Netns different outgoing source ip address

7 07 2017

Using three network interfaces, assign each one a different address as source ip address for outgoing traffic:

#!/bin/bash
ip netns add blue
ip link set eth1 netns blue
ip netns add green
ip link set eth2 netns green
ip netns exec blue dhclient eth1
ip netns exec green dhclient eth2
echo "IP eth0: "
curl ipinfo.io/ip
echo "IP eth1: "
ip netns exec blue curl ipinfo.io/ip
echo "IP eth2: "
ip netns exec green curl ipinfo.io/ip

Advertisements




Install VMware Horizon Client in Debian 8 Jessie

24 02 2017

Download the linux client from the VMware website:

https://my.vmware.com/en/web/vmware/info/slug/desktop_end_user_computing/vmware_horizon_clients/4_0

The downloaded file is a bash script, execute it from a privileged user:

# bash VMware-Horizon-Client-4.3.0-4710754.x64.bundle

Install dependencies:

# apt-get install libudev-dev libffi-dev libglibmm-2.4-dev

Before finish the install, click into the “Scan” button. If libffi.so.5 is missing and you have libffi.so.6 only (usually in a modern Debian), create a symlink for bypass:

cd /usr/lib/x86_64-linux-gnu && ln -s libffi.so.6 libffi.so.5

Probably, if you execute now the client, it doesn’t start because the following:

$ vmware-view
/usr/lib/vmware/view/bin/vmware-view: error while loading shared libraries: libudev.so.0: cannot open shared object file: No such file or directory

Solve that creating a simlink:

# cd /lib/x86_64-linux-gnu && ln -s libudev.so.1 libudev.so.0

And run!:

$ vmware-view





Instalar JSigpac en linux – 2014

4 08 2014

Estos son los pasos para instalar JSigpac en Linux, en concreto en Debian Wheezy:

1.- Descagar la versión estable de Java Runtime Enviroment para linux (x64 o x86 según nuestra arquitectura) http://www.java.com/es/download/manual.jsp y copiar el archivo en (si no existe, crear el directorio):
/opt/java/

2.- Descomprimir el archivo:
# tar -xzvf jre-7u65-linux-x64.tar.gz

3.- Comprobar que funciona:
# /opt/java/jre1.7.0_65/bin/java -version

4.- Descargar la versión de Java Advanced Imaging Binary Builds (el binario para JRE llamado jai-1_1_3-lib-linux-amd64-jre.bin, ojo, hay más archivos para distintas cosas, mirar bien que tiene que acabar en «…jre.bin» y tiene que ser el indicado a nuestra arquitectura) de http://download.java.net/media/jai/builds/release/1_1_3/ y mover el archivo dentro de «/usr/java/jre1.7.0_65/» (si se tiene instalado java de paquete el directorio es /usr/lib/jvm/default-java/jre):
# wget 'http://download.java.net/media/jai/builds/release/1_1_3/jai-1_1_3-lib-linux-amd64-jre.bin' # mv jai-1_1_3-lib-linux-amd64-jre.bin /opt/java/jre1.7.0_65/# cd /opt/java/jre1.7.0_65/

5.- Cambiar los permisos al fichero:
# chmod ugo+x jai-1_1_3-lib-linux-amd64-jre.bin

6.- Instalar la libreria:
# ./jai-1_1_3-lib-linux-amd64-jre.binAceptar la licencia y si todo el proceso sale bien, veremos un mensaje indicando que se han copiado copiado las librerias y ya podemos usar jre con jai. Se nota mucho el uso de jai en la velocidad de proceso de las imágenes.

7.- Asignar las variables para poder utilizar java sin poner la ruta completa:
# ln -s /opt/java/jre1.7.0_65/ /usr/local/javaJAVA_HOME=/usr/local/java/
PATH=$PATH:$JAVA_HOME:$JAVA_HOME/bin
export JAVA_HOME PATH

8.- Descargar el código de la aplicación jsigpac http://sites.google.com/site/jrariasf/ En enlace aparece al final de la página «Fuentes jSIGPAC 5.6.14.zip» y lo descomprimimos en «/opt/jsigpac/», crear el directorio si no existe.

8.- Crear la variable «$CLASSPATH» con las referencias al sitio donde se ha descomprimido jsigpac, en la web pone que hay que tener las referencias a jai, pero habiendo descargado el binario para jre y habiendolo instalado bien, este paso no es necesario, sólo hay que poner la ruta del programa para poderlo ejecutar desde cualquier sitio:
# CLASSPATH="/opt/jsigpac/jSIGPAC:."# export CLASSPATH

10.- Para que se asignen de manera automática estas variables la próxima vez, incluir las siguientes líneas al final del archivo:
# echo 'export JAVA_HOME=/usr/local/java/' >> ~/.bashrc# echo 'export PATH=$PATH:$JAVA_HOME:$JAVA_HOME/bin' >> ~/.bashrc# echo 'export CLASSPATH="/opt/jsigpac/jSIGPAC:."' >> ~/.bashrc# source ~/.bashrc

11.- Probar que funciona:
# cd /tmp# java -Xmx1000m -Xms1000m JSigpac -d -SIBX -mORTO -h30 -x440400 -y4474438 -A4000 -r2 -fMadrid# java -Xmx1000m -Xms1000m JSigpac -e -fMadrid -efil9 -ecol8 -J100





NeroLinux no graba CD-audio

23 12 2013

Si se ha instalado Nero Linux 4 y no graba los CD de audio, seguramente faltará instalar y enlazar lo siguiente:

apt-get install mpg123
mkdir /usr/lib64/
ln -s /usr/lib/nero /usr/lib64/





Liberar memoria en linux sin reiniciar

16 09 2013

Si se quiere liberar la memoria ram sin reiniciar el sistema por completo:

sync ; echo 3 > /proc/sys/vm/drop_caches

Hay otras opciones que quizá nos interesen:

0 » Cede el control al Kernel para que administre la memoria
1 » Libera pagecache
2 » Libera dentries y inodes
3 » Libera pagecache, dentries y inodes

sync ; echo 0 > /proc/sys/vm/drop_caches
sync ; echo 1 > /proc/sys/vm/drop_caches
sync ; echo 2 > /proc/sys/vm/drop_caches
sync ; echo 3 > /proc/sys/vm/drop_caches





Apuntes Linux Networking Cookbook

10 01 2013

net.ipv4.icmp_echo_ignore_broadcasts = 1
Don’t respond to ping broadcasts. Ping broadcasts and multicasts are usually an
attack of some kind, like a Smurf attack. You may want to use a ping broadcast
to see what hosts on your LAN are up, but there are other ways to do this. It is a
lot safer to leave this disabled.

ipcalc This is a standard program available for any Linux. This
command shows you everything you need to know for a single network:
$ ipcalc 192.168.10.0/24
Address: 192.168.10.0 11000000.10101000.00001010. 00000000
Netmask: 255.255.255.0 = 24 11111111.11111111.11111111. 00000000
Wildcard: 0.0.0.255 00000000.00000000.00000000. 11111111
=>
Network: 192.168.10.0/24 11000000.10101000.00001010. 00000000
HostMin: 192.168.10.1 11000000.10101000.00001010. 00000001
HostMax: 192.168.10.254 11000000.10101000.00001010. 11111110
Broadcast: 192.168.10.255 11000000.10101000.00001010. 11111111
Hosts/Net: 254 Class C, Private Internet

Making Static Routes Persistent
Of course there are. On Debian, add them to /etc/network/interfaces in the stanza for
their corresponding interface:
auto eth1
iface eth1 inet static
address 192.168.10.100
netmask 255.255.255.0
gateway 22.33.44.55
broadcast 192.168.10.255
up route add -net 172.16.5.0/24 gw 192.168.10.100 eth1
up route add -net 172.24.0.0/24 gw 192.168.10.100 eth1
down route del -net 172.24.0.0/24
down route del -net 172.16.5.0/24

You want to change the passphrase on one of your private keys.
Use the -p switch with the ssh-keygen command:
$ ssh-keygen -p -f ~/.ssh/id_dsa

Mounting Entire Remote Filesystems with sshfs
OpenSSH is pretty fast and efficient, and even tunneling X Windows over OpenSSH
isn’t too laggy. But sometimes, you want a faster way to edit a number of remote
files—something more convenient than scp, and kinder to bandwidth than running a
graphical file manager over SSH.
Solution
sshfs is just the tool for you. sshfs lets you mount an entire remote filesystem and
then access it just like a local filesystem.
Install sshfs, which should also install fuse. You need a local directory for your
mountpoint:
carla@xena:~$ mkdir /sshfs
Then, make sure the fuse kernel module is loaded:
$ lsmod|grep fuse
fuse 46612 1
If it isn’t, run modprobe fuse.
Next, add yourself to the fuse group.
Then, log in to the remote PC and go to work:
carla@xena:~$ sshfs uberpc: sshfs/
carla@uberpc’s password:
carla@xena:~$
Now, the remote filesystem should be mounted in ~/sshfs and just as accessible as
your local filesystems.
When you’re finished, unmount the remote filesystem:
$ fusermount -u sshfs/
Discussion
Users who are new to sshfs always ask these questions: why not just run X over SSH,
or why not just use NFS?
It’s faster than running X over SSH, it’s a heck of a lot easier to set up than NFS, and
a zillion times more secure than NFS, is why.

Customizing the Remote VNC Desktop
The default VNC remote desktop on Linux is little better than a plain vanilla SSH
session—all you get is some barebones window manager like TWM or Metacity, and
an Xterm. How do you get the window manager or desktop of your choice?
Solution
Edit your ~/.vnc/xstartup file on the server. This is the default:
#!/bin/sh
xrdb $HOME/.Xresources
xsetroot -solid grey
x-terminal-emulator -geometry 80×24+10+10 -ls -title “$VNCDESKTOP Desktop” &
x-window-manager &
If there is no ~/.Xresources file, comment that line out.
Simply replace -window-manager with the startup command for the window manager
of your choice, like this:
icewm &
Whenever you make changes in this file, you need to stop and restart the server:
$ tightvncserver -kill :1
$ tightvncserver
Then, log in again from your remote PC.
Table 8-2 lists some startup commands for various window managers, which must
be installed on the server if you want to use them.

To create a bootable USB flash drive, you need at least a 256 MB drive. Then, down-
load the hd-media/boot.img.gz file from your favorite Debian mirror. Make sure the
drive is unmounted, and copy it to the drive with this command:
# zcat boot.img.gz > /dev/sda

FPing pings all the addresses in a range in sequence. This example pings a subnet
once, reports which hosts are alive, queries DNS for the hostnames, and prints a
summary:
$ fping -c1 -sdg 192.168.1.0/24

ping6 to one interface
$ ping6 -c2 -I eth0 fe80::203:6dff:fe00:83cf

Finding Duplicate IP Addresses with arping
You want to know how to test an IP address on your LAN to see whether it is a
duplicate.
Solution
Use arping, like this:
$ arping -D 192.168.1.76

Testing HTTP Throughput and Latency with httping
As always, your users are complaining “the web site is too slow! We’re dying here!”
But it seems OK to you. Isn’t there some way you can make some objective measure-
ments without having to master some expensive, complicated analysis tool?
Solution
While sophisticated HTTP server analysis tools are nice, and there are dozens of
them, sometimes you just want something quick and easy. httping is an excellent
utility for measuring HTTP server throughput and latency, and because it’s a tiny
command-line tool, you can easily run it from multiple locations via SSH.
Its simplest invocation is to test latency:
$ httping -c4 -g http://www.oreilly.com

tcptraceroute
Traceroute may not work over the Internet because a lot of routers are programmed
to ignore its UDP datagrams. If you see a lot of timeouts, try the -I option, which
sends ICMP ECHO requests instead.
You could also try tcptraceroute, which sends TCP packets and is therefore nearly
nonignorable:
$ tcptraceroute bratgrrl.com

mtr
An excellent utility that combines ping and traceroute is mtr (My Traceroute). Use
this to capture combined latency, packet loss, and problem router statistics. Here is
an example that runs mtr 100 times, organizes the data in a report format, and stores
it in a text file:
$ mtr -r -c100 oreilly.com >> mtr.txt

Measuring Throughput, Jitter, and Packet Loss with iperf
You want to measure throughput on your various network segments, and you want
to collect jitter and datagram loss statistics. You might want these just as a routine
part of periodically checking your network performance, or you’re running a VoIP
server like Asterisk, Trixbox, or PBXtra, so you need your network to be in extra-
good shape to have good call quality.
Solution
Use iperf, which is a nifty utility for measuring TCP and UDP performance between
two endpoints. It must be installed at both ends of the connection you’re measuring;
in this example, that is Xena and Penguina. We’ll call Xena the server and Penguina
the client. First, start iperf on Xena in server mode, then fire it up on Penguina. (The
easy way is to do all this on Xena in two X terminals via SSH.)
carla@xena:~$ iperf -s
————————————————————
Server listening on TCP port 5001
TCP window size: 85.3 KByte (default)
————————————————————
terry@penguina:~$ iperf -c xena





Apuntes Bash Guide for Beginners

6 01 2013

Both echo and printf are Bash built-in commands. The first always exits with a 0 status, and simply prints arguments followed by an end of line character on the standard output, while the latter allows for definition of a formatting string and gives a non-zero exit status code upon failure.

cat /usr/share/audio/at_your_service.au > /dev/audio

bash -x script_name.sh
The specified shell will start as a subshell of your current shell and execute the script. This is done when you want the script to start up with specific options or under specific conditions which are not specified in the script.

You can switch debugging mode on and off as many times as you want within the same script.
The table below gives an overview of other useful Bash options:

Table 2-1. Overview of set debugging options

Short notation Long notation Result
set -f set -o noglob Disable file name generation using metacharacters (globbing).
set -v set -o verbose Prints shell input lines as they are read.
set -x set -o xtrace Print command traces before executing command.

Brace expansion is a mechanism by which arbitrary strings may be generated. Patterns to be brace-expanded take the form of an optional PREAMBLE, followed by a series of comma-separated strings between a pair of braces, followed by an optional POSTSCRIPT. The preamble is prefixed to each string contained within the braces, and the postscript is then appended to each resulting string, expanding left to right. Brace expansions may be nested. The results of each expanded string are not sorted; left to right order is preserved:

franky ~> echo sp{el,il,al}l
spell spill spall

Brace expansion is performed before any other expansions, and any characters special to other expansions are preserved in the result. It is strictly textual. Bash does not apply any syntactic interpretation to the context of the expansion or the text between the braces. To avoid conflicts with parameter expansion, the string “${” is not considered eligible for brace expansion.
A correctly-formed brace expansion must contain unquoted opening and closing braces, and at least one unquoted comma. Any incorrectly formed brace expansion is left unchanged.

Table 3-4. Arithmetic operators

Operator Meaning
VAR++ and VAR– variable post-increment and post-decrement
++VAR and –VAR variable pre-increment and pre-decrement
– and + unary minus and plus
! and ~ logical and bitwise negation
** exponentiation
*, / and % multiplication, division, remainder
+ and – addition, subtraction
<< and >> left and right bitwise shifts
<=, >=, < and > comparison operators
== and != equality and inequality
& bitwise AND
^ bitwise exclusive OR
| bitwise OR
&& logical AND
|| logical OR
expr ? expr : expr conditional evaluation
=, *=, /=, %=, +=, -=, <<=, >>=, &=, ^= and |= assignments
, separator between expressions

Table 4-1. Regular expression operators

Operator Effect
. Matches any single character.
? The preceding item is optional and will be matched, at most, once.
* The preceding item will be matched zero or more times.
+ The preceding item will be matched one or more times.
{N} The preceding item is matched exactly N times.
{N,} The preceding item is matched N or more times.
{N,M} The preceding item is matched at least N times, but not more than M times.
represents the range if it’s not first or last in a list or the ending point of a range in a list.
^ Matches the empty string at the beginning of a line; also represents the characters not in the range of a list.
$ Matches the empty string at the end of a line.
\b Matches the empty string at the edge of a word.
\B Matches the empty string provided it’s not at the edge of a word.
\< Match the empty string at the beginning of word.
\> Match the empty string at the end of word.

Contrary to [[[ prevents word splitting of variable values. So, if VAR="var with spaces", you do not need to double quote $VAR in a test – eventhough using quotes remains a good habit. Also,[[ prevents pathname expansion, so literal strings with wildcards do not try to expand to filenames. Using [[== and != interpret strings to the right as shell glob patterns to be matched against the value to the left, for instance: [[ "value" == val* ]].

case $space in
[1-6]*)
  Message="All is quiet."
  ;;
[7-8]*)
  Message="Start thinking about cleaning out some stuff.  There's a partition that is $space % full."
  ;;
9[1-8])
  Message="Better hurry with that new disk...  One partition is $space % full."
  ;;
99)
  Message="I'm drowning here!  There's a partition at $space %!"
  ;;
*)
  Message="I seem to be running with an nonexistent amount of disk space..."
  ;;
esac

File input and output are accomplished by integer handles that track all open files for a given process. These numeric values are known as file descriptors. The best known file descriptors are stdinstdout andstderr, with file descriptor numbers 0, 1 and 2, respectively. These numbers and respective devices are reserved. Bash can take TCP or UDP ports on networked hosts as file descriptors as well.

Note that each process has its own view of the files under /proc/self, as it is actually a symbolic link to /proc/<process_ID>.

The /dev/fd directory contains entries named 012, and so on. Opening the file /dev/fd/N is equivalent to duplicating file descriptor N. If your system provides /dev/stdin/dev/stdout and/dev/stderr, you will see that these are equivalent to /dev/fd/0/dev/fd/1 and /dev/fd/2, respectively. 


yum install $1 << CONFIRM
y
CONFIRM

The select construct allows easy menu generation. The syntax is quite similar to that of the for loop:
select WORD [in LIST]; do RESPECTIVE-COMMANDS; done

LIST is expanded, generating a list of items. The expansion is printed to standard error; each item is preceded by a number. If in LIST is not present, the positional parameters are printed, as if in $@ would have been specified. LIST is only printed once.

The shift command is one of the Bourne shell built-ins that comes with Bash. This command takes one argument, a number. The positional parameters are shifted to the left by this number, N. The positional parameters from N+1 to $# are renamed to variable names from $1 to $# - N+1.

 
 

Table 10-1. Options to the declare built-in

Option Meaning
-a Variable is an array.
-f Use function names only.
-i The variable is to be treated as an integer; arithmetic evaluation is performed when the variable is assigned a value (see Section 3.4.6).
-p Display the attributes and values of each variable. When -p is used, additional options are ignored.
-r Make variables read-only. These variables cannot then be assigned values by subsequent assignment statements, nor can they be unset.
-t Give each variable the trace attribute.
-x Mark each variable for export to subsequent commands via the environment.

The readonly built-in marks each specified variable as unchangeable. The syntax is:
readonly OPTION VARIABLE(s)

 

The unset built-in is used to destroy arrays or member variables of an array:

[bob in ~] unset ARRAY[1]

[bob in ~] echo ${ARRAY[*]}
one three four

[bob in ~] unset ARRAY

[bob in ~] echo ${ARRAY[*]}
<--no output-->

 

 

Table A-1. Common Shell Features

Command Meaning
> Redirect output
>> Append to file
< Redirect input
<< “Here” document (redirect input)
| Pipe output
& Run process in background.
; Separate commands on same line
* Match any character(s) in filename
? Match single character in filename
[ ] Match any characters enclosed
( ) Execute in subshell
` ` Substitute output of enclosed command
” “ Partial quote (allows variable and command expansion)
‘ ‘ Full quote (no expansion)
\ Quote following character
$var Use value for variable
$$ Process id
$0 Command name
$n nth argument (n from 0 to 9)
# Begin comment
bg Background execution
break Break from loop statements
cd Change directories
continue Resume a program loop
echo Display output
eval Evaluate arguments
exec Execute a new shell
fg Foreground execution
jobs Show active jobs
kill Terminate running jobs
newgrp Change to a new group
shift Shift positional parameters
stop Suspend a background job
suspend Suspend a foreground job
time Time a command
umask Set or list file permissions
unset Erase variable or function definitions
wait Wait for a background job to finish

 

Fuente: http://www.tldp.org/LDP/Bash-Beginners-Guide/html/Bash-Beginners-Guide.html