Category: Linux Networking

Linux Networking

How to configure vpn client on Linux

How to configure vpn client on Linux

This has been tested under RHEL 4/5, CentOS 4.4/5 and fedora 8 (kernel version 2.6.15+)

I found and stored few required rpm packages from various places that you will download from given.

http://www.4shared.com/file/113579629/ee5e0aed/libglade-017-11i386.html
http://www.4shared.com/file/113579642/2fd674e3/libglade-devel-017-11i386.html
http://www.4shared.com/file/113579654/dfaee097/libxml-1817-8i386.html
http://www.4shared.com/file/113579677/7491d3af/libxml-devel-1817-8i386.html
http://www.4shared.com/file/113579714/ba004fa4/php4-pcntl-449-1fc5i386.html
http://www.4shared.com/file/113579747/5e7eea5b/php4-pcntl-gtk-102-4fc5i386.html
http://www.4shared.com/file/113579758/d7dac68b/pptp-172-3fc5i386.html
http://www.4shared.com/file/113579764/f541d963/pptpconfig-20060821-1fc5noarch.html

After downloading these first you will have to install lib packages and then pptp packages

rpm -ivh –nodeps libglade-0.17-11.i386.rpm libglade-devel-0.17-11.i386.rpm  libxml-1.8.17-8.i386.rpm libxml-devel-1.8.17-8.i386.rpm

rpm -ivh pptp-1.7.2-3.fc5.i386.rpm pptpconfig-20060821-1.fc5.noarch.rpm php4-pcntl-gtk-1.0.2-4.fc5.i386.rpm php4-pcntl-4.4.9-1.fc5.i386.rpm

now go to the given image that I would like to show how I added vpn connection

1) open vpnclient configuration launchpad with “pptpconfig”

2)  Now create your profile with all the details and add

Now you have to set you external route or tunnel IP range into it for that click on “Routing” and set  “All to Tunnel” and update your profile.

Now start your vpn client.

–Ravi

TATA Indicom datacard (Huawei cdma) on Linux/Ubuntu!!

TATA Indicom datacard (Huawei cdma) on Linux/Ubuntu!!

Introduction –  Two days back I brought TATA Indicom datacard! As I am Ubuntu user. I wanted to use this datacard on Ubuntu Linux!  PPP is the Point to Point protocol used for establishing internet links over dial-up modems, DSL connections, and many other types of point-to-point links. The pppd daemon works together with the kernel PPP driver to establish and maintain a PPP link with another system (called the peer) and to  negotiate Internet Protocol (IP) addresses for each end of the link. pppd daemon can also authenticate the peer and/or supply authentication information to the peer.

What you need to use Tataindicom datacard on Ubuntu Linux ?

make sure that two kernel module ie ‘usbserial‘ and ‘usbcore‘ are loaded!

root@arun:~# modinfo usbserial
filename:       /lib/modules/2.6.24-16-generic/kernel/drivers/usb/serial/usbserial.ko
license:        GPL
description:    USB Serial Driver core
author:         Greg Kroah-Hartman, greg@kroah.com, http://www.kroah.com/linux/
srcversion:     FE4A4FC2C18B17DDD77E8C6
depends:        usbcore
vermagic:       2.6.24-16-generic SMP mod_unload 586
parm:           vendor:User specified USB idVendor (ushort)
parm:           product:User specified USB idProduct (ushort)
parm:           debug:Debug enabled or not (bool)
root@arun:~#

root@arun:~# modinfo usbcore
filename:       /lib/modules/2.6.24-16-generic/kernel/drivers/usb/core/usbcore.ko
license:        GPL
srcversion:     E8DACA0029626C336D1A513
alias:          usb:v*p*d*dc*dsc*dp*ic09isc*ip*
alias:          usb:v*p*d*dc09dsc*dp*ic*isc*ip*
depends:
vermagic:       2.6.24-16-generic SMP mod_unload 586
parm:           usbfs_snoop:true to log all usbfs traffic (bool)
parm:           blinkenlights:true to cycle leds on hubs (bool)
parm:           old_scheme_first:start with the old device initialization scheme (bool)
parm:           use_both_schemes:try the other device initialization scheme if the first one fails (bool)
parm:           autosuspend:default autosuspend delay (int)
root@arun:~#

* To use datacard (which is ppp link) you need to install two packages ie ppp daemon and wvdial as dialer!

root@arun:~# dpkg -l | grep  wvdial
ii  wvdial                                     1.60.1                             PPP dialer with built-in intelligence
root@arun:~# dpkg -l | grep  ppp
ii  ppp                                        2.4.4rel-9ubuntu2                  Point-to-Point Protocol (PPP) daemon
ii  pppconfig                                  2.3.17ubuntu1                      A text menu based utility for configuring pp
ii  pppoeconf                                  1.17ubuntu1                        configures PPPoE/ADSL connections
root@arun:~#

on Ubuntu you need to install above packages

How to configure ? –

” wvdialconf ” command is available on Ubuntu, which will  detect you modem and it’s related stuff  and  this command will generate or updates the configuration file “/etc/wvdial.conf

root@arun:~# wvdialconf
root@arun:~#

* After running above command just update user name and password in “/etc/wvdial.conf” configuration file

root@arun:~# cat /etc/wvdial.conf

[Dialer Defaults]
Init1 = ATZ
Init2 = ATQ0 V1 E1 S0=0 &C1 &D2 +FCLASS=0
Modem Type = Analog Modem
Phone = Phone_number like (#xxx)
ISDN = 0
Username = USERNAME
Password = PASSWORD
New PPPD = yes
Modem = /dev/ttyUSB0
Baud = 9600
root@arun:~#

** you can also edit this file manually just refer the man pages for more details!

root@arun:~# man wvdialconf
root@arun:~# man wvdial.conf

arun@arun:~$ man wvdial

root@arun:~# cat /etc/wvdial.conf

[Dialer TataIndicom]
Stupid Mode = 1
Inherits = Modem0
New PPPD = yes
Phone = Phone_number like (#xxx)
Username = USERNAME
Password = PASSWORD

[Modem0]
Init1 = ATZ
SetVolume = 0
Modem Type = Analog Modem
Modem = /dev/ttyUSB0
Dial Command = ATDT
Baud = 115200 or 9600 (depends on support)
FlowControl = Hardware (CRTSCTS)

root@arun:~#

** How to use it or dial!!

1) Now it’s time to check your luck! If you are using default conf file created by ” wvdialconf ” command just use below command…

root@arun:~#  wvdial > /var/log/tataindicom.log  2>&1  &

OR
root@arun:~# wvdial

…..
root@arun:~#

root@arun:~# tail -f /var/log/tataindicom.log
OK
–> Sending: ATQ0 V1 E1 S0=0 &C1 &D2 +FCLASS=0
ATQ0 V1 E1 S0=0 &C1 &D2 +FCLASS=0
OK
–> Modem initialized.
–> Sending: ATDT#***
–> Waiting for carrier.
ATDT#777
CONNECT 230400
–> Carrier detected.  Waiting for prompt.

–> Don’t know what to do!  Starting pppd and hoping for the best.
–> Starting pppd at Sat Jun 20 21:56:51 2008
–> Pid of pppd: 7152
–> Using interface ppp0
–> pppd: X�[06][08]��[06][08]
–> local  IP address 219.80.X.X
–> pppd: X�[06][08]��[06][08]
–> remote IP address 173.B.C.D
….
…..
root@arun:~#

2) If you have manually edited your conf file as shown above then use below command

root@arun:~#  wvdial TataIndicom
..
….
root@arun:~#

** Now check ppp0 interface is available

root@arun:~# ifconfig
eth0      Link encap:Ethernet  HWaddr XX:XX:XX:XX:XX:XX
UP BROADCAST MULTICAST  MTU:1500  Metric:1
RX packets:4 errors:0 dropped:0 overruns:0 frame:0
TX packets:6 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:256 (256.0 B)  TX bytes:492 (492.0 B)
Base address:0x4020 Memory:e4600000-e4620000

ppp0      Link encap:Point-to-Point Protocol
inet addr:219.80.X.X  P-t-P:173.B.C.D  Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1400  Metric:1
RX packets:1574 errors:1 dropped:0 overruns:0 frame:0
TX packets:1644 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:3
RX bytes:556116 (543.0 KB)  TX bytes:179325 (175.1 KB)

lo        Link encap:Local Loopback
inet addr:127.0.0.1  Mask:255.0.0.0

…..

root@arun:~#

root@arun:~# route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
173.B.C.D       *               255.255.255.255 UH    0      0        0 ppp0
default         *               0.0.0.0         U     0      0        0 ppp0
root@arun:~#

** Check pppd daemon and how to start/stop/status the connection ?

root@arun:~# /etc/init.d/tataindicom 
Usage: /etc/init.d/tataindicom {start|stop|status}
root@arun:~#

root@arun:~# /etc/init.d/tataindicom   start
Starting the TATA Indicom datacard service..
log file is /var/log/tataindicom.log

Done.
root@arun:~#

root@arun:~# /etc/init.d/tataindicom   status
TATA Indicom datacard –
Dailer :: 7144    /usr/bin/wvdial
pppd daemon :: 7152   /usr/sbin/pppd  9600 modem crtscts defaultroute usehostname -detach user internet noipdefault call wvdial usepeerdns idle 0 logfd 6
root@arun:~#

root@arun:~# /etc/init.d/tataindicom  stop
killing pppd daemon and dailer…

Done.
root@arun:~#

command(1) pppd  – point to point daemon

Frequently used options –
ttyname
Use the serial port called ttyname to communicate with the peer.  If ttyname does not begin  with  a  slash  (/),  the  string  “/dev/”  is
prepended  to  ttyname to form the name of the device to open.  If no device name is given, or if the name of the terminal connected to the
standard input is given, pppd will use that terminal, and will not fork to put itself in the background.

speed  An  option  that  is  a  decimal number is taken as the desired baud rate for the serial device.

crtscts
Specifies that pppd should set the serial port to use hardware flow control using the RTS and CTS signals in the RS-232 interface.  If nei‐
ther  the  crtscts,  the nocrtscts, the cdtrcts nor the nocdtrcts option is given, the hardware flow control setting for the serial port is
left unchanged.  Some serial ports (such as Macintosh serial ports) lack a true RTS output. Such serial ports use this  mode  to  implement
unidirectional  flow control. The serial port will suspend transmission when requested by the modem (via CTS) but will be unable to request
the modem to stop sending to the computer. This mode retains the ability to use DTR as a modem control line.

defaultroute
Add a default route to the system routing tables, using the peer as the gateway, when IPCP negotiation  is  successfully  completed.   This
entry is removed when the PPP connection is broken.  This option is privileged if the nodefaultroute option has been specified.

usehostname
Enforce  the  use  of the hostname (with domain name appended, if given) as the name of the local system for authentication purposes (over‐
rides the name option).

call name
Read additional options from the file /etc/ppp/peers/name.  This file may contain privileged options, such as noauth, even if pppd  is  not
being  run  by  root.   The  name  string  may  not  begin with / or include .. as a pathname component

noipdefault
Disables the default behaviour when no local IP address is specified, which is to determine (if possible) the local  IP  address  from  the
hostname.   With  this option, the peer will have to supply the local IP address during IPCP negotiation (unless it specified explicitly on
the command line or in an options file).

nodetach
Don’t detach from the controlling terminal.  Without this option, if a serial device other than the terminal on the standard input is spec‐
ified, pppd will fork to become a background process.

usepeerdns
Ask the peer for up to 2 DNS server addresses.  The addresses supplied by the peer (if any) are passed to the /etc/ppp/ip-up script in  the
environment  variables  DNS1  and  DNS2,  and  the  environment  variable  USEPEERDNS  will  be set to 1.  In addition, pppd will create an
/etc/ppp/resolv.conf file containing one or two nameserver lines with the address(es) supplied by the peer.

user USERNAME
Sets the name used for authenticating the local system to the peer to name.

idle N Specifies that pppd should disconnect if the link is idle for N seconds.  The link is idle when no data packets (i.e. IP packets) are being
sent or received.  Note: it is not advisable to use this option with the persist option without the demand option.

logfd N
Send log messages to file descriptor N.  Pppd will send log messages to at most one file or file descriptor (as well  as  sending  the  log
messages  to syslog), so this option and the logfile option are mutually exclusive.  The default is for pppd to send log messages to stdout
(file descriptor 1), unless the serial port is already open on stdout.

root@arun:~# cat  /etc/ppp/peers/wvdial
noauth
name wvdial
usepeerdns
root@arun:~#

** Want to see the code  of “/etc/init.d/tataindicom” ?

root@arun:~# cat /etc/init.d/tataindicom
#!/bin/bash

case “$1” in

start)
echo “Starting the TATA Indicom datacard service..”
/usr/bin/wvdial > /var/log/tataindicom.log 2>&1  &
echo “log file is /var/log/tataindicom.log”
echo “…”
echo “Done.”
;;

stop)
echo “killing pppd daemon and dailer…”
kill -9 $(ps auxwww  |  grep “$(which wvdial)”  | grep -v grep | awk  ‘{print $2}’)
kill -9 $(ps auxwww  |  grep “$(which pppd)”  | grep -v grep | awk  ‘{print $2}’)
echo “…”
echo “Done.”
;;
status)
echo “TATA Indicom datacard -”
pid_of_dailer=$( ps auxwww  |  grep “$(which wvdial)”  | grep -v grep | awk  ‘{print $2}’)
pid_of_pppd=$(ps auxwww  |  grep “$(which pppd)”  | grep -v grep | awk  ‘{print $2}’)
pppd_details=”$(ps auxwww | grep “$(which pppd)” | grep -v grep   | awk -F’pppd’  ‘{print $2}’)”
echo -e “Dailer :: $pid_of_dailer    $(which wvdial)”
echo -e “pppd daemon :: $pid_of_pppd   $(which pppd) $pppd_details”
;;
*)
echo “Usage: /etc/init.d/tataindicom {start|stop|status}”
exit 1
esac
exit 0
root@arun:~#

Thank you,
Arun Bagul

Installing Zabbix (Server and Agent) On Ubuntu Gusty7.10

Installing Zabbix (Server and Agent) On Ubuntu Gusty7.10

Introduction –  Zabbix is a solution for monitoring applications, networks, and servers. With Zabbix you can monitor multiple servers at a time, using a Zabbix server that comes with a web interface (that is used to configure Zabbix and holds the graphs of your systems) and Zabbix agents that are installed on the systems to be monitored. The Zabbix agents deliver the desired data to the Zabbix server. This tutorial shows how you can install the Zabbix server and agent on a Ubuntu Gusty 7.10.

I will use the system SFPAZABBIX with the IP address 192.168.3.180 as the Zabbix server, and I’ll install a Zabbix agent on the same system –

The Zabbix server can store its information in a MySQL or PostgreSQL database. We use MySQL here, so we install the MySQL server and client first using apt-get –
root@ravi:~# apt-get install mysql-server mysql-client

Create a password for the MySQL user root (replace yourrootsqlpassword with the password you want to use) –
root@ravi:~# mysqladmin -u root password  yourrootsqlpassword

Installing apache2 php5 for web interface –

root@ravi:~# apt-get install apache2 php5 php5-gd

Afterwards, we can install the Zabbix server, Zabbix agent, and the Zabbix web interface with a single command –
root@ravi:~# apt-get install zabbix-server-mysql zabbix-frontend-php zabbix-agent

Apt installation will be asked a few questions-

Like mysql root user password and Zabbix database password, give mysql root password there that we created already.

This should create a MySQL database called Zabbix.

Next we must edit the Zabbix agent configuration in /etc/zabbix/zabbix_agentd.conf.

Replace Server=localhost with Server=127.0.0.1 (to avoid lookup problems of localhost) and specify the hostname of the current system in the Hostname line.

root@ravi:~# vi /etc/zabbix/zabbix_agentd.conf

[…]

Server=127.0.0.1

[…]

Hostname=SFPAZABBIX

[…]

root@ravi:~#

Then we restart the Zabbix agent –

root@ravi:~# /etc/init.d/zabbix-agent restart

Finally, we must specify the password of our zabbix MySQL user in the Zabbix web interface configuration –

root@ravi:~# vi /etc/zabbix/dbconfig.php

<?php
$DB_TYPE=’MYSQL’;
$DB_SERVER=’localhost’;
$DB_DATABASE=’zabbix’;
$DB_USER=’root’;
$DB_PASSWORD=’mysqlrootpassword’;

?>

root@ravi:~#

Restart services for zabbix server & agent –

/etc/init.d/zabbix-server restart

/etc/init.d/zabbix-agent restart

That’s it. you can access  Zabbix  webbased admin panel check URL http://SFPAZABBIX/zabbix or http://192.168.3.180/zabbix
>zabbix1

Afterwards, go to Configuration TAB and configure Zabbix!
zabbix2
If you have problems with Zabbix, please check the Zabbix logs – * /var/log/zabbix-agent/zabbix_agentd.log
* /var/log/zabbix-server/zabbix_server.logThe Zabbix configuration files for the server, agent, and web interface are as follows –

* /etc/zabbix/apache.conf
* /etc/zabbix/dbconfig.php
* /etc/zabbix/zabbix_agentd.conf
* /etc/zabbix/zabbix_server.conf

Taking backup of Zabbix server database using below script –

#!/bin/bash
# script for dumping the contents of a zabbix MySQL database
# this script will create a compressed mysqldump of the specified database
savePath=/zabbix/
fileName=”ZabbixDBbackup” # filename for the backup note the
dateVar=$(date +%Y-%m-%d) # date variable to append to filename
mysqldump -u root -p(mysqlpassword) zabbix | gzip > $savePath$fileName-$dateVar.gz

Schedule cronjob for Zabbix is as follows –

@daily /bin/sh /zabbix/backupforzabbix.sh         #zabbix db backup daily midnight

Append existing zabbix db backup on zabbix db –

Go to where is the zabbix db backup path ( i.e. /zabbix), check date & go for newer date when zabbix was running in good condition.
(ls -l commands output give you the newer date)

Unzip the compressed file and rename it to dbfilename.sql  (with sql extension)

Now go to mysql CLI prompt –

root@ravi:~# mysql -u root -p

mysql> use zabbix;

mysql> \. filename.sql

above command append the tables of zabbix database.

Thanks
Ravi Bhure




							
Network Monitoring With ntop

Network Monitoring With ntop

ntop is a network traffic tools that shows network usage in a real time. One of the good things about this tool is that you can use a web browser to manage and navigate through ntop traffic information to better understand network status.

Also Ntop monitors and reports hosts traffic and supports these protocols:

  • TCP/UDP/ICMP
  • (R)ARP
  • IPX
  • DLC
  • Decnet
  • AppleTalk
  • Netbios
  • TCP/UDP

In this tutorial we’ll install ntop 3.2 in Redhat Enterprise Linux 5

Prerequisites

Ntop 3.2
LIBPCAP
GDBM

Links

http://dag.wieers.com/rpm/packages/ntop

for LIBPCAP & GDBM packages check installation media of RHEL 5.

Installation

Installing ntop:

rpm -ivh ntop-3.2-2.el5.rf.i386.rpm

Running ntop

1- Initialize ntop:

ntop

That will initialize ntop and it will ask you to enter your username and password.

The default username: admin

Password: younewpassword

2- Start ntop service:

service ntop start

Log In To The Web Interface

ntop can be managed through a web interface. You can enter your server address in your web browser:

http://ServerIP:3000

https://ServerIP:3001

Now you can monitor your hosts and manage your ntop configuration.

ntop.png

Thanks

Ravi

MRTG on Linux

MRTG on Linux

Introduction

MRTG is wonderful tool. You can use it to monitor traffic on your router or leased server located at remote IDC. Since it is written in Perl and some code in C language, it is portable and high performance tool.

What is MRTG?

As explained in official mrtg(1) man page “The Multi Router Traffic Grapher (MRTG) is a tool to monitor the traffic load on network-links. MRTG generates HTML pages containing GIF images which provide a LIVE visual representation of this traffic. Please note following discussion based upon Red Hat Linux Enterprise version 4.

What is SNMP and why should I care?

SNMP is Simple Network Management Protocol. It is use to manage IP network devices such as servers, routers, switches etc. Administrator can find or manage network performance, solve problem or even optimize it further. For more information on official UNIX/Linux SNMP please see UCD-SNMP/NET-SNMP Tutorials and an excellent resource at Snmplink.org

Assumptions

These installation instructions assume you have:

  • Linux distribution
  • You would like to perform MRTG and snmp binary installation using rpm. If you are looking for source installation then visit author’s web site here. This page has an excellent information (systematically) to install it from source.
  • Required RPMs
    • mrtg
    • snmp
    • snmp-utils
  • Installations were tested on Red Hat Enterprise Linux version 4 & 5.

Configuration

Make sure snmp server is working. Without proper working snmp server, mrtg will not work. Therefore, first step is make sure snmp up and running. Following steps will take you gradually to configure it.

Configure SNMP

(1) Edit file /etc/snmp/snmpd.conf using text editor:

# vi /etc/snmp/snmpd.conf

Change/Modify line(s) as follows:

Find following Line:

com2sec notConfigUser  default       public

Replace with (make sure you replace 192.168.0.0/24 replace with your network IPs) following lines:

com2sec local     localhost           public
com2sec mynetwork 192.168.0.0/24      public

Scroll down bit and change:

Find Lines:

group   notConfigGroup v1           notConfigUser
group   notConfigGroup v2c           notConfigUser

Replace with:

group MyRWGroup v1         local
group MyRWGroup v2c        local
group MyRWGroup usm        local
group MyROGroup v1         mynetwork
group MyROGroup v2c        mynetwork
group MyROGroup usm        mynetwork

Again scroll down bit and locate following line:

Find line:

view    systemview     included      system

Replace with:

view all    included  .1                               80

Again scroll down bit and change:

Find line:

access  notConfigGroup ""      any       noauth    exact  systemview none none

Replace with:

access MyROGroup ""      any       noauth    exact  all    none   none

access MyRWGroup ""      any       noauth    exact  all    all    none

Scroll down bit and change:

Find lines:

syslocation Unknown (edit /etc/snmp/snmpd.conf)
syscontact Root  (configure /etc/snmp/snmp.local.conf)

Replace with (make sure you supply appropriate values):

syslocation Linux (RH4_UP4), Ravi’s Linux Router.

syscontact Ravi Bhure <ravi@indianGNU.org>
 

Start your snmp server and test it:

(a) Make sure when linux comes up snmpd always starts:

 # chkconfig snmpd on

(b) Make sure service start whenever Linux comes up (after reboot):

 # service snmpd start

(c) Finally test your snmp server:

# snmpwalk -v 1 -c public localhost IP-MIB::ipAdEntIfIndex

Install mrtg if not installed

Mrtg software may install during initial installation; you can verify if MRTG installed or not with following RPM command:

rpm -qa | grep mrtg

Use rpmfind.net to find MRTG rpm or up2date command to install MRTG software:

# up2date -v -i mrtg

Fedora Linux user can use yum command as follows to install MRTG:

# yum install mrtg

Commands to Configure mrtg

(a) Create document root to store mrtg graphs/html pages:

# mkdir -p /var/www/html/mymrtg/

(b) Run any one of the following cfgmaker command to create mrtg configuration file:

#cfgmaker --global 'WorkDir: /var/www/html/mymrtg' --output /etc/mrtg/mymrtg.cfg public@localhost

OR (make sure your FQDN resolves, in following example i’m using example.com which is my router FQDN address)

# cfgmaker --global 'WorkDir: /var/www/html/mymrtg' --output /etc/mrtg/mymrtg1.cfg public@example.com

(c) Create default index page for your MRTG configuration:

# indexmaker --output=/var/www/html/mymrtg/index.html /etc/mrtg/mymrtg1.cfg

(d) Copy all tiny png files to your mrtg path:

# cp -av /var/www/mrtg/*.png /var/www/html/mymrtg/
 

(e) Create /etc/httpd/conf.d/mymrtg.conf and write just one line

Alias /mymrtg /var/www/mymrtg

Save and exit.

First test run of mrtg

(a) Run mrtg command from command line with your configuration file:

# mrtg /etc/mrtg/mymrtg1.cfg

Note: You may get few warning message for first time; ignore them.

(b) Fire your favorite web browser (like FireFox 😀 ) and type url http://www.your.com/mymrtg/ or http://your-ip/mymrtg/

Create crontab entry so that mrtg graph / images get generated every 5 minutes

(a) Login as a root user or login as a mrtg user and type following command:

# crontab -e

(b) Add mrtg cron job entry to configuration file (append following line to it):

*/5 * * * * /usr/bin/mrtg /etc/mrtg/mymrtg1.cfg --logging /var/log/mrtg.log

Save file and you are done with MRTG config issues 🙂

NOw NJoy MRTG.

Thanks

Ravi

CUPS – Open source printer server

CUPS – Open source printer server

CUPS (Common Unix Printing) system is one of the open source printer server. CUPS provides a portable printing layer for UNIX-based operating systems. It has been developed by Easy Software Products to promote a standard printing solution for all UNIX vendors and users. CUPS provides the System V and Berkeley command-line interfaces.

CUPS uses the Internet Printing Protocol (IPP) as the basis for managing print jobs and queues. The Line Printer Daemon (LPD) Server Message Block (SMB), and AppSocket (JetDirect) protocols are also supported with reduced functionality. CUPS adds network printer browsing and PostScript Printer Description (PPD) based printing options to support real-world printing under UNIX.

1] Why CUPS Printer Server ? –

CUPS is designed to eliminate the printing problem. One common printing system can be used by all UNIX variants to support the printing needs of users. Printer vendors can use its modular filter interface to develop a single driver program that supports a wide range of file formats with little or no effort. Since CUPS provides both the System V and Berkeley printing commands, users (and applications) can reap the benefits of this new technology with no changes. CUPS is based upon an emerging Internet standard called the Internet Printing Protocol (IPP), which a standard protocol for printing as well as managing print jobs and printer options like media size, resolution etc. Like all IP-based protocols, IPP can be used locally or over the Internet to printers hundreds or thousands of miles away. Unlike other protocols, however, IPP also supports access control, authentication, and encryption, making it a much more capable and secure printing solution than older ones.

Backends – Backends perform the most important task of all they send the filtered print data to the printer. CUPS provides backends for printing over parallel, serial, and USB ports, and over the network via the IPP, JetDirect (AppSocket), and Line Printer Daemon (LPD) protocols. Additional backends are available in network service packages such as the SMB backend included with the popular SAMBA software. backends are also used to determine the available devices. On startup each backend is asked for a list of devices it supports.

— printer installation, configuration, quota managment, page log and accounting etc.. will be updated soon

Thank you,

Arun Bagul

Load Balancing for sharing multiple internet connections

Load Balancing for sharing multiple internet connections

Overview

We have three Internet connection from three different ISP.

Due to hardware limitation we have connected two ISP line connected to one PC.
Details regarding to Interface is-
etho -192.168.0.X
eth1- A.B.C.D

ppp0- W.X.Y.Z

Why Load Balancing ?

The main purpose of load balancing is to share multiple Internet connection from different service provider for maximum utilization of bandwidth. We try to achieve this goal by two method

A) Load Balancing by using EQL interface-

EQL is serial line load balancer which is kernel module. by which we can enslave or tie multiple serial line from different or same provider. But the condition is that this line should be connected through modem. Which is not suitable for us.

B) Load Balancing by IP tables and Routing-

There are many places where a Linux based router/masquerading device can assist in managing multiple Internet connections. We’ll outline here some of the more common setups involving multiple Internet connections and how to manage them with iptables and routing. One of the first distinctions you can make when planning how to use multiple Internet connections is what inbound services you expect to host and how you want to split traffic over the multiple links.

Step by step implementation

When we are using single connection from one ISP in such case our default route will me in ‘main’ routing table of kernel. Now in our case we have connected two connection to proxy server out of that one line is from ‘pacenet’ and other is from ‘sify’. As we have not implemented load balancing the default router in ‘main’ table of kernel will be either fro sify or pacenet.

[1] How it works

Lets us check our ‘main’ routing table ….

magnet@proxy:~$ ip route show table main
25.X.X.X dev ppp0 proto kernel scope link src W.X.Y.Z
192.168.0.X/24 dev eth0 proto kernel scope link src 192.168.0.X
10.X.X.X/24 dev eth1 proto kernel scope link src A.B.C.D
default dev ppp0 scope link
magnet@proxy:~$

root@proxy:~# ip route show table main
25.X.X.X dev ppp0 proto kernel scope link src W.X.Y.Z
192.168.0.X/24 dev eth0 proto kernel scope link src 192.168.0.X
10.X.X.X/24 dev eth1 proto kernel scope link src A.B.C.D
default via 10.X.X.X dev eth1
root@proxy:~#

To use both the line effectively we need to create to two new routing table. So that we can provide default gateway in each routing table separately.

Step [1]

First step in load balancing is to create separate routing table for each connection. Lets create table.

root@proxy:~# tail /etc/iproute2/rt_tables
253 sify3
252 sify192
251 pacenet
root@proxy:~#

Whenever we want to create new routing table we need to add entries in above file.

step [2]

Now we will add routing details in this table

root@proxy:~# ip route add 25.X.X.X dev ppp0 src W.X.Y.Z proto kernel scope link table pacenet
root@proxy:~# ip route add default via 25.X.X.X table pacenet
root@proxy:~# ip route show table pacenet
25.X.X.X dev ppp0 proto kernel scope link src W.X.Y.Z
default via 25.X.X.X dev ppp0
root@proxy:~#

As shown above we have created separate routing table ‘pacenet’ for pacenet connection. With default gateway 25.X.X.X and interface ppp0.
Similarly we have created separate routing table ‘sify3’ for sify connection. with defalut gateway 10.X.X.X and interface eth1.

root@proxy:~# ip route add 10.X.X.X/24 dev eth1 src A.B.C.D proto kernel scope link table sify3
root@proxy:~# ip route add default via 10.X.X.X table sify3

root@proxy:~# ip route show table sify3
10.X.X.X/24 dev eth1 proto kernel scope link src A.B.C.D
default via 10.X.X.X dev eth1
root@proxy:~#

step [3]

One more thing we left here is that we have to add entries for local network in both table. This is basic setup for separating routing decision for both provider.

root@proxy:~# ip route add 192.168.0.X/24 dev eth0 proto kernel scope link src 192.168.0.X table sify3
root@proxy:~# ip route add 192.168.0.X/24 dev eth0 proto kernel scope link src 192.168.0.X table pacenet

Finally we will check entries in each routing table

root@proxy:~# ip route show table sify3
192.168.0.X/24 dev eth0 proto kernel scope link src 192.168.0.X
10.X.X.X/24 dev eth1 proto kernel scope link src A.B.C.D
default via 10.X.X.X dev eth1

root@proxy:~# ip route show table pacenet
25.X.X.X dev ppp0 proto kernel scope link src W.X.Y.Z
192.168.0.X/24 dev eth0 proto kernel scope link src 192.168.0.X
default via 25.X.X.X dev ppp0
root@proxy:~#

step [4]

Next, we will set up the routing rules. These actually choose what routing table to route with. You want to make sure that you route out a given interface if you already have the corresponding source address:

root@proxy:~# ip rule add from W.X.Y.Z table pacenet
root@proxy:~# ip rule add from A.B.C.D table sify3

Here W.X.Y.Z is the static IP assign to ppp0 interface. The first rule tells to kernel that use table ‘pacenet’ to route all the pkts going out of interface ppp0 similarly for sify connection.

Step [5]  Now delete default route in ‘main’ table.

root@proxy:~# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
25.X.X.X 0.0.0.0 255.255.255.255 UH 0 0 0 ppp0
192.168.0.X 0.0.0.0 255.255.255.0 U 0 0 0 eth0
10.X.X.X 0.0.0.0 255.255.255.0 U 0 0 0 eth1
0.0.0.0 10.X.X.1 0.0.0.0 UG 0 0 0 eth1
root@proxy:~# route del default
root@proxy:~# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
25.1.1.2 0.0.0.0 255.255.255.255 UH 0 0 0 ppp0
192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
10.10.127.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
root@proxy:~# ip route show
25.1.1.2 dev ppp0 proto kernel scope link src 203.115.69.16
192.168.0.0/24 dev eth0 proto kernel scope link src 192.168.0.3
10.10.127.0/24 dev eth1 proto kernel scope link src 10.10.127.222

Step [6]

Now the question is how to balance traffic going out over the two providers. This is actually not hard if you already have set up split access as above. Instead of choosing one of the two providers as your default route,We will set up the default route to be a multipath route. In the default kernel this will balance routes over the two providers. It is done as follows (once more building on the example in the section on split-access):

root@proxy:~# ip route add default nexthop via 10.X.X.1 dev eth1 weight 1 nexthop via W.X.Y.Z dev ppp0 weight 1

root@proxy:~# ip route show
25.X.X.X dev ppp0 proto kernel scope link src W.X.Y.Z
192.168.0.X/24 dev eth0 proto kernel scope link src 192.168.0.X
10.X.X.X/24 dev eth1 proto kernel scope link src A.B.C.D
default
nexthop via A.B.C.D dev eth1 weight 1
nexthop via W.X.Y.Z dev ppp0 weight 1
root@proxy:~#

This will balance the routes over both providers. The weight parameters can be tweaked to favor one provider over the other.
Note that balancing will not be perfect, as it is route based, and routes are cached. This means that routes to often-used sites will always be over the same provider.
Thank you

Arun Bagul

Reference URL:–
http://linux-ip.net/html/index.html
http://linux-ip.net/html/ch-advanced-routing.html

http://lartc.org/howto/lartc.rpdb.html
http://lartc.org/howto/lartc.rpdb.multiple-links.html

http://www.shorewall.net/