pawelko.net

Définir le hostname du client DHCP :

Contrairement à Windows ou à une Fedora Core, un client DHCP Debian n'indique pas son nom d'hôte au serveur DHCP, qui ne peut donc pas créer l'enregistrement DNS correspondant.
Pour y remédier, ajouter la ligne suivante dans le fichier /etc/dhclient.conf ou /etc/dhcp3/dhclient.conf pour une ubuntu
send host-name "monpc";

Relancer le réseau pour prendre en compte les changements:
/etc/init.d/networking restart

Adresses IP multiples:

Pour affecter plusieurs adresses IP à une même interface, il suffit de déclarer les adresses supplémentaires dans /etc/network/interfaces, en utilisant le nom de l'interface, suivi de ":0" (ou ":1", ":2", etc...)
Exemple:

auto eth0
iface eth0 inet static
address 192.168.3.90
netmask 255.255.255.0
gateway 192.168.3.1

auto eth0:0
iface eth0:0 inet static
address 192.168.3.91
netmask 255.255.255.0
gateway 192.168.3.1

Redémarrer ensuite le réseau avec la commande /etc/init.d/networking restart
Source

Simuler le routage d'un mail :

exim -bt cyril@domain.com

Débloquer un mail donné:

exim -M id_mail

Utiliser un smarthost:

Certaines listes de spam (notamment spamhaus) considèrent les IP résidentielles comme source de spam, et blacklistent donc ces adresses IP : "This IP range has been identified by Spamhaus as not meeting our policy for IPs which should deliver 'direct-to-mx' mail to PBL users."

La solution la plus simple consiste à renvoyer les mails à destination des domaines concernés vers le smtp du FAI, ce dernier n'étant pas (toujours) blacklisté

Ajouter dans exim4.conf, au début de la section "begin routers"

send_to_smarthost:
       driver = manualroute
       domains = gmail.com : netcourrier.com
       transport = remote_smtp
       route_list = * smtp.free.fr

La plupart des astuces debian sont aussi valables pour Ubuntu

Activer le compte root :

passwd root

After migrating awstats data from debian i386 to debian amd64, awstat gives me the following error:

/usr/lib/cgi-bin/awstats.pl -config=awstats -update
Update for config "/etc/awstats/awstats.conf"
With data in log file "/var/log/apache2/access.log"...
Warning: Error while retrieving hashfile: Byte order is not compatible at 
../../lib/Storable.pm (autosplit into ../../lib/auto/Storable/_retrieve.al) 
line 331, at (eval 5) line 1

Explanation is here : hashes are not stored in the same way by Perl Storable on debian 32 bit and 64 bit The workaround is pretty simple: delete all hashes files, awstats will rebuild them

rm /var/lib/awstats/*.hash

Pour être sûr que son ordinateur reste à l'heure, la méthode universelle consiste à le synchroniser à un serveur de temps en utilisant le protocole ntp. De nombreux serveurs ntp publics existent, une liste est disponible ici, mais les règles d'utilisation sont assez strictes.

La solution, car elle existe, est apportée par le projet pool.ntp.org : elle consiste à utiliser le nom dns pool.ntp.org, qui est un enregistrement renvoyant sur un des serveurs ntp enregistrés auprès du projet. Il est possible d'utiliser d'autres enregistrements dns qui ne renverront que des serveurs présents dans une zone géographique donnée, par exemple europe.pool.ntp.org ou fr.pool.ntp.org.

Quand on monte son propre serveur ntp, il est conseillé d'utiliser 3 serveurs différents, il suffit donc de choisir par exemple 0.pool.ntp.org, 1.pool.ntp.org et 2.pool.ntp.org. Facile !

Voici la copie d'un message que j'ai posté sur gentoo-user-fr il y a quelques années :

>J ai deux serveurs avec le meme materiel (exactement)
>sur l un il y a gentoo sur l autre rien
>
>comment puis-je au mieux repliquer, l installation, de l un vers l autre
>
>Merci d avance
>
>bernhard@... 
>
>--
>gentoo-user-fr@g.o mailing list
>

Salut,
La procédure que j'utilise est la suivante :
Je mets les deux disques durs dans le même PC.
Soit hda le disque avec la gentoo et hdb le disque vide.
Je monte le disque vide dans /mnt/vide
Je créée un fifo :
mkfifo /tmp/fifo
Je lance un en arrière plan "tar" de la gentoo existante vers le fifo, 
en lui disant de conserver les permissions et d'omettre /mnt/vide :
tar cvp / -X /mnt/vide > /tmp/fifo&
Je vais dans /mnt/vide :
cd /mnt/vide
Je détarre le contenu de fifo :
tar xvp < /tmp/fifo
A la fin, je supprime /tmp/fifo
Ainsi j'ai exactement la même chose sur les deux disques.
L'option -X de tar permet d'exclure des répertoires, comme /tmp , 
/var/log, /var/tmp
Comme il est préférable qu'il n'y ait pas de fichiers ouverts, il est 
possible d'effectuer cette opération en bootant sur un livecd (celui de 
la gentoo ou une knoppix).
Il faut ensuite penser à changer au moins le hostname sur la seconde  
machine.

I've installed a D-Link DFE 538 TX network card (via rhine chipset) in my computer but wake on lan didn't seem to work. I discovered that I could (and I had) to enable it at each reboot, using ethtool

root@ale:~# ethtool eth1
Settings for eth1:
       Supported ports: [ TP MII ]
       Supported link modes:   10baseT/Half 10baseT/Full 
                               100baseT/Half 100baseT/Full 
       Supports auto-negotiation: Yes
       Advertised link modes:  10baseT/Half 10baseT/Full 
                               100baseT/Half 100baseT/Full 
       Advertised auto-negotiation: Yes
       Speed: 100Mb/s
       Duplex: Full
       Port: MII
       PHYAD: 8
       Transceiver: internal
       Auto-negotiation: on
       Supports Wake-on: pumbg
       Wake-on: d
       Current message level: 0x00000001 (1)
       Link detected: yes

According to ethtool's man page :

      wol p|u|m|b|a|g|s|d...
             Set  Wake-on-LAN  options.  Not all devices support this.  
             The argument to this option is a string of characters specifying
             which options to enable.
             p  Wake on phy activity
             u  Wake on unicast messages
             m  Wake on multicast messages
             b  Wake on broadcast messages
             a  Wake on ARP
             g  Wake on MagicPacket(tm)
             s  Enable SecureOn(tm) password for MagicPacket(tm)
             d  Disable (wake on nothing).  This option clears all previous options.

So wake on lan is disabled each time I turn on my computer. To enable all wake-on-lan options:

ethtool -s eth1 wol pumbg

And to enable them at each system startup :

echo "/usr/sbin/ethtool -s eth1 wol pumbg" | tee -a /etc/rc.local 

I can now use wakeonlan to wake up my computer... And it's written in dmesg :

via-rhine: Woke system up. Reason: Magic packet.

I have a Asus M2N-MX motherboard, with an single SATA disk, and grub correctly configured:

/boot/grub/device.map (hd0) /dev/sda

When I tried adding an IDE disk, grub refused to boot with "error 15", which means "file not found".

Obviously, grub was detecting disks in a wrong order, and was trying to load stage 1.5 from the IDE disk. To be clear, since the boot disk defined in the BIOS was the SATA, it had to be presented to grub as the first disk. So it's a buggy BIOS.

This seems to be a common behavior when mixing IDE and SATA disks. I googled about this error, but founded nothing really helpful. Changing boot order or activating onboard RAID didn't solve this error.

Then I upgraded from bios 0701 to 0903, and the problem was gone.

TIP: To upgrade Asus motherboard bios on a linux-only computer, you don't need to create a DOS bootable floppy. Recent Asus motherboard include a feature called "EZ-Flash", which is an BIOS upgrade utility included ... in the BIOS.

• Download BIOS update from Asus Website
• Unzip it and extract the .ROM file (for me M2NX0907.ROM)
• Rename this file with the motherboard model name (for me M2N-MX.ROM)
• Install mtools on your distro
• Insert a blank floppy
• Format the floppy mformat a:
• Copy the rom on the floppy mcopy M2N-MX.ROM a:
• Reboot
• During POST, press Alt-F2 to launch EZ-Update
• The BIOS upgrade procedure will start

Here is how I configured my Linksys WRT54G routeur/AP to connect to my office's Zywall 70

              --------                  --------
      Home --| WRT54G |--- Internet ---| Zywall |--- Office
              --------                  --------                
192.168.3.X         W.W.W.W          Z.Z.Z.Z          192.168.2.x

Linksys WRT54G

Backup your access point, go to http://openwrt.org, read carefully the wiki, and install the latest OpenWRT release. WhiteRussian RC6 worked for me.
I upgraded from an old Alchemy release, and all my settings were kept.
Install openswan

#ipkg update
#ipkg install openswan

Create /etc/ipsec.d/private/zywall

conn zywall
       right=%defaultroute
       rightsubnet=192.168.3.0/24
       rightid=@someid
       left=Z.Z.Z.Z
       leftsubnet=192.168.2.0/24
       leftid=@someid
       authby=secret
       pfs=no
       ike=aes128-sha1-modp1024
       esp=3des-md5-96
       keylife=9600s
       keyingtries=0
       auto=add
       dpddelay=30

Modify /etc/ipsec.conf to include your new config

# Add connections here
include /etc/ipsec.d/private/zywall

Add you preshared key in /etc/ipsec.secrets

@someid @someid: PSK "mysecret"

Zywall 70

Open "VPN Rule (IKE)" tab and add a new gateway policy

• Remote Gateway Address : W.W.W.W
• Pre-Shared Key : mysecret
• Negotiation Mode : Main
• Encryption Algorithm: AES
• Authentication Algorithm : SHA1
• SA Life Time (Seconds): 9600
• Key Group : DH2

Add a new network policy

• Active: Yes
• Local Network
  • Address Type: Subnet address
  • Starting IP Address: 192.168.2.0
  • Subnet Mask: 255.255.255.0
• Remote Network
  • Address Type: Subnet address
  • Starting IP Address: 192.168.3.0
  • Subnet Mask: 255.255.255.0
• Encapsulation Mode: Tunnel
• Active Protocol: ESP
• Encryption Algorithm : 3DES
• Authentication Algorithm: MD5
• SA Life Time (Seconds): 28800
• Prefect Forward Secrecy: None
• Enable Replay Detection: Yes

It should now work. Try to connect the VPN from the WRT54G:

# ipsec auto --up zywall
104 "zywall" #26: STATE_MAIN_I1: initiate
003 "zywall" #26: ignoring unknown Vendor ID payload [afcad71368a1f1c96b8696fc7757]
003 "zywall" #26: ignoring unknown Vendor ID payload [625027749d5ab97f5616c1602765cf480a3b7d0b]
106 "zywall" #26: STATE_MAIN_I2: sent MI2, expecting MR2
108 "zywall" #26: STATE_MAIN_I3: sent MI3, expecting MR3
004 "zywall" #26: STATE_MAIN_I4: ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=aes_128 prf=oakley_sha group=modp1024}
117 "zywall" #27: STATE_QUICK_I1: initiate
004 "zywall" #27: STATE_QUICK_I2: sent QI2, IPsec SA established {ESP=>0x595ef372 <0xb540297d xfrm=3DES_0-HMAC_MD5 NATD=none DPD=none}

Hiding the personnal network

It works, but my colleagues can now browse my home network. I want to "masquerade" the 192.168.3 subnet, so all connections seems to come from 192.168.203.1 :

                  ---------                  --------
      Home -- (NAT) WRT54G |--- Internet ---| Zywall |--- Office
                  ---------                  --------                
192.168.3.x  192.168.203.x  W.W.W.W   Z.Z.Z.Z          192.168.2.x

Edit /etc/firewall.user :

iptables -t nat -A postrouting_rule -d 192.168.2.0/255.255.255.0 -j SNAT --to 192.168.203.1
iptables -A forwarding_rule -d 192.168.2.0/24 -j ACCEPT

Run /etc/firewall.user to apply theses rules Modify the ipsec rules to use 192.168.203.x instead of 192.168.3.x

Notes

• The local and remote ID must be the same
• 3DES/MD5 is not the most secure cypher for phase 2, but other cyphers does not seem to work
• See openwrt wiki for encryption and speed
• This should work with any zywall model and with ipsec-capable Prestige models (652, 662). Some buggy firmwares (Zywall 10) use local and/or remote id instead of "secure gateway address".

Pour la version française, suivre ce lien.

My Kiss-DP500 DVD/DivX player can't play a lot of divx, because of the new codec extensions (QPEL, GMC, etc...). Most "recent" firmwares are buggy, and I often have to recode my movies.
The magic command line is:
mencoder baddivx.avi -of avi -oac mp3lame -lameopts cbr:br=128 -ovc lavc -lavcopts vcodec=mpeg4:vhq -ffourcc DX50 -o newdivx.avi

Of course, you need mencoder and appropriate plugins.
You can use this script, it takes the avi file name as an argument and creates and kiss-friendly version : divxconvert.sh