Thursday, July 23, 2009
Sunday, July 19, 2009
Projects are going
A lot of time without any entry in the blog but I'm not stopped. First, this weekend I installed Debian in my old and lovely Cobalt Qube 2. After two bad attempts, I managed to install successfully after unselecting the DNS server package: BIND was halting the Qube at boot, maybe because it was misconfigured, but due I don't need Bind in the Qube this is not a problem.
The second project is find a way to run my RaQCop firewall as reverse proxy. I managed to compile the whole IPCop distribution with multi threading SSL, and after I understood how the IPCop compiling method works, I was able to compile Pound 2.4.5. This week I will write the scripts to install and uninstall Pound in a IPCop box and later test if it runs OK.
The last job is to write a HOWTO install Pound in an IPCop machine, sure only if Pound works and passes the test.
And that's all for today.. stay tunned!!!
The second project is find a way to run my RaQCop firewall as reverse proxy. I managed to compile the whole IPCop distribution with multi threading SSL, and after I understood how the IPCop compiling method works, I was able to compile Pound 2.4.5. This week I will write the scripts to install and uninstall Pound in a IPCop box and later test if it runs OK.
The last job is to write a HOWTO install Pound in an IPCop machine, sure only if Pound works and passes the test.
And that's all for today.. stay tunned!!!
Thursday, May 7, 2009
Unix in a low cost laptop (part 5)
Starting september 2008 I was able to install OpenSolaris 2008.05 on my Acer Aspire 5633 (5630) but disabling de ACPI functionality. In that case start the installed WiFi was impossible: the radio always was off and the special buttons were inoperable.
Yesterday, navigating in diverse forums, I found some messages about the pre-release of OpenSolaris 2009.06 and I decided to look for a solution for my problems. I found this bug in OpenSolaris Bugzilla and..... YES!!! Running!!!
Tonight I'm writing this post from OpenSolaris 2008.11. To install it I edited the LiveCD Grub by adding -B disable-pcic=true and then the same in the Grub cofiguration once installed in hard disk. All the hardware is working except the network interface (Broadcom NetXtreme) but I know how to install the driver because I installed the last time.
To modify the Grub configuration:
And that's all for today, now play with this beast OS.
Yesterday, navigating in diverse forums, I found some messages about the pre-release of OpenSolaris 2009.06 and I decided to look for a solution for my problems. I found this bug in OpenSolaris Bugzilla and..... YES!!! Running!!!
Tonight I'm writing this post from OpenSolaris 2008.11. To install it I edited the LiveCD Grub by adding -B disable-pcic=true and then the same in the Grub cofiguration once installed in hard disk. All the hardware is working except the network interface (Broadcom NetXtreme) but I know how to install the driver because I installed the last time.
To modify the Grub configuration:
- Open a terminal an be root: $ su
- Start nautilus: # nautilus
- Navigate to the folder /rpool/boot/grub/
- Open menu.lst
splashimage /boot/grub/splash.xpm.gz
background 215ECA
timeout 30
default 0
#---------- ADDED BY BOOTADM - DO NOT EDIT ----------
title OpenSolaris 2008.11 snv_101b_rc2 X86
findroot (pool_rpool,0,a)
splashimage /boot/solaris.xpm
foreground d25f00
background 115d93
bootfs rpool/ROOT/opensolaris
kernel$ /platform/i86pc/kernel/$ISADIR/unix -B $ZFS-BOOTFS,console=graphics,disable-pcic=true
module$ /platform/i86pc/$ISADIR/boot_archive
#---------------------END BOOTADM--------------------
title OpenSolaris 2008.11 snv_101b_rc2 X86 text boot
findroot (pool_rpool,0,a)
bootfs rpool/ROOT/opensolaris
kernel$ /platform/i86pc/kernel/$ISADIR/unix -B $ZFS-BOOTFS,disable-pcic=true
module$ /platform/i86pc/$ISADIR/boot_archive
And that's all for today, now play with this beast OS.
Thursday, April 16, 2009
New RaQCop firewall
The lasts days I was fighting with the Apache 2 reverse proxy functions to use two web servers with my ADSL connection. Unfortunately I had problems to redirect all the content I want. For this reason I decided to try an authentic Reverse Proxy software like Pound. But install Pound in one of the servers its not enough for me ;D
A new old project is alive: Run my own firewall in one server and install on it the Reverse Proxy. Just in time this week arrived a new toy: a Symantec Velociraptor 1100. In fact, the Velociraptor is a Cobalt RaQ 4i with a Special developed firmware and software (Axent originally). My Velociraptor came with a Cobalt 2.3.39 stored in the ROM but it doesn't shows the Cobalt logo at the display. Also has a Intel Pro 100 dual ethernet PCI-X card:
Due that the I don't have the original Velociraptor sofware, and I don't want to look for it because is old, not customizable and needs an expensive paid license I decided to install RaQCop. I had played with RaQCop before but not enogh time. RaQCop is a special version of ipCop that comes with a patched kernel for the RaQ hardware, LCD utils and a new administration web theme.
There is another firewall software ready for cobalt servers: Firebolt. Developed by the same team as Strongbolt, Firebolt is a port of the ClarkConnect firewall software, but this is a paid version (like Strongbolt) and I'm not sure which features are included by default. Maybe Firebolt is better solution for a home or office use as there is a very good manual and the support from ClarckConnect and OSOffice seems to be great. Firebolt will be the next game.
First of all the Velociraptor needed a ROM upgrade. Fortunately, I have a hard disk with the old CobaltOS ready and the Velociraptor boots from it. I get the necessary files for the upgrade from OSOffice, following this guide but doing a backup of the old ROM first. If you don't know which ROM maker your server has, you have to open the server and look to the chip as here is explained.
Due that the I don't have the original Velociraptor sofware, and I don't want to look for it because is old, not customizable and needs an expensive paid license I decided to install RaQCop. I had played with RaQCop before but not enogh time. RaQCop is a special version of ipCop that comes with a patched kernel for the RaQ hardware, LCD utils and a new administration web theme.
There is another firewall software ready for cobalt servers: Firebolt. Developed by the same team as Strongbolt, Firebolt is a port of the ClarkConnect firewall software, but this is a paid version (like Strongbolt) and I'm not sure which features are included by default. Maybe Firebolt is better solution for a home or office use as there is a very good manual and the support from ClarckConnect and OSOffice seems to be great. Firebolt will be the next game.
First of all the Velociraptor needed a ROM upgrade. Fortunately, I have a hard disk with the old CobaltOS ready and the Velociraptor boots from it. I get the necessary files for the upgrade from OSOffice, following this guide but doing a backup of the old ROM first. If you don't know which ROM maker your server has, you have to open the server and look to the chip as here is explained.
- Login via SSH as root.
- Go to temporary folder: # cd /tmp.
- Download the flashtool (in my case is ST branded): # wget http://www.osoffice.co.uk/linux/roms/flashtool-amd-st.
- Make the file executable: # chmod +x flashtool-amd-st.
- Backup the original cmos and then download it with a FTP software:
# ./flashtool-amd-st -v -r > cobalt-vr-2.3.39-1M.rom
./flashtool-amd-st: searching for PCI 10b9:7101 : found it at /proc/bus/pci/00/03.0
./flashtool-amd-st: systype = COBT_3K
./flashtool-amd-st: bank 0: ST Microelectronics M29F080A 1MB
./flashtool-amd-st: Using pthread POSIX real time scheduling.
./flashtool-amd-st: reading page 0
./flashtool-amd-st: reading page 1
./flashtool-amd-st: reading page 2
./flashtool-amd-st: reading page 3
./flashtool-amd-st: reading page 4
./flashtool-amd-st: reading page 5
./flashtool-amd-st: reading page 6
./flashtool-amd-st: reading page 7
./flashtool-amd-st: reading page 8
./flashtool-amd-st: reading page 9
./flashtool-amd-st: reading page 10
./flashtool-amd-st: reading page 11
./flashtool-amd-st: reading page 12
./flashtool-amd-st: reading page 13
./flashtool-amd-st: reading page 14
./flashtool-amd-st: reading page 15
./flashtool-amd-st: flushing buffers - Download the new ROM, this is for a GENIII RaQ, not valid for a RaQ 550: # wget http://www.osoffice.co.uk/linux/roms/cobalt-2.10.3-ext3-1M.rom.
- And now the critic job, write the new ROM:
# ./flashtool-amd-st -v -w cobalt-2.10.3-ext3-1M.rom
./flashtool-amd-st: searching for PCI 10b9:7101 : found it at /proc/bus/pci/00/03.0
./flashtool-amd-st: systype = COBT_3K
./flashtool-amd-st: bank 0: ST Microelectronics M29F080A 1MB
./flashtool-amd-st: Using pthread POSIX real time scheduling.
./flashtool-amd-st: writing page 0
./flashtool-amd-st: buffer page 0 does not exist - creating it
./flashtool-amd-st: writing page 1
./flashtool-amd-st: buffer page 1 does not exist - creating it
./flashtool-amd-st: writing page 2
./flashtool-amd-st: buffer page 2 does not exist - creating it
./flashtool-amd-st: writing page 3
./flashtool-amd-st: buffer page 3 does not exist - creating it
./flashtool-amd-st: writing page 4
./flashtool-amd-st: buffer page 4 does not exist - creating it
./flashtool-amd-st: writing page 5
./flashtool-amd-st: buffer page 5 does not exist - creating it
./flashtool-amd-st: writing page 6
./flashtool-amd-st: buffer page 6 does not exist - creating it
./flashtool-amd-st: writing page 7
./flashtool-amd-st: buffer page 7 does not exist - creating it
./flashtool-amd-st: writing page 8
./flashtool-amd-st: buffer page 8 does not exist - creating it
./flashtool-amd-st: writing page 9
./flashtool-amd-st: buffer page 9 does not exist - creating it
./flashtool-amd-st: writing page 10
./flashtool-amd-st: buffer page 10 does not exist - creating it
./flashtool-amd-st: writing page 11
./flashtool-amd-st: buffer page 11 does not exist - creating it
./flashtool-amd-st: writing page 12
./flashtool-amd-st: buffer page 12 does not exist - creating it
./flashtool-amd-st: writing page 13
./flashtool-amd-st: buffer page 13 does not exist - creating it
./flashtool-amd-st: writing page 14
./flashtool-amd-st: buffer page 14 does not exist - creating it
./flashtool-amd-st: writing page 15
./flashtool-amd-st: buffer page 15 does not exist - creating it
./flashtool-amd-st: flushing buffers
./flashtool-amd-st: flushing block 0 to ROM... verifying... done
./flashtool-amd-st: flushing block 1 to ROM... verifying... done
./flashtool-amd-st: flushing block 2 to ROM... verifying... done
./flashtool-amd-st: flushing block 3 to ROM... verifying... done
./flashtool-amd-st: flushing block 4 to ROM... verifying... done
./flashtool-amd-st: flushing block 5 to ROM... verifying... done
./flashtool-amd-st: flushing block 6 to ROM... verifying... done
./flashtool-amd-st: flushing block 7 to ROM... verifying... done
./flashtool-amd-st: flushing block 8 to ROM... verifying... done
./flashtool-amd-st: flushing block 9 to ROM... verifying... done
./flashtool-amd-st: flushing block 10 to ROM... verifying... done
./flashtool-amd-st: flushing block 11 to ROM... verifying... done
./flashtool-amd-st: flushing block 12 to ROM... verifying... done
./flashtool-amd-st: flushing block 13 to ROM... verifying... done
./flashtool-amd-st: flushing block 14 to ROM... verifying... done
./flashtool-amd-st: flushing block 15 to ROM... verifying... done - Now, if no errors appeared while the ROM upgrade, you can reboot. If you have errors you can repeat the process many time as you need. If still having errors write the backup ROM another time and DON'T REBOOT OR SHUTDOWN BEFORE THE ROM IS OK. The ROM is read at boot time and if it's wrong, you will convert your RaQ in a good case spare.
Be carefull to assure which type of EPROM you have. If your server has an Intel ROM chip you need a different flashtool created by Tim Hockin, as explained in the OSOffice guide.
The next Step is download the RaQCop image. I used a 128MB flash card as you can see in the next picture, but it was flashed some months ago:
RaQCop detects the four ethernet ports then I have 4 different zones: Green for the intranet, Red for de ADSL uplink, Blue for the wireless access point and Orange for the servers. Each zone works in its subnet and if I want to connect to a computer in a different zone I have to prepare a VPN or pinhole: a bit difficult for a newbbie as me but very safe.
Here you are the firewall running. Some adjustements had to be done in the GUI theme but it's so nice. To be continued...
The next Step is download the RaQCop image. I used a 128MB flash card as you can see in the next picture, but it was flashed some months ago:
RaQCop detects the four ethernet ports then I have 4 different zones: Green for the intranet, Red for de ADSL uplink, Blue for the wireless access point and Orange for the servers. Each zone works in its subnet and if I want to connect to a computer in a different zone I have to prepare a VPN or pinhole: a bit difficult for a newbbie as me but very safe.
Here you are the firewall running. Some adjustements had to be done in the GUI theme but it's so nice. To be continued...
Friday, April 10, 2009
Reverse Proxy
Or how to use two web servers for different websites with only one external ip...
One thing that I want to test is Reverse Proxy with Apache. With my new server ready is time to try because my old one hasn't finished some jobs and I want to start to develop my new website with the new Strongbolt 2.
I don't know why but in Internet you can find a lot of descriptions and forums posts about the Apache's mod_Proxy, I can't find one configuration that works with my setup. I found an easy guide to use Reverse Proxy with Apache here. Following the guide I only needed to add this two lines in the /etc/httpd/conf/httpd.conf:
ProxyPass http://www.mywebsite.com http://internal1.example.com/
ProxyPassReverse http://www.mywebsite.com http://internal1.example.com/
But this is not enough: After some googling and a lots of tests I found a configuration that works: I need to write the Reverse Proxy configuration in a virtual host inside the httpd.conf of the first machine:
Now, when somebody writes www.mywebsite.com in his browser, the main server redirects transparently to my second server.
No more configuration is needed because the mod_proxy is enabled by default in Stronbolt.
UPDATE:
In fact, the first Apache server is redirecting all the incomming requests that are not in its virtual sites to the second one. Another thing is I can't login in the administrator panel of the second server.... more tests to be done.
One thing that I want to test is Reverse Proxy with Apache. With my new server ready is time to try because my old one hasn't finished some jobs and I want to start to develop my new website with the new Strongbolt 2.
I don't know why but in Internet you can find a lot of descriptions and forums posts about the Apache's mod_Proxy, I can't find one configuration that works with my setup. I found an easy guide to use Reverse Proxy with Apache here. Following the guide I only needed to add this two lines in the /etc/httpd/conf/httpd.conf:
ProxyPass http://www.mywebsite.com http://internal1.example.com/
ProxyPassReverse http://www.mywebsite.com http://internal1.example.com/
But this is not enough: After some googling and a lots of tests I found a configuration that works: I need to write the Reverse Proxy configuration in a virtual host inside the httpd.conf of the first machine:
<VirtualHost 192.168.2.105:80>The main fault usually is ServerName and ServerAlias directives, usually everybody forgot to write the ServerAlias (like me). Remeber to stop the Apache HTTP server before edit the config file or Apache will overwrite the changes, In a BQ box:
ServerAdmin admin@mywebsite.com
ServerName mywebsite.com
ServerAlias www.mywebsite.com
ErrorLog logs/titox_net_log
ProxyRequests Off
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
ProxyPass / http://192.168.2.102/
ProxyPassReverse / http://192.168.2.102/
</VirtualHost>
- # /sbin/service httpd stop
- Edit /etc/httpd/conf/httpd.conf
- # /sbin/service httpd start
Now, when somebody writes www.mywebsite.com in his browser, the main server redirects transparently to my second server.
No more configuration is needed because the mod_proxy is enabled by default in Stronbolt.
UPDATE:
In fact, the first Apache server is redirecting all the incomming requests that are not in its virtual sites to the second one. Another thing is I can't login in the administrator panel of the second server.... more tests to be done.
Developing in a Bluequartz box
Nuonce published a long time ago a package that installs all the development resources needed for a BQ box, but in the last releases of BQ, BlueOnyx or Strongbolt the package doesn't want to install. The solution acording to this posts in the Bluequartz list is to install everything from yum:
In one line:
In one line:
- yum install autoconf automake14 automake15 automake16 automake17 automake binutils bison cpp cvs diffstat flex gcc gcc-c++ gcc-objc gettext glibc-devel glibc-headers glibc-kernheaders libobjc libstdc++-devel ncurses-devel patch patchutils pkgconfig rpm-build
Now we can compile in our boxes.
Fuel goes Gigabit !!!
From a long time that everybody want his systems with GigaBit EtherNET. In SGI systems there is a few options and usually are expensive. In fact, SGI cards are really 3Com rebranded ones and a mod can be done. All cards have a Tigon 3 chipset (Broadcom 5701) but with different PCI identification in its EEPROM.
First mod was a new driver kernel, you can find all the information in this post of the nekochan forums, but with this kind of mod the card only runs in a patched IRIX OS.
The best solution now is two modify directly the EEPROM with the ethtool software included in linux distributions. You can find how to do this mod at the end of this post. In my case I tried with my old Fedora 7 installation I have in my workstation with no success, then I recovered and old Gentoo LiveCD 00.2006 and applied the modifications.
Now I have my fuel with GigaBit EtherNET but I have to end my network wiring at home!!!!
First mod was a new driver kernel, you can find all the information in this post of the nekochan forums, but with this kind of mod the card only runs in a patched IRIX OS.
The best solution now is two modify directly the EEPROM with the ethtool software included in linux distributions. You can find how to do this mod at the end of this post. In my case I tried with my old Fedora 7 installation I have in my workstation with no success, then I recovered and old Gentoo LiveCD 00.2006 and applied the modifications.
Now I have my fuel with GigaBit EtherNET but I have to end my network wiring at home!!!!
Subscribe to:
Comments (Atom)
Posts
