Archive for May, 2009

I wrote a howto a while back on how to setup windows vista with a ipv6 tunnel to tunnelbroker.net – this post can be found here http://larmeir.com/?p=354 . To follow up on this I host a Debian etch 5.0 server in my office that I use for troubleshooting network connections and as a backup system for my webserver. Below is how I setup the ipv6 tunnel:

#ip tunnel add he-ipv6 mode sit remote my.tunnel.broker.ip local 192.168.1.8 ttl 255
#ip link set he-ipv6 up
#ip addr add 2001:470:1f0e:4ee::2/64 dev he-ipv6
# ip route add ::/0 dev he-ipv6
#ip -f inet6 addr

Also, dont forget to check that the ipv6 kernel module is loaded:

~# lsmod | grep ipv6
ipv6                  235364  31 sit

If not then load it:

# modprobe ipv6

then test it

~# ping6 -c4 ipv6.google.com
PING ipv6.google.com(vx-in-x68.google.com) 56 data bytes
64 bytes from vx-in-x68.google.com: icmp_seq=1 ttl=56 time=116 ms
64 bytes from vx-in-x68.google.com: icmp_seq=2 ttl=56 time=117 ms
64 bytes from vx-in-x68.google.com: icmp_seq=3 ttl=56 time=116 ms
64 bytes from vx-in-x68.google.com: icmp_seq=4 ttl=56 time=116 ms

— ipv6.google.com ping statistics —
4 packets transmitted, 4 received, 0% packet loss, time 3011ms
rtt min/avg/max/mdev = 116.301/116.750/117.440/0.429 ms

Hopefully this will help somone with Debian when trying to get a ipv6 tunnel setup.

What in the heck has this world come too? A student in Utah was forced to remove his kilt as his teacher said it could be misconstrued as “cross-dressing” – I can’t help but find this ridicoulus. Well, apparently principal Longshanks has to apologize to the student. You can read the whole story here: http://www.myfoxdfw.com/dpp/news/weird/dpg_School_Makes_Student_Change_out_of_Kilt_SAB_05172009_2492726

Working in the Technology industry, I hear alot of people asking about how to monitor their bandwidth accurately.  Most people (specially sharedhosters, gameserver admins, etc.) will use their control panels to monitor their bandwidth and this often leads to inaccurate results. In this article we will go over setting a basic mrtg bandwidth graph that can be monitored from a webpage on your server to help you keep track of your bandwidth usage. I have written the below howto as a guide to your installation on a RedHat ES 5.x or CentOS 5.x system. The link http://www.cyberciti.biz/nixcraft/linux/docs/uniqlinuxfeatures/mrtg/ was used as a guide regarding the snmpd.conf so if you have any doubts please check it out.

The best way to watch your own bandwidth is with iptables or snmp however in this article we are covering snmp only – If you want to have a better technical understanding of snmp you can read more about snmp protocal here: http://en.wikipedia.org/wiki/Simple_Network_Management_Protocol

Let’s get started

My server enviornment:  cat /etc/redhat-release
Red Hat Enterprise Linux Server release 5.3 (Tikanga)

Our goals: Setup snmp and mrtg and have it monitor the bandwidth in 5 minute intervals with it publishing to a webpage.

Setting up snmp:

First we have to get snmp and its utlities installed. To do this we will use yum

yum -y install net-snmp-utils net-snmp

Now we will make sure that snmpd starts at boot time:

chkconfig –add snmpd

chkconfig snmpd on

We can then verify that it is properly setup by issuing this command:

# chkconfig –list | grep snmpd
snmpd           0:off   1:off   2:on    3:on    4:on    5:on    6:off

Start the snmpd daemon up:

/etc/init.d/snmpd start or service snmpd start

Make sure it is up and listening:

# netstat -anp | grep snmpd | grep LISTEN
tcp        0      0 127.0.0.1:199               0.0.0.0:*                   LISTEN      24465/snmpd

Configuring snmpd.conf:

the snmpd.conf is found /etc/snmp/snmpd.conf – there is a million options here but we will only modify what is necessary to get this working

We will go section by section:

first find this area and adjust it accordingly with your network address information – make sure and leave localhost as is – for the network part, add your networks cidr notation (you can get this from your dedicated server provider if you are not sure) :

####
# First, map the community name “public” into a “security name”

#       sec.name  source          community
#com2sec notConfigUser  default       public
com2sec local     localhost           public
com2sec mynetwork 10.0.0.200/30     public
####

Next, find this area and adjust it exactly as shown below:

####
# Second, map the security name into a group name:

#       groupName      securityModel securityName
group MyRWGroup v1         local
group MyRWGroup v2c        local
group MyRWGroup usm        local
group MyROGroup v1         mynetwork
group MyROGroup v2c        mynetwork
group MyROGroup usm        mynetwork
####

Then, move on the to next section and it configure it exactly as shown below:

# Make at least  snmpwalk -v 1 localhost -c public system fast again.
#       name           incl/excl     subtree         mask(optional)
#view    systemview    included   .1.3.6.1.2.1.1
#view    systemview    included   .1.3.6.1.2.1.25.1.1
view     all           included   .1

Now modify this section exactly as shown below:

####
# Finally, grant the group read-only access to the systemview view.

#       group          context sec.model sec.level prefix read   write  notif
#access  notConfigGroup “”      any       noauth    exact  systemview none none
access MyROGroup “”      any       noauth    exact  all    none   none
access MyRWGroup “”      any       noauth    exact  all    all    none

Find this section and modify it as you would like:

###############################################################################
# System contact information
#

# It is also possible to set the sysContact and sysLocation system
# variables through the snmpd.conf file:

syslocation www.elitepowerhost.com
syscontact Dustin Larmeir <dustin@larmer.com>

There is a great article on how to configure this that served as a point of reference for me that can be found here: http://www.cyberciti.biz/nixcraft/linux/docs/uniqlinuxfeatures/mrtg/mrtg_config_step_3.php

Now we need to restart the snmpd daemon:

/etc/init.d/snmpd restart or service snmpd restart

And now we need to test it:

# snmpwalk -v 1 -c public localhost IP-MIB::ipAdEntIfIndex
IP-MIB::ipAdEntIfIndex.10.8.118.194 = INTEGER: 2

When executing the snmpwalk command this should show all of your network addresses – if this returns them that means snmp is monitoring correctly. Now how the 10.x.x.x address was returned.

Installing mrtg

Use yum to install the mrtg package

yum -y install mrtg

Assuming your htdocs directory is in /var/www/html – you would create  a location to place the mrtg graphs:

mkdir -p /var/www/html/mymrtg/

Now you will setup the config for mrtg:

cfgmaker –global ‘WorkDir: /var/www/html/mymrtg’ –output /etc/mrtg/mymrtg.cfg public@my.fqdn.com

Note, it is best to your FQDN but you can use localhost as well. The FQDN is much cleaner though.

Making the mrtg index file:

indexmaker –output=/var/www/html/mymrtg/index.html /etc/mrtg/mymrtg.cfg

Making sure all the images files are where they should be:

cp -av /var/www/html/mrtg/*.png /var/www/html/mymrtg/

Testing it out:

env LANG=C /usr/bin/mrtg /etc/mrtg/mymrtg.cfg

now browse to your vhost.com/mrtg and you should now see your graphs!

Setting the graphs up as a cron job:

run crontab -e

and put this in the file:

*/5 * * * * env LANG=C mrtg /etc/mrtg/mymrtg1.cfg –logging /var/log/graphing.log

This will generate your graphs every 5 minutes and log it for you.

This should be all you need to monitor your own bandwidth graphs, there are many different options you can modify with this system so researching into it further would be worth your time! Ill write a howto on Debian soon.