Linux - Shorewall firewall with PPTP VPN dialup client

PPTP VPN uses protocol GRE on two way, both inbound and outbound. Setting up the firewall to allow PPTP VPN dialup client (e.g. Ubuntu's NetworkManager) to use protocol GRE is just a few steps in adding rules and interfaces. This post is based on the previous post "How to set up Shorewall firewall (alternate to FireStarter)", which is a quick tutorial on setting up Shorewall firewall on a single network interface. Here it is :

Linux - How to set up Shorewall firewall (alternate to FireStarter)

There are a few option of firewall interface available on Linux for iptables, both GUI (Graphical User Interface) and CLI (Command Line Interface). FireStarter user interface on GUI is easy to use and configure. The only problem is it does not work properly with PPTP VPN dialup, it blocks protocol GRE. It does provide a workaround (dont ask, it is too painful to remember) but the steps are too tedious and involve the mixture of setup in command line and GUI, and this kind of setup always spells trouble.

Shorewall is another firewall interface that operate on CLI. This is taken from the Shorewall's introduction :

"The Shoreline Firewall, more commonly known as “Shorewall”, is high-level tool for configuring Netfilter. You describe your firewall/gateway requirements using entries in a set of configuration files. Shorewall reads those configuration files and with the help of the iptables, iptables-restore, ip and tc utilities, Shorewall configures Netfilter and the Linux networking subsystem to match your requirements. Shorewall can be used on a dedicated firewall system, a multi-function gateway/router/server or on a standalone GNU/Linux system. Shorewall does not use Netfilter's ipchains compatibility mode and can thus take advantage of Netfilter's connection state tracking capabilities."

Shorewall's way of configuring iptables firewall made easy by just describing the rules and interfaces into a few files and the firewall is ready to go. Shorewall's website also provides extensive documentation on how it works and how to setup.

This post's intended to setup Shorewall in a few simple steps and thus, it is not really suitable to implement it on medium to large enterprise. Here it is :

FreeBSD - Error installing KDE4 or Xine

Halfway through installing KDE4 or any ports that is related to Xine, ended fail with the below error message :

===>  Found saved configuration for libxine-1.1.16.3_1
=> xine-lib-1.1.16.3.tar.bz2 doesn't seem to exist in /usr/ports/distfiles/.
=> Attempting to fetch from http://superb-east.dl.sourceforge.net/sourceforge/xine/.
xine-lib-1.1.16.3.tar.bz2                     100% of 7293 kB  232 kBps 00m00s
===>  Extracting for libxine-1.1.16.3_1
=> MD5 Checksum OK for xine-lib-1.1.16.3.tar.bz2.
=> SHA256 Checksum OK for xine-lib-1.1.16.3.tar.bz2.
===>   libxine-1.1.16.3_1 depends on file: /usr/local/bin/perl5.8.9 - found
===>  Patching for libxine-1.1.16.3_1
===>   libxine-1.1.16.3_1 depends on file: /usr/local/bin/perl5.8.9 - found
===>  Applying FreeBSD patches for libxine-1.1.16.3_1
1 out of 1 hunks failed--saving rejects to src/combined/ffmpeg/Makefile.in.rej
=> Patch patch-src_combined_ffmpeg_Makefile.in failed to apply cleanly.
=> Patch(es) patch-config.rpath patch-configure patch-misc_Makefile.in patch-misc_libxine.pc.in patch-src:libffmpeg:libavcodec:h263.c patch-src:libffmpeg:libavcodec:mpeg12.c patch-src:libffmpeg:libavcodec:msmpeg4.c patch-src:xine-engine:xine_internal.h patch-src_audio_out_audio_oss_out.c applied cleanly.
*** Error code 1

Stop in /usr/ports/multimedia/libxine.
*** Error code 1

It seems that the patching for ffmpeg in libxine fail for some reason. Checking out the freebsd.org bugs database, it is due to ffmpeg in libxine does not need that patch. The solution to it is :

Ubuntu - How to resume NetworkManager managing network interface

After manually editing /etc/network/interfaces for dynamically assigned IP or static IP, Network Manager (the icon sits on the upper panel with 2 monitor) stops working. Specifically it stop managing interface, but manually assigning IP through "ifconfig" or editing config files (/etc/network/interfaces) still works. Another reason NetworkManager stop working is after applying some updates between Intrepid (8.10) to Jaunty (9.04) it just stop working. Here is the solution :

FreeBSD - How to install flash plugin or player to work with FireFox

This post is part of the "How to install FreeBSD as your Desktop" series and it shows how to install flash plugin onto FireFox internet browser in FreeBSD. Here it is :

Freebsd - How to install FreeBSD as your Desktop

UPDATE : After testing PC-BSD for a while (more then 6 months), PC-BSD indeed is a FreeBSD variant that is superior in Desktop environment. Its user friendly installation and configuration have make FreeBSD so much more suitable running as an Desktop. Unless you're interested in figuring out how to tweak and turn FreeBSD to work in a Desktop, give PC-BSD a try, you'll love it!
Check it out at PC-BSD website !!!

PsyberMonkey is turning his desktop to FreeBSD and this is the work he has done :-

1. FreeBSD quick install guide (aka How to install FreeBSD).

2. make sure hardware are detected properly

• How to install or add sound card driver module
• wireless (how to still in progress)
• ACPI (still having trouble making it work)
• remote control through SSH (how to still in progress)
• all others e.g. external drive formatted in FAT32, display card, track pad, external mouse, gigabit network card & etc are detected and function properly.

3. Using ports to install software - go to Section III.

4. Getting KDE, GNOME and XFCE up and running (how to still in progress)
Other miscellaneous stuff :

• How to disable or turn off the keyboard beep sound
• How to assign or remove fixed IP
• IP address automatically assign aka DHCP
• How to install flash plugin or player to work with FireFox
• Backup & restore for disaster recovery
• How to upgrade the kernel or base system
• Error installing KDE4 or Xine

This post will be updated periodically to reflect the progress of using FreeBSD as a Desktop.

Adios !!!

FreeBSD - How to disable or turn off the keyboard beep sound

A reminder to myself on how to disable the keyboard beep sound (serve as an alert) when ever an error occured in the console command line. It is control by a sysctl value. To stop it now on all console, execute :

sysctl hw.syscons.bell=0

To make it permanent, such as every time FreeBSD boots, disable the beep sound :

echo "hw.syscons.bell=0" >> /etc/sysctl.conf

Alternately, to disable only this console :

kbdcontrol -b off

Vaarwel !!!

Freebsd - How to install or add sound card driver module

FreeBSD is getting more and more attention due to its stability and (well done) documentation. Geeks and nerds are getting their hands into installing FreeBSD onto their Desktop or Laptop.  Some might ask "Eh ??? Why ain't ya mentioning the servers? Is BSD.". Sound card, sound card belongs to multimedia. It's mostly meant for entertainment so it's gonna stay on the "personal" thing. e.g. Personal Computer, laptop, notebook, rig, moo or whatever you called it. :p

Back to the topic. This post will try to demo on how to install sound card driver onto FreeBSD.

FreeBSD - How to upgrade the kernel or base system

The nature of FreeBSD is so rock-solid stable that some system administrator adopt the philosophy "if it ain't broken, don't fix it", others, beg to differ. Upgrading & patching of servers should be diligently carry out so that security vulnerabilities are minimize to the least (who can be sure of their servers are 100% secure ???), introduce to new application features (which geek doesn't like new stuff ???) & performance increase (meaner & leaner :) ). Patching can only be done to a certain level then it will need kernel and base system to compile and build the latest patches or upgrades.

Regular upgrade of the FreeBSD kernel and base system is a good way to follow the support schedule. It would mean that your server would have a longer life span in the production. Not because of some latest OS "GUI" release that demand higher RAM for the "processor hungry monster" lies beneath the OS "GUI" release. But rather, it fixes the bugs of the applications, gives you more new functions and make your hardware works harder & faster.

There are some hiccups to take note of. As with all OS upgrade, the will experience up time interruption (aka server down time) . Scenario such as :

:- The performance of the server have greatly draw by the upgrade process and impact the usual services the server runs. Thus the response time of the server fail to serve the users in time and affected the normal operation of the business.

:- The upgrades break the kernel or base system and the server fail to boot.

:- After the first boot up of the upgrade, the applications fail to compile properly and resulted the services fail to start.

:- The is your first FreeBSD upgrade and you can't predict what would happen and hiccups just like to happen at these times. :p

All of the above can be avoided as long as the below points are observe :

• plan and schedule the upgrade with adequate time so that even hiccups happen, there are ample time to solve it.
• plan a trial server upgrade or mock run of the upgrade to anticipate what hiccups might happen and test the solutions. Use the server backup and restore to another hardware, virtual machine or sandbox to test the server upgrade. Drop down every step and retry it if time permits to minimize the hiccups.
• The is the most important one. Always backup/restore perform a full system backup with no less then 1 day of difference. The shorter time of the difference between the backup and the upgrade, the faster and painless the restore process is. This also mean shorter down time.

Freebsd - Backup & restore for disaster recovery

Data are all around servers.. To name a few, file server, email server, LDAP server, web server, DNS server and these are just a few essential servers that make up part of IT section of your company. ERP, CRM, financial projection system, database server, accounting & payroll system are the example of business application. Imagine, what if "some" of these data are loss. It is also worth mentioning that data is so valuable to the company, that partial loss of it might lead to breaking your business continuity !!!

Most of the company operation are depending on these data in the server to make decisions. Data in the servers have never been so important.

Server data disaster recovery planing is a vital process in system administration. It directly shows how much the system administrators understand the importance their role in the business. Reason for data loss can be classified into 2 main categories, natural disaster and man made disaster. Natural disaster that causes data loss includes flood, earthquake, fire hazard and etc. Man made disaster (aka PBKC which denodes Problem Between Keyboard and Chair :p ) examples, hacking activities, accidental data deletion or over written and server maintenance e.g. patching, upgrades, developments, moving to a bigger size of hard disk & etc.

Disaster recovery involves planning, backup & restore. Planning will need identify which are the crucial data to backup and how frequent should it be backup. The next consideration will be what media should the data be save to. Generally, external hard disk (e.g USB) or network based storage (e.g. file server, ssh server, NAS, SAN) are the cheapest & fastest way to store the data. But if the data is to archive, it should go into media e.g. tape, CD, DVD and other optical media. Lastly, all planning and backup of the data should always test against restoration, or else why even plan to save it. :)

This post will concentrate on how to prepare for Server disaster recovery on a FreeBSD server. Do take note Database backup is not cover in this post as Database backup itself, have already a few strategy to look on.

There is an update for this post, please check out the updated post "FreeBSD – Backup and restore FreeBSD using Fixit CD".

FreeBSD - Combine 2 (or more) NIC using network link aggregation and load balance (aka round robin)

Hard disk are getting bigger and bigger. Network interface card (NIC) and switch are getting cheaper and cheaper. It usually means more services can squeeze into a server. Combining multiple network interface into 1 big pipe would be a big plus for services that is bandwidth hungry. e.g. file server, email server & etc

Combining 2 or more network interface have a few advantages. One of them is load balancing. Load balancing enables the network interface card to share the load among the 2 or more network interface card defined. It serves as redundancy as well. But load balancing does not makes full use of the 2 or more network interface, it is meant to share network traffic load.

To fully utilize 2 or more network interface links, link aggregation should be used. Link aggregation is a method to combine 2 or more network interface to become a bigger pipe. It is also a way to combine 2 or more interface to use the same IP address. Using link aggregation can also create redundancy, if one of the link fails, the other links will take over.

This post is using FreeBSD as a server because FreeBSD have all the ports (software packages) you will need and server administration on it is made to ease systems administration daily task.Without further ado, below are the steps to configure 2 (or more) network interfaces to work as 1 big trunk or round robin :

How to check hard disk transfer speed or timing

Storage are getting cheaper and cheaper. Almost a year ago, a 250 GB 2.5" portable hard disk would cost 120 bucks. But now, it only cost 100 bucks for a 500 GB hard disk. Size are getting bigger and bigger with the same monetary value but does the hard disk spins fast enough to fetch the big "gigabytes" in time? Of cause, given "enough" time, any rate of spin could fetch any size of data. Files are getting larger and larger, especially audio & video files. Fetching the files in an reasonable time is crucial.

Before we proceed to check out the command on how to check hard disk transfer speed or read timings, we will need to familiarize our self with hard disk naming convention. Here is a simple guide on how to identify hard disk naming convention in /dev (where device node are store) :

Mozilla Firefox - common keyboard shortcut keys

Firefox have all the bells & whistles to make our internet life happy. Tabs, plugins, portability and keyboard shortcuts. Firefox keyboard shortcuts make browsing addictive, especially to system administrator, which our hands are on the keyboard most of the time. We could use mouse to browse it but wouldn't you think by keeping your hands on the keyboard would increase productivity? :)

Below are the list of keyboard shortcuts plus a few combination of mouse clicks which commonly used in Firefox. There are of cause other shortcuts available but this post only attempt to introduce you with the efficiency of using keyboard shortcuts (almost mouse-less) rather then trying to exhaust your brain memory in crunching the full list of keyboard shortcuts. You can print the below list of Firefox keyboard shortcut keys out and act as a Cheat Sheet. It can be useful in getting familiar initially using the keyboard shortcut keys. Here are the list :

WordPress - plugin upgrade requesting "Connection Information"

This common error happens normally after a WordPress version upgrade. Upon upgrade of plugins, which normally we click on the "upgrade automatically" link on the plugins page, it prompt for "connection information" (with another line of "To performed the requested action, connection information is required.") with "hostname", "username", "password" & "Connection Type" required.

This issue is caused by certain wordpress essentials files or directory are not accessible by WordPress.

PostgreSQL - How to reset user name "postgres" password

PostgreSQL is an open source RDBMS (Relational DataBase Management System) that is not only feature rich, fast and light but also easy to use. Its documentation available at its website is a superb way of learning as well. Browsing the documentation and you will find that its way of explaining is no "bullshit" approach, short and concise.

After the initial installation, one might forget to set the password after running the initial script to setup the database. After a while, naturally, we all forget the password. Below are the steps to reset the password for user name "postgres" :

Nokia E71 and E63 tips - shell or command line access using ssh (secure shell)

The Nokia E71 & E63 is a versatile phone for people that needs the business suite of application, e.g. email, messenger, documents & spreadsheet, camera and most importantly, the symbian platform. The symbian platform is widely used on mobile phones. Symbian's platform also have a wide variety of applications.

For *NIX system administration, shell access to the command line (using ssh) of the  servers are part of our life. Having to own Nokia E71 or E63 is one of the best thing as Putty is available on symbian platform. Putty is a symbian application that can connect to server using shell access or command line by ssh, which take advantage of the built-in QWERTY keyboard on Nokia E71 & E63. Putty also allow to use public key authentication, if the private key is installed on the phone or the memory card (mmc). It also allow to configure ssh (secure shell) client to connect to other ports then the default port 22.

Nagios - Error "Error: Could not open command file '/var/spool/nagios/rw/nagios.cmd' for update"

After an upgrade of Nagios, Nagios re-schedule function for next service check is not working. The Nagios web interface complained "Error: Could not open command file '/var/spool/nagios/rw/nagios.cmd' for update". Its problem lies on the webserver was unable to access the file to update the schedule.

sudo - How to create another root (equivalent) account on linux or freebsd

The usual root account are meant for critical task, such as single user mode related operation. It hails the power of the system, as well the power of destruction (try "rm -rf /" :p). That's the reason why a lot of company have a policy to seal the root account or make some red tape so that one will give up requesting to use it. But sealing the root account will make daily routine system administration task difficult to execute.

No worries, sudo is the tool to clone another account with root privilege or control the access of critical command of a linux or BSD box. Every command that runs through sudo will be log to /var/log/auth.log.

Wordpress - missing tool bar from visual editor after upgrading wordpress

WordPress 2.8 is available for upgrade from either the Dashboard (by 1 click upgrade) or manually download it from wordpress.org and install it through command line. If you are using the first option, which upgrade through the Dashboard, you might noticed that after the upgrade, the Visual Editor might stop working or the tool bar is missing from the Visual Editor. Google it will bring you to wordpress.org and recommand you to do some tedious troubleshooting steps.

This blog have just upgraded and encounter the same problem. After following the recommendations, step 3 of it works, which is removing the current wp-includes and wp-admin folder then replace it with the latest version of it by downloading latest.tar.gz from wordpress.org and extract from it.

Ciao !!!

Ubuntu - How to add or create hard disk partition and make it automatically mount

In Ubuntu, adding or managing new partition or hard disk should use UUID (Universally Unique Identifier) of the device rather then using the device node name. e.g. /dev/sda2, /dev/hda3, /dev/sda5 and etc. IMHO its advantage compare to the conventional way of mounting device, using /dev/sda or /dev/hda are :

• UUID is unique when it comes to device node naming. e.g. multiple USB device plug in and out can generate different /dev/sda nodes.

• UUID have been used by ubuntu by default to assign partition or hard disk in /etc/fstab.
• UUID have 256¹⁶ of combination and it takes a very long time to exhaust it even though if we were to generate it fast enough. e.g. generating 1 trillion a nano second would take 10 years to exhaust it.
• using UUID will list the partition or hard disk to appear in the 'File Browser' (aka Nautilus) under 'Places'.

This post will list 2 ways to get the UUIDs in order to make the new partition or hard disk automatically mount under Linux (or particularly Ubuntu), the command line and the GUI (Graphical User Interface) programs provided by Ubuntu.