Find Machine MAC Address

What is a MAC Address

* MAC stands for Media Access Control.
* It's a unique number assigned to each network interface card (NIC).
* Also called physical address, hardware address, network adapter address
* Used in media access control protocol sublayer.

How to Find a Machine MAC Address

Most Unix Machines

* /sbin/ifconfig -a

 
eth0      Link encap:Ethernet  HWaddr 00:30:A6:C0:1F:C0
eth1      Link encap:Ethernet  HWaddr 00:30:B6:C0:F7:FA
 

Windows Machines

* ipconfig /all

 
Ethernet adapter Local Area Connection:
 
        Media State . . . . . . . . . . . : Media disconnected
        Description . . . . . . . . . . . : Broadcom NetXtreme 57xx Gigabit Cont
roller
        Physical Address. . . . . . . . . : 00-1F-23-1D-00-3D
 
Ethernet adapter Wireless Network Connection:
 
        Connection-specific DNS Suffix  . : home
        Description . . . . . . . . . . . : Intel(R) PRO/Wireless 3945ABG Networ
k Connection
        Physical Address. . . . . . . . . : 00-1F-AE-23-28-67
 

Reference

* http://en.wikipedia.org/wiki/MAC_address
* http://www.coffer.com/mac_info/locate-unix.html

Filed under: Linux, WinOS, unix | |Comments off

Bash References

http://tldp.org/LDP/Bash-Beginners-Guide/html/
http://www.linuxconfig.org/Bash_scripting_Tutorial

Filed under: Linux, bash, unix | |Comments off

Linux Netfilter

Netfilter

Rules

* INPUT
* FORWARD
* OUTPUT

ipchains

* For Linux 2.2 kernels
* Packets destined for locally running daemons: input.
* Packets from remote and destined for locally running daemons: input, forward, output.
* Packets from locally running daemons: output.

iptables

* For Linux 2.4 or later kernels.
* /sbin, /etc/init.d, /etc/sysconfig.
* Packets destined for locally running daemons: input.
* Packets from remote and destined for locally running daemons: forward
* Packets from locally running daemons: output.

# clear all rules
iptables -F

# Default all inputs to drop
iptables -P INPUT DROP

# Allow FTP
iptables \
  -A INPUT \  # add new rule to input filter
  -i eth0 \  # applies only to eth0
  -p tcp \ # applies to tcp protocol
  -s any/0 \ # applies to all sources
  --sport 1024:65535 \ # applies to all sources and source port from 1024 to 65535
  -d MY.NET.IP.ADDR \ # destined for IP
  --dport 21 \ # destine for port 21
  -j ACCEPT \ # if packet matches, allow it otherwise use default rule

# same for FTP port 20
iptables -A INPUT -i eth0 -p tcp -s any/0 --sport 1024:65535 -d MY.NET.IP.ADDR
  --dport 20 -j ACCEPT

# Allow passive FTP
iptables -A INPUT -i eth0 -p tcp -s any/0 --sport 1024:65535 -d MY.NET.IP.ADDR
  --dport 1024:65535 -j ACCEPT

# Allow DNS
iptables -A INPUT -i eth0 -p udp -s any/0 --sport 1024:65535 -d MY.NET.IP.ADDR
  --dport 53 -j ACCEPT
iptables -A INPUT -i eth0 -p tcp -s any/0 --sport 1024:65535 -d MY.NET.IP.ADDR
  --dport 53 -j ACCEPT

# Allow Telnet
iptables -A INPUT -i eth0 -p tcp -s 209.100.100.10 --sport 1024:65535
  -d MY.NETWORK.IP.ADDR --dport 23 -j ACCEPT

# Allow SSH
iptables -A INPUT -i eth0 -p tcp -s 209.200.200.10 --sport 1024:65535
  -d MY.NETWORK.IP.ADDR --dport 22 -j ACCEPT

# Allow Email
iptables -A INPUT -i eth0 -p tcp ! --syn -s EMAIL.NET.IP.ADDR --sport 25
  -d MY.NETWORK.IP.ADDR --dport 1024:65535 -j ACCEPT

# Allow HTTP
iptables -A INPUT -i eth0 -p tcp -d MY.NETWORK.IP.ADDR --dport 80 -j ACCEPT

# Allow HTTPS
iptables -A INPUT -i eth0 -p tcp -d MY.NETWORK.IP.ADDR --dport 443 -j ACCEPT

# Allow ICMP
iptables -A INPUT -i eth0 -p icmp -d MY.NETWORK.IP.ADDR -j ACCEPT

# List all rules
iptables -L -n

# Save rules
/etc/init.d/iptables save

# Start iptables
service iptables start
service iptables stop

Routing Tables

* Configuration is memory only. Need to use script to be permanent.

# Added by system when install a NIC to route all packets to eth0
/sbin/route add --net 209.100.100.0 netmask 255.255.0.0 dev eth0

# Forward packets (acting as router)
/bin/echo 1 > /proc/sys/net/ipv4/ip_forward

# Force all packets destined to 192.168.150.33 to gateway whose ip is 172.24.150.1
/sbin/route add -host 192.168.150.33 gw 172.24.150.1

# Force all packets destined to 192.168.150 network to gate way whose ip is 172.24.150.1
/sbin/route add --net 192.168.150.0 netmask 255.255.255.0 gw 172.24.150.1

# Unmatched packets will be sent to gateway
/sbin/route add --default gw 172.24.150.1

# List routing rules
netstat -rn
route -n
ip route list

Sample Routing Script

 
#!/bin/bash
#
# Packet Handling Service
#
# chkconfig 2345 55 45
# description: Starts or stops iptables rules and routing
 
case "$1" in
start)
    # Flush (or erase) the current iptables rules
    /sbin/iptables -F
    /sbin/iptables --table nat -flush
    /sbin/iptables --table nat --delete-chain
 
    # Enable the loopback device for all types of packets
    # (Normally for packets created by local daemons for delivery
    # to local daemons)
    /sbin/iptables -A INPUT -i lo -p all -j ACCEPT
    /sbin/iptables -A OUTPUT -o lo -p all -j ACCEPT
    /sbin/iptables -A FORWARD -o lo -p all -j ACCEPT
 
    # Set the default policies
    /sbin/iptables -P INPUT DROP
    /sbin/iptables -P FORWARD DROP
    /sbin/iptables -P OUTPUT ACCEPT
 
    # NAT
    /sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
 
    # Allow inbound packets from our private network
    /sbin/iptables -A INPUT -i eth1 -j ACCEPT
    /sbin/iptables -A FORWARD -i eth1 -j ACCEPT
 
    # Allow packets back in from conversations we initiated
    # from the private network.
    /sbin/iptables -A FORWARD -i eth0 --match state --state ESTABLISHED,RELATED -j ACCEPT
    /sbin/iptables -A INPUT --match state --state ESTABLISHED,RELATED -j ACCEPT
 
    # Allow Sendmail and POP (from anywhere, but really what we
    # are allowing here is inbound connections on the eth0 interface).
    # (Sendmail and POP are running locally on this machine).
    /sbin/iptables -A INPUT --protocol tcp --destination-port 25 -j ACCEPT
    /sbin/iptables -A INPUT --protocol tcp --destination-port 110 -j ACCEPT
 
    # Routing Rules --
    # Route packets destined for the 192.168.150.0 network using the internal
    # gateway machine 172.24.150.1
    /sbin/route add -net 192.168.150.0 netmask 255.255.255.0 gw 172.24.150.1
 
    # By default, if we don't know where a packet should be sent we
    # assume it should be sent to the Internet router.
    /sbin/route add default gw 209.100.100.1
 
    # Now that everything is in place we allow packet forwarding.
    echo 1 > /proc/sys/net/ipv4/ip_forward
 
  ;;
stop)
    # Flush (or erase) the current iptables rules
    /sbin/iptables -F
 
    # Set the default policies back to ACCEPT
    # (This is not a secure configuration.)
    /sbin/iptables -P INPUT ACCEPT
    /sbin/iptables -P FORWARD ACCEPT
    /sbin/iptables -P OUTPUT ACCEPT
 
    # Remove our routing rules.
    /sbin/route del -net 192.168.150.0 netmask 255.255.255.0 gw 172.24.150.1
    /sbin/route del default gw 209.100.100.1
 
    # Disable packet forwarding
    echo 0 > /proc/sys/net/ipv4/ip_forward
;;
status)
    enabled=`/bin/cat /proc/sys/net/ipv4/ip_forward`
    if [ "$enabled" -eq 1 ]; then
        echo "Running"
    else
        echo "Down"
    fi
;;
*)
        echo "Requires start, stop or status"
;;
esac

References

The Linux Enterprise Cluster by Karl Kopper

Filed under: Linux | |Comments off

Linux Services

Starting Services

init daemon

* Run when system boots or enter a run level.
* Starts all rc scripts starting with "S" in a run level's rc subdirectory (e.g. /etc/rc.d/rc.3).
* Restarts a service if service dies in a particular run level and marked by respawn (e.g. x:5:respawn:/etc/X11/prefdm -nodaemon).

Run levels

* Defined in /etc/inittab file
* Total 7 run levels (0 to 6).
* Default run level defined by "id:5:initdefault:" (5 for GUI, 3 for non-GUI).
* System can only be at one run level at a time.
* /sbin/runlevel: current run level.

Manages init Script Symbolic Links

/sbin/chkconfig

* Copy startup script, e.g. myscript, to /etc/init.d directory.
* Add to the beginning of myscript:

# chkconfig: 234 99 90
# description: myscript runs my daemon at runlevel 2, 3, or 4

* Run chkconfig:

chkconfig --delete myscript
chkconfig --add myscript

* This will create symbolic links named "S99myscript" in the rc.2, rc.3, rc.4 directories and "K90myscript" in the rc.0, rc.1, rc.5, rc.6 directories.

Start/Stop Services

/etc/init.d/myscript start
/etc/init.d/myscript stop

# Redhat
service myscript start
service myscript stop
service myscript restart

heartbeat

* When service starts or need a resource
* Better to have redundant heartbeat connections
- Serial cable
- Ethernet cable
* Partitioned clusters
- When both assume primary server role
- Resolution: stonith
* Heartbeat configuration files
- /etc/ha.d/ha.cf # specifies how ha daemons communicate with each other
- /etc/ha.d/haresources # specifies which server should act as primary for a resource
- /etc/ha.d/authkeys # specifies how ha packets should be encrypted

xinetd: when network request comes in

Other non-standard method

Secondary IP Addresses

# View both primary and secondary ip addresses
ip addr sh
ip addr sh dev eth0

# Add secondary ip
ip addr add 209.100.100.3/24 broadcast 209.100.100.255 dev eth0

# Remove secondary ip
ip addr del 209.100.100.3/24 broadcast 209.100.100.255 dev eth0

References

The Linux Enterprise Cluster by Karl Kopper

Filed under: Linux, Uncategorized | |Comments off