Category: Networks

All networks related posts

I’m running an OpenVPN server, configured in bridging mode.

I had quite a bit of trouble getting OpenVPN to start after networking is up, but before the the bridge is setup so that the tap0 device, which is created by OpenVPN can be added to the bridge.

The solution is simpler : let the tap0 be automatically created and added to the bridge by Gentoo Linux, then start OpenVPN with a config file instructing to use the already created tap0 device.

This post shows the configuration snippets to get things started in the right order on Gentoo.
read this entry »

My new center of interest those days being virtualization, I tried quite a few software starting with Xen, then QEMU, then KVM, and finally VirtualBox. But as far as giving a network access to the VM is concerned, I’ve always sticked to a network bridge for the reason that this makes the VM appear on the network just like any other computer of your network.

This post provided a sample script to setup a bridge suitable to use with all of the named virtualization softwares.

read this entry »

photo credit: saschaaa

This posts gives a short intro about VLAN and a simple configuration sample on a DELL PowerConnect 5224 switch with an OpenBSD machine.

read this entry »

If you are looking for a procedure to reset the password of a Dell PowerConnect switch, you’ll find it at the Dell support forum in the following thread : PowerConnect Password Recovery Procedure for managed switches.

As far as the 5224 is concerned, you mostly have to hold Ctrl-F from the power-on till the end of the boot of the switch, which will bring the “reset to factory ?” question and solve the problem of the lost password.

The User Guide for the 5224 is available online.

A bit of context : I have a bind 9 DNS allowing DNS updates from clients on the LAN (ok this is fairly insecure, but still my LAN is my home LAN composed of 4 machines … let’s say that’s good enough for me ! )

The named.conf allows those updates with this config directive in the zone config block :
allow-update {mynet; };

and mynet is defined an acl directive to be my LAN.

Then you can update your DNS with the nsupdate tool with a syntax along the following lines :
spaghetti:~# nsupdate
> server 192.168.0.1
> update delete spaghetti.domain.name A
> update add spaghetti.domain.name 8000 A 192.168.0.103
> send
> quit


I was then looking for a place to hook a code snippet doing that update after an update via DHCP and I found the answer in A dynamic dns update client on Debian with dhcp3-client (many thanks dude !).

Here is the drill down :

1. install the dhcp3-client package (apt-get install dhcp3-client ): this version has easy to use hooks before and after querying the DHCP server to get network config
2. you can drop a script which will automate the nsupdate in “/etc/dhcp3/dhclient-enter-hooks.d” and it will get run right after network configuration (see the sample debug script for the variable which are available upon script execution, such as $new_ip_address)

Windows XP

To see multicast group memberships in Windows XP, you can use netsh :

U:>netsh interface ip show joins
Interface Addr   Multicast Group
---------------  ---------------
192.168.139.1    224.0.0.1
192.168.137.1    224.0.0.1
192.168.136.1    224.0.0.1

Solaris (and probably other Unixen as well)

In Solaris, the netstat command can be used :

$ netstat -g
Group Memberships: IPv4
Interface Group                RefCnt
--------- -------------------- ------
lo0       224.0.0.1                 1
eri0      224.0.0.1                 1
$

The “interface name” part of an ifconfig command can be a simple interface name, such as eri0, bge0 and such, or a logical unit such as eri0:1, eri0:2 and so on.

This makes it easy to setup more than 1 ip address on a network card, and hence to make virtual servers.

This post will be short, because it is actually easier than I expected … Anyway, considering my memory, better blog out that for later reference

A bridge is a network device used to connect two or more network segments. You can achieve this easily on OpenBSD with the following commands :

# echo 'up' > /etc/hostname.if0
# echo 'up' > /etc/hostname.if1
# echo 'add if0 add if1 up' > /etc/bridgename.bridge0


This will setup the two interfaces if0 and if1 (replace with your own, like rl0, em0, etc etc) and add them into the bridge0.

Then you need to enable ip forwarding so that IP packets will pass from one interface to the others as needed. You do that by editing the file /etc/sysctl.conf and uncommenting the line which reads :

#net.inet.ip.forwarding=1
Once this is all done, reboot to activate.

This bridge is IP-less, which means it is “harder” to attack. You can still filter at MAC level and at IP level through PF (the firewall of OpenBSD).

Tested on OpenBSD 3.9

Man pages :

• hostname.if(5)
• brconfig(8)
• ifconfig(8)
• sysctl.conf(5)

On a Unix machine, you can use this little ftp trick to have an idea of your throughput :

ftp somehost
ftp> put “| dd if=/dev/zero bs=100000 count=100″ /dev/null
200 PORT command successful.
150 ASCII data connection for /dev/null (192.168.0.1,32953).
100+0 records in
100+0 records out
226 Transfer complete.
local: | dd if=/dev/zero bs=100000 count=100 remote: /dev/null
10000000 bytes sent in 2.9 seconds (3388.52 Kbytes/s)

This will generate a stream of bytes from one host to another and give you the data rate at the end

To allow a proxy to act as a tunnel for SSL connection as in HTTPS, you actually need to provide the HTTP method CONNECT. It took me some time to realize

If you do this with Apache/mod_proxy, that means that you have to use the mod_proxy_connect and allow the CONNECT method.

Few pointers :

• CONNECT method
• Apache mod_proxy_connect