Howto Vyatta DNAT : one outside ip directly to inside ip

Just a small tutorial on howto create a natted network. In my setup the outside ip is 10.5.4.2 (in effect my users would surf to this address). This ip is added to eth0. Very important because otherwise vyatta won't pick packets for this ip, I learned that the hard way. Internally in a private network the ip of the server is 10.114.114.2 . Notice that on the inside interface I only have to set my own IP as the 10.114.114.2 ip address is consumed by the server.

This was configured in the following way

 interfaces {
     ethernet eth0 {
         address 10.5.4.13/20
         address 10.5.4.2/20
         hw-id 00:0c:29:20:a5:f0
     }
    ethernet eth1 {
         address 10.114.114.13/24
         hw-id 00:0c:29:20:a5:fa
     }

 service {
     nat {
         rule 2 {
             destination {
                 address 10.5.4.2
             }
             inbound-interface eth0
             inside-address {
                 address 10.114.114.2
             }
             protocol all
             source {
                 address 0.0.0.0/0
             }
             type destination
         }

Notice that the vyatta router is address .13 but i added .2 so that vyatta can Nat this ip to the internal 10.114.114.2 ip address. The destination rule is the ip my users use to connect to the inside-address 10.114.114.2 . The source address statement tells the router that every pc in the whole wide world can connect to this 10.5.4.2 and will be nated. You can have multiple servers natted, just add extra ip addresses on eth0 and create extra rules.

Bladecenter switches acting funny

Today I had a nice problem. When a second switch was added to the a 3 com uplink switch the network went down. Not so very nice. I fixed it in a not so good way but it gives me a clue were to start looking for the error. I executed the following on both switches.

interface range GigabitEthernet0/17 - 20

spanning-tree portfast trunk

spanning-tree bpdufilter enable

spanning-tree bpduguard enable

!

Basically this means that the switch will not do Spanning tree on its external ports. Do not do this if you are unsure that you have loops or not. In my case I was quite sure so I just did it :) . Probably some 3 com spanning tree protocol that does not talk nice with rapid-pvst

Growl fun on Mac

Growl is a general accepted way of notifying something to users in Mac. You are probably using (for example the twitter app can send you updates via Growl) but what you might not now is that you can easily script. It is quite easy although I haven't figured out the details.

First you need to install the library. You can compile it yourself but you can also easy install it

sudo easy_install-2.6 py-Growl

Then you can test it

>>> import Growl

/Library/Python/2.6/site-packages/py_Growl-0.0.7-py2.6-macosx-10.6-universal.egg/Growl.py:17: DeprecationWarning: the md5 module is deprecated; use hashlib instead

>>> gn = Growl.GrowlNotifier("overtime",['overtime'])

>>> gn.register()

>>> gn.notify("overtime","Are you still working?","Yes I am!")

(Code from http://prehensile.co.uk/blog/?p=92)

This should display a message if you have installed Growl

I also created a small script that you run directly from cli if you don't like python. You can run it like this in the terminal

$ ./gnotify "Some Test" "A very good test"

(download)

BTW SQLAlchemy also install easily via easy_install-2.6 on Mac :)

Installing python 26 + sqlalchemy on centos

Turns out there is a very very very easy . Just use the repo for fedora on the redhat site.

rpm -Uvh http://download.fedora.redhat.com/pub/epel/5/x86_64/epel-release-5-4.noarch.rpm

yum install python26 python26-devel python26-distribute python26-tools

easy_install-2.6 SQLAlchemy

test it via

python2.6

>>>import sqlalchemy

>>>sqlalchemy.__version__

Random password in CLI

Just a small script so that we can generate passwords from the command line

NUMPASS=10

if [[ "$1" =~ ^[0-9]+$ ]] ; then

NUMPASS=$1

fi

echo "Spicy salt $(date)" | md5sum | sed "s/\(.\{$NUMPASS\}\).*/\1/"

Zimbra server status all red crosses

I always have this problem when configuring zimbra servers (everything is working fine but service have red crosses in the web gui). At this point I tried this and waiting if it will help :)

su - zimbra

zmsshkeygen

zmupdateauthkeys

zmloggerctl stop ; zmloggerctl start

Blueprint script to create DNS records in AD

Create this following code as a bat. You can than run the following (assuming you called the bat adddns.bat):

>adddns mynewhost01 0 10

This will create the records for a host 192.168.0.10 (in the example)

@echo off

:start

if "%1" == "" goto error

if "%2" == "" goto error

if "%3" == "" goto error

dnscmd abinbev.demo /recordadd yourdomain.com %1 A 192.168.%2.%3

dnscmd abinbev.demo /recordadd %2.168.192.in-addr.arpa %3 PTR %1.yourdomain.com

goto end

:error

echo name

echo adddns.bat host1 2 213

goto end

:end