Andy Cottrell

Using route and iptables to proxy traffic

andy — Thu, 10 Sep 2009 07:17:29 +0000

As part of an experiment at work, I wanted to intercept all traffic on port 80 that was headed to a certain IP address. To handle the traffic, I built a python script using BaseHTTPServer based around this sample code and ran it on .202 - one of my CentOS 5.2 boxes.

Next step was to get the traffic to the right machine. As the browser was on a Vista box, I used the windows command route ADD 82.94.164.162 192.168.0.202 Yes that’s the python.org website. I often use that for testing as is generally well behaved and doesn’t seem to do ’special’ things.

Now I needed to tell the .202 box to not forward the traffic, but to deliver it locally. iptables to the rescue: sudo /sbin/iptables -t nat -A PREROUTING -p tcp -j REDIRECT

Didn’t even need to poke a hole in the iptables firewall as this seemed to do the job without.

iptables is BUCK!

Converting VMWare 1.0.6 preallocated virtual disks to growable

andy — Tue, 17 Feb 2009 04:26:22 +0000

Running out of space on your VMWare Server? Try this to convert some of your larger preallocated disks to growable. This way they only consume the space on the disk that they currently need, and will not consume disk space on the host drive for disk space on the guest systems whic is in fact empty and unused.

Stop the VM, then:

vmware-vdiskmanager -r GuestVM.vmdk -t 0 NewGuestVM.vmdk

This will create a new, growable, copy of the original drive. Then you will need to point the VM at the new drive (or delete the original and rename the new one back to the same name as the old).

I assume there is a performance penalty for doing this. But if you are running out of space, this can at least buy you some time.

While you are messing around on the command line, you could use the following to defrag the VMDK file for better perfomance.

vmware-vdiskmanager -d Guest.vmdk

CentOS 5.2 does not install on VMWare Server 1.0.6

andy — Mon, 16 Feb 2009 05:38:49 +0000

This is a known bug inherited from RedHat.

http://rhn.redhat.com/errata/RHSA-2009-0225.html

Workaround is to add

scsi0.virtualDev = "lsilogic"

to the .vmx file before installation.

To read a CD into an ISO on CentOS 5.2

andy — Fri, 02 Jan 2009 23:59:36 +0000

dd if=/dev/cdrom of=your_image.iso

Mounting the CDRom on Centos 5.2

andy — Fri, 02 Jan 2009 23:20:56 +0000

Ensure the mount point /mnt/cdrom exists.

To perform the mount:

mount -t auto /dev/cdrom /mnt/cdrom

If the symbolic link /dev/cdrom is not there, then try:

mount -t auto /dev/hdb /mnt/cdrom

replacing hdb with whatever your device is called.

Poking a hole in the CentOS firewall

andy — Fri, 02 Jan 2009 20:05:54 +0000

With CentOS 5.2 (as ever), use the following to enable a listening tcp port (in this case 8000) to be accessed through the firewall.

sudo /sbin/iptables -A INPUT -p tcp –dport 8000 -j ACCEPT
sudo /sbin/service iptables save
sudo /sbin/iptables -F

Enabling RDP on Windows Vista Home

andy — Sat, 27 Dec 2008 15:44:02 +0000

The instructions for retrofitting Terminal server to Windows Vista Home are here. This enables Remote Desktop to that machine.

Enabling RDP on Windows XP Home

andy — Sat, 27 Dec 2008 13:14:09 +0000

The instructions for retrofitting Terminal server to Windows XP Home are here. This enables Remote Desktop to that machine.

Diagnosing HDD performance under Windows

andy — Thu, 25 Dec 2008 19:19:16 +0000

I have never really found a good way to diagnose HDD performance problems under any version of Windows, especially not Vista. I did, however, recently find this cool util which is a useful tool to keep at hand. Simple install, intuitive GUI and it just works (as admin under Vista). HD Tune

Setting up an NTP client on CentOS 5.2

andy — Sun, 07 Sep 2008 05:03:56 +0000

The best way to make sure servers have the correct time set on their system clock, is to use NTP to synchronize the clock to an external time source. I always use pool.ntp.org as the external source, as this represents a pool of servers who are willing to provide the service. All sorts of things can go wrong if you do not keep clocks set accurately - especially security stuff where ticket and certificate validity periods get checked automatically. I set this up on my CentOS box as follows (as root).

To check the client was installed: yum list ntp
It was: ntp.i386 4.2.2p1-8.el5.centos.1 installed
If it had not been, I would have used: yum install ntp
To get the client started on system start: chkconfig ntpd on
To force a sync of the clock to NTP now: ntpdate pool.ntp.org
To start the service as if the system had been powered on: /etc/init.d/ntpd start