Every now and then you forget what all is on your network. Or you forget the IP address at which a certain device resides. How to find out what's out there? There are a couple of ways to scan the network and see what's out there:
nmap scans the range you select:
nmap -sP 192.168.47.0/24 (the "P" stand for ping)
ping the multicast address of 224.0.0.1 (all hosts)
ping 224.0.0.1
Well behaved devices that understand multicast addresses will answer the ping.
OK, there's nothing earth shattering here, but sometimes I forget syntax and I need an easy place to look it up......
Thursday, October 18, 2007
ssh troubles.. why is everything so hard?
Well, scping my gnucash files from venus to longstreet worked so well (when they were 4 feet apart) that I decided that I would move venus to my home and scp files from there back to longstreet at the office. You know - remote backup is better because of fire, theft, etc. Up until a few days ago, both my linux boxes (venus and longstreet) were at my office. So I bring venus home and plug it up. Eth0, my on-mobo ethernet port, fails to come up. I don't know what to do, so I install another ethernet card that I had laying around in a PCI slot inside venus. Now both eth0 and eth1 fail to come up. Eth0 was working perfectly when I left the office!!! So I take venus to the repair shop. The guy claims to know how to work on linux computers. Well.......
$165 later, he shows me that he can connect to his DSL ISP using venus (on eth1). So I get it home, and plug it up and ......same deal. Both eth0 and eth1 fail to come up. This upsets me terribly. So I unplug my Cisco 871w router from whence venus was supposed to gets its IP address (from dhcp) and plug venus straight into my Comcast cable modem. Now it works. I can surf the Net. So Fedora 6 on venus for some reason doesn't like the dhcp server on my router, but thinks it's OK to talk to the dhcp server at Comcast. Swell.
Now I unplug venus from the cable modem, plug the 871w back into the modem, and plug venus into one of the switchports on the 871w. Now I'm basically back where I started. As part of my "clutching at straws" procedure, I put into venus a DVD that I have that has several live versions of linux. You know...they work without having to be installed on your hard disk. I reboot into Damn Small Linux. Network configuration proceeds without a hitch and now eth1 is working fine!##$#$@%. I'm confused.......
Now I have to enter some stuff into gnucash on venus so I remove the live DVD and boot back into Fedora 6. You guessed it. Now eth1 works and everything is okey dokey.
All this has made me forget what I was origianlly trying to do. Oh yeah...now I remember. I was going to scp files from venus at home back to longstreet at the office. It seems like forever ago that I thought I could actually do that....
So I try it and it works!! (By "works", I mean that I can scp to longstreet over the Internet and NOT have to enter a password each time. I have a shell script that copies the files I want and I will ultimately put that into my crontab. I want to copy the files every night while I sleep; no waking up to enter a password each time!). Another network admin victory. But of course now I want to up the ante. I rented a linux box at The Planet.com. It is my own linux box with Cent 4 OS and a 160 GB hard drive and a public IP address. Very cool. It's probably out in California or some place....So now I want to scp to this linux box too. It works, but still asks for a password each time. I try everything I know about ssh-keygen -t rsa and copying id_rsa.pub to the .ssh directory on the server and putting it into authorized_keys and blah blah blah.....and it still demands that password each time.
I email tech support at The Planet, but they don't do hand holding for weak-unit sys admins. Lots of web searching later I find out that my directory permissions are set too permissive!!! Who knew? Usually you have to fight against firewalls and other devices that are set too restrictive. I didn't know SSH refuses to work if it thinks your system is too much of a pushover. So I change my permissions on /home/tayloe/.ssh/authorized_keys with chmod and try again. It works!
I'm tired of all these tawdry little problems preventing me from getting any real work done... Actually, for sys admins, there is no real work to be done in the ordinary sense. It's all fighting the wretched OS's and network weirdness. And my own cluelessness about permissions.....
chmod 600 /home/tayloe/.ssh/authorized_keys
chmod 700 /home/tayloe/.ssh
At first I did chmod 600 to my .ssh directory too, but I found that I could not even look at the contents of the directory. So as root, I changed it to 700. Now it's time for a chocolate milk shake at Chick Fillet....
$165 later, he shows me that he can connect to his DSL ISP using venus (on eth1). So I get it home, and plug it up and ......same deal. Both eth0 and eth1 fail to come up. This upsets me terribly. So I unplug my Cisco 871w router from whence venus was supposed to gets its IP address (from dhcp) and plug venus straight into my Comcast cable modem. Now it works. I can surf the Net. So Fedora 6 on venus for some reason doesn't like the dhcp server on my router, but thinks it's OK to talk to the dhcp server at Comcast. Swell.
Now I unplug venus from the cable modem, plug the 871w back into the modem, and plug venus into one of the switchports on the 871w. Now I'm basically back where I started. As part of my "clutching at straws" procedure, I put into venus a DVD that I have that has several live versions of linux. You know...they work without having to be installed on your hard disk. I reboot into Damn Small Linux. Network configuration proceeds without a hitch and now eth1 is working fine!##$#$@%. I'm confused.......
Now I have to enter some stuff into gnucash on venus so I remove the live DVD and boot back into Fedora 6. You guessed it. Now eth1 works and everything is okey dokey.
All this has made me forget what I was origianlly trying to do. Oh yeah...now I remember. I was going to scp files from venus at home back to longstreet at the office. It seems like forever ago that I thought I could actually do that....
So I try it and it works!! (By "works", I mean that I can scp to longstreet over the Internet and NOT have to enter a password each time. I have a shell script that copies the files I want and I will ultimately put that into my crontab. I want to copy the files every night while I sleep; no waking up to enter a password each time!). Another network admin victory. But of course now I want to up the ante. I rented a linux box at The Planet.com. It is my own linux box with Cent 4 OS and a 160 GB hard drive and a public IP address. Very cool. It's probably out in California or some place....So now I want to scp to this linux box too. It works, but still asks for a password each time. I try everything I know about ssh-keygen -t rsa and copying id_rsa.pub to the .ssh directory on the server and putting it into authorized_keys and blah blah blah.....and it still demands that password each time.
I email tech support at The Planet, but they don't do hand holding for weak-unit sys admins. Lots of web searching later I find out that my directory permissions are set too permissive!!! Who knew? Usually you have to fight against firewalls and other devices that are set too restrictive. I didn't know SSH refuses to work if it thinks your system is too much of a pushover. So I change my permissions on /home/tayloe/.ssh/authorized_keys with chmod and try again. It works!
I'm tired of all these tawdry little problems preventing me from getting any real work done... Actually, for sys admins, there is no real work to be done in the ordinary sense. It's all fighting the wretched OS's and network weirdness. And my own cluelessness about permissions.....
chmod 600 /home/tayloe/.ssh/authorized_keys
chmod 700 /home/tayloe/.ssh
At first I did chmod 600 to my .ssh directory too, but I found that I could not even look at the contents of the directory. So as root, I changed it to 700. Now it's time for a chocolate milk shake at Chick Fillet....
Thursday, October 4, 2007
Samba, Samba why are you so bad
Today I've been wrestling with Samba again. On venus, one of my linux boxes (which runs Fedora core 6), I went to system-->administration-->server settings--> samba. It clearly shows a folder called /admin to be shared and visible and writable and everything. But....
When I try to do a directory listing of \\venus\admin from my Win XP box it says "Access denied " or "path not found" or some other such hokum. It's always something...
Here's what to do:
First, do ps -e | grep smb to see if samba is even running. Even though /admin appears to be shared according the the Fedora GUI, that is no guarantee that samba is actually running. I supposed I need to make sure samba runs all the time by adding it to the init.d process. That way it'll start automatically after every reboot. But to start it manually just type:
smbd
nmbd
Then make sure your directory is accessible to everybody by changing its permissions to the least restrictive:
chmod 777 /admin/shamrockacct
Finally, make sure you don't have a firewall issue. Iptables is the firewall on venus. To see what iptables is up to, type "iptables -L" at the command prompt. It will show a listing of the rules that iptables is currently enforcing.
In my case, iptables was blocking access from my Windows box even after I had samba started. So for a quick test, I turned iptables completely off and then I was able to see a listing of /admin by typing:
dir \\venus\admin
in a command window on my Window box.
Now I need to start iptables again but this time open whatever ports samba needs. First check the samba checkbox on the system-->administration-->server settings--> samba screen. Then go to the SELinux tab and click on "Modify SELinux Policy". Scroll down to and click on samba. There you will see several checkboxes. I checked the following:
Disable SELinux protection for smbd daemon
Disable SELinux protection for nmbd daemon
Disable SELinux protection for windbind daemon
Now it works! Windows can see and copy files to and from the /venus/admin, but the firewall on venus has opened just those ports (supposedly) that samba needs to operate. SELinux has also loosened up enough to allow samba to work.
When I try to do a directory listing of \\venus\admin from my Win XP box it says "Access denied " or "path not found" or some other such hokum. It's always something...
Here's what to do:
First, do ps -e | grep smb to see if samba is even running. Even though /admin appears to be shared according the the Fedora GUI, that is no guarantee that samba is actually running. I supposed I need to make sure samba runs all the time by adding it to the init.d process. That way it'll start automatically after every reboot. But to start it manually just type:
smbd
nmbd
Then make sure your directory is accessible to everybody by changing its permissions to the least restrictive:
chmod 777 /admin/shamrockacct
Finally, make sure you don't have a firewall issue. Iptables is the firewall on venus. To see what iptables is up to, type "iptables -L" at the command prompt. It will show a listing of the rules that iptables is currently enforcing.
In my case, iptables was blocking access from my Windows box even after I had samba started. So for a quick test, I turned iptables completely off and then I was able to see a listing of /admin by typing:
dir \\venus\admin
in a command window on my Window box.
Now I need to start iptables again but this time open whatever ports samba needs. First check the samba checkbox on the system-->administration-->server settings--> samba screen. Then go to the SELinux tab and click on "Modify SELinux Policy". Scroll down to and click on samba. There you will see several checkboxes. I checked the following:
Disable SELinux protection for smbd daemon
Disable SELinux protection for nmbd daemon
Disable SELinux protection for windbind daemon
Now it works! Windows can see and copy files to and from the /venus/admin, but the firewall on venus has opened just those ports (supposedly) that samba needs to operate. SELinux has also loosened up enough to allow samba to work.
Friday, September 28, 2007
Cron job in Linux
Tonight a wrote a one-line shell script to copy my GNUcash files from venus to longstreet everynight. The script is as follows:
scp /admin/"Gnucash files"/*.* root@192.168.47.3:/admin/GNUcash
Translated into English it means:
Securely copy all the files in /admin/"Gnucash files" on my linux server named venus to /admin/GNUcash on my linux server named longstreet.
GNUcash is a financial program like Quickbooks, but it's not near as slick as Quickbooks. But the price is good :) For this script to work, I had to generate a public key for root on venus and then copy it over to the /root/.ssh/authorized_keys file on longstreet. If I had not generated the public key, then every time I ran the script, it would stop and ask for a password. I want this baby to run unattended at night, so there's not going to be any entering-of-passwords.
Then I had to add the script to the cron table on venus using:
crontab -e
and then typing in the name of the script which is /admin/GNUcash-to-longstreet.
It works great. Another step up the admin ladder.....
I know I'm not really supposed to be doing this as root, but it was just a learning experience. Once I know it's working every night, I'll change it to run as some user like "Backup guy" or something like that. Maybe....
scp /admin/"Gnucash files"/*.* root@192.168.47.3:/admin/GNUcash
Translated into English it means:
Securely copy all the files in /admin/"Gnucash files" on my linux server named venus to /admin/GNUcash on my linux server named longstreet.
GNUcash is a financial program like Quickbooks, but it's not near as slick as Quickbooks. But the price is good :) For this script to work, I had to generate a public key for root on venus and then copy it over to the /root/.ssh/authorized_keys file on longstreet. If I had not generated the public key, then every time I ran the script, it would stop and ask for a password. I want this baby to run unattended at night, so there's not going to be any entering-of-passwords.
Then I had to add the script to the cron table on venus using:
crontab -e
and then typing in the name of the script which is /admin/GNUcash-to-longstreet.
It works great. Another step up the admin ladder.....
I know I'm not really supposed to be doing this as root, but it was just a learning experience. Once I know it's working every night, I'll change it to run as some user like "Backup guy" or something like that. Maybe....
Tuesday, September 25, 2007
More fun in Networkland......ghost computer!
Today I was packing up my LaCie Ethernet Mini network drive to send back to Newegg. It died on me a few days ago, so I got an RMA # from Newegg and planned to return it. As I was unplugging the drive, I noticed the RJ45 plug seemed awfully tight, so I decided to use another cord just to make sure that wasn't the problem. I got another cord and fired it up. The little green LED was blinking on the RJ45 plug on the back of the LaCie just like it did back when it was working.....but I still could not access the drive at 192.168.47.49 which is where it's supposed to be.
So I did a scan of my network (192.168.47.x)and rather than clear up the LaCie mystery, I discovered another one. The scanner report showed a computer named "quick" (because that's the computer on which we use Quickbooks ) on my network. The trouble is, this computer died 3 weeks ago. It is in the back warehouse ready to be thrown away. It is unplugged from the network and from keyboard and mouse too. So how could it be there? I pinged it at 192.168.47.45 and got a prompt reply. I pinged it by name and got another prompt reply. I was freaked out about this ghost computer on my network and forgot all about the LaCie drive. And then it hit me......It was the LaCie drive that was answering my pings!! Apparently, it had at some point been given a new IP address by the DHCP server so when I tried to access it at the old address, it would not work. But how could it be answering to the name quick?
Well, I looked in my Win 2003 server DNS and there was an old manual entry (by me no doubt) that identifies 192.168.47.45 as "quick". So when I pang "quick", the DNS server returned 192.168.47.45 and the LaCie drive answered the ping!! But it didn't say "Hey by the way, I'm the LaCie drive, not your old accounting computer". It just said "I'm here dude". It took a brilliant flash of incite to realize how stupid I had been.
So the LaCie drive now lives at the IP address that quick used to have. And I'll be sending a humble email to Newegg saying that their LaCie drive didn't die after all. And it wasn't a bad ethernet cord, it was a bad network administrator.
I shouldn't get so confused so easily, but hey, it's been awhile since that CCNA exam.....
So I did a scan of my network (192.168.47.x)and rather than clear up the LaCie mystery, I discovered another one. The scanner report showed a computer named "quick" (because that's the computer on which we use Quickbooks ) on my network. The trouble is, this computer died 3 weeks ago. It is in the back warehouse ready to be thrown away. It is unplugged from the network and from keyboard and mouse too. So how could it be there? I pinged it at 192.168.47.45 and got a prompt reply. I pinged it by name and got another prompt reply. I was freaked out about this ghost computer on my network and forgot all about the LaCie drive. And then it hit me......It was the LaCie drive that was answering my pings!! Apparently, it had at some point been given a new IP address by the DHCP server so when I tried to access it at the old address, it would not work. But how could it be answering to the name quick?
Well, I looked in my Win 2003 server DNS and there was an old manual entry (by me no doubt) that identifies 192.168.47.45 as "quick". So when I pang "quick", the DNS server returned 192.168.47.45 and the LaCie drive answered the ping!! But it didn't say "Hey by the way, I'm the LaCie drive, not your old accounting computer". It just said "I'm here dude". It took a brilliant flash of incite to realize how stupid I had been.
So the LaCie drive now lives at the IP address that quick used to have. And I'll be sending a humble email to Newegg saying that their LaCie drive didn't die after all. And it wasn't a bad ethernet cord, it was a bad network administrator.
I shouldn't get so confused so easily, but hey, it's been awhile since that CCNA exam.....
Sunday, September 23, 2007
Webcam improved and Mozy fixed!!!
Well, it looks like I've got Mozy working again on my home network. It mysteriously stopped backing up my computer a couple of weeks ago. I was all set to email Mozy tech support when I discovered a checkbox on the options tab of the config screen called "Attempt automatic backups even if network connection is not detected". I checked this and now it backs up regular just like it's supposed to. I still don't know why it claims it can't detect the network connection....So I'm going to send an email to Mozy. But at least it's working!
Similar story on Axis 207w webcam. I emailed tech support at Axis to tell them that the camera always freezes after it's been on only a short while. They tell me to update the camera's firmware. I was very skeptical that it would work, but I tried it. Updating firmware sounds a little scary, but it was very easy. After I did it, the camera stopped freezing. It's now been running continuously for over 24 hours and stills works perfectly. Another victory!
Similar story on Axis 207w webcam. I emailed tech support at Axis to tell them that the camera always freezes after it's been on only a short while. They tell me to update the camera's firmware. I was very skeptical that it would work, but I tried it. Updating firmware sounds a little scary, but it was very easy. After I did it, the camera stopped freezing. It's now been running continuously for over 24 hours and stills works perfectly. Another victory!
Wednesday, September 12, 2007
Webcam works but Mozy won't Moze
Today I tried for the first time to view the webcam at my house from my office. I put into Firefox the IP address of my house and there it was! A hazy picture of the desk in my bedroom! I must say I was surprised. A lot of this stuff doesn't work until you've spent hours trying to figure out what little thing you did wrong........
So that's a victory.
Two lines from my config are below. The 2nd nat command forwards the webcam to the outside world. The first nat statement is what makes nat work in general on my home network. It seems like they would interfere with each other, but apparently they don't....
ip nat inside source list 23 interface FastEthernet4 overload
ip nat inside source static tcp 10.10.10.5 80 75.66.88.84 80 extendable
But of course not everything on my home network works. Right now Mozy won't backup every 2 hours or so like it's supposed to. In the little Mozy popup screen it says "No network connection found" or something ominous like that. It used to work fine. According to the firewall help at the Mozy website, you have to open port 443 in the outbound direction on your firewall. I use the Commodo firewall on the computer that Mozy's on. Also I have a Cisco 871 wireless router with kick-ass access lists on it as the gateway to my Comcast cable Internet service. So I've got to figure out which firewall is stopping Mozy.... The weird thing is that if I click "Backup now" on the Mozy popup screen, it works fine. So why won't it work when I'm not there......
So that's a victory.
Two lines from my config are below. The 2nd nat command forwards the webcam to the outside world. The first nat statement is what makes nat work in general on my home network. It seems like they would interfere with each other, but apparently they don't....
ip nat inside source list 23 interface FastEthernet4 overload
ip nat inside source static tcp 10.10.10.5 80 75.66.88.84 80 extendable
But of course not everything on my home network works. Right now Mozy won't backup every 2 hours or so like it's supposed to. In the little Mozy popup screen it says "No network connection found" or something ominous like that. It used to work fine. According to the firewall help at the Mozy website, you have to open port 443 in the outbound direction on your firewall. I use the Commodo firewall on the computer that Mozy's on. Also I have a Cisco 871 wireless router with kick-ass access lists on it as the gateway to my Comcast cable Internet service. So I've got to figure out which firewall is stopping Mozy.... The weird thing is that if I click "Backup now" on the Mozy popup screen, it works fine. So why won't it work when I'm not there......
Win2003 server - changing names and changing the clock
Yesterday I (not me really) fixed a couple of problems that have been bugging me with my Windows 2003 server. First, my clock has been off by exactly 2 hours. I put in Central Standard Time (which is what we run on here in Memphis) and Windows displays the time as if I were in California. I had no idea why, so I put the problem up on Experts-Exchange.com. A guy there instantly told me to check the BIOS clock. That indeed was the problem. Who knew? Not me.
Here's a link that the Experts-Exchange guy sent me that explains how to get Win 2003 server to get its time from an ntp server. I haven't tried it yet. http://support.microsoft.com/kb/816042.
Also I was having trouble changing a user name on Win 2003 server. This is in what is called ADUC (Active Directory Users and Computers). I would right click on the user to be changed, go to properties, change the name, and click OK. But the name would never be changed. So I put THAT problem up on Experts-Exchange too. Again the experts at the exchange immediately solved my problem. There is a specific choice called "Rename" on the context menu if you right click on a user. Go to that and enter the changes and it works fine. Well....... I'm the Win2003 admin, but I don't admin it too often. I'm so used to going to the properties tab in Windows that I just didn't notice the "rename" choice..... My bad. I have to wonder why Microsoft displays the user name in "Properties" in an apparently editable box when you can't edit it there at all........
Good thing I'm a premium member of Experts-Exchange.com (which means I have to actually pay money!). Well worth it.
Here's a link that the Experts-Exchange guy sent me that explains how to get Win 2003 server to get its time from an ntp server. I haven't tried it yet. http://support.microsoft.com/kb/816042.
Also I was having trouble changing a user name on Win 2003 server. This is in what is called ADUC (Active Directory Users and Computers). I would right click on the user to be changed, go to properties, change the name, and click OK. But the name would never be changed. So I put THAT problem up on Experts-Exchange too. Again the experts at the exchange immediately solved my problem. There is a specific choice called "Rename" on the context menu if you right click on a user. Go to that and enter the changes and it works fine. Well....... I'm the Win2003 admin, but I don't admin it too often. I'm so used to going to the properties tab in Windows that I just didn't notice the "rename" choice..... My bad. I have to wonder why Microsoft displays the user name in "Properties" in an apparently editable box when you can't edit it there at all........
Good thing I'm a premium member of Experts-Exchange.com (which means I have to actually pay money!). Well worth it.
Thursday, September 6, 2007
Axis 207w wireless camera now up and running...
Tonight (on my mother's birthday no less) I got my new Axis wireless network camera working. Another networking triumph........
First I had to wrestle with the usual bad and/or incomplete instructions, but I managed to get it working wired (using standard ethernet cable). Then after much ado, I got it working wirelessly.
The instructions DO NOT make clear that there is a standard web based interface that you can use by pointing browser to the IP address of the camera, which out of the box is 192.168.0.90. Then I had to set a user name and password, which I set to "root" and "arbie" (come on...nobody's reading this). The instructions are also ambiguous about whether or not the camera can get its IP address from a dhcp server. The instructions say "A network DHCP server is optional". What the hell does that mean exactly? It should say "The 207w camera is capable of getting its IP address from your dhcp server if you have one. If not, all is not lost; you can set the IP address manually."
After some scuffling with my 871 wireless router, I got the 871 to give the 207w an IP address (by dhcp). Then using the camera's web config interface, I added a 26 hex digit wep key and then unplugged the ethernet cord and expected to be disappointed. But no! I saw myself clearly in my Coco Beach T shirt...wireless!!
The scuffling with the 871 wireless router involved me not knowing that if you delete the vlan 1 interface (which I did because I thought it wasn't necessary and why not simplify the config?) from the 871 config, the built in RJ45 jacks quit working. The wirelessly connected computers still work, but anything plugged into the RJ45 jacks go south. I'm confused about why, but then I'm confused about a lot of things in networking.....
Anyway, after I re-added the vlan 1 interface to the 871 config, the RJ45 jacks instantly started working again and so the 207w camera was issued an IP address by dhcp. Then I could surf to its IP address and enter the wireless ssid and hex wep key and get going wirelessly.
First I had to wrestle with the usual bad and/or incomplete instructions, but I managed to get it working wired (using standard ethernet cable). Then after much ado, I got it working wirelessly.
The instructions DO NOT make clear that there is a standard web based interface that you can use by pointing browser to the IP address of the camera, which out of the box is 192.168.0.90. Then I had to set a user name and password, which I set to "root" and "arbie" (come on...nobody's reading this). The instructions are also ambiguous about whether or not the camera can get its IP address from a dhcp server. The instructions say "A network DHCP server is optional". What the hell does that mean exactly? It should say "The 207w camera is capable of getting its IP address from your dhcp server if you have one. If not, all is not lost; you can set the IP address manually."
After some scuffling with my 871 wireless router, I got the 871 to give the 207w an IP address (by dhcp). Then using the camera's web config interface, I added a 26 hex digit wep key and then unplugged the ethernet cord and expected to be disappointed. But no! I saw myself clearly in my Coco Beach T shirt...wireless!!
The scuffling with the 871 wireless router involved me not knowing that if you delete the vlan 1 interface (which I did because I thought it wasn't necessary and why not simplify the config?) from the 871 config, the built in RJ45 jacks quit working. The wirelessly connected computers still work, but anything plugged into the RJ45 jacks go south. I'm confused about why, but then I'm confused about a lot of things in networking.....
Anyway, after I re-added the vlan 1 interface to the 871 config, the RJ45 jacks instantly started working again and so the 207w camera was issued an IP address by dhcp. Then I could surf to its IP address and enter the wireless ssid and hex wep key and get going wirelessly.
Sunday, August 26, 2007
networking publications
These were listed on the Cisco website as being good resources:
(but they actually mostly suck)
# Networking Professionals Connection
# Cisco IT@Work
# Blogs@Cisco
# Networkers Online
# The Internet Protocol Journal
# Cisco Technical Services Newsletter
# Technical Support and Documentation
# Learning and Events
# Google Groups: comp.dcom.sys.cisco
# Cisco Learning Connection
# Cisco Certifications Community
(but they actually mostly suck)
# Networking Professionals Connection
# Cisco IT@Work
# Blogs@Cisco
# Networkers Online
# The Internet Protocol Journal
# Cisco Technical Services Newsletter
# Technical Support and Documentation
# Learning and Events
# Google Groups: comp.dcom.sys.cisco
# Cisco Learning Connection
# Cisco Certifications Community
Sunday, August 19, 2007
Cisco 871 wireless router - part 2
Finally!!! I can get out to Internet wirelessly thru my 871w. It took lots of reading and troubleshooting, but it's working. I had to break down and call for help, so I can't take credit for this myself. Vivek, my Indian guru, solved it for me. I did not have the following 2 lines in my config:
bridge 1 protocol ieee
bridge 1 route ip
The first line establishes the "ieee" type spanning tree protocol for bridge group 1, and , I assume, establishes bridge group 1 in the first place. The second line tells the router to route IP on any interface that has an IP address, even though the interface is in a bridge group.
Without the "bridge 1 route IP" command, then IP ain't routed, it's bridged. To bridge is to forward a packet using layer 2 addressing info (MAC address) instead of layer 3 addressing info (IP address). But it wasn't working, so maybe it wasn't bridging either????????
After I entered that command in my 871 config, The computers connected wirelessly immediately got IP addresses from the dhcp server on the 871 and started being able to talk to Internet.
The BVI interface is something that is new to me. Apparently it is like a group IP mailbox for all the interfaces that don't have IP addresses. In other words, all of the interfaces that are attached to the "switch" portion of the 871 rather than the router portion. Here's the deal: If the 871 were just a plain router with no "virtual switch" built in, then of course it would have an interface with an IP address which was connected by ethernet cable to a physical switch. All the computers would in turn be connected to the switch.
Since that interface to the physical switch does't exist when the switch is built in, the interface is created out of thin air and called a BVI (bridge virtual interface). At lease that's my understanding........
Here are some good commands I learned:
show ip dhcp bindings - a good troubleshooting command that shows what addresses the router's dhcp server has handed out to which MAC addresses
show dot11 associations - also good for troubleshooting. It shows which computers are communicating with the wireless network.
show ip dhcp import - shows what data (dns server addresses, domain name, etc) is being sent to dhcp clients by the dhcp server.
bridge 1 protocol ieee
bridge 1 route ip
The first line establishes the "ieee" type spanning tree protocol for bridge group 1, and , I assume, establishes bridge group 1 in the first place. The second line tells the router to route IP on any interface that has an IP address, even though the interface is in a bridge group.
Without the "bridge 1 route IP" command, then IP ain't routed, it's bridged. To bridge is to forward a packet using layer 2 addressing info (MAC address) instead of layer 3 addressing info (IP address). But it wasn't working, so maybe it wasn't bridging either????????
After I entered that command in my 871 config, The computers connected wirelessly immediately got IP addresses from the dhcp server on the 871 and started being able to talk to Internet.
The BVI interface is something that is new to me. Apparently it is like a group IP mailbox for all the interfaces that don't have IP addresses. In other words, all of the interfaces that are attached to the "switch" portion of the 871 rather than the router portion. Here's the deal: If the 871 were just a plain router with no "virtual switch" built in, then of course it would have an interface with an IP address which was connected by ethernet cable to a physical switch. All the computers would in turn be connected to the switch.
Since that interface to the physical switch does't exist when the switch is built in, the interface is created out of thin air and called a BVI (bridge virtual interface). At lease that's my understanding........
Here are some good commands I learned:
show ip dhcp bindings - a good troubleshooting command that shows what addresses the router's dhcp server has handed out to which MAC addresses
show dot11 associations - also good for troubleshooting. It shows which computers are communicating with the wireless network.
show ip dhcp import - shows what data (dns server addresses, domain name, etc) is being sent to dhcp clients by the dhcp server.
Friday, August 3, 2007
871w - further info
show arp is a good way to see MAC addresses of the router's interfaces and the MAC addresses of the devices that the router is connected to
sailboat#show arp
Protocol Address Age (min) Hardware Addr Type Interface
Internet 75.66.88.84 - 001b.90c9.a9ea ARPA FastEthernet4
Internet 10.10.10.2 13 0015.c5ae.b814 ARPA Vlan1
Internet 10.10.10.3 2 0017.3181.d278 ARPA Vlan1
Internet 10.10.10.1 - 001b.90c9.a9e0 ARPA Vlan1
Internet 75.66.88.1 0 0030.b8cb.5e11 ARPA FastEthernet4
copy flash tftp
This is the command to use to copy the current IOS image to whatever tftp server you are using.
show file systems - shows the various places (directories) on a cisco router where files are stored
cd nvram: - this changes the current directory to the nvram directory. To get back to flash, which is apparently the home directory, just type cd by itself
dir - just like DOS! - shows listing of files in the current directory
pwd - just like Linux! - shows what the present working directory is
show file information flash:c870-advsecurityk9-mz.124-4.T7.bin - this gives some info about the file named c870-advsecurityk9-mz.124-4.T7.bin in the flash: directory
/td/doc/product
/software/ios122/122cgcr
/ffun_c/ffcprt2/fcf006.htm#wp1000939
sailboat#show arp
Protocol Address Age (min) Hardware Addr Type Interface
Internet 75.66.88.84 - 001b.90c9.a9ea ARPA FastEthernet4
Internet 10.10.10.2 13 0015.c5ae.b814 ARPA Vlan1
Internet 10.10.10.3 2 0017.3181.d278 ARPA Vlan1
Internet 10.10.10.1 - 001b.90c9.a9e0 ARPA Vlan1
Internet 75.66.88.1 0 0030.b8cb.5e11 ARPA FastEthernet4
copy flash tftp
This is the command to use to copy the current IOS image to whatever tftp server you are using.
show file systems - shows the various places (directories) on a cisco router where files are stored
cd nvram: - this changes the current directory to the nvram directory. To get back to flash, which is apparently the home directory, just type cd by itself
dir - just like DOS! - shows listing of files in the current directory
pwd - just like Linux! - shows what the present working directory is
show file information flash:c870-advsecurityk9-mz.124-4.T7.bin - this gives some info about the file named c870-advsecurityk9-mz.124-4.T7.bin in the flash: directory
delete slot0:myconfig - this erases the file named myconfig in slot0:
Erasing flash memory
In order to reclaim any space taken up by files in Flash memory, you must erase the entire file system using the erase flash: or erase bootflash: EXEC command. These commands reclaim all of the space in Flash memory, erasing all files, deleted or not, in the process. Once erased, these files cannot be recovered. Before erasing Flash memory, save any files you want to keep in another location (an FTP server, for example). Copy the files back to Flash memory after you have erased the device.
This info comes from http://www.cisco.com/univercd/cc/td/doc/product
/software/ios122/122cgcr
/ffun_c/ffcprt2/fcf006.htm#wp1000939
Wednesday, August 1, 2007
Retrospect Express HD
I just installed Retrospect Express HD on my computer and gave it a try. It works great! It is uncomplicated and has a slick interface. Even though I use Mozypro for my main backup method, I like having a backup of my backup. Of course, retrospect only backed my data up to the LaCie Ethernet disk mini on my LAN, so if there is a fire, it might take out both my computer and the LaCie (they are both in the same room). So Mozy Pro still wins because data is backed up off site.
At some point I will try to map a drive letter to a drive at the NBC office and see if Retrospect can back up over the Internet.
PC World gave Retrospect Express HD a good rating, but recommended that readers look at NTI's $25 Shadow and IBM's $35 CDP also. I will do so.
At some point I will try to map a drive letter to a drive at the NBC office and see if Retrospect can back up over the Internet.
PC World gave Retrospect Express HD a good rating, but recommended that readers look at NTI's $25 Shadow and IBM's $35 CDP also. I will do so.
Friday, July 27, 2007
netcat
From http://www.vulnwatch.org/netcat/readment.txt
To use Netcat to retrieve the home page of a web site use the command:
nc -v www.website.com 80 <>
You will see Netcat make a connection to port 80, send the text contained
in the file get.txt, and then output the web server's response to stdout.
The -v is for verbose. It tells you a little info about the connection
when it starts.
So the leftward facing arrow ( < )means "Inject the contents of get.txt into the connection just opened to website.com port 80" Inside the get.txt file is "GET / HTTP/1.0" and a couple of returns. This will get the webpage. A far more exciting thing to do is to get a quick shell going on a remote
machine by using the -l or "listen" option and the -e or "execute"
option. You run Netcat listening on particular port for a connection.
When a connection is made, Netcat executes the program of your choice
and connects the stdin and stdout of the program to the network connection.
nc -l -p 23 -t -e cmd.exe
will get Netcat listening on port 23 (telnet). When it gets connected to
by a client it will spawn a shell (cmd.exe). The -t option tells Netcat
to handle any telnet negotiation the client might expect.
This will allow you to telnet to the machine you have Netcat listening on
and get a cmd.exe shell when you connect. You could just as well use
Netcat instead of telnet:
nc xxx.xxx.xxx.xxx 23
The -l means "listen". The -p means "port"
The beauty of Netcat really shines when you realize that you can get it
listening on ANY port doing the same thing. Do a little exploring and
see if the firewall you may be behind lets port 53 through. Run Netcat
listening behind the firewall on port 53.
nc -L -p 53 -e cmd.exe
Then from outside the firewall connect to the listening machine:
nc -v xxx.xxx.xxx.xx 53
If you get a command prompt then you are executing commands on the
listening machine. Use 'exit' at the command prompt for a clean
disconnect. The -L (note the capital L) option will restart Netcat with
the same command line when the connection is terminated. This way you can
connect over and over to the same Netcat process.
Tuesday, July 24, 2007
Cisco 871 wireless router - part 1
Once again I have proved to myself (the hard way of course) that you can't navigate the Internet using a private IP address. I'm trying to set up a cisco 871 wireless router.
I'm replacing a linksys wrt54g that may or may not work (what I know for sure is that I cannot make it work). I hooked up the 871w but could not access the Internet with my laptop thru the 871. Mind you, this is with the laptop connected to the 871 with a standard ethernet cable! I haven't even tried to use it wirelessly yet. After lots of cussing and fruitless searching on the Internet, it came to me that the source address of the packets from my laptop was 10.10.10.4 (Private!!!!!) which is on the little LAN that the 871 automatically created. So any device that I tried to contact out on the Internet could only chuckle at my foolishness as it thru my packets on the floor.
Consumer level routers (such as the wrt54g) may have their troubles, but I'll give them this: They don't make you jump thru hoops to set up NAT just to allow you to browse the Internet; they do NAT for you. The 871 does not. So that was my trouble. I needed NAT working so the device on the far end had an actual working public address to answer back to. The relevant part of my config now looks like this:
interface FastEthernet4
ip address dhcp
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
interface Vlan1
description $ETH-SW-LAUNCH$INTF-INFO-HWIC 4ESW$
ip address 10.10.10.1 255.255.255.248
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1452
ip nat inside source list 23 interface FastEthernet4 overload
access-list 23 permit 10.10.10.0 0.0.0.7
The 871 now NATs the laptop's private source address into the 871's public address. The bright side of this story is that I figured the problem out all by myself. Now it's on to trying to get my laptop connected WIRELESSLY to the Internet thru the 871. I'm sure I will eventually get it done, but not without a little more cussing and fussing.
I'm replacing a linksys wrt54g that may or may not work (what I know for sure is that I cannot make it work). I hooked up the 871w but could not access the Internet with my laptop thru the 871. Mind you, this is with the laptop connected to the 871 with a standard ethernet cable! I haven't even tried to use it wirelessly yet. After lots of cussing and fruitless searching on the Internet, it came to me that the source address of the packets from my laptop was 10.10.10.4 (Private!!!!!) which is on the little LAN that the 871 automatically created. So any device that I tried to contact out on the Internet could only chuckle at my foolishness as it thru my packets on the floor.
Consumer level routers (such as the wrt54g) may have their troubles, but I'll give them this: They don't make you jump thru hoops to set up NAT just to allow you to browse the Internet; they do NAT for you. The 871 does not. So that was my trouble. I needed NAT working so the device on the far end had an actual working public address to answer back to. The relevant part of my config now looks like this:
interface FastEthernet4
ip address dhcp
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
interface Vlan1
description $ETH-SW-LAUNCH$INTF-INFO-HWIC 4ESW$
ip address 10.10.10.1 255.255.255.248
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1452
ip nat inside source list 23 interface FastEthernet4 overload
access-list 23 permit 10.10.10.0 0.0.0.7
The 871 now NATs the laptop's private source address into the 871's public address. The bright side of this story is that I figured the problem out all by myself. Now it's on to trying to get my laptop connected WIRELESSLY to the Internet thru the 871. I'm sure I will eventually get it done, but not without a little more cussing and fussing.
Friday, July 20, 2007
ftp woes
I installed pure-ftp on venus today. It took me 3 hours to actually be able to use it!! When I tried to logon from an ftp client, it would always say "530 authentication failure" or some such. It took me a long while to figure out that I needed to start the program in the special way that makes it read a config file when it starts, rather than just use command line options. Then I had to change the config file because the default behavior was to use PAM authentication (which is beyond my knowledge at this point) rather than plain old /etc/passwd authentication. Finally I got it working.
For some reason, when you start it regularly (meaning from the script in /etc/rc.d/init.d), it wants to get its config from command line options. To start it using a config file, you have to type in the following command:
/usr/sbin/pure-config.pl /etc/pure-ftpd/pure-ftpd.conf
/etc/pure-ftpd/pure-ftpd.conf is the config file. /usr/sbin/pure-config.pl is apparently a separate script that starts it and reads the config file as it starts. The regular start file is /usr/sbin/pure-ftpd I think.
What a mess! When computer reboots, I'll have to type in the above line again or put it in my local script. There must be an easier way.
For some reason, when you start it regularly (meaning from the script in /etc/rc.d/init.d), it wants to get its config from command line options. To start it using a config file, you have to type in the following command:
/usr/sbin/pure-config.pl /etc/pure-ftpd/pure-ftpd.conf
/etc/pure-ftpd/pure-ftpd.conf is the config file. /usr/sbin/pure-config.pl is apparently a separate script that starts it and reads the config file as it starts. The regular start file is /usr/sbin/pure-ftpd I think.
What a mess! When computer reboots, I'll have to type in the above line again or put it in my local script. There must be an easier way.
SAMBA stuff
I turned SAMBA on on venus, but I could not see venus folders on jupiter, my Windows XP computer. The problem was that iptables on venus was not allowing the samba packets thru. I went to the system menu in Fedora 6, then chose "administration", then chose "security level & firewall" then checked the box next to samba to make it a trusted application.
The following lines in iptables apparently allow samba to work:
ACCEPT udp -- anywhere anywhere state NEW udp dpt:netbios-ns
ACCEPT udp -- anywhere anywhere state NEW udp dpt:netbios-dgm
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:netbios-ssn
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:microsoft-ds
Samba has 2 parts: smbd and nmbd. The ports that samba apparently uses are:
137 udp - NETBIOS name service
138 udp - NETBIOS datagram service
139 tcp - NETBIOS session service
445 tcp - Microsoft-DS (directory services)
The following lines in iptables apparently allow samba to work:
ACCEPT udp -- anywhere anywhere state NEW udp dpt:netbios-ns
ACCEPT udp -- anywhere anywhere state NEW udp dpt:netbios-dgm
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:netbios-ssn
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:microsoft-ds
Samba has 2 parts: smbd and nmbd. The ports that samba apparently uses are:
137 udp - NETBIOS name service
138 udp - NETBIOS datagram service
139 tcp - NETBIOS session service
445 tcp - Microsoft-DS (directory services)
Trying to speed up my vpn
The vpn between NBC and Shamrock now works, but it's s-l-o-w.
Mary tried to transfer some file using ws_ftp and it was just about unusable. I read somewhere that to speed it up, you might lower the mtu size because maybe the encryption bytes added to the vpn packets push every single packet above the default mtu of 1500 and so every one is fragmented. So I lowered the mtu on both inside and outside interfaces on my PIX to 1300. I need to do the same thing to the 2600 router on the other end. We'll see if this helps.
On PIX, to change the mtu:
king200(config)# mtu outside 1300
king200(config)# mtu inside 1300
To see that changes were actually made:
show int e0
show int e1
Mary tried to transfer some file using ws_ftp and it was just about unusable. I read somewhere that to speed it up, you might lower the mtu size because maybe the encryption bytes added to the vpn packets push every single packet above the default mtu of 1500 and so every one is fragmented. So I lowered the mtu on both inside and outside interfaces on my PIX to 1300. I need to do the same thing to the 2600 router on the other end. We'll see if this helps.
On PIX, to change the mtu:
king200(config)# mtu outside 1300
king200(config)# mtu inside 1300
To see that changes were actually made:
show int e0
show int e1
GnuCash files
This is not network maintenance strictly speaking, but this is a good place to put stuff that I don't want to lose. Below is the link to the explanation about GnuCash files and what files to backup. The xac files are the ones that contain the data. The log files have only the changes since the last xac. So if you save the latest xac, you've got a full back up.
http://www.gnucash.org/docs/v1.8/C/gnucash-guide/basics_backup1.html
http://www.gnucash.org/docs/v1.8/C/gnuca
Wednesday, July 11, 2007
LaCie Ethernet Drive mini
use ftp client to access drive at 192.168.47.49 username admin pw admin
You must type in /lacie in address bar of remote site (on right) or you will not be able to see shares
To access drive thru Windows, type the following into the Windows Explorer address bar (Not Internet Explorer):
\\192.168.47.49\lacie
20-aug-2010 Today I was able to access Lacie drive in Windows Explorer under My Network Places --> Entire Network --> Microsoft Windows network --> officenet.sham --> Edmini
Also I was able to access it in Win Exp using \\192.168.1.100\lacie
You must type in /lacie in address bar of remote site (on right) or you will not be able to see shares
To access drive thru Windows, type the following into the Windows Explorer address bar (Not Internet Explorer):
\\192.168.47.49\lacie
20-aug-2010 Today I was able to access Lacie drive in Windows Explorer under My Network Places --> Entire Network --> Microsoft Windows network --> officenet.sham --> Edmini
Also I was able to access it in Win Exp using \\192.168.1.100\lacie
Cisco 871 wireless router
Received cisco 871 wireless router from Newegg today. I plan to use it at home with a wireless IP camera for a dog-cam. I will be able to watch Baybay and Arbie from wherever I am!
I have a linksys wrt54g wireless router that works now, but those consumer grade routers are pretty lame. The other wrt54g I have does not want to work, and the linksys wireless camera also does not work anymore. I'm going to step up to a cisco wireless router and see if it's lame too!
I have a linksys wrt54g wireless router that works now, but those consumer grade routers are pretty lame. The other wrt54g I have does not want to work, and the linksys wireless camera also does not work anymore. I'm going to step up to a cisco wireless router and see if it's lame too!
Tuesday, July 10, 2007
vpn fixed by not NATing vpn traffic
May 2007 - The atlantic router at NBC was not allowing vpn to work. A great consultant I know, Marty, figured out that we simply should not nat any packets going thru the vpn. So he changed the config on atlantic as follows:
I originally had:
ip nat inside source list 35 interface Ethernet0/1 overload
access-list 35 permit 192.168.38.0 0.0.0.255
Marty created a new access list that says to deny (not really deny, just not nat) anything going thru the vpn and lets everything else go thru (get nated)
ip nat inside source list 150 interface Ethernet0/1 overload
access-list 150 deny ip 192.168.38.0 0.0.0.255 192.168.47.0 0.0.0.255
access-list 150 permit ip 192.168.38.0 0.0.0.255 any
Access list 35 should be removed from config since it is not being used anymore, but I haven't done it yet.
On the Shamrock side, Marty added a line that did the same thing, only in PIX lingo:
nat (inside) 0 access-list crypto-sham <-- this was added to not nat the vpn traffic nat (inside) 1 0.0.0.0 0.0.0.0 0 0 <-- this was already here to nat everything
access-list crypto-sham permit ip 192.168.47.0 255.255.255.0 192.168.38.0 255.255.255.0
I originally had:
ip nat inside source list 35 interface Ethernet0/1 overload
access-list 35 permit 192.168.38.0 0.0.0.255
This nats everything from the 38 subnet which is basically everything. We needed to stop nating packets destined for the vpn but keep nating everything else
Marty created a new access list that says to deny (not really deny, just not nat) anything going thru the vpn and lets everything else go thru (get nated)
ip nat inside source list 150 interface Ethernet0/1 overload
access-list 150 deny ip 192.168.38.0 0.0.0.255 192.168.47.0 0.0.0.255
access-list 150 permit ip 192.168.38.0 0.0.0.255 any
Access list 35 should be removed from config since it is not being used anymore, but I haven't done it yet.
On the Shamrock side, Marty added a line that did the same thing, only in PIX lingo:
nat (inside) 0 access-list crypto-sham <-- this was added to not nat the vpn traffic nat (inside) 1 0.0.0.0 0.0.0.0 0 0 <-- this was already here to nat everything
access-list crypto-sham permit ip 192.168.47.0 255.255.255.0 192.168.38.0 255.255.255.0
An old but useful logger note
12-mar-07 As root, I typed in "logger Its Monday here....." at shell prompt and the message was written to file /var/log/messages
Monday, July 9, 2007
Trying to copy files across an IPSEC vpn
I'm trying to figure out how to copy files across my vpn which goes from Shamrock to NBC.
private path 192.168.47.0 ---> 192.168.38.0
public path 208.115.11.214 ---> 208.115.24.30
The copy command I am using is:
copy c:\aaaa\COPYTEST.txt \\192.168.38.30\aaaa
192.168.38.30 is Mary's computer at NBC. It is named rover.
All I ever get is "The network path was not found."
The latest thing I tried was to add the following line to atlantic on the NBC side:
195 permit ip host 208.115.11.214 any
I realized that I don't know what king of protocol (tcp? udp?) that a Windows "copy" command would generate over the wire. I figured ip would be a good catch-all but, but it's still not working. But maybe it should be that I allow any IP from 192.168.47.0 ????? I'll try that in the morning, I'm out of time now. But the vpn should allow things from 192.168.47.0 to 192.168.38.0 by its very nature shouldn't it?
private path 192.168.47.0 ---> 192.168.38.0
public path 208.115.11.214 ---> 208.115.24.30
The copy command I am using is:
copy c:\aaaa\COPYTEST.txt \\192.168.38.30\aaaa
192.168.38.30 is Mary's computer at NBC. It is named rover.
All I ever get is "The network path was not found."
The latest thing I tried was to add the following line to atlantic on the NBC side:
195 permit ip host 208.115.11.214 any
I realized that I don't know what king of protocol (tcp? udp?) that a Windows "copy" command would generate over the wire. I figured ip would be a good catch-all but, but it's still not working. But maybe it should be that I allow any IP from 192.168.47.0 ????? I'll try that in the morning, I'm out of time now. But the vpn should allow things from 192.168.47.0 to 192.168.38.0 by its very nature shouldn't it?
Linux syntax that's easy to forget
Linux commands
To find files that start with "tay"
find / -name "tay*"
a lot of built in linux programs are in /usr/bin like the text editor:
/usr/bin/gedit
To see kernel version on a system that uses rpm:
rpm -q kernel
to see kernel version: uname -a
to see what processes are running: ps -e
reboot: shutdown -r now
To find files that start with "tay"
find / -name "tay*"
a lot of built in linux programs are in /usr/bin like the text editor:
/usr/bin/gedit
To see kernel version on a system that uses rpm:
rpm -q kernel
to see kernel version: uname -a
to see what processes are running: ps -e
reboot: shutdown -r now
Sysmon stuff
The sysmon status file : /var/www/html/sysmon.html <-- this loads into browser
The sysmon config file : /usr/local/etc/sysmon.conf <-- edit this to change config
To stop sysmon (it runs on venus) type:
/usr/local/bin/sysmond stop
or just
sysmond stop
because /usr/local/bin is apparently in the path.
To start it again, just type sysmond, not sysmond start
Don't leave off the d at the end of sysmond because if you do it somehow screws things up so you can't stop it. There IS a file called sysmon in the same directory and I don't really know what it does. If you stop sysmon properly, you will see the message "Please remain seated as your ride comes to a complete stop".
The status file is updated every minute.
The sysmon config file : /usr/local/etc/sysmon.conf <-- edit this to change config
To stop sysmon (it runs on venus) type:
/usr/local/bin/sysmond stop
or just
sysmond stop
because /usr/local/bin is apparently in the path.
To start it again, just type sysmond, not sysmond start
Don't leave off the d at the end of sysmond because if you do it somehow screws things up so you can't stop it. There IS a file called sysmon in the same directory and I don't really know what it does. If you stop sysmon properly, you will see the message "Please remain seated as your ride comes to a complete stop".
The status file is updated every minute.
starting the web server on venus
To restart the apache web server on venus after a reboot type:
/usr/sbin/httpd
Sysmon won't work unless you start the web server first. I think it will create the html page showing what's up and what's down, but no web browser can actual load the page without apache running.
/usr/sbin/httpd
Sysmon won't work unless you start the web server first. I think it will create the html page showing what's up and what's down, but no web browser can actual load the page without apache running.
Subscribe to:
Posts (Atom)