One Unified Global Perspective
Communications with a Global Perspective
Home
Intro
Contact Us
Voice over IP
PBX Solutions
Services
Support
Glossary
Open Source
Blog
WebMail

Linux Support Pages

SSH Key-Pair Generation for use in ssh/rsync 

ssh-keygen -b 1024 -N "" -t rsa

Some good instructions for rysnc using ssh.

/etc/sysconfig/network-scripts/ifcfg-ethx samples

Static Setting Dynamic Setting 
DEVICE=eth0
BOOTPROTO=static
BROADCAST=10.1.3.3
IPADDR=10.1.3.2
NETMASK=255.255.255.252
NETWORK=10.1.3.0
ONBOOT=yes

DEVICE=eth1
ONBOOT=yes
BOOTPROTO=dhcp

Iptables & NAT
NAT Network Address Translation, Masquerading

To view NAT entries:

  • iptables -t nat -n -L

To enable NAT'ing where eth0 is the outside interface:

  • iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
  • echo 1 > /proc/sys/net/ipv4/ip_forward

Firewall Tuning

I found an excellent single server firewall script.

I added a few modifications, based upon some reading about the RELATED option. Take a look at the modified script.

You may view existing connections with the following command:

  • cat /proc/net/ip_conntrack

Redhat 9.0 VLAN Capability

802.1q VLAN capability is built in to Redhat 9.0. This capability comes in handy when used in conjunction with a managed switch which also is 802.1q ready. A number of things that VLAN's can help with include network isolation, security, voice traffic QoS, traffic congestion management, and using Linux to route between VLAN's.

To show how simple it is, we provide an example.

  • modprobe 8021q # make sure the appropriate module is loaded and ready
  • # or use insmod 8021q
  • vconfig set_name_type DEV_PLUS_VID_NO_PAD # make names similar to Cisco interface naming
  • vconfig add eth0 6 # add a subinterface to your main ethernet port, subinterface 6 in this example
  • ifconfig eth0.6 10.1.6.10 netmask 255.255.255.0 mtu 1496 # provide ip address for the interface

An MTU of 1496 is used on the interface as 802.1q has a four byte overhead on packets, and some equipment may not pass frames larger than the standard 1500 bytes.

On a Cisco switch, the following configuration works in conjuction with the Linux computer. 

switch1#sho run inter f0/1
interface FastEthernet0/1
 duplex full
 speed 100
 switchport trunk encapsulation dot1q
 switchport mode trunk
end

On Cisco Switches, vlan 1 is already enabled and is the 'native' vlan. A native vlan does not have the 4 byte packet overhead.

The 3Com 3c59x.c doesn't handle the vlan properly. It needs to be patched. I can't remember where I found the following patch file. A manual fix needs to be done after running it.

  • patch 3c59x.c 3c59x.txt
  • # perform a manual fix based upon missing chunk
  • gcc -I/usr/src/linux-2.4.20-20.9/include -DCONFIG_VLAN_8021Q -DMODULE -D__KERNEL__ -O6 -c 3c59x.c

Some assistance can be found at this driver page and this summary page.

Some support info is found here.

    Our Strengths:
  • Converged Networks
  • IP Telephony
  • VOIP
  • Software Development
  • Open Source Solutions
  • Network Monitoring
  • Network Management
Request Further Information
 Suggestions may be sent to our Webmaster
©2006 One Unified.