I came across the NetworkManager application yesterday while looking up some information, and wish I would have found this application earlier in my Linux life! NetWorkManager accepts HAL/DBUS events, and transparently manages the network changes for a user. If you periodically switch between wired and wireless network connections, or wander between wireless access points with different signals levels, NetworkManager might be for you!
I use the OpenBSD PF (packet filter) firewall at home to protect the systems I run, and to provide access to a few services over the Internet. The services I make accessible to the Internet run on servers in RFC 1918 address space, which requires my OpenBSD gateway to perform translate IP addresses and apply inbound filter policies for the services I expose. The PF documentation describes how to do this, but I thought I would share the setup I use in case folks are interested.
To begin, you should define one or more tables and macros to make your firewall rule file easier to manage. The following example sets up one table with a list of IP addresses we want to allow to access the services we run on our network, and one macro with the external interface of the firewall:
# External interface
$ `ext = "hme1"`
# Define a table with acceptable IP addresses
table <work> { 1.2.3.4/32, 1.2.3.5/32 }
Once the tables and macros are setup, you will need to add a redirect statement to translate the DST IP address to the RFC 1918 address your server is using for each TCP segment that matches the policy (i.e. all requests from to TCP port 443):
# NAT the DST IP in all HTTPS connections from <work>
rdr on $ext proto tcp from <work> to X.X.X.X port 443 ->
192.168.100.100 port 443
Now that the redirect statement is in place (you will need to change X.X.X.X to the external IP address of your firewall), we can define a rule to allow connections to the server that runs the secure web server:
# Allow HTTPS connections
pass in quick on $ext proto tcp from <work> to 192.168.100.100 port
443 keep state
Once you add the pass statement, you can test connectivity by pointing your web browser to the IP address of your firewall. I could have used a single rdr statement to NAT and filter the traffic, but I like to split these up to make things easier to read.
If you are interested in learning why the AMD Opteron processor is currently the top dog in the X64 server space, you might be interested in the following Anandtech article:
http://www.anandtech.com/cpuchipsets/showdoc.aspx?i=1815&p=1
The article discusses the K8 architecture in depth, and explains why hyper transport rocks. I have been wanting to upgrade my Sun Ultra 10s to more modern hardware, and I think an AMD solution would be a good fit (especially since Solaris FMA now supports AMD CPUs!).
VMWare ESX server has a bunch of command line utilties to display and modify the ESX server configuration, and the vast majority of them are buried in the /usr/sbin directory. One useful utility is esxcfg-nics, which displays the NIC type, the virtual NIC name, and the current configuration of each NIC in a server:
$ esxcfg-nics -l
Name PCI Driver Link Speed Duplex Description
vmnic0 02:02.00 tg3 Up 100Mbps Full Broadcom Corporation NetXtreme BCM5704 Gigabit Ethernet
vmnic1 02:02.01 tg3 Up 1000Mbps Full Broadcom Corporation NetXtreme BCM5704 Gigabit Ethernet
If you haven’t had a chance to play with ESX server 3.X, I highly recommend pinging your VMWare sales team to get an eval.
I recently came across the procinfo utility, and use it periodically to view system utilization and configuration data on the Linux servers I support. Procinfo is a monitoring utility that interfaces with the Linux /proc file system, and displays data such as CPU utilization, memory utilization, interrupts serviced and information on the modules that are currently loaded into the kernel. The full list of options is documented in the procinfo “-h” (print a help screen) option:
$ procinfo -h
procinfo version 18 (2001-03-02)
usage: ./procinfo [-fsmadiDSbhv] [-nN] [-Ffile]
-s display memory, disk, IRQ & DMA info (default)
-m display module and device info
-a display all info
-f run full screen
-i show all IRQ channels, not just those used
-nN pause N second between updates (implies -f)
-d show differences rather than totals (implies -f)
-D show current memory/swap usage, differences on rest
-S with -nN and -d/-D, always show values per second
-r show memory usage -/+ buffers/cache
-Ffile print output to file -- normally a tty
-v print version info
-h print this help
To see this nifty utility in action, you can run it without arguments to get the basic display:
$ procinfo
Linux 2.6.16-1.2122_FC5 (bhcompile@hs20-bc1-3) (gcc 4.1.0 20060304 ) #1 Sun May 21 15:01:01 EDT 2006 1CPU [fedora]
Memory: Total Used Free Shared Buffers
Mem: 515816 509384 6432 0 21924
Swap: 522104 76 522028
Bootup: Sat Jun 24 10:12:53 2006 Load average: 1.83 1.10 0.55 1/63 5420
user : 0:01:21.51 1.8% page in : 0
nice : 0:00:16.94 0.4% page out: 0
system: 0:01:24.18 1.8% swap in : 0
idle : 1:06:15.81 87.1% swap out: 0
uptime: 1:16:05.69 context : 350192
irq 0: 1136198 timer irq 9: 78 Intel 82801BA-ICH2,
irq 1: 232 i8042 irq 10: 183597 eth0
irq 2: 0 cascade [4] irq 12: 310 i8042
irq 6: 6 irq 14: 110425 ide0
irq 8: 1 rtc
In addition to displaying status information, you can also display the modules, devices and file systems that are present in the kernel by invoking procinfo with the “-m” (display module and device info) option:
$ procinfo -m
Linux 2.6.16-1.2122_FC5 (bhcompile@hs20-bc1-3) (gcc 4.1.0 20060304 ) #1 Sun May 21 15:01:01 EDT 2006 1CPU [fedora]
Kernel Command Line:
ro root=LABEL=/ rhgb quiet
Modules:
220 *ipv6 19 *autofs4 16 *hidp 34 rfcomm 23 *l2cap 43 *bluetooth
133 *sunrpc 5 ipt_REJECT 3 xt_tcpudp 12 *x_tables 20 dm_mirror 50 *dm_mod
12 lp 25 parport_pc 34 *parport 56 floppy 8 nvram 28 uhci_hcd
30 snd_intel8x0 82 *snd_ac97_codec 2 *snd_ac97_bus 4 snd_seq_dummy 28 snd_seq_oss 7 *snd_seq_midi_e
46 *snd_seq 9 *snd_seq_device 44 snd_pcm_oss 16 *snd_mixer_oss 75 *snd_pcm 22 *snd_timer
10 ne2k_pci 49 *snd 10 *8390 9 *soundcore 10 *snd_page_alloc 113 *ext3
51 *jbd
Character Devices: Block Devices:
1 mem 13 input 1 ramdisk
4 /dev/vc/0 14 sound 2 fd
4 tty 29 fb 3 ide0
4 ttyS 116 alsa 9 md
5 /dev/tty 128 ptm 253 device-mapper
5 /dev/console 136 pts 254 mdp
5 /dev/ptmx 180 usb
6 lp 189 usb_device
7 vcs 216 rfcomm
10 misc 254 pcmcia
File Systems:
[sysfs] [rootfs] [bdev] [proc] [binfmt_misc] [debugfs]
[securityfs] [sockfs] [usbfs] [pipefs] [futexfs] [tmpfs]
[inotifyfs] [eventpollfs] [devpts] ext2 [ramfs] [hugetlbfs]
iso9660 [mqueue] ext3 [rpc_pipefs] [autofs]
As with most utilities, you can also invoke procinfo with the “-f” (run full screen) option to get a full screen display that is periodically refreshed (you can control the refresh rate with the “-n” (pause N seconds) option).