Posts Tagged ‘Israel’

L2TP and Cables in Israel, fixups

Friday, November 18th, 2005

When I’ve created my setup (displayed below), I took into account the possibility of disconnection, or process fall, and I’ve left pppd to deal with it, by trying to connect just as it has fallen down. It was a good solution for the scenarios where there is a temporary, short timed disconnection. It fails to work when pppd cannot establish a connection as soon as it has dropped, which might happen when the ISP has a problem, or someone disconnects the cables, etc.

To try and approach it using an add-on solution (as I don’t feel I have a complete and simple enough solution for the issue), I have added the following things:

1. Added a line in /etc/crontab , adding a per-minute scheduled class:

0-59/1 * * * * root run-parts /etc/cron.minute

2. Created a directory /etc/cron.minute
3. Added a script into it, called Internet, as follows:

if [ ! "`ifconfig | grep ppp0`" ]; then
/etc/init.d/rp-l2tp start


The solution brings back the connection in the rather rare event of it being down. It will not solve, even combined with the current “bring it up when it goes down” configuration all and every possible problem. I hope it would solve enough. I will not list my expected problems with such a configuration, but leave it as an exercise for you.

Cables in Israel and L2TP on Fedora Core 3 Linux

Monday, November 7th, 2005

I have noticed there is no fixed guide for L2TP for cable connection in Israel. Since I’ve been doing just this thing today, I’ve decided to put online my own comments on the issue, with hope it would help other people too.

Subject: L2TP cables connection to an ISP called Actcom in Israel, using Fedora Core 3

Requirements: FC3 does not come with any L2TP tools and/or configuration packages.

Solution, strongly based upon this site

*) Download and install l2tp packages for FC2/3 from this site. Note that you have to download the rp-l2tp package.

*) Save, with run permissions, the fixroute.txt fixroute script. This script is required so you would have your routing table set correctly. Note, it is a txt file, but a script in the same time.

*) Save this following conf file in your /etc/l2tp as /etc/l2tp/l2tp.conf l2tp.conf.txt

*) Save this following rp-l2tp.txt startup script in /etc/init.d/ as /etc/init.d/rp-l2tp . Note – this script understands the command “chkconfig” . Also note that, as said inside this script, this script assumes l2tpd is running.

*) Make sure l2tpd is running! Add a line such as
lt:3:respawn:/usr/sbin/l2tpd -f

to your /etc/inittab file. It will make sure this daemon will always be resurracted.

*) To set automatic reconnection, replace your /etc/ppp/ip-down script with the following script ip-down.txt

*) Make sure (one of?) your network interface is connected correctly to the Cables modem, that there’s link, and that the interface is defined to use DHCP.

*) Set your /etc/ppp/pap-secrets with something which looks like this:

“username” * “password”

*) Add to /etc/ppp/options the lines:

lcp-echo-failure 2
lcp-echo-interval 30

*) Run init q to reload /etc/inittab, and force the loading of l2tpd.

*) Run /etc/init.d/rp-l2tp start to start the internet connection. With luck, you should be up and running. Add this script to the startup sequence by running “chkconfig –level 35 rp-l2tp on

Done and done. Good luck.

Finished customer’s project

Sunday, July 31st, 2005

It was long, it was tiresome, and it was nasty. We’ve been to a hosting farm, in one of Israel’s largest ISPs,where their (and our) customer needed to relocate servers, and change his server’s IPs, settings, etc.


I don’t know why, but we’ve tried to come as prepared as possible. One of the things you learn, doing such
projects in an un-controlled environment, far away from your own personal lab, is this – “Trust no one”. Just like X-Files, but for real.


If it’s not obvious, here’s an example – Assuming you get there, and you find out you need some drivers for one of the machines. In a controlled environment, you would get these drivers from the Internet, but in an uncontrolled environment, you must make sure you get them with you before, and make sure the CD, floppy, USB port, or whatever is being used there, is actually functioning, and in good condition. Not only, you must make sure you either get in this place with a whole pack of methods to get the files/info/drivers/data into the machine in question, or a method of transferring between media types, like cd -> Disk on Key, or DoK -> Floppy.

So, trying to be as prepared as possible for the machine (plus extra ~400 domains) transfer and change, we’ve came with the following inventory:

  • 1 IBM 1U server, preinstalled with Linux, predefined as DNS server, and web server, saying “The server is under maintenance. It will be solved soon” or something alike.
  • 2 Laptops running Linux/Windows, including backup of all configurations of the Virtual servers, and the root servers.
  • Cables
    (We’ve discovered only on last minute we don’t get anything out of the hosting farm. We have to bring it all with us. It was night, and we just picked anything we could for it, hoping it would do. It did).
  • Tools
  • extras
  • Exact written procedure of which files to change, where, and into what. New IPs pre-assigned, passwords, etc.


We were only half prepared. Half prepared, because the only thing we didn’t predict as much was the ill tempered and lazy SoB who was our contact in the farm. I have no idea why, and I do not care why, but he has some grudge with our (and his!) customer, and he made everything he could to “not help us”. Meaning he didn’t deliberately hinder us, but he did the least he could to help, up to nothing.


Example? Sure. We needed network link for the new rack, so he said we had one. I’ve asked him to activate it, and soon he claimed he did. Not long after, when reconfigured the router, and moved it into the new location, I needed to connect it to this link. Not working. I started debugging the problem (maybe bad cable, maybe interface in “shut” mode. Maybe we need laplink cable. Don’t know). Soon I had the obvious idea, and asked him if the link was up. He said “No. I was just waiting for you”. I’ve asked him to bring the link up, keeping my temper as down as possible. It took him 15-30 minutes, while we just stood and waited (it was a show stopper. You can’t start moving servers before you know you have where to connect them to, right?). Finally, and after lots of intervention on our side (like testing and seeing the link was still down, changing cables, etc), the link was brought up, and we could

Things like this piss me off. You expect the man to do any and every thing he can to assist, so all of you can go home already (the job started at midnight), and this lazy SoB was supposed to hand us the cable link, everything predefined per our demands, and wait for us to finish. Not starting to set it up during our work, and
“waiting” for us. We had to wait for him, that’s for sure, but he had no reason to wait for us.


So that’s a hostile, and uncontrolled environment.


Don’t get me wrong. We had tons of laughs, and enjoyed the job (and the A/C), but the lack of cooperation, and the stinking attitude of our contact person was, least to say, a problem. Another example is when asking for coffee (to remind you – midnight, no coffee-shops open for kilometers around us), he showed us into their “kitchen”, and pointed out how much he was nice, because of the special time and all, else we wouldn’t supposed to use this “kitchen”. Man, this is only a cup of coffee, and it’s not yours, nor your mom’s! Stinking attitude.

And we had our share of technical difficulties. The person setting up our client’s servers was, how to say, amature. He predefined the machine’s IP address in around a dozen different locations. Three times in the firewall settings (for each, virtual of otherwise real machine’s IP), twice in each network configuration file (per machine), once for every major service each machine (again, virtual or real) was running, such as sshd Listen address, or FTPD Listen address, httpd Listen address, etc. It was a major hell. Hosted domains zone files were not using CNAME record for a single, one-time-only-defined IP address (which each Vserver had. Only one), but had a full A record for the whole IP address. We had to “sed” them all to the new ones, decrease the TTLs for each domain (again, “sed”, or friend), and so on.

It wasn’t easy, but it went rather well, summing it wall up. Why we did it? For the money, of course. And besides, the hosting farm had better A/C than
I have 🙂


Well, it sums a night without sleep, filled with work, before I’ve started traveling around, doing all kind of chores I could accumulate around this area of Israel. It went quite well, after all, and I managed to keep my eyes open when driving, which was good, generally speaking.


So, here’s me, back home, about to go to sleep, behind me a very, very long day.



I have managed to take pictures at the place. Attached in Thumbnails. Sorry for the choppy quality, as they were taken using a cell phone camera, and not a real camera.

Front of the rack

Front of the rack, #2

The rear of the rack


The rack was a bit shorter than we’ve expected, so our power cables are to be pressed in, to allow closing the doors. Tomorrow night, we are to add a router into the system, and change the firewall’s settings,
accordingly. Will be fun. Not.

First message

Tuesday, July 19th, 2005

Well, It’s been a while since I’ve considered playing with a blog of my own. I’ve never quite found the convicting reason which will pull me out of my chair, and not-a-single-thing-doing-for-a-whole-afternoon-while-browsing-the-net into the active part of installing my own blog.

Well, I did just ten minutes ago.

Why? Because during my tech adventures (as much as they might seem adventurues to anyone), I get to complete tasks, or do things which I have nowhere to add or update, and thus I don’t get to keep, neither to myself for later refferance, nor for others who might bump into the same problems I have.

Who am I?

Keeping this blog blogish enough, there is no point in mentioning my name. You can call me Ez-Aton, or Ez, for short, if you feel like calling me at all. It’s not that I hide, but there is a point in a person’s life where he wants to use the little anonymity the web offers. The little of it which still exists nowdays, anyhow.

Well, I act as a Unix SysAdmin, linux hobbist and SysAdmin, Windows SysAdmin, some experiance with mac, etc. I manage few dozens of *nix machines @ work, namely Linux, Solaris, HP-UX, AIX, and somewhat Windows on a more complex environment. I don’t claim to be an expert on it, oh now, but I claim to know some on everything. And Google being my friend, I can manage my way around the more common obstacles. I learn fast, I almost never do the same mistake twice (unless it’s on purpose, to gain something), so I manage to get, uneducated (no degree, no official courses), a very complex set of systems up and running. not perfect, but how many people you know who can make such things (as you might find in my blog at other times) up and running?

Oh, and I live in Israel, which is a small country, but one can get used to it.

So I hope you find info you need here, or at least enjoy wasting few more minutes of your life, where time flies in front of the computer, browsing and searching, and doing only little. Yep, techie’s life.