Arrdino

Intro

Over the years I have been turning my desktop into a NAT router.. why for virtual machines of course!

If your using 1 virtual machine the virtual machine software does it for ya, but when you want to simulate your own virtual network, separate from the LAN your desktop is on this is how to do it.
I used to do this a lot back when I was working at the ANU, to enable a test network.. and now suddenly I need it again to work on multi master MySQL replication at work.

It easy to do, only a few commands really, but it something I like to have filed away, I have it on a private wiki, but thought why not post it here.

Routing in Linux

To turn on routing in your kernel at runtime, without needing to reboot, as root run:
echo 1 > /proc/sys/net/ipv4/ip_forward

To make this permanent, edit ‘/etc/sysctl.conf’  and turn on IP packet forwarding:
net.ipv4.ip_forward = 1

Now that we have packet forwarding (trouting) enabled, we need to use iptables to allow us to connect our private LAN to the internet via NAT.
To do this we need to write an iptables rule on the nat table to MASQUARADE every packet coming from the virtual or internal network interface and out to the world through our public interface.
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
Where eth0 is the public interface.

The above rule, after routing changes the source IP address to that of the public interface, so traffic can get back to this machine. once a packet is returned iptables knows to change it back to the hidden LAN machine’s IP address.

In many distributions, iptables default configuration is to ACCEPT all traffic going through the FORWARD chain. But I’ve noticed Fedora doesn’t. it actually rejects forwarded packets. To check this out run the command:
iptables -L

My Fedora 12 Desktop FORWARD chain by default  looked like:
Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
REJECT     all  --  anywhere             anywhere            reject-with icmp-host-prohibited

Which REJECT’s anything being forwarded.

There are many ways to solve this:
Insert a rule to accept all:
iptables -I FORWARD 1 -j ACCEPT

Flush the chain:
iptables  -F FORWARD

If the policy is DROP, then change it to ACCEPT:
iptables -P FORWARD ACCEPT

Finally if you need to port forward to a machine behind your new NAT router then use a rule like:
iptables -t nat -I PREROUTING -p tcp -i eth0 --dport 6346 -j DNAT --to 192.168.0.2:6346

And if your interested in rate-limiting then read: http://www.debian-administration.org/articles/187

By default Fedora 12 comes with the nouveau driver.. which is awesome, but my machine at work needed a bit more video card grunt so I needed to install the Nvidia driver.

Now I’m new to Fedora.. as in installed it an hour before I wrote this post, so thought I’d document here how to do it.
It wasn’t as straight forward as it _should_ have been, as apparently there is a bug in the current (at time of writing) version of Xorg, which causes X to run really slow. Anyway this is what you do:

1. Add the rpmfusion repositories (to gain access to proprietary and other packages not supported by Fedora).
   su -c 'rpm -Uvh http://download1.rpmfusion.org/free/fedora/rpmfusion-free-release-stable.noarch.rpm http://download1.rpmfusion.org/nonfree/fedora/rpmfusion-nonfree-release-stable.noarch.rpm'
2. Update yum:
   sudo yum update
3. Now install the Nvidia drivers:
   sudo yum install kmod-nvidia xorg-x11-drv-nvidia-libs.i686 xorg-x11-drv-nvidia-libs.x86_64
4. This should blacklist the nouveau, but doesn’t remove it from the initrd, so we run:
   sudo dracut -f /boot/initramfs-$(uname -r).img $(uname -r)
5. Then we can restart, or just restart X (sudo pkill kdm) to see the new Nvidia card in action.

You should now been using the new nvidia module, however on my Fedora 12 KDE installation the X response time was really slow. However on a friends Fedora 12 Gnome installation there wasn’t an issue.
Apparently it is a bug in Xorg, but seeing as it doesn’t effect a friend it makes me wonder if it is a KDE/Xorg/Nvidia bug.

Anyway to fix it up we need to install a patched Xorg:

1. First we need to add a repository:
   sudo vim /etc/yum.repos.d/xorgFix.repo
   And paste the contents:
   [rdieter]
name=xorg-x11-server rebuilds for nvidia users
baseurl=http://rdieter.fedorapeople.org/repo/fedora/$releasever/$basearch/
enabled=1
gpgcheck=0
2. Run ‘yum update’  again, and it should need to update Xorg. Update it then restart X.

X should now run correctly. Phew.. not too hard right.

Most Java developers know eclipse is an awesome IDE, it’s customisation and auto-completeness is great.. It even auto completes annotations in the code far ya.

When added a @author annotation to some code, it’ll automatically try and add your name.. which is great, but it uses your logon name, not my real name. It’s not that big a deal, cause retyping your name is easy!

But curiosity got the better of me, I wanted to know if there was a place you can set the author name correctly.. and there is! When starting eclipse you can pass in an option:
eclipse -Duser.name=Matthew Oliver

But most people want to run eclipse from the menu, sure you can update the menu item, but there is another way. In the eclipse installation directory there is an eclipse.ini file, just append -Duser.name=<name> and that’s it.

For those of you following along at home, or those of you who are sysadmins, may realise that is a major problem.. can you figure it out?

By setting the user.name in the ini file, you forcing the user.name for everyone who uses eclipse on that machine, if there is only one person then there is no problem, but if there’s more however…

Maybe editing the menu item is better after all or maybe there is an eclipse.ini file under ~/.eclipse somewhere!! Who knows.

FUSE (Filesystem in userspace) gives not only non privileged users a little more power, but also allows file systems that for legal reasons cannot be linked to the kernel life on a Linux system.

Thanks to this fuse layer, you can access gmail as a harddisk, ssh mount devices, and now you can finally access your iphone or ipod as a harddisk under linux thanks to the iFuse filesystem!
Here is a link to an ubuntu geek howto on installing and using iFuse!

Chris sent me a link to this article.

It’s quite a good read, it’s not bagging out Windows per say, but makes a great point about habit and how hard software is. A lot of you out there have a bad image of Linux, thinking it’s too hard and that you need to be a geek, sure that was true 5 – 10 years ago, but a lot has changed! Sure it’s hard but if you think about it all operating systems are, Linux actually does a great job of simplifying tasks. I don’t care what people say, installing an app in Linux is SO much easier then even that of OSX or Windows.. it’s just you can’t install Windows software on Linux, just like you cannot install Windows software on OSX.

Anyway if your interested then give the article a read!

I think the title says it all, I was just checking something at work and needed to run one of our Java apps using the command line, I did the standard:
java -cp jarfile1.jar:jarfile2.jar au.gov.


and hit tab key twice out of habit and to my surprise bash had checked the jar files inside the command I was writing and presented me with all the class options!!

Bash auto completion just continues to impress me! Thank you bash, you have just made my life SO much easier yet again.

For those of you who have no idea what bash is, its a terminal shell used by default in Linux.. so for those of you out there not yet using Linux, here is yet another reason to do so.

OSX also uses bash as the default shell for the terminal, so I’ll now have to test it on my macbook.. after a quick test the answer is no, OSX is either using an older version of bash which doesn’t support this feature, or hasn’t turned on/set up all the autocompletion features by default.

I had a chat with a friend at Church yesterday morning about traveling, and that when visiting a country hanging out with the locals is a good way to experience the culture.

For those who are well traveled, and maybe for those who have not, this may be obvious… And it was to me as well… But like most revelations knowing logically and actually experiencing or really getting it can be very eye opening.

As I look back at my travels I can now see this clearly. Probably my favorite country I’ve visited so far was South Korea, why? Because I actually felt like I got to know/experience the real people of Korea.

Don’t get me wrong, I’ve really enjoyed all the countries I have visited, but for a lot of them I was doing the whole touristy thing. Backpacking, sure, but mainly visiting sites. I met a lot of people, but feel as I was only meeting people briefly, they were treating me as a tourist, and as they should.

My experiences in Korea were different.. firstly the major reason was to visit a mate, not exclusively as a tourist, although he did take me to see some of the touristy places.. but we also met and hung out with a lot of his Korean friends. The pinnacle of which was visiting his Church in Seoul, which at first felt like people were greeting me simply because I was visiting and a tourist, but it felt like it changed during the day, it was like I started to see the real people, and they were involving me in there normal behavior. Even though I was on the other side of the world, even though the culture was foreign I felt comfortable, at ease, accepted and included.

From that point on I have tried to do my best at doing the same for all the non-Australian people I meet here in Oz.. and have probably scared some of them off as well!

So for those of you who are or are planning to travel, remember this, the best part of traveling is meeting the people and experiencing the culture. If you’ve gone all that way, then don’t miss the opportunity to meet the “real” people.

And for those of you who think this is common sense or have already figured this out.. why did you read this far?

As most IT professionals know, if you become an ‘IT guy’ you will forever be the guy friends and family goto when machines break or play up.

And as IT guys we learn to accept this from an early stage, and am in fact happy to give IT support..
BUT there is something that really annoys me..
If I’m feeling sick and goto my brother, or other nursing friends and get advice, I listen, as they are health care professionals, if it is something to do with health food/vitamins etc, then I listen to my sister, a naturopath.

In fact everyone seems to love free advice from professional friends.. but when it comes to IT, I find time and time again people ask me to fix something, and sometimes for advice, but rarly listens or acts apon my advice, as if they have it all under control.

It’s like becuase it’s IT they can handle it… or is it, if it breaks they can take it to me to fix?
I dunno, but I am an IT professional, I’m not after money from them, in fact I’m trying to help them! So why doesn’t people listen? Or heed my warning?

I’m getting to the point where, sure I’ll help you fix something, but why bother giving professional advice when noone seems to care or listen.

So good luck friends and family, what would I know anyway, I’m just an IT professional.

Here ends my rant!!

I’ve been updating our ant build scripts to compile all our third party library’s from source for two reasons:

1. So we don’t keep binary blobs under CVS, and
2. So it is easy to distribute the source of the libraries we use.

Ant is a very powerful build system, and everything was moving along swimmingly until I was working on calling the JavaHelp build script, which is nice and smart, but it’ll seem too smart for it’s own good! It automatically downloads its dependencies for you, the only problem is at work we are stuck behind a very annoying web proxy.

But never fear ant came to the rescue! Ant allows you to put a <setproxy .. /> tag into your build script to set a proxy, yay!!

BUT…

Can anyone see a problem here? When we are working on build scripts for some open source apps we write here at work, then adding the proxy to the script is good and fine here, but it WILL break for all users out in the big wide world who use our software… if only there was an easier way.

I talked to Chris and he came solution… one that I should have thought of myself, environment variables!

Ant checks an evironment variable called ANT_OPTS for, strangely enough, ant options. To set the proxy settings:

export ANT_OPTS="-Dhttp.proxyHost=localhost -Dhttp.proxyPort=5865 -Dhttps.proxyHost=localhost -Dhttps.proxyPort=5865"

NOTE: Change localhost and the port to the port of your proxy server.

Isn’t it great when you find a command line gem in Linux!

I’ve been using the ‘time’ command for years, and it was only up recently that I was told that the time command I’ve been using was the time command built into bash. There is a GNU time command, which has always been installed but I’d never used!

Chris was the one who stumbled across this while attempting to use some time options specified in the time man page which wasn’t working. That’s when he realised the man page was for GNU time not bash’s implementation.

GNU time is awesome!! You can grab a whole heap of useful stats about the process your timing, not just the time. To quote the GNU time website:

The `time’ command runs another program, then displays information about the resources used by that program, collected by the system while the program was running.

I had a play with GNU Time and set up some format strings I find kinda cool, I’m not using all information from the file, check the man page if you wanna add extra goodies but here is what I’ve got:
A formatted time display:

/usr/bin/time -f "Exit Status: %x\nCPU %%: %P\nMemory:\n Unshared: %D\t\t\tAvg Total Mem: %K\n Major Page Faults: %F\t\tMinor Page Faults: %R\n No. Swaps Out of Mem: %W\tNo. Invol Context Swiches: %c\tNo. Vol Context Switches: %w\nTime:\n Realtime: %E\t\tSystem Time: %S\t\tUser Time: %U"


In which the time output looks like:

Exit Status: 0
CPU %: 98%
Memory:
Unshared: 0 Avg Total Mem: 0
Major Page Faults: 0 Minor Page Faults: 3241
No. Swaps Out of Mem: 0 No. Invol Context Swiches: 35 No. Vol Context Switches: 2
Time:
Realtime: 0:00.29 System Time: 0.01 User Time: 0.27


And a simple tab seperated version easy for parsing:

/usr/bin/time -f "%x\t%P\t%D\t%K\t%F\t%R\t%W\t%c\t%w\t%E\t%S\t%U"

NOTE: The parse time command doesn’t have any labels, the columns are the same as the detailed format string.

Which looks like:

0 100% 0 0 0 3240 0 153 2 0:00.30 0.03 0.26


Unfortunately, the memory usage stats don’t seem to work… I’ll have to look in to why, is it a bug? am I doing something wrong? … not sure but if I figure it out I’ll let y’all know!.

UPDATE

Well as it turns out GNU Date is a little outdated…I had a quick look at the source code to see what was happening as to why the memory stats would only ever be 0. As it turns out to calculate memory usage they are using an algorithm that requires the number of kernel ticks. And for those of you who are unaware the Linux kernel has been tick-less since version ~2.6.21.

So no ticks equals no memory calculations.. hopefully GNU will rectify this problem cause as I stated earlier, GNU Date is a gem.