workblog » Linux/Unix

Updating OpenDNS With a Dynamic IP From an Endian Firewall

Ian — Wed, 18 Aug 2010 15:58:45 +0000

The Endian router/firewall appliance comes with a Dynamic DNS client that supports the major DDNS providers, but it doesn’t support updating OpenDNS, which is necessary for any custom settings on your OpenDNS account to be applied to the traffic you pass through their servers.

It’s possible to configure this yourself, though. There’s a helpful post at the OpenDNS forums that describes how to configure ddclient on an Endian to automatically update an OpenDNS account whenever your dynamic IP address changes.

Here are a few additional notes that may help:

You don’t need to query an external website for your IP address, since the Endian box already knows it. Set ddclient.conf with “use=if, if=eth0″ (or whichever NIC is your red zone).
It won’t work if you set “ssl=no”, so you have to leave it set to yes and install the two Perl SSL modules listed in the post.
Endian doesn’t have an SMTP server installed, so ddclient can’t send you status e-mails. Comment out the “mail” and “mail-failure” lines to avoid errors.
Make sure you don’t have any spaces in the OpenDNS network label or ddclient conf file.

To test if it’s working, you’ll need to get a new dynamic IP.

Turn off your cable or dsl modem.
Spoof the MAC address on the Endian.
- On your PC, open a command prompt and type “ipconfig /all”. Copy the value of the Physical Address line. It will look something like 00-4D-B7-D3-5F-03.
- Go to the Network Configuration wizard on the Endian.
- In step 4, enter your PC’s MAC into the “Spoof MAC address with” field. Change the dashes to colons so that it looks like 00:4D:B7:D3:5F:03.
Shut down the Endian.
Turn the modem back on. Wait 15 seconds.
Turn the Endian back on.

Once you’ve verified it’s working, you can remove the spoof setting by repeating the steps.

Firewalling an OpenVZ node and containers

Ian — Fri, 30 Apr 2010 17:13:31 +0000

The OpenVZ wiki has a nice script for firewalling an OpenVZ node and it’s containers. It creates a service and configures iptables to block all traffic to the node (except the ports you specify), but allow all traffic through to the containers, so that they can manage their own firewall. It also allows the container’s firewalls to be managed on the node through a simple config file.

Relaying Qmail Through a Spam Filter

Ian — Tue, 02 Mar 2010 01:19:47 +0000

If you’re running a mail service on a web server so it can send out e-mail from contact forms, etc then you’ll want to make sure it’s relaying outbound mail through a spam filter, or it could be used to send spam if the forms get hijacked. For qmail, you just need to create /var/qmail/control/smtproutes and enter “:yourmailserver.com”, then restart. Make sure the spam filter is configured to allow the mail server to relay through it.

Skipping Disk Check When Rebooting Linux Server

Ian — Wed, 24 Feb 2010 00:35:31 +0000

If you don’t run a disk check on a Linux server in awhile and you reboot, it may force a disk check, which can take 30+ minutes, and it’ll be offline the entire time. You can reboot and skip the check with shutdown -fr now or force a check with shutdown -Fr now. (via go2linux.org)

Convert Filenames to Lowercase on Linux

Ian — Mon, 04 Jan 2010 17:56:22 +0000

If you transfer files from a Windows server to a Linux one, you may get some broken links because Linux is case-sensative while Windows isn’t. You can rename all the files on the Linux server to their lowercase equivalents with this shell script from Linux Journal.


#!/bin/sh
# lowerit
# convert all file names in the current directory to lower case
# only operates on plain files--does not change the name of directories
# will ask for verification before overwriting an existing file
for x in `ls`
do
if [ ! -f $x ]; then
continue
fi
lc=`echo $x  | tr '[A-Z]' '[a-z]'`
if [ $lc != $x ]; then
mv -i $x $lc
fi
done

NTP Service Doesn’t Start Serving Until It Stablizes

Ian — Fri, 16 Oct 2009 22:30:53 +0000

I just spent an hour trying to figure out why the NTP service I installed wasn’t working, and then I came across this slightly important little fact:

Your internal workstation computers will not be able to use the server as a synchronisation source until the LOCAL(0) clock has stable time. This may take up to 15 minutes after starting the NTP daemon.

So thanks to Miles Brennan’s Linux Home Server HOWTO. Not sure why none of the other dozen tutorials I read failed to mention that, but it would have been nice…

Find largest directories on a Linux box

Ian — Thu, 17 Sep 2009 14:06:59 +0000

These commands will return the largest 10 directories on a Linux box.


du -k / | sort -n | tail -10

via peterbe.com

Find recently modified files in Linux

Ian — Thu, 16 Jul 2009 20:53:01 +0000

This will list all the files on a Linux system that were modified in the past 5 days


find /path/to/start/at -mtime -5 -print

Finding a string inside multiple files on Linux

Ian — Thu, 21 May 2009 15:44:50 +0000

Snipplr has a good article on how to find all of the files on a Linux system that contain a specific string.


find /the/path/to/start/at |xargs grep 'the string' -sl

The search will include subfolders.

Installing the Oracle Library for PHP

Ian — Tue, 28 Apr 2009 17:36:59 +0000

Chris Sibert wrote a good tutorial on installing the Oracle library for PHP. If you’re running SELinux, I’d recommend temporarily turning it off to get the module setup so you don’t have to worry about problems during the install, and then turn SELinux back on after you verify the module is working. Then you can update SELinux’s policy to allow Apache and PHP to do everything they need to do.

After you’ve got the module working working you can just put the database server’s hostname and port in the db parameter of oci_connect(), rather than messing with a tnsnames.ora file.


oci_connect('username', 'password', '127.0.0.1:1521/dbname');

Update: The Underground PHP and Oracle Manual has a lot of information on installation, and also a good section on tuning. oci_pconnect() can be used to create a persistent connection to the database server, rather than creating a new one during each script instance.