Latest Entries

FreeBSD disk/partition resize – grow on version 7.x or older under vmware ESXi

I’ve tried this on vmware ESXi4.1.

First, shut down the server and enlarge the disk size in the VM config.

Boot into single user mode (press 4 and boot).

Check the block count of the new disk (seen at boot – dmesg) – in our case 419430400.

Update the partition size with fdisk -u /dev/da0

when asked, the start of the updated partition stays the default but the end of the partition you can write the block count of the new disk (419430400). Actual end is less that this size, but fdisk sees that and it suggests the correct number which you can agree on.

you can check if all went well with fdisk -s. It should be the new block size (little less that the block cound of the disk) – write down this number.

fdisk -s

time to update the slice table. This is done by:

bsdlabel -e da0s1

There you edit the number under “# “raw” part, don’t edit”. Funny :-) You must change the number here to the block count seen with “fdisk -s” after updating partition.

And then change last line – usually entry “f” which is by default “/usr”. Remember that you can only grow the last partition !!.

Change the first number of the “f” entry with the number which is number of blocks seen via “fdisk -s” minus the offset of the f entry (next number in line).

Save this config.

Now the partition is bigger but the filesystem doesn’t know about it. This is where growfs comes in (was surprised to see that it has been introduced in BSD 3.x).

growfs /dev/da0s1f

resize growfs

and there, you have resized partition.

type CTRL+D to boot into the new – grown partition.

I noticed that this procedure works only for version smaller than FreeBSD 8.
It should work on higher versions but I’ve seen very unstable behaviour – kernel crashes… after using fdisk/diskabel.

For versions FreeBSD 8+ the utility gpart (don’t confuse with gparted !!!t) is used which will be described in next post.

shell output history in screen(1)

We all know the great things screen can do for a sysadmin – you can detach running process and come back to see it anytime.

But if you want to see what was happening while you were gone, you need to browse the history of the shell process.

It’s simple, CTRL+A [. That means CTRL+A to enter command mode, then release it and press character “[“.

More in detail here.

syncing FreeBSD server with NTP is simpler than you may think

After setting up a config file for the NTP on every server, i figured out that a stock settings just work.

so adding:

ntpd_enable="YES"
ntpdate_enable="YES"

to the /etc/rc.conf just does the trick (and starting services if not rebooting the server).

After some moments of running the ntp client you can check it with:

# ntpq -c peers
remote refid st t when poll reach delay offset jitter
==============================================================================
*ntp2.Housing.Be 128.32.206.55 2 u 16 64 377 189.371 -14.785 5.513
mighty.poclabs. 169.229.70.64 3 u 28 64 377 132.913 -14.411 5.034
+vps1.cobryce.co 64.235.98.66 3 u 16 64 377 180.600 -22.410 5.258

where servers marked with * are the selected server and + are the candidates for ntp sync.

blocking certain MAC addresses from joining your Cisco AP

In hope for an energy to revive this blog, a quick post.

If you need to block an abuser flood-trying to connect to your AP, resulting in multiple radius connections and error messages, you can make ACL on AP like this:

# access-list 760 deny 0002.725f.93c3 0000.0000.0000
# dot11 association mac-list 760

where 0002.725f.93c3 is the abusers mac address.

Happy banning,
S.

FreeBSD and shared iLo 2 port on HP servers

In order for HP iLo 2 management interface to continue working on a shared ethernet port after FreeBSD kernel loads the bge drivers, you must add following line to /boot/loader.conf

hw.bge.allow_asf="1"

And reboot.

Hope it will save you some minutes figuring it out…

S.

automatic login to Cisco routers / firewalls

Since many of you are still connecting to your Cisco boxes with the plain ssh/telnet command (typing password every time) and since Cisco boxes don’t have SSH public key authentication, the tool to use comes from Rancid (Really Awesome New Cisco confIg Differ) package.

It’s called “clogin” as Cisco login script.

It requires all the credentials in ~/.cloginrc file (protocol / password / enable).

Syntax of .cloginrc file can be found here.

and usage is simple, just clogin hostname

And besides loging it’s very usefull for multiple box configuration. Let’s say you just need to write configs of your 5 routers.

clogin -c "write;exit" router1 router2 router3 router4 router5

and Voila !

S.

Mikrotik simple bandwidth control

There’s a really easy way of controlling bandwidth of an interface (e.g. guest interface).

It’s done via queues:
/queue simple add interface=guest max-limit=2M/2M disabled=no

Where “guest” is the interface name and 2M is the down/uplink speed in bps you want to shape it to.

More about this on Mikrotik Wiki

S.

HP-UX ssh X11 forwarding not working for certain applications

I had a strange issue with hp-ux x11 forwarding over ssh. xclock, xterm ran fine but hpterm and some other x11 programs didn’t start, claiming error:

X11 connection rejected because of wrong authentication.

after some searching I found following fixed the issue:

/opt/ssh/etc/sshd_config:
X11UseLocalhost no
(must be set to no, default is yes)

S.

Cisco ASA failover fail if IPv6 enabled

I can’t believe it…

Failover on Cisco ASA silently stops working after you enable ipv6 configuration.

We’re used of stupid Cisco bugs, but this wins it all !

S.

  • September 27, 2009
  • In IPv6
  • 2 comments

IPv6 over IPv4 tunnel with Mikrotik & Cisco router

Time when native IPv6 network will come right to your home is still far away. So tunneling IPv6 network over IPv4 to some IPv6 enabled site is a way to go.

Configuration is easier than expected and it worked right away. In my case Cisco 7600 series is at the data center where native IPv6 is established and Mikrotik RB450 ( a choice for home router – really powerful and really cheap).

One /64 subnet is assigned for the tunnel (point-to-point) and /48 is then routed to it. Yes. In IPv6 /64 subnet of 18446744073709551616 IPs is used for point-to-point tunnel (2 IPs).

On Cisco 7600 – interface (99.. is a 7600 public IP as 22.. is my home public IP):
interface Tunnel0
description --- test ipv6 in ipv4 tunnel ---
no ip address
ipv6 address 2AAA:BABA:101:1::1/64
tunnel source 99.99.99.99
tunnel destination 22.22.22.22
tunnel mode ipv6ip

and route:
ipv6 route 2AAA:BABA:BEEF::/48 2AAA:BABA:101:1::2

and on Mikrotik:
/interface 6to4 add disabled=no local-address=22.22.22.22 mtu=1280 name=ipv6tunnel remote-address=99.99.99.99
/ipv6 address add address=2AAA:BABA:101:1::2/64 interface=ipv6tunnel
/ipv6 route add disabled=no dst-address=::/0 gateway=ipv6tunnel

And that’s it. You can configure local interface on Mikrotik, like this:
/ipv6 add address=2AAA:BABA:BEEF:DEAD:1/64 advertise=yes interface=ether2

Local machines, if properly configured should receive advertised IPv6 prefix and configure itself for IPv6.

That’s for now, more about IPv6 soon ! HaveAnice !!

S.

Copyright © 2004–2009. All rights reserved.

RSS Feed. This blog is proudly powered by Wordpress and uses Modern Clix, a theme by Rodrigo Galindez.