2011/04/01

Howto Vyatta DNAT : one outside ip directly to inside ip

Just a small tutorial on howto create a natted network. In my setup the outside ip is 10.5.4.2 (in effect my users would surf to this address). This ip is added to eth0. Very important because otherwise vyatta won't pick packets for this ip, I learned that the hard way. Internally in a private network the ip of the server is 10.114.114.2 . Notice that on the inside interface I only have to set my own IP as the 10.114.114.2 ip address is consumed by the server.

This was configured in the following way

 interfaces {
     ethernet eth0 {
         address 10.5.4.13/20
         address 10.5.4.2/20
         hw-id 00:0c:29:20:a5:f0
     }
    ethernet eth1 {
         address 10.114.114.13/24
         hw-id 00:0c:29:20:a5:fa
     }

 service {
     nat {
         rule 2 {
             destination {
                 address 10.5.4.2
             }
             inbound-interface eth0
             inside-address {
                 address 10.114.114.2
             }
             protocol all
             source {
                 address 0.0.0.0/0
             }
             type destination
         }

Notice that the vyatta router is address .13 but i added .2 so that vyatta can Nat this ip to the internal 10.114.114.2 ip address. The destination rule is the ip my users use to connect to the inside-address 10.114.114.2 . The source address statement tells the router that every pc in the whole wide world can connect to this 10.5.4.2 and will be nated. You can have multiple servers natted, just add extra ip addresses on eth0 and create extra rules.
Posted by at No comments:

Bladecenter switches acting funny

Today I had a nice problem. When a second switch was added to the a 3 com uplink switch the network went down. Not so very nice. I fixed it in a not so good way but it gives me a clue were to start looking for the error. I executed the following on both switches.

interface range GigabitEthernet0/17 - 20
spanning-tree portfast trunk
spanning-tree bpdufilter enable
spanning-tree bpduguard enable
!

Basically this means that the switch will not do Spanning tree on its external ports. Do not do this if you are unsure that you have loops or not. In my case I was quite sure so I just did it :) . Probably some 3 com spanning tree protocol that does not talk nice with rapid-pvst
Posted by at No comments:

2011/03/30

Growl fun on Mac

Growl is a general accepted way of notifying something to users in Mac. You are probably using (for example the twitter app can send you updates via Growl) but what you might not now is that you can easily script. It is quite easy although I haven't figured out the details.

First you need to install the library. You can compile it yourself but you can also easy install it
sudo easy_install-2.6 py-Growl

Then you can test it
>>> import Growl
/Library/Python/2.6/site-packages/py_Growl-0.0.7-py2.6-macosx-10.6-universal.egg/Growl.py:17: DeprecationWarning: the md5 module is deprecated; use hashlib instead
>>> gn = Growl.GrowlNotifier("overtime",['overtime'])
>>> gn.register()
>>> gn.notify("overtime","Are you still working?","Yes I am!")

(Code from http://prehensile.co.uk/blog/?p=92)
This should display a message if you have installed Growl

I also created a small script that you run directly from cli if you don't like python. You can run it like this in the terminal
$ ./gnotify "Some Test" "A very good test"

BTW SQLAlchemy also install easily via easy_install-2.6 on Mac :)
Posted by at No comments:
Subscribe to: Posts (Atom)