Open Source Operations

I setup dhcpd and tfpt just infrequently enough to forget the details. I’m putting my gottchas here so I don’t forget them.

syslinux package ‘pxelinux’:
pxelinux loads and gets the right IP, then it fails trying to
getting the error “tftp server does not support tsize option”

Fix:

in file /etc/dhcpd.conf:

# absolutly critical to have the next-server line for tftp booting
# when you get "tftp server does not support tsize option" error,
#it's because your missing the config line, Double check with:
#          grep next-server     /etc/dhcpd.conf
#    - Tony 10/17/08
next-server 192.168.0.50;

Troubleshooting:

1] for setting up tftpd you have to make sure there are not entries like
this in /etc/hosts file

127.0.1.1      joust.famemobile.com joust

if so you have to change them to this.

192.168.1.155   joust.famemobile.com joust

2] Using tcpdump for tftp trouble shooting

The fact that loading pxelinux.0 succeeds made me think everything else should work.

The pxelinux.0 loads fine, but the config file ‘pxelinux.cfg/01-00-0c-29-c4-b0-5a’ does not.

05:27:20.882329 IP (tos 0×0, ttl 20, id 2, offset 0, flags [none], proto: UDP (17), length: 55) 192.168.0.51.ah-esp-encap > 192.168.0.50.tftp: [udp sum ok] 27 RRQ “pxelinux.0″ octet tsize 0
05:27:20.893400 IP (tos 0×0, ttl 20, id 4, offset 0, flags [none], proto: UDP (17), length: 60) 192.168.0.51.acp-port > 192.168.0.50.tftp: [udp sum ok] 32 RRQ “pxelinux.0″ octet blksize 1456
05:27:20.953322 IP (tos 0×0, ttl 20, id 29, offset 0, flags [none], proto: UDP (17), length: 91) 192.168.0.51.57089 > 0.0.0.0.tftp: 63 RRQ “pxelinux.cfg/01-00-0c-29-c4-b0-5a” octet tsize 0 blks
… stuff cut out…
05:27:20.972168 IP (tos 0×0, ttl 18, id 44911, offset 0, flags [none], proto: UDP (17), length: 54) 0.0.0.0.tftp > 192.168.0.51.57089: [udp sum ok] 26 ERROR tftp-err-#8 ” tsize option required”

The “0.0.0.0.tftp” is the indicator there is something wrong.

written by admin \\ tags: Add new tag

I use blogger and host the files on my server, after I edit a post it has to sftp the files so they appear here. This is the process for adding them.

Adding the Blogger sftp servers to iptables.

Blogger.com lists their outbound ip’s here. (It was current Jan 19, 2009)

# always check the addresses are correct and the link above.
for i in 66.102.15.83 216.34.7.186 64.233.178.192/28  64.233.178/28
  do
             echo iptables -A INPUT -i eth0 -s $i -p tcp --dport ssh -j ACCEPT
  done

### Output
iptables -A INPUT -i eth0 -s 66.102.15.83 -p tcp --dport ssh -j ACCEPT
iptables -A INPUT -i eth0 -s 216.34.7.186 -p tcp --dport ssh -j ACCEPT
iptables -A INPUT -i eth0 -s 64.233.178.192/28 -p tcp --dport ssh -j ACCEPT
iptables -A INPUT -i eth0 -s 64.233.178/28 -p tcp --dport ssh -j ACCEPT

######## Other notes
I cheated and used ipcalc to the get the subnet calculations:

  ipcalc 64.233.178.192 - 64.233.178.207

  64.233.178.192/28

written by admin

How to test if your rules are being activated:

# logging just the first packet - this shows an external host is reaching you,
# but does not flood messages with notices for every packet.

# Insert at the top of the INPUT chain a request to log only NEW connections
iptables -I INPUT -m state –state NEW -j LOG

Turning off logging on iptables:

# find the logging entry, use –line-number so you know which rule to delete.
iptables -L INPUT –line-number |egrep ‘Chain|LOG’
Chain INPUT (policy DROP)
1 LOG all — anywhere anywhere LOG level warning

# delete it
iptables –delete INPUT 1

## here’s a quicky perl script to get the same info and generate (but not execute) the delete line.

#!/usr/bin/perl

my $CHAIN_NAME;
my $RULE_NUM;

# grab the iptables output
#@iptables_output = qx{iptables -L -n --line-numbers } ;

@iptables_output = qx{~/tmp/iptables -L -n --line-numbers } ;

# cut off the newlines
chomp @iptables_output;

for my $iptables_output_line (@iptables_output) {
    ( $TMP_CHAIN_NAME ) =  $iptables_output_line =~ m/
                      \A         # at the beginning of the line
                      Chain      # match chain
                      \s+
                      (\w+(-)?\w+)
                      /xms
                          and $CHAIN_NAME = $TMP_CHAIN_NAME;

    ($RULE_NUM) = $iptables_output_line =~ m/
                                             \A # at the beginning of the line
                                             (\d)+ # match any number of numbers
                                             \s+   # some space
                                             LOG    # the literal 'LOG'
                                             /xms
                                                 and print "found a log line for $CHAIN_NAME, delete it with:\n",
                                                     "\tiptables --delete $CHAIN_NAME $RULE_NUM\n";

}

######### END perl script #######

#A couple of bash helper functions:
function iptshow () {
iptables -L $1 –line-numbers
}

iptedit () {
vi /etc/sysconfig/iptables
}

written by admin

I always seem to need a tmp file, I used to do ‘vi /tmp/foo’ but it usually had something in it from last time.  This function opens a new file and stores the file name in $f.

I use it like:

vt
<paste some stuff, clean it up>
perl -pe ’s/foo/bar/’ $f

####
function vt () {
    for i in `seq 0 255`;
    do
        FILE=/tmp/$USER-foo-$i;
        if [ -f "$FILE" ]; then
            echo -n '.';
        else
            f=$FILE;
            vi $FILE;
            echo $FILE;
            return;
        fi;
    done
}

###### Cleanup
function cleanvt () {
for i in `seq 0 255`
do
    FILE=/tmp/$USER-foo-$i

    if [ -f "$FILE" ]
    then
    echo -n '.'
    rm $FILE
    else
        echo
        return
fi
done
echo
}

written by admin