcmcia/network to look more like:
#
#     if [ -r ./shared ] ; then . ./shared ; else . /etc/pcmcia/shared ; fi
#     get_info $DEVICE
#     case “$ACTION” in
#         ’start’)
#             /sbin/ifup $DEVICE
#             ;;
#         ’stop’)
#             /sbin/ifdown $DEVICE
#             ;;
#     esac
#     exit 0

# An alternate way of doing the same thing: (in this case identifying
# where the laptop is is done by configuring the interface as various
# options, and seeing if a computer that is known to be on each particular
# network will respond to pings. The various numbers here need to be chosen
# with a great deal of care.)
#
# mapping eth0
#    script /path/to/ping-places.sh
#    map 192.168.42.254/24 192.168.42.1 home
#    map 10.15.43.254/24 10.15.43.1 work-wireless
#    map 10.15.43.23/24 10.15.43.1 work-static
#
# iface home inet dhcp
# iface work-wireless bootp
# iface work-static static
#     address 10.15.43.23
#     netmask 255.255.255.0
#     gateway 10.15.43.1
#
# Note that the ping-places script requires the iproute package installed,
# and the same changes to /etc/pcmcia/network are required for this as for
# the previous example.

# Set up an interface to read all the traffic on the network. This
# configuration can be useful to setup Network Intrusion Detection
# sensors in ’stealth’-type configuration. This prevents the NIDS
# system to be a direct target in a hostile network since they have
# no IP address on the network. Notice, however, that there have been
# known bugs over time in sensors part of NIDS (for example see
# DSA-297 related to Snort) and remote buffer overflows might even be
# triggered by network packet processing.
#
# auto eth0
# iface eth0 inet manual
#     up ifconfig $IFACE 0.0.0.0 up
#       up ip link set $IFACE promisc on
#       down ip link set $IFACE promisc off
#       down ifconfig $IFACE down

# Set up an interface which will not be allocated an IP address by
# ifupdown but will be configured through external programs. This
# can be useful to setup interfaces configured through other programs,
# like, for example, PPPOE scripts.
#
# auto eth0
# iface eth0 inet manual
#       up ifconfig $IFACE 0.0.0.0 up
#       up /usr/local/bin/myconfigscript
#       down ifconfig $IFACE down

3D Effects in Ubuntu

On my system with nVidia card, I did the following to enable 3D effects (and later, dual display with 3D effects, which is really cool).

From Terminal:

gksudo nvidia-settings

sudo apt-get install compizconfig-settings-manager

This will install the Advanced Desktop Effects option under System-Preferences

System-Preferences-Appearance-Visual Effects-Extra

Linux Networking

Quick Tips on Networking with Linux

Sometimes you may boot your computer and find that the network is not up.  You check the built in network tools, and can’t easily see what the problem is – time to drop to the command prompt to make some changes.  Here are some tips:

Check you current settings:

ifconfig

Don’t see your network interface(s) listed?  You may need to manually configure them.  Try this:

ifconfig -a

to show you all of your interfaces.  You are likely looking for ethx, where x is a number for your interface.

Now you’ll need to edit the network config file:

cd /etc/network
sudo vi interfaces

To add DHCP to a network interface, your config file should look like this (for eth1, for example):

auto eth1
iface eth1 inet dhcp

That’s the bare-bones basics.  I’ll add more later.

List of Useful Application on Linux

I’ve tried to separate the chaff from the wheat. Here is a list of application I’ve found to be the best (my opinion) in their particular areas.  Suggestions for additional applications/ categories are always appreciated.

Outlook replacement:
Still looking. Evolution, Kontact, and Thunderbird (and its variants) don’t come close to the speed and usability of Outlook yet. I’d like to see something integrated/ included in the OpenOffice system that could better compete with Outlook in this respect
UPDATE 11.29.07:
Evolution is the winner. I have worked around the issues, and will write a new article about it soon. Take a look at the latest Evolution http://www.gnome.org/projects/evolution/

Office replacement:
OpenOffice.org. I don’t even use MSOffice (other than Outlook I use Evolution now) anymore. OpenOffice has come a long way – and most distributions include it. If you are using Ubuntu (I recommend it) than you have it already.

Browser:
Firefox, Opera – Opera is slicker, Firefox is GPL. You probably already have Firefox.

Music Player:
Amarok – hands down. Works with iPod, among many other useful features (I do not own, or want to own, an iPod, BTW)

TV, Multimedia player for home entertainment (Tivo-ish):
Myth TV – Not too difficult to setup. Works very well with standard cable, DVDs, and multi-location systems. I am working on setting up a single back end server in my office, with several smaller front-end PCs for general TV viewing in the living room and bedroom. You can add your DVDs to your server’s library on disk, so they can easily be selected.
LinuxMCE – Includes MythTV, but then takes it up a notch with home security, presence awareness, and a bunch of other features. Looks like it has special hardware requirements, and a lot of patience… worth taking a look.

IT Backoffice (Server) Apps:

Small Office Server:
EBox – Simple to install and manage, for the inexperienced (and time constrained). Quick setup. Probably would be difficult to expand to your own solution (such as, if you wanted to open up the LDAP server, or integrate with a different e-mail package. Overall though, covers everything you need for home or small office.

Website/ CMS:
Joomla (I looked at Mambo, of which Joomla forked from a while back – I prefer Joomla’s AJAX, plug-ins, etc.  They are both still very similar, however.
Drupal

Groupware:
EGroupware – Nice Intranet server, with web mail capabilities, among many other functions. Probably works well with EBox (above) – I’ll let you know when I am finished. UPDATE: Not working well with E-box yet…

Exchange Server replacement:
Scalix (better than Zimbra, my 2 cents) – drop in replacement for Exchange in organizations needing to replace Exchange; the purchased edition of Scalix is the only one that fits the bill. The Open Source Community Edition is nice to, but is limited to 25 premium users (Exchange MAPI users). If you don’t absolutely have to use MAPI for Outlook, I’d go with an alternative for sharing Calenders, Tasks, and Contacts. When I settle on one, I’ll let you know.

Kolab – still looking at this one, but right now it is difficult to setup and get started.

Courier, Postfix, MySQL, RoundCube – this is what I am currently using.  Standard, solid, works.

Firewall/ Routing:
Monowall, PFSense (Derives from Monowall) – I use PFSense myself. Easy to setup and configure, lots of features, low requirements.
IPCop – tons of features, powerful, in wide use. Probably more for larger organizations.
Vyatta – Heavy duty routing. One of those partially open-source projects. I looked at it initially, but went with Quagga, which is a little more hard-core, and is working great.
Linux w/ Zebra – Zebra hasn’t been touched in a while, instead use:
Quagga on Linux – I am using Quagga for BGP on high-end Internet connection (w/ OSPF).  Fast, technical setup, but works well when serious routing is needed – see my other article on this(coming soon).
Shorewall/ IPTables

These are packaged products (above). However, it can be useful/ rewarding to put together the pieces yourself. For example, instead of IPCop, setup you own Shorewall firewall, SpamAssasin, ClamAV, HTTP/FPT/SMTP Proxy, etc…