How to set up dual-NIC bonding in Ubuntu

REPOST: Source: Only Ubuntu Linux:

Bonding is creation of a single bonded interface by combining 2 or more ethernet interfaces. This helps in high availability and performance improvement.

How to setup dual-dual bonding (two bonds of two interfaces each) on Ubuntu as quickly as possible.

1. Add two lines to /etc/modules

bonding bond0 -o bond0 mode=1 miimon=100

bonding bond1 -o bond1 mode=1 miimon=100

If you’re very good at managing your time, just remember that miimon’s option determines how often the bond is monitored for failure and that mode can be one of:

0 – Round robin balancing

1 – Active back-up

2 – Transmit based on MAC address for load balancing/fault tolerance

3 – Broadcasting – provides fault tolerance by transmitting on all slave interfaces

4 – Aggregates links, assuming all nics support same speeds and duplex settings

5 – Transmit load balancing – balancing is handled by the bond based on load

6 – Same as 5, but also uses arp to balance load “better

2. Install the ifenslave package if you haven’t already. You can use apt-get to grab it if you don’t:

sudo apt-get install ifenslave-x.x

3. Ensure that the package actually installed:

sudo dpkg –get-selections | grep enslave

ifenslave-x.x install

4. Set up your interface files:

# cat /etc/network/interfaces (only including the parts you probably need – substitute IP addresses, netmasks, etc):

auto lo

iface lo inet loopback

auto bond0

iface bond0 inet static

address 10.10.125.88

netmask 255.255.255.0

network 10.10.125.0

gateway 10.10.125.1

post-up ifenslave bond0 eth0 eth2

pre-down ifenslave -d bond0 eth0 eth2

auto bond1

iface bond1 inet static

address 10.10.127.88

netmask 255.255.255.0

network 10.10.127.0

gateway 10.10.127.1

post-up ifenslave bond1 eth1 eth3

pre-down ifenslave -d bond1 eth1 eth3

5. Add lines to the bottom of your architecture’s modprobe files, reboot
and pray:

sudo cat /etc/modprobe.d/arch/i386

alias bond0 bonding

options bond0 mode=1 miimon=5000 max_bonds=2

alias bond1 bonding

options bond1 mode=1 miimon=5000 max_bonds=2

How to clone a Linux system using CloneZilla Server Edition (CloneZilla SE)

An excellent how-to on the subject, complete with screenshots.

Here’s a link to Clonezilla SE (Server Edition).

Awesome improvements in Linux kernel 2.6.28

The kernel was released by Linus on Dec. 24th, Among the enhancements:

Ext4 which has now been declared stable, and no longer experimental, will be the successor to the long-standing ext3. It can support a file system up to 1 exabyte in size (that’s 1,048,576 terabytes to everyone else) and single files up to 16TiB.

Ext4 is likely to become the defacto standard file system in most Linux systems, perhaps except the most mission-critical of servers whose admins will likely opt for a file system longer in the tooth (like ext3 or XFS). Ext4 will likely be the file system to go head to head with SUN’s ZFS.

Kernel 2.6.28 will also support laptop disk shock protection, and the minstrel WIFI rate control algorithm.

More details on the other improvements here, and here.

Some more details here, which are easier to digest.

IRC as the new/old way to socialize as well as get work done:

Below is a link to a great article on how intranet IRC servers could be set up to do work, communicate as well as socialize. Using IRC internally on a corporate network is a creative application of a tried & true technology. It’s as instant as IM and SMS, and with some creative bot-making, can be used to do internet searches as well as send messages directly to others. Using Screen & IRSSI over SSH it would be easily doable to stay connected using a Smartphone or netbook while on the go.

This link explains how it’s used at Last.FM. Read the comments below, as they’re just as insightful as the artcile.

A couple of helpful links to set up your own IRC server.

A very basic how-to, with no advanced configs.

A good Ubuntu Forum discussion on the subject.

General Link 1, General Link 2

Using Screen & IRSSI.

Easily create a private, encrypted folder on any Ubuntu or Debian system.

From the Ubuntu Geek:

eCryptfs is a POSIX-compliant enterprise-class stacked cryptographic filesystem for Linux.It provides advanced key management and policy features. eCryptfs stores cryptographic metadata in the header of each file written, so that encrypted files can be copied between hosts; the file will be decryptable with the proper key, and there is no need to keep track of any additional information aside from what is already in the encrypted file itself. Think of eCryptfs as a sort of “gnupgfs”.eCryptfs is a native Linux filesystem. The kernel module component of eCryptfs is part of the Linux kernel since 2.6.19.

The superior hacker: Max Butler.

Wired has the inside story of Max Ray Butler, a former white hat hacker who joined the underground following a jail stint for hacking the Pentagon. His most ambitious hack was a hostile takeover of the major underground carding boards where stolen credit card and identity data are bought and sold. The attack made his own site, CardersMarket, the largest crime forum in the world, with 6,000 users. But it also made the feds determined to catch him, since one of the sites he hacked, DarkMarket.ws, was secretly a sting operation run by the FBI.

The author of this Wired article Kevin Poulsen is an editor of Wired magazine and a former hacker who served five years in prison for breaking into FBI computers.

A related article from 2001.

Practical attacks on WEP & WPA (published).

Practical attacks on WEP & WPA, including WPA packet injection:

Details (PDF): http://tinyurl.com/56j63s.

More here: http://tinyurl.com/8erk74.

From the site:

The attack is essentially a variant of the chopchop attack used against WEP secured networks, which surfaced in early 2005. The name “chopchop attack” is a nod to the KoreK-developed chopchop tool, which allows the user to decrypt an arbitrary encrypted data packet without having to know the WEP key.

Android netbooks on their way, likely by 2010.

Amazing. The ramifications could be huge:

AndroidIRC for the Android OS (G1).

For Android (G1) users, a good IRC client, though still in beta and not yet on the market, so you’ll have to download the .apk file directly: be sure to go to your settings page on your G1, then to Applications, then check “unknown sources”, so you can download .apk files directly without having to go through the market.

This app supports multiple channel (and you can navigate between them simply by swiping your finger left/right) and supports multiple IRC servers.

Project page here:

Convert your videos to .3gp format for viewing on cell phones and smartphones

After much pain and research with ffmpeg and mencoder, I stumbled upon MMC – Mobile Media Converter. It seems to be a front end to FFMPEG, but works seamlessly. It has quality presets, as well as customizable transcoding quality settings, for those who don’t want to lose their framerates.

If you’re looking to convert your videos from .avi or .mpeg format to the highly efficient .3gp format (natively supported by the Google Android OS, running on phones such as T-Mobile’s G1), then look no further than this application. The application runs on Windows & Linux!

Click here for their site, the links to the application are at the bottom of the page.

Click here to conveniently download the Ubuntu .deb file for the application (4.4 megs).

Facebook & the social dynamics of privacy

A very interesting article.

Abstract.

Full text (PDF).

WPA (wifi encryption) is still weak and easy to crack (as expected)

Here’s a good article on the subject.

Here’s also a good HowTo crack WPA.

Back Up/Restore Hard Drives And Partitions With CloneZilla Live

Source: HowToForge.

Linux 2.6 kernel ported to iPhone

I was never a big fan of the iPhone, but the Linux 2.6 kernel has finally been ported to it. It doesn’t yet interact with the touchscreen, but if this eventually leads to an iPhone-Ubuntu distro being created, you can bet I’ll be putting the iPhone on my wish list – just for use as a handheld with wifi.

Here’s a video of it:

Here’s the blogpost on it:

OpenGoo: Host your own “Google Docs” web based collaborative center

From their site:

It is a complete solution for every organization to create, collaborate, share and publish all its internal and external documents.

You and your team can create and collaborate on:

  • Text documents
  • Spreadsheets (coming soon)
  • Presentations
  • Task Lists
  • E-mails
  • Calendars
  • Web Links

All it requires is an xampp server (essentially a Linux server). I am going to test this with some colleagues and see how viable it is for a production environment, but on the surface it looks to be worth evaluation.

You can try a demo here. Once the spreadsheet function is available, this will become much more interesting.

How to harden a default Ubuntu (or almost any Linux) install.

Even Linux can be vulnerable to attack, especially on a fresh install where all settings are left at defaults. This is an excellent article from IT Security on how to shore up security on a fresh Linux install.

I am not sure if the anti-virus recommendation is required at this time, I think that might be overkill, but if you intend to use the system in a live production environment, it’s all worth considering.

A good HowTo on creating virtual hosts in Apache2 & the Linux Basement podcast.

A good article from the Linux Basement.

The Linux Basement also hosts a podcast worth checking out which centers around web hosting and network management, but is overall an informative show. They do about 2 episodes per month.

They also have a fairly active user submitted article area, as well as a forum.

Top 10 mistakes new Linux admins make:

From Tech Republic, worth reading if you’re new to Linux system administration.

One of the most common mistakes is not checking log files (reason #10). I often find it hard to keep up and sometimes parse the variety of system logs on a system. A great tool for managing this is called LogWatch. While not a GUI, it summarizes system logs into a convenient report that you can cron to run regularly and email to yourself, or just monitor. It’s highly configurable with varying degrees of detail.

From the site:

Logwatch is a customizable log analysis system. Logwatch parses through your system’s logs for a given period of time and creates a report analyzing areas that you specify, in as much detail as you require.

Sync your Blackberry’s contacts with your Google account!

From the Google Mobile Blog:

You asked for it, so here it is. We’re happy to announce that in the latest update to Google Sync for BlackBerry, we’ve added two-way contacts synchronization. This new functionality will enable you to sync your handheld’s built-in address book with your Gmail contacts. This all happens in the background and over the air, so your information is always up to date, no matter where you are or what you’re doing.

Once you’ve installed Sync, all your information will be safe in your Google account. If you ever lose your phone or buy a new one, getting your address book and calendar to your new device is as easy as installing Sync. Current and new Google Sync users can try Google Sync today by visiting m.google.com/sync from their BlackBerry browser.

How to install Firefox 3.x (or Thunderbird, or SeaMonkey) on Ubuntu 7.10 and older

Great python script, makes life very easy: UbuntuZilla.

GroundWork Monitor Community Edition

From the site:

GroundWork Monitor Community Edition provides a essential IT monitoring solution that enables you to maintain network visibility and control.

This is a single server deployment that leverages the strengths of 15 other open source projects such as Nagios, rrdtool and nmap. It combines the results of these projects in to a system that evaluates the status, events and performance of monitored devices and presents these results in an easy to understand web application.

This open source project distributed on sourceforge.net is available under the GNU Public License (GPL v2). It is ideal for operations who already have deployed one or more open source monitoring projects and need to expand its capability.

9 OpenOffice extensions that are quite helpful

Click here for details.

Virtualbox port forwarding on a Linux Host

An excellent article on the subject: Source.

Run these 3 commands from shell. SUDO not required.

VBoxManage setextradata “name of vm” “VBoxInternal/Devices/pcnet/0/LUN#0/Config/ssh/HostPort” 2222

VBoxManage setextradata “name of vm” “VBoxInternal/Devices/pcnet/0/LUN#0/Config/ssh/GuestPort” 22

VBoxManage setextradata “name of vm” “VBoxInternal/Devices/pcnet/0/LUN#0/Config/ssh/Protocol” TCP

Where…

  • name of vm” is your virtual machine name
  • ssh is the name of the service. This is _required_ to be unique among the three commands.
  • Ports 2222, 22, TCP respectively with your desired host port, guest port, and protocol.

…then shutdown your VM and Virtualbox host application, and restart them.

To Confirm the above settings are in place:

VBoxManage getextradata “name of vm” enumerate

To remove the settings made above from the VM: (again substituting the variables as appropriate).

VBoxManage setextradata “name of vm” “VBoxInternal/Devices/pcnet/0/LUN#0/Config/ssh/HostPort”

VBoxManage setextradata “name of vm” “VBoxInternal/Devices/pcnet/0/LUN#0/Config/ssh/GuestPort”

VBoxManage setextradata “name of vm” “VBoxInternal/Devices/pcnet/0/LUN#0/Config/ssh/Protocol”

Join Ubuntu 8.04 desktop to Windows server 2003 Active Directory.

This tutorial will explain how to add Ubuntu 8.04 desktop to win server 2003 Active Directory using Likewise Open.

Likewise Open is a free, open source application that joins Linux, Unix, and Mac machines to Microsoft Active Directory and securely authenticates users with their domain credentials.

Certificate Authority (CA) with OpenSSL

When you need to run a website (https), mail (ssl/tls) or similar over an encrypted link – you need an SSL certificate. This article will explain some of the choices involved, and how to run your own certificate authority (CA). You don’t need to spend any money to generate your own certificates, and they’re no different than the ones by Verisign, for example.

Click here for details:

Load more