wiredfool

Archive for March, 2001

Policy Routing Anyone?

Can anyone out there help me with policy routing and proxy arp on a linux 2.2 or 2.4 kernel?

What I want:

Net 1 ->    | router  | Link 1
Net 2 ->    |         | Link 2
Private Net ^

Internally, I want to route all of them as peers. To the outside world, I want to route packets from net 1 to link 1, and packets from net 2 ( and masqed private net) to link 2.

Additionally I need to proxy arp on link 1, due to the way that that connection works. I’ve gotten that to work on a 2.0 kernel, but we’re in a new world here, since 2.0 kernels don’t do policy routing.

My problem: Basically everything gets foobared when I add a rule to route based on source:

ip rule add src Net1 table Link1
ip route add default gw Link1 table Link1

Any pointers are appreciated.

No comments

Centralization

in progress…

Hailstorm has focused a lot pf people on the interplay between the cloud of the internet users and the role of centralized services. Radio Userland pushes the intelligence to the edge of the cloud, Hailstorm pushes it to the center.

I like centralized services. But I don’t like just any centralized services. I like MY centralized services. (and no, that’s not just calling something myFoo, it has to be mine).

I live on email. I’ve written all of my email in a web browser for the last year and a half. When I’m traveling, all my email is there, and I can use the least common denominator connection to get to it. My server is out in the cloud. I don’t care where it is, as long as I’m wired.

I write on the web, and most of what I’ve written was done in the web browser. I have radio userland, but when you use 5 computers regularly, it’s easier to just write in the browser. My web server is out in the cloud, don’t really care where it is. As long as it’s wired.

I listen to music over the net. Sometimes it would be more fault tolerant to burn a couple copies of everything, but for the most part, I’ve got music access anywhere there’s a net connection and a computer wired for sound. Headphones on the imac at work, the stereo on the linux box at home (Ella tonight), the $199 Cambridge Soundworks system & cable modem at my friends house. I need 200 Kbps and I’m happy. Gimme a 200k wireless connection in the car and I’d be using that instead of the ancient 10 disk changer in the trunk. (I have to use a remote to change tracks. In a Miata.)

Most of what I do on the net can be centralized on one server hanging off a fast net connection. As a developer, it’s my centralized server, and I control the content going in or out. And I get a kick out of writing centralized services for my own use.

But just as easily, most of what I do on the net could be done by companies more interested in the user experience than eyeballs. Make music playing as easy as clicking on an icon. Right now, the UI is either select + menu item, or choosing a playlist in the file system.

Don’t try to sell me a music ‘service’ where I can’t choose the next song. Don’t limit my choices to what the media buyer thinks I want to listen to. But if I am listening to more than a couple of songs from a band, tell me if there’s a concert in the area. Or even better, play a few songs from every band that’s going to be at the Tractor for the next few weekends. (Cool band tip from last night’s show: The Slip, http://www.theslip.com I guess they’re jazz, but sometimes it’s hard to categorize. Good rhythm, killer bass.)

No comments

Oh dear

I’m sort of dissapointed that there’s not a babelfish bork -> english translation.

No comments

JSP Proxy Responder

This is a responder that traps any page request ending in .jsp and proxies that request to another server.

This responder does two things to the request before it forwards it to the destination server. First, it replaces the Host header with an admin configurable value. This allows you to proxy multiple virtual domains to one configurable virtual domain on the .jsp server. It also rewrites the Connection header to make sure that the connection is closed after the request.

***Download

Download the fttb file. If it comes down as a text file in the browser, simply save as source.

***Install

Download, then open the file from within Frontier or Radio Userland. It will ask you where to install the table, it needs to be at user.webserver.responders.jspProxy.

***Configuration

Set the value at user.webserver.responder.jspProxy.requestHost to the desired host for the request. Set requestIp and requestPort to the ip address and port that your jsp server is listening to.

If you wish to proxy other types of requests, simply change the condition to one matching what you wish to proxy. (e.g., endsWith “.asp”, contains “servlet”). Just be aware that this responder catches requests before mainresponder does, so that if you map something like /discuss, you will hose a lot of functionality on your machine.

If the above two paragraphs are greek to you, either I’m not writing clearly or this software isn’t for you.

No comments

Hardware Post Mortem

So the machine is almost back up.

The problem with having flakey hardware is that you’re never sure that what’s on disk is actually correct. So those wonderful databases that nominally pass the acid test only do so when their writes are actually committed to disk properly. I may have lost most of the content that I had built up in the database. It’s not critical, since it’s been mostly a learning experience. But it’s annoying.

And the real cost of the hardware is not the dollars for the goods, it’s the time setting it up properly. I’ve got an in progress page detailing the steps that I’m taking to bring the machine back up. This keeps reminding me of my theory, that it’s almost never cost effective to upgrade. Either that or just figure out that everything costs twice as much as the hardware.
Part of the reason that it’s taking so long to put this back is that I’ve been analog on the weekends. Friday I went out to dinner at a new little local place, then went to the opening of the Seattle Rhythm Festival. Saturday I wound up 30 miles out of town on my bike in rural King County, on roads that I haven’t been on in a few years. I kept getting shocks of recognition of little stretches of road, balanced by the confusion of seeing development out in these rural lands. Half million dollar houses out in farm country.

And I just know that the inhabitants of these houses are commuting to Bellevue every day.

No comments

All your signage…

I’m not sure what disturbs me more, the fact that I drove around the block to get a picture of this or that I’ve checked back on it twice since I took the picture. 24 hours later, it’s still up.

The dangers of low hanging signs

I guess the moral of this story is: Don’t advertize Henry Weinhards 12 packs for 6.99 on signs that can be reached by high school students.

No comments

All your ginger…

What is Ginger?

“Ginger-md”

Apparently Ginger is a mid 90’s Ford Thunderbird. I guess we have reshaped our cities around Ginger.

No comments

Two ways diverged on a hill…

And I, I took the long way home.

4pm, lotsa good stuff done during the day. It’s good when long standing plans finally come together in a couple of days of intense development. But it’s 60 degrees out and sunny. Good time for a ride. So I went home, via Seward park and the Arboretum.

Up and over the hill, down madison, and up the lake. It’s a ride I do often, but not often enough when the cherry trees are in bloom. There’s one street lined on both sides by pink blossoms in bloom, the scent is like walking into a tasteful perfume store. And the visuals.

Cherry Reflection

Everyone in Seattle with any appreciation of the spring time should get out in the next week or so while the cherry trees are at their peak. Try walking down 26th Ave Ne, in the 1900 block. The quad at the UW. The arboretum.

Lone Rhodie

No comments

How to setup a Linux Box to my specs.

A how to on how to duplicate my RH 6.2 config on a machine with the main drive on a promise udma card. Do this behind a firewall untill step 14. These are also my notes on how to get back to where I am now.

1) boot Rh installer, go into text mode. At country prompt, hit alt-f2 to get to the other virtual console.

2) cat /proc/pci, look for the promise card entry. Grab the first two io addresses, (in this case 0xb400 and 0xb000), for the append lines for your kernel.

3) reboot, at lilo use: text ide2=0xb400,0xb002 to use the promise card in basic ide mode.

4) format and install, use 20 mb for /boot, 3 gig each for /,/usr,/var, the rest for /home. 128 megs for swap. MAke sure to install gnome.

5) at the kernel params mode, make sure the ide2= line is entered

6) reboot. now to download a bunch of stuff. Latest 2.2 kernel (http://www.kernel.org) , ide patch (http://www.kernel.org/pub/linux/kernel/people/hedrick/), reiserfs patch (look at http://www.reiserfs.org), reiserfs tools (source). Make sure that the reiserfs tools version matches the patch version. i.e. on 2.2, you need the 3.5 version of the tools. Download Ximian gnome (http://www.ximian.com) using their go-gnome script.

7) patch and build the kernel, make sure to get all the fs and net modules made. install. Run lilo

8) download latest XFree86 4.0 from the sourceforge mirror. Use ftp/ncftp to get the entire linux-86-glibc21 directory.

9) reboot, use new kernel. check the hdparm settings.

10) install X from the Xinstall.sh script. run xf86config. Set up the monitor, use 1280×1024 at high refresh, 24 bpp. Use the intellimouse protocol for now. Edit the config file (/etc/X/XF86Config) for the ms Explorer mouse. This is the 7 button optical mouse. The following settings will give you wheel action in everything but Netscape. In the section for the mouse:

Edit 
    Option "Protocol"    "ExplorerPS/2"
Add
    Option "Buttons"	"7"
    Option "ZAxisMapping" "4 5"

11) startx. Or start gdm. Things should work. Set it to one workspace.

12) Download latest stable mozilla (http://mozilla.org) binary, source for: apache (http://apache.org), php (http://php.net), openssl (http://www.openssl.org), openssh (http://www.openssl.com), postgres(from sourceforge mirror, in .tar.gz, or find the rpm to get the right startup scripts.) Qmail

13) run the Ximian Updater, choose the redcarpet mirror, and update. Run the red carpet updater, subscribe to the RH 6.2 channel, the ximian gnome channel, and the red carpet channel Get everything, but most importantly the redhat security upgrades.

14) remove everything from /etc/inetd.conf. Edit /etchosts.allow to allow everything from local networks. Edit /etc/hosts.deny to ALL: ALL. Kill sendmail and remove from the /etc/rc/* directories, as with lpd, linuxconf. You can go live on the net now.

15) make openssl, make openssh: Change the prefix from /usr/local to /usr in the Makefile. Change the config directory to /etc. configure it –with-pam to use the pluggable authentication manager. symlink /etc/pam.d/sshd to /etc/pam.d/login. insert /usr/sbin/sshd into /etc/rc.d/rc.local

16) unpack mozilla, get beer, websurf for a while. Configure gaim for my aim accounts. add bookmarks to mozilla. download crossfade plugin for xmms, configure xmms for a small download buffer, point at my mp3s and start playing music. stereo is plugged into middle black connector on sound card.

17) Configure apache with

./configure --with-layout=RedHat --enable-module=vhost_alias --enable-module=so

Configure php with

./configure --without-mysql --with-pgsql=/usr/lib/pgsql --with-apxs

Grab the httpd.conf file from before. Add .root to the application/octet-stream mime types. If building pgsql from source, specify –prefix=/usr Apparently php doesn’t pay attention to the pglib path correctly.

18) install sudo. make sure that I’m in the sudoers file.

19) install and configure qmail. painful manual process. Make the users, change to default to maildir form, grab the virtual domain configuration from the original machine.

20) do the filesystem shuffle with reiserfs. either edit /etc/rc.drc.sysinit to not fsck the / partition or touch /fastboot when you make the / partition reiserfs.

21) ponder 300 meg for /boot and / instead of 20 megs and 3 gig.

22) Update perl. perl -MCPAN -e shell; Update by install Bindle::CPAN, also need Bundle::DBI, the DBD::Pg module for postgres, need to set the pglibrary path and build manually. MIME::Tools for parsing.

No comments

Flakey Hardware Resolution

Apparently it was memory. Amazing how $40 of hardware can cause so much wasted time. But after all of that, it only cost time, since the hardware was under warranty. Only cost time…

So I’m back to having a linux desktop with a big monitor, but I have to set up all of the programs again. RH 6.2 on a drive controller that it doesn’t support, Ximian Gnome, X86 4.0, basically a bunch of stuff that I have to download. It looks like I downloaded about 250 megs of stuff yesterday, after installing off of a cd. I’m glad that most of the download volume is from automated setup systems like Ximian’s red carpet updater. In another day or so I should have all of my web services back up.

In a fit of who knows what, I tried to install Os X on my development workstation on friday. It’s a g4, it’s running 9.0.4. It was easy to install, but the classic mode only works with 9.1, and I’m not willing to change my main install. Three os installs later, and a bit of messing about with pdisk from the command line, each os (9.04, 9.1 and X) work on its own, but none of the 9.x version work in classic.

At least I didn’t wreck my main install.

No comments

Next Page »