Once in a while I need to use point-to-point T1 links to connect two sites. Even in today’s world of broadband, a T1 still has lower latency and a higher “upload” rate than VPN over broadband accounts. Here’s how to configure two old Portmaster 3’s to connect back to back:
Side A:
set line1 t1
set line1 clock internal
set line1 encoding b8zs
set line1 framing esf
set line1 pcm u-law
save all
reboot
set W24 network hardwire
set W24 protocol ppp
set W24 rip off
set W24 address 192.168.150.1
set W24 netmask 255.255.255.252
set W24 destination 192.168.150.2 255.255.255.252
save all
reset W24
Side B:
set line1 t1
set line1 clock internal
set line1 encoding b8zs
set line1 framing esf
set line1 pcm u-law
save all
reboot
set W24 network hardwire
set W24 protocol ppp
set W24 rip off
set W24 address 192.168.150.2
set W24 netmask 255.255.255.252
set W24 destination 192.168.150.1 255.255.255.252
save all
reset W24
Clocking may need to be adjusted depending on how your telco does things on their network. Sure, you can use a Cisco, and I do, but for temporary locations I have a pair of PM3’s collecting dust in the warehouse and they’re dead cheap on eBay. You can use them to simulate a T1 in a lab, too. Or for a really, really cheap T1 CPE.
Comments Off on Portmaster 3 as a T1 Router
I never really managed to wrap my head around Linux iptables. I can understand pf in BSD without trying too hard, but iptables is in a world of its own. Since I spend most of my time using Cisco routers, there’s not any real incentive for me to learn iptables for the once in a rare while I actually have a use for a host-based firewall or Linux router.
Enter FireHOL. It’s a pretty slick tool that translates a easily readable and sane (to me) set of rules into iptables rules. It doesn’t seem to be updated lately, but it still does the job. I mention FireHOL because one of my out-of-band access methods is attaching a cell phone to an SSH gateway server – a method where the only practical means of firewalling incoming connections would be host-based. I’ll save the details on that one for another day.
Comments Off on Linux Firewall Helper
Coming this summer 2009: the Willis Tower. What the hell? That’s right folks, they’re going to rename the Sears Tower because some new tenant from the UK decided they want their name on it. I mean seriously, why deface such an iconic landmark? Sears built it, not you. Maybe you should do something that that’s not a monument to stupidity if you want name recognition in the US. If you want to name something with landmark status go build your own tallest building. Don’t worry, it gets better. They want to repaint the Sears Tower silver to indicate it’s a green building. You have got to be kidding me. Stunts like this should be considered defacement of a signature landmark – hell, the signature landmark of the Chicago skyline.
Comments Off on Defacing the Sears Tower
Posted
on February 24, 2009, 18:31,
by glendale2x,
under
General.
As I just mentioned, nothing exciting happens around here. That is, until a transformer at a substation blows up and lights everything in range on fire.
I apologize for my craptastic cell phone camera, it’s unfortunately all I had with me at the time. Before it blew, the lights had been flickering occasionally for several hours. When it finally went, there was a stuttering flicker followed by a severe phase imbalance condition. According to the generator transfer switch at my office, phase B was down to around 190 volts and phase C was around 280 volts. And yes, of course I have the phase monitoring options, so the generator kicked in before the power actually went out while the rest of the electrical world blinked and flickered with fury.
I had recently been asking myself “how can I effectively test the phase monitor?” and lo and behold, NV Energy (I hate that name, the century-old Sierra Pacific Power name is better) and their exploding HV transformer did a perfect job testing it for me.
Comments Off on Firey Excitement
Posted
on January 28, 2009, 18:17,
by glendale2x,
under
General,
Stuff.
Nothing exciting ever happens here. While the rest of the country has had ice storms, floods, tornadoes, gas shortages, hurricanes, rolling blackouts and more in recent months, absolutely nothing has happened here in good ol’ Reno.
Comments Off on Reno is Boring
Posted
on January 12, 2009, 10:42,
by glendale2x,
under
General,
Stupid.
It looks like whoever designed Google’s new favicon took the Windows logo, rotated it 90 degrees, got rid of the gradients, and stuck a lowercase “g” on it. Good job. (Not.)
Comments Off on Google Changes to Windows Logo
Here’s how I put a Xen DomU on a VLAN in Debian.
eth0 is connected to a trunk port on the switch, and the untagged vlan is used for dom0 connectivity. You shoud already know how to do this part. Tagged VLANs are assigned to bridge groups on the dom0. In your /etc/network/interfaces do the following:
# dom0 management on the untagged vlan
allow-hotplug eth0
iface eth0 inet static
address 1.2.3.4
netmask 255.255.255.0
gateway 1.2.3.4
# vlan 3
auto br_group_a
iface brgroupa inet manual
bridge_fd 0
bridge_maxwait 0
bridge_helo 90
bridge_stp on
bridge_ports eth0.3
# vlan 4
auto br_group_b
iface brgroupb inet manual
bridge_fd 0
bridge_maxwait 0
bridge_helo 90
bridge_stp on
bridge_ports eth0.4
Debian will create the vlans and bridges from the above if you have the vlan and bridge-utils packages installed (it adds the automagic hooks in /etc/network/if-pre-up.d). Use “brctl show” to view your bridges. Then, to attach a DomU to one of those bridges, define the vif like this in your guest config file:
vif = ['mac=00:00:00:00:00:00, bridge=br_group_a, vifname=vif_server1']
I like to use static MAC addresses, so edit to your taste. That’s pretty much it. Anything attached to that bridge is on the same layer 2 network as the rest of the VLAN. Wasn’t that easier than all the weird convoluted instructions you normally find for Xen networking?
For those of you curious what my switch trunk configuration looks like, it’s a Cisco:
interface FastEthernet0/##
description my xen server
switchport trunk encapsulation dot1q
switchport trunk native vlan 10
switchport trunk allowed vlan 1,3,4,10,1002-1005
switchport mode trunk
no cdp enable
end
VLAN 3 and 4 are for the Xen DomU guests, and VLAN 10 is for the Dom0.
Comments Off on Xen + VLAN on Debian
Posted
on December 8, 2008, 14:58,
by glendale2x,
under
Fail,
Green,
Stupid.
So there’s this company in Reno, NV that’s pretending to be green by doing pointless things like using quality “green” wood that splits when you blow on it and “green” soybean concrete floor sealer that comes off with electrical tape. We’ll call this company The “Green” Group. Normally part of being “green” is to recycle. Hooray planet and all that. Like cardboard. It’s easy to recycle. I’ve recycled countless cardboard boxes the servers and other gear I’ve purchased came in and even get [tiny amounts of] money for bringing them in. But enough about me.
Here’s an example of being “green” and getting LEED points:
What you’re not seeing in this picture is the three construction guys filling it up and jumping on it to compact even more cardboard in there before it was hauled away. (My cell phone video sucked so bad you couldn’t tell what was going on.) But wait! It gets better: this was only one dumpster out of three filled with cardboard (mixed in with other general trash) – straight to the Lockwood landfill.
I’m no expert on “green” like they claim to be, but I’m pretty sure this isn’t it. I guess at least the dumpster is painted green. The good news is that the larger pieces of metal were put in a separate bin, and the local homeless pulled the copper wiring from the trash to recycle themselves. I’m all for environmentally friendly, but do it in the right places and don’t cut corners when you don’t think anyone is looking.
(Picture was taken on 5/2/2008 from a second floor window of some three story building somewhere in area code 89503.)
Comments Off on The Not-So-Green Group