Daz – Page 31 – sigtar.com

VirtualBox – Dup on ping

Posted on June 22, 2009 by Daz — No Comments ↓

I’ve had this with certain kernels (2009.06) on opensolaris. Seems there is some incompatibility between some kernels and the opensolaris virtualbox network emulation. This only seems to effect linux virtual guests.

When you try to ping an address you get something like this…

[root@VA-DHCPWEB ~]# ping 192.168.9.15
PING 192.168.9.15 (192.168.9.15) 56(84) bytes of data.
64 bytes from 192.168.9.15: icmp_seq=1 ttl=128 time=1.85 ms
64 bytes from 192.168.9.15: icmp_seq=1 ttl=127 time=1.88 ms (DUP!)

I usually forward a port from my dsl router through to a VM, but it does not like it when the network is performing as above. I’m yet to find a permanent fix other than dropping back a kernel level.

I have no VLANs configured, and just have a single unmanaged switch on a single subnet. There is only a single nic configured on the virtual guest. Found this, but didn’t seem to resolve my issues. http://www.virtualbox.org/ticket/2713

If i ping the IP of the vm host it does not have the DUP packets, so it seems to be anything beyond the host adapter.

Update: This problem seemed to show itself with the new kernel / updates on the 2009.06 release of opensolaris. I’ve reverted back to 2008.11 and all seems to be working fine again. It may have something to do with project crossbow (new virtualization around the networking space) http://www.opensolaris.com/use/ProjectCrossbow.pdf

True Image – Machine cannot log into domain

Posted on June 18, 2009 by Daz — 1 Comment ↓

I’ve used true image for testing packages etc then reverting back to a standard image for further testing. But there can be a problem if the machine updates it domain password then you revert back to the original image. It will not let you logon to the domain if the passwords don’t match.

The way to prevent this is to disable password update so that hte machine does not change its password as per the domain policy.

So if a computer is turned off for three months nothing expires. When the computer starts up, it will notice that its password is older than 30 days and will initiate action to change it. The Netlogon service on the client computer is responsible for doing this. This is only applicable if the machine is turned off for such a long time.

http://blogs.technet.com/askds/archive/2009/02/13/machine-account-password-process.aspx

Warning If you disable machine account password changes, there are security risks because the security channel is used for pass-through authentication. If someone discovers a password, he or she can potentially perform pass-through authentication to the domain controller.

Here is the article that talks about disabling automatic machine account password change.

Key = HKLM\SYSTEM\CurrentControlSet\Services\NetLogon\Parameters
Value = DisablePasswordChange REG_DWORD
Default = 0

Changing this key to 1 will disable password change for this PC. Then you can safely image the machine without having to worry about the machine changing its password with the domain controller.

Cisco – adding a static route to router

Posted on June 17, 2009 by Daz — No Comments ↓

To show what routes your cisco router currently has loaded type the following command (from the enable prompt) ;

show ip route

To add any new static routes you need to use the following command (from the config terminal prompt) ;

ip route 10.10.20.0 255.255.255.0 192.168.100.1

the syntax as above is ip route network netmask gateway

Cisco – MLS (QoS) on a switch

Posted on June 12, 2009 by Daz — No Comments ↓

If you find alot of MLS entries in your running-config file you may have QoS enabled. Within the lab i dont require QoS (Quality of Service) to be enabled so have disabled it via this command (config t);

no mls qos

Note: this was a 2960G switch.

Remember to save running config to startup config. Done.

A good reference page here…

http://www.cisco.com/en/US/docs/switches/lan/catalyst2960/software/release/12.2_37_ey/configuration/guide/swqos.html#wp1021247

Squid – optimizing cache hits

Posted on June 10, 2009 by Daz — No Comments ↓

The first place to look for increasing your hit ratio is the refresh_pattern parameter within the squid.conf file.

Note: the following applies to squid 3.0 and higher only….

I have found a really good page here http://linux.com/archive/feature/153221 that explains some good setups if you with to increase your cache hits…

refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i \.(gif|png|jpg|jpeg|ico)$ 10080 90% 43200 override-expire ignore-no-cache ignore-no-store ignore-private
refresh_pattern -i \.(iso|avi|wav|mp3|mp4|mpeg|swf|flv|x-flv)$ 43200 90% 432000 override-expire ignore-no-cache ignore-no-store ignore-private
refresh_pattern -i \.(deb|rpm|exe|zip|tar|tgz|ram|rar|bin|ppt|doc|tiff)$ 10080 90% 43200 override-expire ignore-no-cache ignore-no-store ignore-private
refresh_pattern -i \.index.(html|htm)$ 0 40% 10080
refresh_pattern -i \.(html|htm|css|js)$ 1440 40% 40320
refresh_pattern . 0 40% 40320

This is an example of a site that you may wish to heavily cache…

refresh_pattern -i youtube.com/.* 10080 90% 43200

http://wiki.squid-cache.org/ConfigExamples/DynamicContent/YouTube

# REMOVE these lines from squid.conf

acl QUERY urlpath_regex cgi-bin \?
cache deny QUERY

# Break HTTP standard for flash videos. Keep them in cache even if asked not to.
refresh_pattern -i \.flv$ 10080 90% 999999 ignore-no-cache override-expire ignore-private

# Apparently youtube.com use 'Range' requests
# - not seen, but presumably when a video is stopped for a long while then resumed, (or fast-forwarded).
# - convert range requests into a full-file request, so squid can cache it
# NP: BUT slows down their _first_ load time.
quick_abort_min -1 KB

# Also videos are LARGE; make sure you aren't killing them as 'too big to save'
# - squid defaults to 4MB, which is too small for videos and even some sound files
maximum_object_size 4 GB

# Let the clients favorite video site through with full caching
# - they can come from any of a number of youtube.com subdomains.
# - this is NOT ideal, the 'merging' of identical content is really needed here
acl youtube dstdomain .youtube.com
cache allow youtube

# kept to demonstrate that the refresh_patterns involved above go before this.
# You may be missing the CGI pattern, it will need to be added if so.
refresh_pattern -i (/cgi-bin/|\?)   0   0%      0
refresh_pattern .                   0   0%   4320