Linux conntrack tables

you can type following command to check current conntrack table
cat /proc/net/ip_conntrack

you can set each protocol's timeout value in (normal is 30s)
/proc/sys/net/ipv4
/proc/sys/net/ipv6

On 2.6.36, the icmp's conntrack will still alive even the target reply the icmp ack,
this may cause some trouble ( like you set the firewall or routing path ) , I recommand you clean the conntrack table (you can use conntrack-tool to do it) after setting the routing path or firewall.

reference:
http://www.faqs.org/docs/iptables/theconntrackentries.html

Error: linux/config.h: No such file or directory 錯誤

According to this guy,

http://allanh.pixnet.net/blog/post/36588057-%5Bubuntu%5D--error%3A-linux-config.h%3A-no-such-file-or-directory

 linux have remove linux/config.h since version 2.6.19, replace with linux/autoconf.h.

In order to solve this problem, we just need to replace linux/config.h to linux/autoconf.h

Done! easy.

Installing PPPOE server on linux system with VM. 利用VM在linux系統上安裝 PPPOE server

1. install

apt-get install ppp
apt-get install pppoe

or

yum install ppp
yum install pppoe

2. config

#if there is no /etc/ppp/pppoe-server-options
cp /etc/ppp/options /etc/ppp/pppoe-server-options

you can see detail configs in http://wayne0225.blogspot.tw/2012/07/pppoe-server-on-ubuntu.html

3. Execute

#*** need to execute every time when you reboot
# config distributed address, # eth0 is the nic which client will dial in.
pppoe-server -I eth0 -L 192.168.1.1 -R 192.168.1.10-200
# -L IP : interface's ip (gateway)
# -R IP: distributed ip range

# enable the fordwarding function on your linux system
echo "1">/proc/sys/net/ipv4/ip_forward

porting packet to internet accessable nics
# eth0 is your outgoing interface
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

4.with VM

Sometimes you want to test your cpe's pppoe function but with the ISP's corporation, and VM is easy accessible, portable and easy recovery tool. Below, I use vmware as my virtualization tool.

first topology (not working)

My purpose is start two vm, vm1 as pppoe server with nat, vm2 as client, vm1 has two nics, first nic for internet access throught the vm's nat, the second nic used to connected with vm2.

But I found that the packet from vm2 can't go throught the VM NAT, it will be blocked, and I don't know why.

Using real nic as nat server despite vm's nat function (working)

So, I use my physical nic's nat function, and bridge VM1 NIC1 to host pc's NIC2, and it works, the packet can go through now, it's weird, but it works.

5. Trouble shooting:

if your packet is blocking by firewall, clear iptables first
iptables -F
iptables -X
iptables -Z

Interesting DHCP offer packet. 有趣的 DHCP offer 封包

當我在研究DHCP協定時，我參考了wikipedia的DHCP頁面:
http://en.wikipedia.org/wiki/Dynamic_Host_Configuration_Protocol
其中我發現一件奇怪的事，DHCP Offer 封包的 Destination 竟然是 255.255.255.255 (Broadcast)
這一點Sense都沒有，因為在 Discover 的時候 Server 就知道 Client 的 MAC Address了，沒理由要Broadcast。

When I was studying dchp protocol, I look wikipedia's dhcp page for reference:
http://en.wikipedia.org/wiki/Dynamic_Host_Configuration_Protocol
And i found something weired, on wiki's description, the destination field in dhcp offer is 255.255.255.255. It makes no sence. Because on the first step DHCP discover, the server already knew client's MAC address, there is no reason to broadcast the packet.

wiki 中 dhcp offer 的描述 (2014/02/14)
the dhcp offer description on wiki page

根據wiki中的描述我們可以確定的是，在 offer 的封包中底層的欄位有填入 client 的 MAC，這表示在 Ethernet 是 unicast，ip 是 broadcast，那實際上他到底會跑 broadcast or unicast ? 這是一個很有趣的問題，我們來做實驗看看：

According to wiki's description, we can be sure, the lower layer's field filled by client's MAC, it means it's unicast on Ethernet layer, and broadcast on ip layer. So, which one will happened in reality? broadcast or unicast? Let's take a experiment.

實際用wireshark觀察的dhcp封包 (圖有點小 sorry)
actual dhcp packet captured by wireshark

在實際的實驗中，我們可以看到 destination 欄位並不是填255，而是填 server 分配的ip位置，這表示wiki寫錯了嗎？經過網路上的搜尋以及詢問專家之後，得到的答案是：

destination填255 or 分配的 ip 位置都是可行的，因為在實作上，會先看Ethernet的封包，所以說ip位置並不會影響(可不可以亂填我就不知道了)，但是目前的做法很少會採用wiki那種填255的作法。

On the experiment, we can see the destination field is not 255.255.255.255, it's the ip address whcih server distributed to client. Dose it mean wiki is wrong? After I search through the internet and asking to experts, I got the answer: No matter the destination field is 255.255.255.255 or the distributed ip address by server is correct, because in the implementation, the Ethernet packet will be read first, so the ipaddress doesn't affect the packet's type.

Using USB drive to install CentOS 6.5 - 利用USB隨身碟來安裝 CentOS 6.5

1. Introduction:

CentOS is one of the best free enterprise OS in the world, but as so many computers doesn't have DVD drive, we need to use USB drive to install operation systems.

一、前言:

CentOS是世界上最好的企業級作業系統之一，但是因為很多電腦都沒有DVD光碟機，所以我們必須要用USB隨身碟來安裝作業系統

2. Using materials:

iso: CentOS-6.5-x86_64-bin-DVD1 : downloaded form official website.
computer: any fully functional computer with empty USB slot.
USB drive: normal 8 GB drive, because the CentOS iso is more than 4GB, you need at least 8 GB USB drive.

二、使用的內容:

iso: CentOS-6.5-x86_64-bin-DVD1 :從官方網站載的
computer: 任何一台具有USB插槽且可以運作的電腦
USB drive: 一般的8 GB隨身碟，因為CentOS iso大於4GB，所以你必須至少準備8 GB的隨身碟

3. Try & Errors:

In this section I will show you how many ways I had tried and what the result it is.

Fail 1: 

Using unetbootin-windows-585 to translate iso file to usb drive, got error message when you choose some options and installing OS.

Fail 2: 

Using Universal-USB-Installer-1.9.5.2, same as Fail1

Success:

Using CentOS officail wiki's guide:
en-us: http://wiki.centos.org/HowTos/InstallFromUSBkey
as official wiki said:

Starting with CentOS 6.5, one can install from USB keys by simply transferring the desired ISO using dd.

For example:

dd if=CentOS-6.5-x86_64-bin-DVD1.iso of=/dev/sdb

When asked for the media to install from, select "hard disk" and then the device corresponding to the USB key.

But I don't have a run-able Linux system to operate dd command. So I downloaded VMware player (or you can use VirtualBox instead) to install a Linux to run dd command. After enter the Linux system, you may want to ensure where your USB drive is, you can type fdisk -l to check, In my case my USB drive is at /dev/sdb, the same as official wiki.
After I operate the dd if=CentOS-6.5-x86_64-bin-DVD1.iso of=/dev/sdb command, I boot from the USB, and everything works fine, the OS runs well.

三、方法嘗試：

在本章節我會列出我所試過的方法以及該方法成功與否 。

失敗一：

使用 unetbootin-windows-585 把iso檔轉到USB中，製作開機USB。結果安裝到一半就會發生錯誤，無法完成安裝。

失敗二：

使用 Universal-USB-Installer-1.9.5.2 把iso檔轉到USB中。結果跟失敗一一樣

成功：

利用CentOS官方wiki的教學：
zh-tw: http://wiki.centos.org/zh-tw/HowTos/InstallFromUSBkey
內容如下：

由 CentOS 6.5 起，你只需透過 dd 把 ISO 檔移至 USB 儲存器，便能利用它進行安裝。

例如：

dd if=CentOS-6.5-x86_64-bin-DVD1.iso of=/dev/sdb

當被問及安裝來源時，請選取 hard disk，然後指向對應 USB 儲存器的裝置。

但是由於dd指令是Linux系統下的指令，而我目前也沒有可以運作的Linux系統。所以我下載了VMware Player (你也可以用 VirtualBox)來安裝Linux系統好執行dd指令。在進入Linux系統之後，你必須要找到你的USB隨身碟的位置，你可以輸入 fdisk -l 來找到你的USB隨身碟在哪，我的隨身碟是在 /dev/sdb 跟wiki上寫的一樣。

當執行完 dd if=CentOS-6.5-x86_64-bin-DVD1.iso of=/dev/sdb 指令後，我利用該隨身碟來安裝，結果非常順利，OS也無異狀。

4. Conclusion:

Always check official material first.

四、結論：

下次記得要先看看官方的教學。

5. Reference:

CentOS official website: http://www.centos.org/
CentOS officail wiki:  http://wiki.centos.org