Showing posts with label linux. Show all posts
Showing posts with label linux. Show all posts

Tuesday, February 27, 2024

This is the way to install the telnet command in Alpine Linux (very popular in the container world such as docker)

This is the way to install the telnet command in Alpine Linux (very popular in the container world such as docker)

#apk update

#apk add busybox-extras

Friday, February 23, 2024

The real solution to run ContainerLAB on MAC m1 or m2 apple silicon

Step 1: Install Canonical Multipass your MAC 

$brew install multipass


Step 2: Install the VM called docker

$multipass launch docker --name mydocker


Step 3: Connect to the new VM

$multipass shell mydocker


Step 4: Inside the VM install ContainerLab

$sudo su

#bash -c "$(curl -sL https://get.containerlab.dev)"


Let's try this simple back2back topology of two Linux computers with FRR


-- 2-frr-back2back.yml --

name: ipv6-ws

topology:

   kinds:

     linux:

       image: ghcr.io/hellt/network-multitool

   do not give:

   ROUTERS ###

     A1:

       kind: linux

       image: quay.io/frrouting/frr:8.4.1

       exec:

         - "sysctl -w net.ipv6.conf.all.forwarding=1"

         - "ip address add dev eth1 2001:db8:ffab::1/64"

     A2:

       kind: linux

       image: quay.io/frrouting/frr:8.4.1

       exec:

         - "ip address add dev eth1 2001:db8:ffab::2/64"

         - "sysctl -w net.ipv6.conf.all.forwarding=1"

   links:

     - endpoints: ["R1:eth1", "R2:eth1"]

--- yml --


Step 5: Let's build the topology with clab:

clab dep -t 2-frr-back2back.yml


Step 6: finally we are going to connect to one of the VMs inside ContainerLAB

docker exec -i -t clab-ipv6-ws-R2 bash

Tuesday, December 5, 2023

BGP: IPv6 Only example between OpenBGPD and FRR

FRR:

show run

frr# sh run 

Building configuration...


Current configuration:

!

frr version 8.1

frr defaults traditional

hostname frr

log syslog informational

service integrated-vtysh-config

!

interface l0

 ipv6 address 2001:db8::1/128

exit

!

router bgp 65001

 bgp router-id 1.1.1.1

 no bgp ebgp-requires-policy

 neighbor 2001:db8:12::2 remote-as 65002

 !

 address-family ipv6 unicast

  redistribute connected

  neighbor 2001:db8:12::2 activate

  neighbor 2001:db8:12::2 soft-reconfiguration inbound

 exit-address-family

exit

!



OpenBGPD

Archivo: /etc/bgpd.conf

# macros

ASN="65002"

fib-update yes

log updates


# global configuration

AS $ASN

router-id 2.2.2.2


network 2001:db8::2/128

network inet6 connected


neighbor 2001:db8:12::1 {

    descr "epa"

    remote-as 65001

    announce IPv6 unicast

}


deny from any

deny to any

allow from 2001:db8:12::1

allow to 2001:db8:12::1


#

(please note the blank space between the last line and the second to last line)

Monday, December 4, 2023

How to create an IPv6 route to null/blackhole in Linux

 Case:

    How to create an IPv6 route to null/blackhole in Linux

Command:

   ip -6 route add blackhole fd00:12:34::0/48




I hope it is useful

Sunday, October 29, 2023

How to temporarily disable IPv4 on an interface within Linux

Case:

   We want to disable IPv4 on an interface


Solution:

   sudo ip -4 addr flush dev enp0s1


Explanation:

   The above command removes all IPv4 addresses for interface enp0s1. Important, remember that this disabling is only temporary.

Friday, October 13, 2023

NGINX Reverse Proxy for an IPv6-Only Server Farm

Introduction

This work presents a very simple way to offer dual-stack web access to an IPv6-only server farm using NGINX. The continued growth of the Internet and the gradual adoption of the IPv6 protocol means that it is essential to ensure connectivity and accessibility for clients using both IPv4 and IPv6. We will explain how to configure NGINX to support dual-stack web access, we will address how to configure NGINX as a reverse proxy that listens on both IPv4 and IPv6 addresses, as well as how to correctly route incoming requests to backend servers with only IPv6 addresses. By the way, among many other benefits, what we will discuss in the following article is an important step towards the preservation of IPv4 addresses.



What is a Reverse Proxy?

In [1], Cloudflare defines a Reverse Proxy Server as follows: “A reverse proxy is a server that sits in front of web servers and forwards client (e.g. web browser) requests to those web servers. Reverse proxies are typically implemented to help increase security, performance, and reliability. In order to better understand how a reverse proxy works and the benefits it can provide, let’s first define what a proxy server is.”


What is a Proxy Server

In [1], Cloudflare also provides the following definition for a proxy server: “A forward proxy, often called a proxy, proxy server, or web proxy, is a server that sits in front of a group of client machines. When those computers make requests to sites and services on the Internet, the proxy server intercepts those requests and then communicates with web servers on behalf of those clients, like a middleman.”



What are the benefits of a Reverse Proxy?

  • • A reverse proxy can offer IPv4 or transparent IPv6 to clients serviced from an IPv6- only server farm (which is what we will focus on). • Scalability: The use of a reverse proxy allows adding or removing backend servers as needed without affecting end users. This makes it easier for applications to scale out, allowing them to handle a larger number of concurrent users and requests. • Static content caching: NGINX can cache static content such as images, CSS files, and JavaScript, thus reducing the load on backend servers and increasing content delivery speed. This decreases page load times and the required bandwidth. • Security: NGINX acts as a point of entry to the application, providing an additional layer of security. It can perform functions such as request filtering, DDoS attack prevention, SQL injection protection, and client authentication. NGINX can also enable the use of SSL/TLS encryption for communication between clients and the backend server. • Advanced routing: A reverse proxy allows performing advanced routing based on various criteria, such as domain name, URL, or HTTP headers. This is useful when we need to direct traffic to different backend servers based on the specific attributes of the requests. • Consolidation of services: NGINX can act as a single point of entry for various backend services. This simplifies the infrastructure by consolidating multiple services on a single server, thus simplifying management and maintenance. • Enhanced performance: NGINX is lightweight and resource efficient by design. Its streamlined architecture and ability to handle large numbers of concurrent connections make it a popular choice for improving web app performance. • Load balancing: A reverse proxy such as NGINX can distribute incoming traffic across several backend servers. This helps balance the load and guarantees that no server is overloaded, which improves an application's performance and responsiveness.



Topology


What is our Goal Today?

The edge server (Reverse Proxy Server) will be able to receive IPv4 and IPv6 HTTP requests, and depending on the website a user wishes to visit (domain), will forward the request to the right server. This is what will happen in our example: 

The client visits: The request is sent to: 

server-a.com → 2001:db8:123::1 

server-b.com → 2001:db8:123::2 

server-c.com → 2001:db8:123::3 

server-a.com → 2001:db8:123::101 

server-b.com → 2001:db8:123::102 

server-c.com → 2001:db8:123::103



Requirements

  • • Linux with NGINX on the Reverse Proxy Server • Super user access • Web server on each of the servers in the farm • IPv4 and IPv6 Internet connectivity • Internal IPv6 connectivity


Let's get started


Let's get started 

1) Install NGINX in all servers #apt update #apt install nginx 

2) Create the websites in the NGINX reverse proxy 

File /etc/nginx/sites-available/server-a.com 

server { listen 80; listen [::]:80; 

  server_name server-a.com; 

  location / { 

  proxy_pass http://[2001:db8:123::101]; } 


File /etc/nginx/sites-available/server-b.com


server { listen 80; listen [::]:80; server_name server-b.com; location / { proxy_pass http://[2001:db8:123::102]; } }



Archivo  /etc/nginx/sites-available/server-b.com

server {

listen 80;

listen [::]:80;


    server_name server-b.com;

    location / {

        proxy_pass http://[2001:db8:123::102];

    }


}



File /etc/nginx/sites-available/server-c.com 
server { 
  listen 80; listen [::]:80; 
  server_name server-c.com; 
  location / { 
  proxy_pass http://[2001:db8:123::103]; 
  }
}

3) Create symbolic links to enable the sites configured above:


root@ProxyReverseSRV:/etc/nginx/sites-enabled# ln -s /etc/nginx/sitesavailable/server-a.com /etc/nginx/sites-enabled/server-a.com 


root@ProxyReverseSRV:/etc/nginx/sites-enabled# ln -s /etc/nginx/sitesavailable/server-b.com /etc/nginx/sites-enabled/server-b.com 


root@ProxyReverseSRV:/etc/nginx/sites-enabled# ln -s /etc/nginx/sitesavailable/server-c.com /etc/nginx/sites-enabled/server-c.com



4) Remember to restart NGINX

$sudo systemctl restart nginx



About the logs

Logs are extremely important for any company or ISP that wishes to review incoming connections. 

By default, NGINX will use its own IP address for outgoing connections, which results in the loss of the address of the client that originated the HTTP request. But don't worry. NGINX has the solution: proxy_set_header. This requires configuring both the end server and the Reverse Proxy server. 

1) On the Reverse Proxy Server, we must configure the website assets. 
# Example of nginx reverse proxy that allows logging the client's 
# original address and port number 

location /examples { 
   proxy_pass http://[2001:db8:123::103]; 
   proxy_buffering off; 
   proxy_set_header X-Real-IP $remote_addr; 
   proxy_set_header X-Forwarded-Host $host; 
   proxy_set_header X-Forwarded-Port $server_port; 
   proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 
 } 

2) On the end server, add the following in the http section of the /etc/nginx/nginx.conf file:

set_real_ip_from 2001:db8:123::100; #replace the IP address with that of the proxy 
real_ip_header X-Forwarded-For; 
real_ip_recursive on; 

Example: 
http { 
   … 
   set_real_ip_from 2001:db8:123::100; 
   real_ip_header X-Forwarded-For; real_ip_recursive on; 
   … 
  } 

With these settings, the receiving server will trust the X-Forwarded-For header set to 2001:db8:123::100 and will log the client's source IP to /var/log/nginx/access.log.



Summary

The proposed design allows managing a 100% IPv6-only web server farm with access to both the IPv4 and the IPv6 worlds in a very simple, scalable, and efficient manner. This results in various benefits, including having to manage only one TCP/IP stack, simplicity, security, and even saving IPv4 addresses.


References


    • [1] https://www.cloudflare.com/es-es/learning/cdn/glossary/reverse-proxy/ • https://www.digitalocean.com/community/tutorials/how-to-configure-nginx-as-areverse-proxy-on-ubuntu-22-04 
    • GitHub. LACNIC Blog Post Help Files for the entire project: https://github.com/LACNIC/BlogPostHelpFiles/tree/main/2023_Ofreciendo_conectivid ad_Dual_Stack_a_servidores_Web_en_una_granja_de_servidores_100_IPv6_Only

    Thursday, May 25, 2023

    Strange ssh behavior on MAC - Copy/Paste Issues

     Situation:

       Strange behavior of SSH on MAC, problems with copy/paste in terminal during ssh. Does the clipboard work in other applications?


    Solution:

       At least in "vi" the solution is very simple. Edit the file: ~/.vimrc and paste the following content:


    if !has("gui_running")

       set mouse=

    endif


    Luck!

    Wednesday, July 13, 2022

    Fixing/Solved "Unable to parse package file " after apt

    Problem: 
       We get an error after executing any apt command in linux 

    Solution 
       The solution is very easy, I spent so many hours fixing it. 
       You just have to delete the file mentioned in the error, in my case I got: "E: Unable to parse package file /var/lib/apt/extended_states (1)" 
       I just deleted the file /var/lib/apt/extended_states 

     Example: 
       #sudo rm /var/lib/apt/extended_states 

     That's it

    Sunday, September 26, 2021

    Solved: VBoxGuestAdditions.iso (VERR_PDM_MEDIA_LOCKED)Solved:

    Situation: 
       When inserting Guest Additions CD Image in a Debian VM you are getting VERR_PDM_MEDIA_LOCKED 

    Solution: 
       There are many solutions, like: 
    1) Executing 
      sudo apt-get upgrade 
      sudo apt-get install virtualbox-guest-additions-iso
    2) Removing and inserting the cd from the VM configuration

    and a third one which is the one that worked with me:

    a) Start the VM
    b) Open a terminal
    c) Execute this:
      sudo su
      cd /media
      mkdir cdrom
      mount /dev/cdrom /media/cdrom
      cd cdrom
      sh VBoxLinuxAdditions.run

    Hope this helps.

    Alejandro,


    Wednesday, May 19, 2021

    Solved: nping - libnsock mksock_bind_addr(): Bind to 2001:db8:1::1:0 failed (IOD #1): Cannot assign requested address (99)

     Problem:

      When using nping (which comes with nmap) we receive the message:

    libnsock mksock_bind_addr(): Bind to 2001:db8:1::1:0 failed (IOD #1): Cannot assign requested address (99)


    Current situation:
      The issue is that nping can not bind to the IP 2001:db8:1::1


    Solution:
      There could be many different solutions, I'm only going to mention one.  What I did was to create a logical interface (tunnel type) with the IPv6 address I was needing (2001:db8:1::1). Here you have the commands.

    ip tuntap add mode tun dev tun1
    ip -6 addr add 2001:db8:1::1 dev tun1
    ifconfig tun1 up


    Finally, you could execute something like:

    nping -6 -S 2001:db8:1::1 --tcp-connect -c 2 -p 53 <ipv6_dest> --source-mac 00:50:XX:XX:XX:35  --dest-mac 2c:XX:XX:XX:44:20


    Hope this is useful

    Thursday, September 3, 2020

    Solved: Closing connection because of an I/O error in FRR - at least in Ubuntu

     If you are getting this message in FRR:

    Closing connection because of an I/O error in FR


    The solution is straight forward. You have to compile FRR with this flag:

    --enable-systemd


    So, it would be something like:

    ./configure \

        --prefix=/usr \

        --includedir=\${prefix}/include \

        --enable-exampledir=\${prefix}/share/doc/frr/examples \

        --bindir=\${prefix}/bin \

        --sbindir=\${prefix}/lib/frr \

        --libdir=\${prefix}/lib/frr \

        --libexecdir=\${prefix}/lib/frr \

        --localstatedir=/var/run/frr \

        --sysconfdir=/etc/frr \

        --with-moduledir=\${prefix}/lib/frr/modules \

        --with-libyang-pluginsdir=\${prefix}/lib/frr/libyang_plugins \

        --enable-configfile-mask=0640 \

        --enable-logfile-mask=0640 \

        --enable-snmp=agentx \

        --enable-multipath=64 \

        --enable-user=frr \

        --enable-group=frr \

        --enable-vty-group=frrvty \

        --with-pkg-git-version \

        --enable-systemd

        --with-pkg-extra-version=-MyOwnFRRVersion



    you can follow those instructions and adding my previous solution:

    http://docs.frrouting.org/projects/dev-guide/en/latest/building-frr-for-ubuntu2004.html

    Friday, July 13, 2018

    How to run Flask framework to listen in both IPv4 and IPv6 (DualStack)

    Issue:
      How to run Flask framework to listen in both IPv4 and IPv6 (DualStack)

    Answer:
      app.run(host='::',port=5005)



    Start your machine learning or AI journey with Runpod. If you need affordable GPU rental , RunPod has the lowest prices. Rent a NVIDIA RTX A6000 with 48GB VRAM, or other models like NVIDIA 3090.

    Monday, August 21, 2017

    My humble results. Testing ping to loopback using v4 and v6

    Hello there,
      Regarding RTT v4 vs v6 I did something "interesting" recently, would like to know your thoughs.
      If you ping6 your loopback (let´s say 1000 packets) interface with Windows or Linux, v6 is faster.
      Now try the same on MAC (El capitan for example).., v6 is 20-25% slower.
      I did the above with many devices (and asked some friends) and the behavior was pretty much the same.


    MAC:
    --- 127.0.0.1 ping statistics ---
    100 packets transmitted, 100 packets received, 0.0% packet loss
    round-trip min/avg/max/stddev = 0.037/0.098/1.062/0.112 ms

    --- ::1 ping6 statistics ---
    100 packets transmitted, 100 packets received, 0.0% packet loss
    round-trip min/avg/max/std-dev = 0.058/0.120/0.194/0.027 ms




    Linux:
    --- 127.0.0.1 ping statistics ---
    100 packets transmitted, 100 received, 0% packet loss, time 98999ms
    rtt min/avg/max/mdev = 0.015/0.021/0.049/0.007 ms

    --- ::1 ping statistics ---
    100 packets transmitted, 100 received, 0% packet loss, time 99013ms
    rtt min/avg/max/mdev = 0.019/0.031/0.040/0.004 ms



    Windows 10:

    Ping statistics for ::1:
        Packets: Sent = 100, Received = 100, Lost = 0 (0% loss),
    Approximate round trip times in milli-seconds:
        Minimum = 0ms, Maximum = 0ms, Average = 0ms



    Ping statistics for 127.0.0.1:
        Packets: Sent = 100, Received = 100, Lost = 0 (0% loss),
    Approximate round trip times in milli-seconds:
        Minimum = 0ms, Maximum = 4ms, Average = 0ms



    Bye,


    wetheitteam.com
    Where to order pain Relief without prescription
    vivo v15 pro

    Monday, February 29, 2016

    Read a BGP live stream from CAIDA

    Objective
      Read a BGP live stream from CAIDA and insert them into a BGP session

    What do we need
      bgpreader from the bgpstream core package provided by Caida
      bgp_simple.pl obtained in github

    Overview
      We will read the BGP live stream feed using bgpreader, then the standard output of it will be redirected to a pipe file (mkfifo) where a perl script called bgpsimple will be reading this file. This very same script will established the BGP session against a BGP speaker and announce the prefixes received in the stream.

    LAB Topology
      The configuration was already tested in Cisco & Quagga
      The BGP Speaker (Cisco/Quagga) has the IPv4 address 192.168.1.1
      The BGP Simple Linux box has the IP 192.168.1.2

    How does it works?
      bgpreader has the ability to write his output in the -m format used by libbgpdump (by RIPENCC), this is the very same format bgpsimple uses as stdin. That's why myroutes is a PIPE file (created with mkfifo).

    Steps:  

    INSTALL BGP READER - UBUNTU 15.04

    First install general some packages:
    apt-get install apt-file libsqlite3-dev libsqlite3 libmysqlclient-dev libmysqlclient
    apt-get install libcurl-dev libcurl  autoconf git libssl-dev
    apt-get install build-essential zlib1g-dev libbz2-dev
    apt-get install libtool git
    apt-get install zlib1g-dev

    Also intall wandio
    wandio-1.0.3
    git clone https://github.com/alistairking/wandio

    ./configure

    cd wandio
    ./bootstrap.sh
    ./configure && ./make && ./make install
    wandiocat http://www.apple.com/library/test/success.html

    to test wandio:
    wandiocat http://www.apple.com/library/test/success.html

    Download bgp reader tarball from:
    https://bgpstream.caida.org/download

    #ldconfig (before testing)

    #mkfifo myroutes

    to test bgpreader:
    ./bgpreader -p caida-bmp -w 1453912260 -m
    (wait some seconds and then you will see something)

    # git clone https://github.com/xdel/bgpsimple


    Finally run everything
    In two separate terminals (or any other way you would like to do it):

    ./bgpreader -p caida-bmp -w 1453912260 -m > /usr/src/bgpsimple/myroutes
    ./bgp_simple.pl -myas 65000 -myip 192.168.1.2 -peerip 192.168.1.1 -peeras 65000 -p myroutes

    One more time, what will happen behind this?
    bgpreader will read an online feed from a project called caida-bmp with starting timestamp 1453912260 (Jan 27 2016, 16:31) in "-m" format, It means a libbgpdump format (see references). The stardard output of all this will be send to the file /usr/src/bgpsimple/myroutes which is a "pipe file". At the same time, bgp_simple.pl will create an iBGP session againts peer 192.168.1.1/AS65000 (a bgp speaker such as Quagga or Cisco). bgp_simple.pl will read myroutes files and send what it seems in this file thru the iBGP Session.

    Important information
    - The BGP Session won't be established until there is something in the file myroutes
    - eBGP multi-hop session are allowed
    - You have to wait short time (few seconds) until bgpreaders start to actually see something and bgp_simple.pl starts to announce to the BGP peer

    References / More information:
    -Part of the work was based on:
    http://evilrouters.net/2009/08/21/getting-bgp-routes-into-dynamips-with-video/

    - Caida BGP Stream:
    https://bgpstream.caida.org/

    - bgpreader info:
    https://bgpstream.caida.org/docs/tools/bgpreader

    - RIPE NCC libbgpdump:
    http://www.ris.ripe.net/source/bgpdump/

    - Introduction of "Named Pipes" (pipe files in Linux):
    http://www.linuxjournal.com/article/2156

    Tuesday, February 17, 2015

    Solution to quagga vtysh "Exiting: failed to connect to any daemons."

    Description:
       When you run the command in the linux shell vtysh to connect to the quagga daemons (such as bgpd, ospfd, etc) returns  the following error "Exiting: failed to connect to any daemons"

    Just like this:

    alejandro @ miserver: ~ $ vtysh -d bgpd
    Exiting: failed to connect to any daemons.

    alejandro @ miserver: ~ $ vtysh
    Exiting: failed to connect to any daemons.


    Solution:
       The solution is to add the user that is executing vtysh to the quagga group. To do this edit the /etc/group file.
       After editing /etc/group should be something like:

    quagga:x:1003:alejandro

    You can specify multiple users doing:

    quagga:x:1003:alejandro, john


       This is necessary because vtysh tries to connect to the daemons using UNIX domain sockets and not all users (for security reasons) have access to these sockets.

    Another solution:
       Another solution might be during the compilation phase where you can specify the linux/unix group for sockets mentioned above. Example:

    ./configure --enable-vty-group = group


       Good luck, I hope this helped,

    Monday, December 8, 2014

    Python Script: Probably useless but functional IPv6 Network scanner

    Below is the code of what is probably useless but a functional IPv6 host scanner written in Python using threading.

    To perform a regular (brute force) network scans in an IPv6 Network is almost impossible it can take over 5.000 years to finish.

    This project was purely academic and I just wanted to learn about threading in Python.

    This software is not recommended for general usage.....

    This  script  will call the OS to actually perform the ping

    This software receives two parameters:
    a) Prefix to scan in the format 2001:db8::/64 (subnet, not host)
    b) Number of simultaneous processes it can run (MAXPINGS)

    One more time it was purely academic stuff but hopefully it can make your day

    Finally, AFAIK nmap does not yet support IPv6 network scan.

    The code written in python3:

    --- cut here ---

    #!/usr/bin/python3

    import threading
    import sys
    import ipaddress
    import subprocess
    import time

    CURRENTPINGS=0 # Number of simultaneous ping at a time

    def DOPING6(IPv6ADDRESS):
      global MAXPINGS, CURRENTPINGS
      CURRENTPINGS+=1
      CMD="ping6 -c 3 "+str(IPv6ADDRESS) + " 2> /dev/null > /dev/null"
      return_code = subprocess.call(CMD, shell=True)
      if return_code == 0:  #If ping was succesful
        print (IPv6ADDRESS," is alive")
     
      CURRENTPINGS-=1
     
    def main():
      global MAXPINGS, CURRENTPINGS
      if len(sys.argv) != 3: #Validate how many parameters we are receiving
        print("  Not enough or too many parameter")
        print("  Usage: ./scanipv6.py IPv6Prefix/lenght MAXPINGS")
        print("  Example: ./scanipv6.py 2001:db8::/64 20")
        print("  Prefix lenght can be between 64-128")
        print("  MAXPINGS corresponds to how many pings will be running at the same time")
        exit()

      SUBNET,MASK=sys.argv[1].split("/")
      MAXPINGS=int(sys.argv[2])

      for addr in ipaddress.IPv6Network(sys.argv[1]):  #Let's loop for each address in the Block
        ping_thread=threading.Thread(target=DOPING6,args=(addr,))

        while CURRENTPINGS >= MAXPINGS: # With this while we make it possible to run max simultaneous pings
          time.sleep(1)  # Let's wait one second before proceeding
          #print ("Interrumping...., CURRENTPINGS > MAXPINGS") #Uncomment this line just for debugging

        ping_thread.start()

    main()

    Monday, January 28, 2013

    Installing Linux in a Sun Fire Server

    Introduction:
    The following describes the procedure for installing the operating system Debian GNU / Linux on a Sun Fire V210 Hardware. 


    First:
    * As we know, this has not Hardware Out Video Card VGA or PS2 port for Keyboard. What if it has a serial port for Management.  
    * This server is  64-bit SPARC architecture.

    Procedure:

    1. - Download Image.
    You can download the distro from http://cdimage.debian.org/debian-cd/6.0.3/sparc/iso-cd/
    You will need least CD number 1
    Then downloaded ISO: http://cdimage.debian.org/debian-cd/6.0.3/sparc/iso-cd/debian-6.0.3-sparc-CD-1.iso


    Please remember to burn the image a low speed, it's good to avoid some drawbacks.



    2.- Place the Debian CD image to the CD / DVD ROM Server.
    3. - Now, we must establish a connection via Serial COM with the Sun Fire V210 server.
    We can use Hyperterminal, Minicom or even PuTTYtel.

    To create the serial connection you will need the following parameters:
     9600,8, n, 1 (Default). 

    The cable is a cable type used Rollover (NOT crossover). Typically console cables Cisco equipment will work.

    3. - Start the server. The challenge is to make Boot from CDROM drive.
    To do this, do the following: When the server is starting, we pressed Sequence 'STOP + A'.
    In a conventional keyboard, this sequence is the same as 'CTRL + SHIFT + BREAK' or 'CTRL + BREAK'.
    In doing so, you will get PROMPT {} Ok, when that happens we do the following:
    {} Ok printenv auto-boot (To see the State Flag of the auto-boot)
    {} Ok setenv auto-boot false (for setting the auto-boot Flag False)
    {} Ok reset-all (Reboot the System)
    4. - When the computer restarts, return to Press 'STOP + A', and at the prompt {} Ok we do isinstructed to do Boot from CDROM, so:{} Ok boot cdrom 

    4.- From that moment, the server should begin to start from the CDROM drive. I recommend to use the terminal in Full Screen mode to see the installation as if it were a monitor connected to the server.

    5.- From this point, it follows exactly the Debian installation procedure (Users, Partitions, Repositories, etc..)
    Key Points:- Download the ISO image for SPARC 64.- The sequence 'STOP + A', which can be also 'CTRL + BRAK' or 'CTRL + SHIFT + BREAK'.- Place the screen in full screen.- If at any time the connection is lost Serial (usual with PuTTYtel), simply close and reopen theSerial Connection and type any key to recover the installation.- The system boots from the CDROM cuandl being the PROMPT {} Ok you type 'boot cdrom (Very Important ...!)
    - To start the server automatically is necessary in ok prompt type the following:

    auto-boot? = trueboot-device = disk


     
    I hope it is useful.






    Manual based on documentation of Professor Jose Gregorio Cotua

    Saturday, January 12, 2013

    Error 1017 in Cacti. MySQL. Blank Graphics

    Error:
    4/7/2012 5:37:49 PM - CMDPHP: Poller [0] ERROR: SQL Cell Failed!, Error: '1017 ', SQL: "SELECT count (*) FROM polle
    WHERE r_time poller_id = 0 AND end_time> '0000-00-00 00:00:00 '"

    4/7/2012 5:38:34 PM - CMDPHP: Poller [0] ERROR: SQL Cell Failed!, Error: '1017 ', SQL: "SELECT count (*) FROM polle
    r_time WHERE end_time = '0000-00-00 00:00:00 '"

    Procedure:
    If the file cacti.log you see the above error tt indicates a failure with poller_output mysql table.
    In this respect, I have seem three different solutions, order from the less risky to the highest.

    1) Repair mysql table with a php script that brings cacti

    # php $PATH-TO-CACTI/cli/repair_database.php

    2) Repair the table with mysql command:

    # mysql> REPAIR TABLE poller_output;

    If you do not know the user information for the mysql database, it can be found here:

    $PATH-TO-CACTI/include/config.php


    3) Remove the table and do it again (this solution despite being aggressive works perfectly and you do not lose the historic Cacti information). Just enters the mysql CLI and copy/paste the following:

    -
    - Table structure for table `poller_output`
    -
    DROP TABLE IF EXISTS `poller_output`;
    CREATE TABLE `poller_output` (
    MEDIUMINT local_data_id `` (8) unsigned NOT NULL default '0 ',
    Rrd_name `` varchar (19) NOT NULL default'',
    `Time` datetime NOT NULL default '0000-00-00 00:00:00 ',
    `Output` text NOT NULL,
    PRIMARY KEY (`local_data_id`, `rrd_name`, `time`)
    ) TYPE = MyISAM;
    -
    - Dumping data for table `poller_output`
    -
    Poller_output `LOCK TABLES` WRITE;
    / *! 40000 ALTER TABLE `poller_output` DISABLE KEYS * /;
    / *! 40000 ALTER TABLE `poller_output` ENABLE KEYS * /;
    UNLOCK TABLES;


    Ready!, Then you can wait for the poller runs 15 minutes and you will have something in your graphs. If you want to force the poller command is as follows:

    # /usr/bin/php-q /var /www/miServer-cacti/poller.php  -force

    I hope it will be useful,


    Saturday, January 5, 2013

    Disable / shutdown iptables on Linux

    Introduction:
    Sometimes it is necessary to "shutdown" or disable our Linux iptables, the procedure depends on the Linux distribution you're using.  
    1) Procedure if you are using Redhat, Fedora, Mandriva / Mandrake or Centos, you just have to run the following:
    # service iptables save
    # service iptables stop
    # chkconfig iptables off
    or
    # / etc /init.d/iptables stop


    2) How to disable iptables on Debian or Ubuntu

    a) Create a script called fw.stop with the following contents:

    # /bin/sh
    echo "Stopping firewall and Allowing everyone ..."
    iptables -F
    iptables -X
    iptables -t nat -F
    iptables -t nat -X
    iptables -t mangle -F
    iptables -t mangle -X
    iptables -P INPUT ACCEPT
    iptables -P FORWARD ACCEPT
    iptables -P OUTPUT ACCEPT

    b) Give execute permission to the script:

    # chmod + x / root / fw.stop
    or
    # chmod 755 fw.stop
    c) You can run the scritp with the following command:
    # ./fw.stop

    More info at:
    http://sources68.com/linux-disable-remove-the-iptables-firewall-1fa67761.html
    http://blog.acostasite.com/2012/09/deshabilitar-iptables-en-linux.html