Monthly Archive for November, 2005

Routing Registry Training Course and irrtoolset

Published 4 years, 3 months ago in Networking. 0 Comments Tags: , , .

Last week I passed the course, what famouse news. ;-)

It is nice to know, what is needed to write ASN-, route-, aut-num objects and so on .. to autogenerate filterconfigs in theory. In the course, I got rtconfig segfaulting on the testground server. Yes .. thats good point to start. :(

This week I did modify our database objects and play around with rtconfig … as result … rtconfig didnt work as aspected. Many of the filterlists arent build, cause I got many “Warning: filter matches ANY/NOT ANY”. Maybe this an effect of our aut-num object, which reflects the outbound policy depending on downstream ASN with different prependings. But I’m unable to find any hints whats the real problem.
Maybe its rtconfig itself, cause I got it only running on debian/sarge with a backported package which I found there. The pkgsrc-package on NetBSD core dumped. Some investigation did unearth, that the irrtoolset depends on many old libs … how bad!

The question which comes to my mind … is anybody out there using irrtoolset in production??

Break the Switch into separated ethernet ports / VLANs

Published 4 years, 3 months ago in OpenWRT and WLan. 0 Comments Tags: , , , .

At first … I’m not responsible, if you brick your router by using this documention. If your fear it would be possible, stop HERE!

The following NVRAM-Settings need to take place:

#!/bin/sh
#Port 0 into WAN, 5 Router themselv
nvram set vlan1hwname=et0
nvram set vlan1ports="0 5"
#Port 2, 3 and 4 into LAN, 5 Router themselv
nvram set vlan0hwname=et0
nvram set vlan0ports="2 3 4 5*"
# Port 1 into DMZ, 5 Router themselv
nvram set vlan2hwname=et0
nvram set vlan2ports="1 5*"
# Static IP-Address for DMZ-IF
nvram set dmz_ifname=vlan2
nvram set dmz_proto=static
nvram set dmz_ipaddr=172.18.20.5
nvram set dmz_netmask=255.255.255.0
# save all the stuff
nvram commit

To bring automaticaly up the dmz-if, you need to add “ifup dmz” with:

# sed “s/ifup lan/ifup lan@ ifup dmz/” \
/etc/init.d/S40network | tr ‘@’ ‘n’ > /etc/init.d/S40network

To allow traffic forwarded by the new if, you will maybe add for example the following into “/etc/firewall.users”:

#!/bin/sh
DMZ=$(nvram get dmz_ifname)
#Allow Forward from DMZ into WAN
iptables -A FORWARD -i $DMZ -o $WAN -j ACCEPT
#Allow Forward from DMZ into LAN
iptables -A FORWARD -i $DMZ -o $LAN -j ACCEPT
#Allow Forward from LAN into DMZ
iptables -A FORWARD -i $LAN -o $DMZ -j ACCEPT

But it will be better to specify exactly, what services are allowed from and into DMZ!

Installing Debian/sarge on a SunFire 280R (with daily bootimage)

Published 4 years, 3 months ago in Debian. 0 Comments Tags: , , .

REQUIREMENTS:

At first, you need a running tftp server and a rarp daemon to boot the installer on the box.

# apt-get install rarpd atftpd
# nano /etc/ethers

Put IP and MAC into /etc/ethers file:
00:03:ba:2b:a3:df 10.0.0.2

# cd /tftpboot
# wget \

http://people.debian.org/~stappers/d-i/images/daily/sparc64/netboot/boot.img

That the correct bootimage for the box can be found by tftpd, you need to make a symbolic link.

# ln -s boot.img 0A000002

Note:
The name is simply a conjunction of hexadecimal representation of IP address
assigned to the destination machine:

   10.0.0.2
   | | | |
0A | | |
00 | |
00 |
02 ==> 0A000002

You may also make restriction to which interface the rarpd should be bound in /etc/init.d/rarpd.
If so you need to restart the rarpd:

# /etc/init.d/rarpd restart

INSTALLATION:

Connect the serial port A of the SunFire to another serial port on a second box. Start minicom there, configure your serialport , disable the flowcontrol and use 9600 8N1 settings.

Now you can poweron the SunFire and send them a break signal with .
You have entered the OpenPROM prompt with signaling “ok”.

Start netboot with:

boot net debconf/priority=low

Now you should get this screen. Immediately after the box got his IP it will start the tftp transfer of the boot image and boot from:

Boot device: /pci@1f,0/network@c,1 File and args: debconf/priority=low
Timeout waiting for ARP/RARP packet…
Timeout waiting for ARP/RARP packet…
54e200

Now you can make all your install setting … after severals questions and settings, you can choose, what you wonna install … stable, testing or unstable.
I used 2.4 as kernel and the box is running very well til now. :)

Enjoy your life with running Debian sarge on SunFire 280R!

ipv6-first-alloc request

Published 4 years, 3 months ago in IPv6. 0 Comments Tags: , , .

We decided, after we will reach the next billing categorie 2007 anyways (you remember, we got /18 allocated), that it will be neat to request a /32.
I created a sweet address plan and got the allocation in less than 5 hours approved. :-)

Too Cool for Internet Explorer