Opensolaris – Samba and Network browsing

If you’ve setup samba (rather than the builtin cifs/smb) chances are that you can only browse to your samba shares directly on IP only.

If you want your box “network browseable” you’ll need to load nmbd.

You can find a really good write up on modifiying the SMF for samba to autostart the required service here : http://wikis.sun.com/display/BigAdmin/Enabling+Browsing+with+Samba+in+Solaris+10+Update+4

import this file samba.xml

run these commands;

# svcadm disable samba
# svccfg import samba.xml
# svccfg delete svc:/network/samba:default
# svcadm refresh samba:smbd
# svcadm refresh samba:nmbd
# svcadm enable samba:smbd
# svcadm enable samba:nmbd

opensolaris – jumbo frames

If your keen on enabling jumbo frames in opensolaris this is the way…

http://docs.sun.com/app/docs/doc/819-6990/gdyqk?l=en&a=view

# dladm show-phys
LINK       MEDIA        STATE     SPEED     DUPLEX     DEVICE
net0       ether        up        100Mb     full       bge0
itops1     ether        up        100Mb     full       qfe3
web1       ether        up        100Mb     full       bge1
# dladm show-linkprop -p mtu web1
LINK     PROPERTY     VALUE     DEFAULT     POSSIBLE
web1     mtu          1500      1500        —
# ifconfig web1 unplumb
# dladm set-linkprop -p mtu=9000 web1
# ifconfig web1 plumb 10.10.1.2/24 up
# dladm show-link web1
LINK     CLASS     MTU      STATE     OVER
web1     phys      9000     up        —
dladm show-phys
LINK       MEDIA        STATE     SPEED     DUPLEX     DEVICE
net0       ether        up        100Mb     full       bge0
itops1     ether        up        100Mb     full       qfe3
web1       ether        up        100Mb     full       bge1

dladm show-linkprop -p mtu web1
LINK     PROPERTY     VALUE     DEFAULT     POSSIBLE
web1     mtu          1500      1500        —

ifconfig web1 unplumb
dladm set-linkprop -p mtu=9000 web1
ifconfig web1 plumb 10.10.1.2/24 up

dladm show-link web1
LINK     CLASS     MTU      STATE     OVER
web1     phys      9000     up        —
Done.
Note: this is not something that i would recommend or currently use. I prefer trunking two nics to give additional performance. http://sigtar.com/2009/07/20/opensolaris-network-teaming/

VirtualBox – Dup on ping

I’ve had this with certain kernels (2009.06) on opensolaris. Seems there is some incompatibility between some kernels and the opensolaris virtualbox network emulation. This only seems to effect linux virtual guests.

When you try to ping an address you get something like this…

[root@VA-DHCPWEB ~]# ping 192.168.9.15
PING 192.168.9.15 (192.168.9.15) 56(84) bytes of data.
64 bytes from 192.168.9.15: icmp_seq=1 ttl=128 time=1.85 ms
64 bytes from 192.168.9.15: icmp_seq=1 ttl=127 time=1.88 ms (DUP!)

I usually forward a port from my dsl router through to a VM, but it does not like it when the network is performing as above. I’m yet to find a permanent fix other than dropping back a kernel level.

I have no VLANs configured, and just have a single unmanaged switch on a single subnet. There is only a single nic configured on the virtual guest. Found this, but didn’t seem to resolve my issues. http://www.virtualbox.org/ticket/2713

If i ping the IP of the vm host it does not have the DUP packets, so it seems to be anything beyond the host adapter.

Update: This problem seemed to show itself with the new kernel / updates on the 2009.06 release of opensolaris. I’ve reverted back to 2008.11 and all seems to be working fine again. It may have something to do with project crossbow (new virtualization around the networking space) http://www.opensolaris.com/use/ProjectCrossbow.pdf

Cisco – adding a static route to router

To show what routes your cisco router currently has loaded type the following command (from the enable prompt) ;

show ip route

To add any new static routes you need to use the following command (from the config terminal prompt) ;

ip route 10.10.20.0 255.255.255.0 192.168.100.1

the syntax as above is ip route network netmask gateway


Corporate Firewall – SSH and port 443 goodness

Things you’ll need; (basic instructions)
SSH – either Linux or Open SSH for windows (set this up first and ensure its working!). I have only used Linux, so i do not know the details of setting up a Open SSH box on windows (good luck).

Router with pinhole or port forwarding abilities. — forward your external 443 port to internal 22 on your SSH box

Putty.exe – use this to test your SSH connection locally (you should be able to connect on port 22 locally or 443 externally)

Your home IP – setup a dyndns account on one of the free services available on the web (either use your router if it has it or get a dyndns client that runs on your ssh box) — i use dyndns.org

Putty is the client side device that you will use when you are not local to your network. If you are connecting to your SSH box from external (i.e. at work) then you’ll need to configure a SSH connection profile to connect on port 443. If you have a proxy at work (which you will most probably have) you need to ensure you have filled out your proxy address and authentication details — select HTTP then enter your username / password. Then try to connect.

When you can successfully connect to your SSH box from work via 443 you can then create SSH tunnels. Under SSH on putty there is a tunnels option. This is where you can forward local ports to your remote ports… for example – 127.0.0.1:82 –> 192.168.0.10:3389. Then if you fire up RDC you can connect to your remote machine via 127.0.0.1:82

Simple? — if i haven’t made a specific part clear please ask any questions and i’ll try to make it easier to follow

Cisco – Switch Reference

Setting up a trunk between switches

Enable Switch to enable mode
Configure Terminal Enter global configuration mode

Interface FastEthernet0/1 Entering interface configuration for port 0/1. This is where you pick the port you want to trunk.

Switchport mode trunk Set port to trunking mode.

Switchport trunk encapsulation dot1q Set trunk type to 802.1q. If your switch only supports either ISL or 802.1q, this command does not exist because there is nothing to specify. This command only works when you can choose between the two.

Switchport trunk allow vlan 10-15,20 Allow only VLANs 10 through 15 and VLAN 20. It is important that you restrict the VLANs to only the ones you need for security best practices.

Exit Exit interface

Exit Exit global configuration

copy run start – save changes to nvram

Setting a switch up as a vtp client…. (VLAN client — cannot modify VLAN information)

vlan database enter vlan database

vtp client set switch vtp to client mode

vtp domain domain-name set switch to this domain – server switch will propergate vlan information across

possible to also set a password

Reset switch to factory defaults….

write erase

reload

Ensure you select NO to “do you wish to save changes”

How to make changes to multiple ports at same time;

interface range FastEthernet 0 – 23 (works on newer IOS)

Else its good ole notepad and terminal – rem that Ctrl-C (as it is sent to the session) does not work in terminial, you have to right cilck and copy. Though its easier to start a capture straight after you type show running-config, modify in notpad and paste back into config terminal.