Tag Archives: network

Solaris 10 Change IP/Network/Hostname

I seem to be searching and using the same google result a bunch lately. So here it is:

Changing the IP on Solaris 10 requires editing two files:

1. /etc/hosts
2. /etc/inet/ipnodes
3. /etc/netmasks (if subnet mask needs changing)

If you are changing network address, you will need to change the router address in the file:
1. /etc/defaultrouter

Changing the hostname now only requires editing these files:

1. /etc/hosts
2. /etc/nodename
3. /etc/hostname.”interface name”
hostname “hostname” (change until you can reboot)

Thanks to shiv729 at devshed.

Original forum post:
http://forums.devshed.com/unix-help-35/changing-hostname-and-ip-on-solaris-10t-343047.html

Binding IP’s to NICs in Debian

So, say you want one of your Debian based servers to listen on more than 1 IP address. Heres a quick and dirty example of how to do this.

This may or may not be the correct way to do this, but it works on my machines.

Adding an IP to eth0 (usually the default)

If you look in your /etc/network/interfaces file you should see something like this:

auto eth0
iface eth0 inet static
address 192.168.0.1
netmask 255.255.255.0
network 192.168.0.0
broadcast 192.168.0.255
gateway 192.168.0.254

That is your standard IP address bound to the network card eth0. To add another IP address on the same subnet, add something like the following below the above stanza.

auto eth0:0
iface eth0:0 inet static
address 192.168.0.128
netmask 255.255.255.0
network 192.168.0.0
broadcast 192.168.0.255
gateway 192.168.0.254

At this point I just reboot to activate the new IP(s) but I am sure you can just do an ‘ifconfig eth0:0 up’ with all the pertinent info there.

FTP Reporting Unknown Host

So, I’m staring the problem in the face for quite some time (though it’s probably obvious to those that have encountered it before.)

Test server #1: Redhat 9
Test server #2: Redhat 7.1

Both in the same network segment.
Both using the same DNS servers.

Let the hilarity ensue!

On #1:
host ftp.lanside.net reports fine
ftp ftp.landside.net connects fine

On #2:
host ftp.lanside.net reports fine
ftp ftp.lanside.net reports Unknown Host

Figured it was a configuration file, but wasn’t sure which one. Finally found the answer to my problem on a Solaris site. Theres one for google-fu, leave off the operating system next time.

The line in /etc/nsswitch.conf on #1 looked like such:
hosts: files dns

The line in /etc/nsswitch.conf on #2 looked like such:
hosts: files

How on earth the host command was able to do a successful lookup is beyond me. Unless it’s hard-coded not to use /etc/hosts.

Can anyone confirm whether or not it is?

PPTP VPN server using MPD-Netgraph

Currently, I am testing a few different vpn solutions to secure my wireless network at home. This is just the barebones steps I went through to get MPD setup and running for Windows XP clients.

mpd-netgraph setup:

I followed the suggestions in the following urls:
http://lists.freebsd.org/pipermail/freebsd-security/2003-July/000466.html
http://www.blackh0le.net/articles/vpn-dun-howto.html

Background Info:

10.x.x.0/24 was my internal network
192.168.0.0/24 was my wireless cloud

1. System specs:

Celeron 333
128MB RAM
4GB Harddisk
2 NICs

The rest really doesn’t matter.

2. Install FreeBSD:

minimal + kern developer install

kernel compile:

ipfilter
ipfilter_log
ipfilter_default_block

mpd-netgraph is a ‘userspace’ daemon.

disable the rest that we usually disable.

Enable ipf:
create /etc/ipf.rules (fully open set until we’re done with setup)

3. cvsup:
cd /usr/ports/net/cvsup-without-gui
make install clean
/usr/local/bin/cvsup -g -L 2 /usr/src/sup-ports

4. mpd installation:
cd /usr/ports/net/mpd
make install clean

7. cd /usr/ports/net/isc-dhcp3
make install clean

/usr/local/etc/dhcpd.conf

# dhcpd.conf

# option definitions common to all supported networks…
option domain-name “test.net”;
option domain-name-servers 10.x.x.253,10.x.x.249;
option subnet-mask 255.255.255.0;

default-lease-time 3600;
max-lease-time 86400;
authoritative;

ddns-update-style none;

subnet 192.168.0.0 netmask 255.255.255.0 {
range 192.168.0.1 192.168.0.250;
# IPs 51-75 are for pptp clients
option routers 192.168.0.254;
}

8. mpd.conf:

default:
load pptp0
load pptp1
load pptp2

pptp0:
new -i ng0 pptp0 pptp0
set iface disable on-demand
set bundle disable multilink
set iface enable proxy-arp
set link yes acfcomp protocomp
set link no pap chap
set link enable chap
set link keep-alive 60 180
set ipcp yes vjcomp
set ipcp ranges 10.x.x.250/32 10.x.x.51/24
set ipcp dns 10.x.x.249
set bundle enable compression
set ccp yes mppc
set ccp yes mpp-e128
set ccp yes mpp-stateless
set bundle yes crypt-reqd

pptp1:
new -i ng1 pptp1 pptp1
set iface disable on-demand
set bundle disable multilink
set iface enable proxy-arp
set link yes acfcomp protocomp
set link no pap chap
set link enable chap
set link keep-alive 60 180
set ipcp yes vjcomp
set ipcp ranges 10.x.x.250/32 10.x.x.52/24
set ipcp dns 10.x.x.249
set bundle enable compression
set ccp yes mppc
set ccp yes mpp-e128
set ccp yes mpp-stateless
set bundle yes crypt-reqd

pptp2:
new -i ng2 pptp2 pptp2
set iface disable on-demand
set bundle disable multilink
set iface enable proxy-arp
set link yes acfcomp protocomp
set link no pap chap
set link enable chap
set link keep-alive 60 180
set ipcp yes vjcomp
set ipcp ranges 10.x.x.250/32 10.x.x.53/24
set ipcp dns 10.x.x.249
set bundle enable compression
set ccp yes mppc
set ccp yes mpp-e128
set ccp yes mpp-stateless
set bundle yes crypt-reqd

9. create mpd.links:
pptp0:
set link type pptp
set pptp self 192.168.0.254
set pptp enable incoming
set pptp disable originate

pptp1:
set link type pptp
set pptp self 192.168.0.254
set pptp enable incoming
set pptp disable originate

pptp2:
set link type pptp
set pptp self 192.168.0.254
set pptp enable incoming
set pptp disable originate

10. create mpd.secret:
username1 “password1”
username2 ” password2″

11. create /usr/local/etc/rc.d/mpd.sh startup script:
#!/bin/sh
# Set the environment variables
. /etc/profile
. ~/.profile

pidf=/var/run/mpd.pid

case “$1” in
start|””) mpd -b;;
stop) if [ -r $pidf ]; then
kill -TERM `cat $pidf`
fi;;
*) echo “usage: $0 [start|stop]” 1>&2; exit 1;;
esac

12. create /usr/local/etc/rc.d/zzz_ipf_sync.sh

#! /bin/sh

echo “Sleeping for 30 seconds before syncing IPF.”
sleep 10

# Syncs IPF with the active interface list
ipf -y

echo “VPN interfaces are now available.”

# some simple logging
echo “IPF synced at:” >> /var/log/general.log
date >> /var/log/general.log

This script allows mpd to finish loading and create the ng* interfaces. Once this is done, ipf then syncs ALL interfaces.

Conclusion:
The end result of this little experiment was somewhat of a disappointment. In the end, I had a working VPN that had less than stable connections over an 802.11b wireless link. It would drop connections at random, even though the link remained strong and network connectivity remained for wireless clients NOT on the vpn.

If anyone has any ideas on ways to stabilize the vpn tunnel, I appreciate any input.