Archive for June, 2006

Small but annoying – no XVideo for movies

Wednesday, June 28th, 2006

It means I cannot resize video. Using the x11 generic driver does not allow resize.

I’ve searched for a solution just now, and got to this web page. After some tweeks with my own config file (to remind you, it was built using ATI’s tools), I’ve got it to work correctly.

Here’s the updated config file xorg.conf.ati-dualhead.txt

I never quite remember it – extracting a specific file from tar archive

Monday, June 26th, 2006

I always forget, and this blog is meant to help me remember.

Found in Tar’s manual, are these simple directives:

Have a file called file.tar, do:

tar -xf file.tar full/path/without/trailing/slashes

It can be a file or directory. You can have a list of files, such:

tar -xf file.tar home/me home/you home/us/important-file

Should do the trick.

Multihomed routing (split access load balancing) and OpenVPN

Sunday, June 25th, 2006

We have one connection via ATM like interface and we have one PPP connection via xDSL (described here), and we want load balancing for this whole party.

Following this specific part of lartc.org guide, we’ve managed to get this to work. The idea goes like this (Centos 4.3):

1. Do not state default route for the machine. Not in /etc/sysconfig/network and not in /etc/sysconfig/network-scripts/ifcfg-ethX

2. Using adsl-setup, we’ve defined our ADSL connection. Verify you have an entry DEFROUTE=no in your /etc/sysconfig/network-scripts/ifcfg-ppp0

3. find a way to start the following script after your network interfaces are up. I assume, in this script, that your ATM interface is eth1. multiroute.txt

The reason for specifically stating SERVER is that our DNS server requires recursive DNS for its settings, and I can use my ISP’s DNS Server only when using the corresponding link. Since both links are for different ISPs, I need to “bind” SERVER to a specific route.

Note that this solution is only temporary. At the moment, it is far from being complete, and many tests should be done yet, before I can call it a working solution. I might combine it with /etc/ppp/ip-up.local script, or I might add it as a seperated service in /etc/init.d, which would start after all interfaces are up and running. Not final yet.

With all this working like charm, we’ve had a huge issue – our OpenVPN server, which worked correctly just until then failed to work smoothly. Sometimes clients were able to connect, and sometimes they were unable to do so…

I got the following error message in my logs: “x.y.z.m:2839 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)

The cause, as it seemed to me, was that OpenVPN’s UDP packets were routed via alternate route for each target client. Being UDP, they were not part of an active session, but were stateless, which resulted in a different routing descision each time they were directed at the OpenVPN client. I’ve searched for it, although I was not optimistic, because multihomed routing, with multiple ways out wasn’t very common. I was suprised to find this post, with it’s follow-up, which dealt exactly with my case.

Since I cannot bind it to an internal IP address (although I’ve tried – it didn’t work), I will test TCP based configuration tomorrow morning.

===============================================================================

Update

===============================================================================

I don’t usually update posts but add new posts with links. However, in this case it was important enough for me to update this hot topic so I’ve decided to just add the new stuff.

First – I’ve failed. Since I do not have too much time here, I did not feel confident to leave a system yet untested. Especially when such a router is an essential link in this company.

I’ve tried using TCP based connection, but, still again, one client was able to connect, while the 2nd one did so for only a short while, and failed maintaining a working connection. I went back to UDP…

I came up with the following idea – if I can use some sort of tagging to differentiate the UDP packets sourced at the router, at the OpenVPN application, I could try and set a routing rule which will force them into a specific routing chain, and force them through my interface.

It didn’t work quite well. I was able to do the followin trick, but for no avail:

iptables -t mangle -A OUTPUT -p udp –sport 5001 -j MARK –set-mark 1

and then, using “ip” command:

ip rule add fwmark 1 table T1

which should have redirected all outbound UDP with source port 5001 (this is the one I use for my OpenVPN, due to legacy considerations), to the T1 routing table – a table directed outside with default route via eth1.

I don’t know why it failed. Almost seemed to work, but no…

I returned the system to a single-path setup, with PPP0 only acting as a manual alternate path in case where the primary path is down. Would work for now.

Radeon 9600 Dual Display (dual-head)

Wednesday, June 21st, 2006

After much agony with my faulted NVidia Dual-head card, and the frequent hard-freeze which were part of this experience.

A new and shining ATI Radeon 9600 has entered my AGP slot, and I was ready to make it rock.

First thing first – I utterly failed to install the damn driver. ATI build their drivers for someone else. Not me. I was able (I swear I don’t remember how) to make it work, and was into setting my brand new VGA card for dual-head for my Xorg.

I’ve used aticonfig, and run the following commands to do the trick:

aticonfig –initial=dual-head –screen-layout=right

aticonfig –screen-layout=left –dtop horizontal –resolution=0,1280×1024,1024×768 –resolution=1,1280×1024,1024×768 –screen-overlap=0

It worked like charm (I’m saving you from the ugly trial and error part of it).

Quick and dirty delete old files, with exclude list and support for filenames with spaces

Sunday, June 18th, 2006

Here’s a little script I’ve written which deletes older than AGE days files, and has an exclude list, just in case. It’s meant to be run by cron on a daily basis:

#!/bin/sh

# Source of all evil
DIR=/ftp
# Age of file in days
AGE=10
# Exclude list – Use pipe (|) seperated values. Example:
# EXCLUDE=”me|tal” for excluding both “me” and both “tal”. Use the longest
# possible expression, for accurate match. For example:
# EXCLUDE=”/ftp/me|/ftp/tal”. Below is the default minimal exclude list.
EXCLUDE=”lost+found|incoming”

echo -n ” > /tmp/del-list.txt

find $DIR/*/* -mtime +$AGE -print | grep -vE “$EXCLUDE” | tr ‘n’ “”n”” >> /tmp/del-list.txt

for i in `cat /tmp/del-list.txt` ; do
echo $i >> /var/log/del-ftp.log
done

cat /tmp/del-list.txt | xargs rm -Rf

rm /tmp/del-list.txt

It seems to work. So far, I have delete 2nd level directories when old enough (10 days by default), and I can handle files with spaces in their names (scheduled delete of filenames with spaces – for the sake of those searching for a solution. At least, I’ve used this expression and didn’t find a solution online).