My Howtos and Projects: September 2009

Wednesday, September 23, 2009

PPPoE and DSL Connections - Public IP

The Point-to-Point Protocol over Ethernet (PPPoE) is a network protocol for encapsulating Point-to-Point Protocol (PPP) frames inside Ethernet frames. It is used mainly with DSL services where individual users connect to the DSL modem over Ethernet and in plain Metro Ethernet networks. It was developed by UUNET, Redback Networks, and RouterWare and is available as an informational RFC 2516.

Figure 1 (click to enlarge)

Imagine that you have the scenario on Figure 1 where you have DSL Router/Bridge (ISR - Thomson st516 v6), where one interface connects to a Router / Firewall on your private network, and the other to your ISP, wher this one has the Public IP provided by your ISP.

Now imagine that the Router / Firewall has the ability to make VPNs. And you want make one, but you have a problem, you don't have a Public IP on the interface you want to end the VPN. This is where PPPoE, migth be usefull. Instead off starting the PPPoE conection from the DSL Router/Bridge (ISR), you start it from you Router / Firewall, in order for it to get the public IP from the ISP on it's interface. For this on the DSL Router/Bridge (ISR), you need to change the mode from Router to Bridge and input the your ISP's ATM VPI/VCI, in order to make this a pass through only device. And off course configure the PPPoE connection on your Router / Firewall, with you account data (login and username) and your IPS's ATM VPI/VCI. Now your Router / Firewall has an Public Ip and now you can configure your VPN service.

Figure 2 (click to enlarge)

The same applyes, to the scenario on Figure 3, where instead off a Router / Firewall you have a computer running Windows or Linux, that has for example a Web Server, that needs to be accessible from the internet an for that you need a Public Ip, on it's interface. Don' t forget that on DSL Router/Bridge (ISR), you need to change the mode from Router to Bridge and input the your ISP's ATM VPI/VCI, in order to make it a pass through only

Figure 3 (click to enlarge)

Configuring PPPoE on Windows

You can install the PPPoE client just like you install any other dial-up networking connection. To create a PPPoE client connection, follow these steps:

1. Click Start, click Control Panel, and then double-click Network and Internet Connections.
2. Click Network Connections, and then click Create a new connection in the Network Tasks pane.
3. After the Network Connection Wizard starts, click Next.
4. Click Connect to the Internet, and then click Next.
5. Click Set up my connection manually, and then click Next.
6. Click either Connect using a broadband connection that requires a user name and password or Connect using a broadband connection that is always on.
7. Type the Internet service provider (ISP) name that your ISP provided, and then clickNext.
8. Type the user name that the ISP provided.
9. Type the password that the ISP provided.
10. Type the password one more time to confirm it, and then click Next.
11. Click Add a shortcut to this connection to my desktop.
12. Click Finish to complete the wizard.

Configuring PPPoE on Linux

=======================================

ALL DEVICES FOUND?

I found 3 ethernet devices:

eth0

pan0

wlan0

Are all your ethernet interfaces listed above? (If No, modconf will be started so you can load the card drivers manually

Yes

=======================================

Most people using popular dialup providers prefer the options 'noauth' and 'defaultroute' in their configuration and remove the 'nodetach' option. Should I check your configuration file and change these settings where neccessary?

Yes

=======================================

Please enter the username which you usually need for the PPP login to your provider in the input box below. If you wish to see the help screen, delete the username and press OK.

username________________________________________________

your_username

=======================================

Please enter the password which you usually need for the PPP login to your provider in the input box below. NOTE: you can see the password in plain text while typing.

your_password

=======================================

You need at least one DNS IP address to resolve the normal host names. Normally your provider sends addresses of useable servers when the connection is established. Would you like to add these addresses automatically to the list of nameservers in your /etc/resolv.conf file? (recommended)

Yes

=======================================

Many providers have routers that do not support TCP packets with a MSS higher than 1460. Usually, outgoing packets have this when they go through one real Ethernet link with the default MTU size (1500). Unfortunately, if you are forwarding packets from other hosts (i.e. doing masquerading) the MSS may be increased depending on the packet size and the route to the client hosts, so your client machines won't be able to connect to some sitesThere is a solution: the maximum MSS can be limited by pppoe. You can find more details about this issue in the documentation. Should pppoe clamp MSS at 1452 bytes? If unsure, say yes (If you still get problems described above, try setting to 1412

Yes

=======================================

Your PPPD is configured now. Would you like to start the connection at boot time?

Yes

=======================================

Now, you can make a DSL connection with "pon dsl-provider" and terminate it with "poff". Would you like to start the connection now

Yes

=======================================

The DSL connection has been triggered. You can use the "plog" command to see the status or "ifconfig ppp0" for general interface info.

Based on:

http://support.microsoft.com/kb/283070

http://www.ubuntux.org/pppoe-client
- http://ubuntuforums.org/showthread.php?t=82879

http://en.wikipedia.org/wiki/PPPoE

Remote Desktop (XDMCP) on Ubuntu

Here I'm going to show you howto activate XDMCP (remote desktop protocol), on Gnome (bash an gui) and KDE. I have tested it only on Gnome so far. Note that this remote desktop protocol does not forwand sound.

Here some notes on the roles of the XDMCP server and client

Server - The remote machine were we want to login.
Client - The local machine were we will login on the Server

Before trying anything on XDMCP, you should make
sure that on the server your firewall is either disabled
or allows Udp port 177.

Here I'm going to show how to open a UDP 177 (rule),
on Iptables (firewall) using the bash, but you use a
very simple and usefull, Gui for Iptables nown as
"Firestarter" (to install on ubuntu just do
sudo apt-get install iptables).

$ sudo iptables -A INBOUND -p udp --destination-port 177 -j ACCEPT

Here are a couple off other usefull comands on Iptables

## Checking Iptables Rules #####
$ sudo iptables -nvL

if you have already executed the rule to open UDP port 177,
by executing this comand, you should see it there.

## Clearing All the Rules #####
$ sudo iptables -F

be aware that this comand clears all off the rules, and this
does not mean that all is allowed, on the contrary,
IPtables default beaviour, when it has no rules is to
deny all, so be very carefull.

XDMCP GNOME - via Bash
=====================================

XDMCP Server Configuration
----------------------------------

## Allowing the remote login on the Server #####
$ sudo gedit /etc/gdm/gdm.conf-custom
...
[xdmcp]
Enable=true
...

You should have the above on the file.

If you want the remote login screen to be the same as
the graphical greeter that is the default in the Ubuntu
install make sure that the following is present.

...
[daemon]
RemoteGreeter=/usr/lib/gdm/gdmgreeter
...

For these changes to take efect you can either,
reboot:

$ sudo reboot

or restart the service, for that go to text terminal (Ctlr+Alt+F2)
and type:

$ sudo /etc/init.d/gdm restart

to go back to you Gnome environment try Ctlr+Alt+F7, or some
Ctlr+Alt+Fx, close to F7.

XDMCP Client Login
------------------------

$ sudo X :1 -query server_ip

After this if all went well you should see
Ubuntu's graphical login screen, as if you
were on the remote computer fisicaly.

If don't want to see it fullscreen, you can
show the remote desktop on a window by
using the following command instead:

$ sudo Xnest :1 -query server_ip

XDMCP GNOME - via Gui
=====================================

This is equivelent to the shown above, the diference
is that, the server here is configured via Gui.

XDMCP Server Configuration
-----------------------------------
Allowing the remote login on the Server

As shown above System > Administration > Login Window

And then change the Style to "Same as Local", and that's it.
Aditional confuguration can be done on "Configure XDMCP"

For these changes to take efect you can either,
reboot:

$ sudo reboot

or restart the service, for that go to text terminal (Ctlr+Alt+F2)
and type

$ sudo /etc/init.d/gdm restart

to go back to you Gnome environment try Ctlr+Alt+F7, or some
Ctlr+Alt+Fx, close to F7.

XDMCP Client Login
------------------------

$ sudo X :1 -query server_ip

After this if all went well you should see
Ubuntu's graphical login screen, as if you
were on the remote computer fisicaly.

If don't want to see it fullscreen, you can
show the remote desktop on a window
by using the following command instead:

$ sudo Xnest :1 -query server_ip

XDMCP KDE - via Bash
(didn't test it, give me feedback if you do)
=====================================

XDMCP Server Configuration
----------------------------------
Still working on it...

XDMCP Client Login
------------------------

$ sudo X :1 -query server_ip

After this if all went well you should see
Ubuntu's graphical login screen, as if you
were on the remote computer fisicaly.

If don't want to see it fullscreen, you can
show the remote desktop on a window
by using the following command instead:

$ sudo Xnest :1 -query server_ip

Based On:

GNOME
http://megaf.wordpress.com/2009/04/15/xdmcp-internet-seu-linux-onde-voce-estiver/
http://stochasticflux.com/blog/?p=4

KDE

http://www.guiadohardware.net/tutoriais/configurando-servidor-xdmcp/pagina3.html
http://megaf.wordpress.com/2009/04/15/xdmcp-internet-seu-linux-onde-voce-estiver/

Iptables
http://www.cyberciti.biz/tips/linux-iptables-open-bittorrent-tcp-ports-6881-to-6889.html

Saturday, September 19, 2009

Remote Applications via X11 - Easy Way (over ssh)

Remote Applications via X11 - Hard Way

Here I will show you how to interact with applications remotely. This is quite useful when you have for example an Ubuntu Server that doesn't have a graphical environment (Gnome or KDE) and a Desktop that has and you need to use some graphical applications on the Ubuntu Server but you cant because you don't have a graphical environment.

So whit this you can show and interact with the graphical applications on the Ubuntu Server, using your Desktop's, graphical environment. So in the X11 world you have the following:

Ubuntu Server - X11 Client --> Application is executed
Ubuntu Desktop - X11 Server --> Application is shown

It's a bit confusing at first, that your Ubuntu Server is you X11 Client, and you Desktop is the X11 Server.

Note: this was tested on Ubuntu 8.04 and 9.04.

X Server - 192.168.1.68 (Where the remote apps will be shown)
=======================================
## Allow that the remote applicatilõns to be show on the X11 Server #####
$ sudo gedit /etc/gdm/gdm.conf

DisallowTCP=true
change it to
DisallowTCP=false

## Reboot to load the new gdm.conf file #####
$ sudo reboot

## Check if the X Server TCP Connections ######
$ netstat -natp |grep :6000

(Not all processes could be identified, non-owned process info
will not be shown, you would have to be root to see it all.)
tcp 0 0 0.0.0.0:6000 0.0.0.0:* LISTEN -
tcp6 0 0 :::6000 :::* LISTEN -

## Add permission for the remote X Client applications #####
## to be shown locally this is temporary, when you #####
## reboot, you must do this again #####
$ sudo xhost 192.168.1.71

## Find the id of the display you are in currently, #####
## and were we see the remote apps, from the X Clinet #####
$ echo $DISPLAY
:0.0

X client - 192.168.1.71 (Where the remote apps will be executed)
========================================

In order to show an application remotely you should use one of the options bellow, where 192.168.1.68 is the IP of the remote computer were the applications will be shown and 0.0 is the id of the graphical terminal on that computer, found earlier, were the remote applications will be displayed.

In this example we execute the application "nautilus", you should change it to the application you want to see remotely.
$ sudo DISPLAY=192.168.1.68:0.0 nautilus
or
$ sudo export DISPLAY=192.168.1.68:0.0
$ nautilus

some applications will not work with the first option so try the second.

After executing one of the two options above, the applications
will be running locally on the X Client (192.168.1.71) but displayed remotely on X Server (192.168.1.68), the applications will not be able to see or use anything on the X Server, there you can only interact with it, and all the resources it may use are from the X Client (local machine).

For example if you replace "nautilus" with "gedit", write something on it and save it the file will be saved on the X Client and not on the X Server were you are interacting with it.

With this method all the data over the network will not be encrypted, if you want a method with encription and a lot easyer using X11 over ssh, you can check the post "Run Applications Remotely via X11 - Easy Way (over ssh)"

Inspired on:

http://ubuntuforums.org/showthread.php?t=162566
http://www.cisl.ucar.edu/docs/ssh/guide/node29.html
http://www.hackinglinuxexposed.com/articles/20040513.html
http://www.linuxquestions.org/questions/linux-newbie-8/how-do-i-restart-x-without-rebooting-418785/
http://www.linuxplanet.com/linuxplanet/tutorials/857/3/
http://www.codingdomain.com/linux/remote/x11/

Wednesday, September 2, 2009

NIC Auto-Negotiation and Duplex Settings - NIC satus

FAQ: How to change Duplex and/or Auto-Negotiation NIC settings in Linux?

Date: November 20, 2008. Categories: debian, faq, fedora, howtos, linux, tips and ubuntu

Q: How to disable auto-negotiation option of my network interface card and set up half/full duplex mode manually from Linux command line (CLI)? By the way, how to see current settings?
A: There are several Linux utilities coming with almost any distribution including Debian, Ubuntu, Fedora, RedHat, Mandriva, Centos whatever. See details below.

auto-nego

ethtool

This is rather powerful utility can display and change settings of ethernet network interface card. You can easily disable/enable autonegotiation option for your NIC, also it’s possible to manually set up duplex mode, configure wake-on-lan options, set speed settings. Just look through full manual page for ethtool. Here are several ethtool usage examples:

ethtool eth0 - shows current NIC settings

Settings for eth0:
     Supported ports: [ TP MII ]
     Supported link modes:   10baseT/Half 10baseT/Full
                             100baseT/Half 100baseT/Full
     Supports auto-negotiation: Yes
     Advertised link modes:  10baseT/Half 10baseT/Full
                             100baseT/Half 100baseT/Full
     Advertised auto-negotiation: No
     Speed: 10Mb/s
     Duplex: Half
     Port: MII
     PHYAD: 32
     Transceiver: internal
     Auto-negotiation: off
     Supports Wake-on: pumbg
     Wake-on: d
     Current message level: 0x00000007 (7)
     Link detected: yes

ethtool -s eth0 duplex half autoneg off - disables auto-negotiation, enables Half Duplex.
ethtool -s eth1 duplex full speed 1000 autoneg off - disables auto-negotiation, enables Falf Duplex and sets up Speed to 1000 Mb/s.

mii-tool

According to manual it allows to manipulate and see media-independent interface status. Let’s see examples:

bash-3.1# mii-tool eth0 eth0: negotiated 100baseTx-FD, link ok - shows 100 Mbps speed, Full Duplex, Auto-negotiation is on.
bash-3.1# mii-tool eth0 -F 10baseT-HD - enables 10 Mb/s Half Duplex connection.

Taken From: http://www.linuxscrew.com/2008/11/20/faq-how-to-change-duplex-andor-auto-negotiation-nic-settings-in-linux/