The joys of 3D printing

Normally I only post IT related stuff to this blog, but recently I was able to use my 3D printer to fix something that was very difficult to fix just a few years ago.  My Dodge Ram 1500 cup holder is made too weak in my opinion and was easily broken. From what I can tell you can’t buy a replacement anywhere so I  modeled it and printed a replacement. The part was a bit complex and has lots of curves, but this version is holding together so far in my truck.  It was great satisfaction to fix something in this way and to be able to share the part to help others.

http://www.thingiverse.com/thing:416627

http://www.ramforumz.com/showthread.php?t=52762&page=2

 

 

Advertisements
Posted in Uncategorized | Tagged , , , | Leave a comment

How to configure NAT for Xen virtual machines on OpenSuse 13

I was recently asked to help someone configure NAT for VMs running on Xen with OpenSuse 13.  I don’t have a ton of experience with Xen, but I must say this was much more difficult than I anticipated.  I believe the trouble stems from the recent change to the xl toolstack for Xen and the lack of support within OpenSuse for it although I’d be open to anyone with more experience correcting me on the subject.  I did eventually get it working and I’ve detailed the solution below.

First, verify that virtual bridge 0 or a similair bridge exists,  if not create it because we will need this bridge to perform the NAT.

brctl addbr virbr0
1

Don’t expect to see any interfaces under virbr0, just make sure it exists.

Give it an IP address on the private network, this address is being assigned to the host and will be used as the default gateway on the VMs

ifconfig virbr0 192.168.10.1

Determine if ip forwarding is enabled because it is required for NAT

cat /proc/sys/net/ipv4/ip_forward

If the command responds with a zero ( 0 ) then it is disabled, a 1 for enabled.

If not enable it:

echo 1 > /proc/sys/net/ipv4/ip_forward 

The above command only enables it until a reboot, to enable it permanently then edit the file /etc/sysctl.conf:

/etc/sysctl.conf:
net.ipv4.ip_forward = 1

 

NAT is accomplished by altering rules within the iptables Linux firewall.

This command adds a rule into the INPUT chain of the filter table that allows packets sourced by the network 192.168.10.0/24 (Our private network for virtual machines) to be accepted.  For more information on the iptables tables and chains see this write up: http://www.thegeekstuff.com/2011/01/iptables-fundamentals/

iptables --table filter --insert INPUT --source 192.168.10.0/255.255.255.0 --jump ACCEPT

This command adds a rule to the FORWARD chain of the filter table that allows our private network, so we accept the packet, then we forward the packet.

 iptables --table filter --insert FORWARD --source 192.168.10.0/255.255.255.0 --jump ACCEPT

This command adds a rule in the FORWARD chain of the filter table to allow return packets back to the private network if the TCP state is established, so this is basically stateful firewalling to our private network.

 iptables --table filter --insert FORWARD --destination 192.168.10.0/255.255.255.0 --match state --state ESTABLISHED,RELATED --jump  ACCEPT

Finally this command inserts a rule into the POSTROUTING chain of the nat table to actually translate the outgoing (and incoming packets) to our private network.

 iptables --table nat --insert POSTROUTING --source 192.168.10.0/255.255.255.0 --destination 192.168.10.0/255.255.255.0--jump MASQUERADE

You can see all of the iptables rules including the ones you just added using this command:

iptables --list

All of these commands can be added to a script, or the  iptables rules can be added to a file named /etc/sysconfig/scripts/SuSEfirewall2-custom then edit /etc/sysconfig/SuSEfirewall2

change

Code:
FW_CUSTOMRULES=""

to

Code:
FW_CUSTOMRULES="/etc/sysconfig/scripts/SuSEfirewall2-custom"

Now that networking is setup on the host, we need to define the VM under the xl toolset.  I have not been able to get this to work under virt-manager yet but if someone has, please comment to this post.

Edit a file we will call it vm-2.xl and add the following, I’m using inx 1.1 for this demo available here: http://inx.maincontent.net/

 name = “vm-2”
uuid = “db6f4bac-c17f-8856-3b1e-2b249206e28f”
maxmem = 1024
memory = 1024
vcpus = 1
builder = “hvm”
kernel = “/usr/lib/xen/boot/hvmloader”
boot = “d”
pae = 1
acpi = 1
apic = 1
hap = 0
viridian = 0
rtc_timeoffset = 0
localtime = 0
on_poweroff = “destroy”
on_reboot = “restart”
on_crash = “restart”
device_model = “/usr/lib64/xen/bin/qemu-dm”
sdl = 0
vnc = 1
vncunused = 1
keymap = “en-us”
disk = [ “file:/inx-1.1.iso,hdc:cdrom,r”]
vif = [ ‘bridge=virbr0,ip=10.0.0.2,”mac=01:0c:29:3f:00:d8’]
parallel = “none”
serial = “pty”
soundhw = “es1370”

 

You can export your virt-manager, virsh created VMs to xl using this command:

virsh -c xen:/// domxml-to-native xen-xm /etc/libvirt/libxl/vm-2.xml > vm-2.xl

Of course you will want to edit the resulting file so as to be like the listing above for my working VM.

This command instantiates the VM:

xl create vm-2.xl

You may get a couple of errors relating to the choices I made in the VM configuration file, but if it does not error out you should be able to check which interfaces are created with ifconfig.

ifconfig

3

You should have two interfaces vif2.0 and vif2.0-emu that are part of a bridge virbr0 or something similiar

brctl show

1

If you sniff on vif2.0-emu you should see traffic from the VM

tcpdump -i vif2.0-emu

Of course the VM needs to be configured with an IP address like 192.168.10.x/24 and a gateway of 192.168.10.1 and set the DNS in /etc/resolv.conf

Run the following command to get a console on your VM

xl vncviewer vm-2
sudo ifconfig eth0 192.168.10.10 netmask 255.255.255.0 
sudo route add -net default gw 192.168.10.1 

If all goes well, you should be able to ping google from the VM and get a response:

 

ping 8.8.8.8
64 bytes from 8.8.8.8: icmp_seq=1 ttl=47 time=46.063 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=47 time=46.178 ms
64 bytes from 8.8.8.8: icmp_seq=3 ttl=47 time=49.135 ms
64 bytes from 8.8.8.8: icmp_seq=4 ttl=47 time=46.251 ms
Posted in Linux, Uncategorized | Tagged , , , , , , , | Leave a comment

PIM BiDir Bidirectional Wireshark dissectors

Bidirectional Protocol Independent Multicast RFC 5015 (  http://www.ietf.org/rfc/rfc5015.txt ) is in my opinion the most bulletproof multicast routing protocol around, but it doesn’t have a huge install base.  Consequently, the PIM dissector in even the latest wireshark as of this writing 1.11 doesn’t support decode of the BiDir specific messages like Offer/Winner/Backoff/Pass which makes troubleshooting alot more difficult.  One of our developers Dave Zoller generously coded me up a dissector and is going to distribute it back to the wireshark project.  Until then the binary for windows is available here:
http://www.baldwinpines.com/Wireshark-win32-1.11.3-MSFC-PIM2.10.exe

Source code can be found here: http://www.baldwinpines.com/pim-dissector.zip

 

Posted in internet, network | 4 Comments

File Synchonization that works 2/2

What I’m going to show you how to do today is fix a couple of business problems with CloudStation.   We’ll be using two applications, Quickbooks and NeatWorks.

Businesses that use QuickBoooks have started using hosted QuickBooks because it allows them to outsource their accounting to anywhere on the globe, eliminates PC problems from taking down their business and provides better redundancy for the QB data file.  But the downside to that is that they no longer have their QB file on their local hard drive and so can’t load it locally if they needed to etc.  This problem can be solved by saving a backup each day of your QB data file on the cloudstation sync folder in your data center from your hosted QB account (www.cbonetworks.com suppports this option).  The file will automatically sync back to your local hard drive instantly.

The second problem Cloudstation can fix invovles NeatWorks.  Small businesses love Neatworks for cleaning up their desks and saving all of the documents in searchable format in a database.  Neatworks now offers a cloud service for this, but it costs money.  An alternative is to move the Neatworks database folder to a cloudstation folder which will sync up to the cloud and your other machines.  There is one trick to moving the Neatworks folder though.  First grab the folder in explorer and copy it to somewhere safe temporarily.  Then move it to the cloudstation folder.  Finally setup a symbolic link to point to cloudstation so that NeatWorks can find it.    To do that go to the command line in Windows and type this:

C:\Users\customer service\Documents>mklink /J “Neat Data” “c:\Users\Customer
Service\Documents\baldwinpines\Neat Data”

Where “customer service” is my user id in windows

baldwinpines is the name of the cloudstation folder

“Neat Data” is the neatworks directory

Now when you update neatworks on your PC it will sync the files up to the cloud and if your PC dies you can pull them back.  Maybe someday they will get Neatworks to work on a terminal server so you can view the documents in the cloud.

Good Luck

Posted in Uncategorized | Leave a comment

File Synchonization that works 1/2

If you haven’t heard about it Dropbox (www.dropbox.com) offers really awesome file synchronization services from your computer to your other computers.  Google was next to come along with their Google Drive and provide pretty much the same thing.  There are only two things wrong with these services, you lose control of your data, and they limit you to 2-5GB.  Well now we have CloudStation from Synology http://www.synology.com .  If you have a Synology NAS, which you should they are fantastic, you can use the cloudstation add on to sync your PCs and MACs with your NAS over the Internet.  You can even sync multiple folders like a shared folder and a home folder.  If you don’t own a Synology NAS or your Internet is not robust enough for this you could consider checking into this company www.cbonetworks.com which full disclosure myself and Bryan McJunkin founded in 1996 though I’ve moved on since then.  They offer hosted Cloudstation services among other cloud services.  Part 2 of this blog will show you some case studies in how to use cloudstation along with other cloud services to improve your business resiliancy.

Posted in Uncategorized | Leave a comment

Finally passed my IE

I’m CCIE # 39221 thanks everyone for the support!

Posted in Uncategorized | Leave a comment

I’ve been workin . . .

I scribbled this out some time back, in the mid-90s as I was pulling arrows out of my backside – learning how to manage an internet service. I only recently found where I had later saved it in a text file, dated 1999. Guess that means it is Copyrighted now.
Worth posting here I reckon.
(sung like ‘I’ve been workin on the railroad’)

I’ve been workin on the backbone,
All the live long day.
I’ve been workin on the backbone,
Just to clear this one alarm.
Don’t you feel the routes a’flappin,
aggregation filter’s bout to bust.
Don’t it make you want to reboot,
“Cisco, flush your cache.”

Cisco, won’t you flush,
Cisco, won’t you flush,
Cisco, won’t you flush your cache for me?
Cisco, won’t you flush,
Cisco, won’t you flush,
Cisco, won’t you flush your cache?

Someone dropped a packet in there sideways.
Someone dropped a packet, I know.
Someone dropped a packet in there sideways,
Pluggin up the ol backbone.

Fee, fie, fiddle-e-i-o.
Fee, fie, fiddle-e-i-o-o-o-o.
Fee, fie, fiddle-e-i-o.
Pluggin up the ol backbone.

/;^)

Posted in control, internet, network | Tagged , , , , , | Leave a comment

Not much will be going on here until after I pass the CCIE

I’m studying like crazy for the CCIE R&S so I wont post until thats over with.

Posted in Uncategorized | Leave a comment

Get rid of Clear line for good

It seems I have finally found a solution to the pesky problem of corrupt serial lines on Cisco 2500 routers.  I have read of quite a few people complaining of the same issue.  Tyson Scott of IPExpert gave me the following config:

line 1 16
exec-timeout 0 0
logout-warning 240
no exec
no history
transport input telnet
telnet speed 9600 9600
autohangup
stopbits 1

If you add “aaa new-model” to this, you get rid of having to type clear line all the time.  I hope this helps a few folks out there suffering with old 2500 routers.

Posted in Uncategorized | Leave a comment

Just to make sure

Just to be certain that folks wanting to comment here are not really from some sweat-shop in some obscure 3rd world hacker-haven, where they pay under-age video-gamers to provide humanoid responses to the various captcha challenges, we have selected a new program to help weed-out these bogus visitors – leaving us with only sincere responses.

Here is a sample from one of our early tests . . .

sample captcha

A sample captcha

Wish us luck . . . /;^)

Posted in anything, everything | Tagged , , , , | Leave a comment