sudo nano /etc/X11/xorg.conf

In the text editor – find the section of the file labeled Section “Device”.  The ending of this section is simply EndSection.  Add the following line before the EndSection statement:

Option    "HWCursor" "false"

Simply restart X either by restarting XBMC or the machine completely.  The cursor should now stay gone for good!

Squid3
Squid3 works as a web-cache proxy which means that while you browse, the content you are retrieving can also be cached for faster retrieval on the machine running the proxy – based on a set of rules in the proxy’s configuration files. This is not to say that ALL content gets cached, due to the fact that most content you are retrieving is dynamic, and it wouldn’t make sense to cache it due to the fact that you would quickly be viewing outdated material. In fact, in most environments only a small amount of content gets cached – which is why a web-cache proxy becomes more effective with more users working behind it. With a one-user environment the speed increase given by the cached content may not even offset the costs of running the proxy. With a multiple user environment there is most likely a significant amount of overlap in the viewed content and leads to the web-cache loading more of the local cached content versus retrieving new material each time. Although the amount of users on such proxies are not limitless as, due to the nature of a web-cache proxy, it will have to perform many reads/writes to its drives to receive and deliver cached content – and without adequate hardware to handle these read/writes, the network will actually suffer in performance as it will be bottlenecked by the proxy’s speed. If you have more questions about what exactly squid is and how it works checkout Squid’s site.

With all of this being said, the decision to implement a proxy on your network will need to be carefully examined by the needs and amount of throughput of the network. Keep in mind that Squid can be majorly tweaked to fit the needs of the network – so looking at the configuration options available is not something to be ignored.
Okay, enough with the explanations, on to the fun part – installation and configuration!

Target Setup:
There are many ways to setup Squid. The most simple is re-directing all traffic to a Squid box on the local network through your software. This requires simply adding the Squid box to the network and directing the web applications on the clients as needed. But those of us administering larger networks know that redirecting client browsers is a pain, and look toward a more automated solution. This was the reason I chose to setup this Squid box as transparent. It is transparent in the sense that no changes will be needed on the client-side for any network settings or re-direction in order for the proxy to be implemented. The diagram below illustrates this setup:

Diagram created using Gliffy

For clients, they have the following settings:

IP Address: DHCP (in the 192.168.2.0 subnet)
Gateway: 192.168.2.1
DNS: whatever you want, doesn’t affect this setup as long as they are working DNS servers.

The running Squid3 box will simply pass all traffic on eth0 to eth1 and vis versa, but will intercept all traffic on port 80 and re-direct it to the port that Squid is running on. From here, Squid will work its magic in either delivering the cached content to the client or retrieving it and then caching as needed. The client will have no idea where the content is being delivered from, and should ideally only notice it is being received quickly.

Installation:
I completed the following steps on a machine running Ubuntu 10.04 with 2 NICs installed (eth0, eth1). We will assume eth0 will be the incoming line from the gateway, and eth1 is the outgoing line to switch which the clients access (demonstrated in diagram).

sudo apt-get install squid3

That was simple enough… Most of the work is completed in the configuration.

Configuration:
We need to first add a few lines to the squid configuration file to make the proxy transparent.

sudo nano /etc/squid3/squid.conf

Add the lines below to the configuration:

http_port 3128 transparent
acl localnet src 192.168.2.0/24
acl localhost src 127.0.0.1/255.255.255.255
http_access allow localnet
http_access allow localhost

This next line is optional – it changes the default size for Squid’s cache to 5000MB to be stored in /var/spool/squid3.

cache_dir ufs /var/spool/squid3 5000 16 256

After making the changes above, save the configuration file and restart squid3. If there are errors Squid should fail to start.

sudo /etc/init.d/squid3 restart

I found ebtables easier to configure the bridge to pass traffic accordingly than iptables. You can use whichever you’d like.
Install ebtables and enter the lines below to pass traffic through accordingly. The port at which Squid is set to run by default is 3128, but if you have changed this in the squid configuration make sure and make the change in the rule accordingly.

sudo apt-get install ebtables
sudo ebtables -t broute -A BROUTING -p IPv4 --ip-protocol 6 --ip-destination-port 80 -j redirect --redirect-target ACCEPT
sudo iptables -t nat -A PREROUTING -i br0 -p tcp --dport 80 -j REDIRECT --to-port 3128

Also, enable traffic to be passed through both IPv4 and IPv6 on the local machine by uncommenting the following lines in /etc/sysctl.conf

sudo nano /etc/sysctl.conf
(uncomment the following)
net.ipv4.ip_forward=1
net.ipv6.conf.all.forwarding=1

You will need to install the bridge-utils to configure the bridge within your /etc/network/interfaces file.

sudo apt-get install bridge-utils

After configured my /etc/network/interfaces filled looked like this:

auto lo
iface lo inet loopback

auto eth1
iface eth1 inet static
address 192.168.2.199
netmask 255.255.255.0
network 192.168.2.0
broadcast 192.168.2.255
gateway 192.168.2.1

auto br0
iface br0 inet static
address 192.168.2.200
netmask 255.255.255.0
network 192.168.2.0
broadcast 192.168.2.255
gateway 192.168.2.1
bridge-ports eth0 eth1

Save this file and either reboot the system or restart networking and squid3.

sudo /etc/init.d/networking restart
sudo /etc/init.d/squid3 restart

After this go to one of your client machines and browse the web for a few seconds. You can then tell if squid3 is working correctly by checking the logs:

tail /var/log/squid3/access.log

This should show you the requests as they are received by squid3. Make sure and check traffic on other ports as well to ensure that it is being passed through correctly.
If traffic is not being passed correctly or squid is not logging any requests a good step to take would be to set the client machine’s browser proxy settings to direct right to the proxy. See if browsing is now working correctly. If so, squid3 is working correctly but there is most likely an issue with the traffic passing rules on the machine the proxy is running on.

Conclusion:

These were all the steps I completed to get my transparent proxy running successfully. Obviously you can tweak to fit your needs. The other added benefit of running the proxy in the “transparent” mode is that if the box fails you can simply disconnect the cable from the gateway to the proxy and plug directly into the client switch and the network will continue to function (obviously without local caching enabled).

Hopefully this helps others out there attempting to complete a similar setup. If you notice any errors with this tutorial please let me know. Thanks for reading.

I’m using 2 machines.  “localpc” is the machine which will run the script so I want passwordless login to the other host.  “remotepc” is the machine I wish to login to.

Clear your .ssh/ directory on both localpc and remotepc for the user you wish to login as.  This helps to start from scratch with no possible issues in the key files.

sudo rm –R /home/user/.ssh/*

Login to localpc from remotepc through SSH normally:

ssh user@localpc

and do the same from the other machine:

ssh user@remotepc

I’m not completely sure why but this helps alleviate a “no identities error” that can happen later on.

On localpc:

Create an RSA key:

ssh-keygen –t rsa

Chose the default Save location (Just press Enter)

Chose no passphrase (Press Enter again)

On localpc:

ssh-copy-id -i /home/user/.ssh/id_rsa.pub user@remotepc

Make sure and change the user and remotepc to the names that represent your setup.

You’re Done!  Test it out. 

On localpc:

ssh user@remotepc

sudo apt-get upgrade

install newest versions of packages on machine

sudo apt-get dist-upgrade

upgrades all packages on system, handle dependency changes (remove obsolete packages).  This command prepares the system for upgrade but since /etc/sources.list is not changed to the sources for the newer distribution it will not actually upgrade to the newest version.

To actually perform a distribution upgrade the following command should be used (ensure you have a backup before issuing this command.  The upgrade could make your system unstable):

First, check which version you are currently running using the following:

lsb_release -a

Next, you can download the newest update manager and issue the upgrade command:

sudo apt-get install update-manager-core
sudo do-release-upgrade

All of these commands should be used with caution as you are directly affecting your software packages installed on the system.

This site was very helpful in my initial investigation of the differences of this command.

sudo rndc dumpdb –all

After that I simply navigated to /var/cache/bind and issued the command

ls –lah

and was shown that it consumes 649K in memory from the output of the command above:

-rw-r--r--  1 bind bind 649K 2010-05-02 08:15 named_dump.db

I’m not a BIND expert and am actually stumbling around with some custom zone settings but I thought this was worth mentioning.  I’m also assuming this is quite small for a db size since this was only setup for testing for a 1 user network.  Nevertheless, it would be useful to check that you have adequate memory to handle the database size if you are deploying a DNS server for your network. I believe you can also limit the cache size if needed, but I don’t think I’ll be needing that option added to my config anytime soon.

If you haven’t already, read up on the rndc command – because it’s quite powerful.  In addition, make sure you are using the latest stable version of BIND to (as well as other benefits) protect against cache poisoning.

wget http://download.plop.at/files/bootmngr/plpbt-5.0.10.zip

sudo apt-get install unzip

unzip plpbt-5.0.1.0.zip

cd phpbt-5.0.10/

Insert the floppy to write to into the drive.  I’m assuming it’s located at /dev/fd0.

fdformat /dev/fd0

dd if=plpbt.img of=/dev/fd0 bs=1440k

Once you complete this you have created the bootable floppy and can now boot the machine to the floppy which contains the boot manager.  You will need to ensure that the installed floppy drive is listed on the boot list.  Note that the ISO is also included in the downloaded package if you would rather create a CD.

After you boot into PLoP there is a list of available boot options.  USB should be an option in the list and you simply select that as the boot option, press Enter, and your USB bootable drive can now be accessed!  Note:  Once booted to USB I could *only* use PS/2 keyboard and mouse with the machine.

#!/bin/bash

#dv backup script

src=/media/dv 

dest=/media/dv-backup

log=/var/log/backup/dv-backup.log

echo "---" $date "-------------------" >> $log

rsync -t -r -v --delete $src $dest >> $log

echo "--------------- END ---------------" >> $log

I have my backups log in /var/log/backup/ and they merely append the file each time Rsync runs.  I’m aware this is quite a simple script and could even be consolidated to one line.  However, I found that breaking this up makes it easy to read and change.  Also, who wants to remember every Rsync switch they want each time they want to perform a differential backup?

One quick change you could make to make it require less manually editing is replace the variables to take the terminal arguments.  Such a revision is listed below:

src=$1

dest=$2

log=$3

echo "---" $date "-------------------" >> $log

rsync -t -r -v --delete $src $dest >> $log

echo "--------------- END ---------------" >> $log

Usage to achieve same result as original:

./backup.sh /media/dv /media/dv-backup /var/log/backup/dv-backup.log

Both script revisions are attached:  backup.sh backup2.sh Use at your own risk.. don’t blame me if you incorrectly wipe a drive!

The setup for bonding the NICs is actually quite simple.

sudo apt-get install ifenslave
sudo nano /etc/network/interfaces

Comment out your current configuration lines using the “#” before all lines.  The following was my setup for the bond address configuration:

auto bond0
iface bond0 inet static
     address 192.168.2.200
     netmask 255.255.255.0
     broadcast 192.168.2.255
     gateway 192.168.2.1
slaves all
bond-mode 0
bond-miimon 100

This configuration will use all of my network devices in the bond (which in this case is just 2) and give the IP address 192.168.2.200.  Note that I specified bond-mode 0.  There are several other bond types (some of which require a 802.3ad capable switch) and it would be worth your while to read up on them to find which would be best for you.

Another thing to note in this configuration is that I used bond-miimon 100.  This means that the links will be checked for failures every 100 milliseconds.  Setting this value to 0 disables checking for link failure.

Save and exit the configuration file.  From here you can take the interfaces down by issuing:

sudo ifdown eth0
sudo ifdown eth1

At this point I connected the 2^nd Ethernet cable and restarted the networking services

/etc/init.d/networking restart

Simply type ifconfig and you should see bond0 in the list and listed as UP BROADCAST RUNNING MASTER MULTICAST and all others as UP BROADCAST RUNNING SLAVE MULTICAST.  Next we will test performance of the connection to ensure that the bond is functioning as it should.

Using iperf I can test the bandwidth utilized between the server and client in memory (which takes the drive write bottleneck out of the equation).  To setup iperf see my previous article on using iperf.

I have 192.168.2.101 setup as the server and 192.168.2.200 (the bonded NICs) as the client.  I issue the following command to test my connection:

Iperf –c 192.168.2.101 –i 2

The output was as follows:

------------------------------------------------------------
Client connecting to 192.168.2.101, TCP port 5001
TCP window size: 16.0 KByte (default)
------------------------------------------------------------
[  3] local 192.168.2.200 port 33878 connected with 192.168.2.101 port 5001
[ ID] Interval       Transfer     Bandwidth
[  3]  0.0- 2.0 sec  44.8 MBytes    188 Mbits/sec
[  3]  2.0- 4.0 sec  44.9 MBytes    188 Mbits/sec
[  3]  4.0- 6.0 sec  44.9 MBytes    188 Mbits/sec
[  3]  6.0- 8.0 sec  43.9 MBytes    184 Mbits/sec
[  3]  8.0-10.0 sec  44.8 MBytes    188 Mbits/sec
[  3]  0.0-10.0 sec    223 MBytes    187 Mbits/sec

You can see that now the connection is reaching ~188Mbits out of the theoretical 200Mbits that the bond provides (remember we are using 2x 100mbit lines).  This is exactly the result we want.

Next, I wanted to test the fault of one line.  I disconnected one one of the cables from the dual NIC and ran the iperf connection test again.

------------------------------------------------------------
Client connecting to 192.168.2.101, TCP port 5001
TCP window size: 16.0 KByte (default)
------------------------------------------------------------
[  3] local 192.168.2.200 port 33879 connected with 192.168.2.101 port 5001
[ ID] Interval       Transfer     Bandwidth
[  3]  0.0- 2.0 sec  22.5 MBytes  94.4 Mbits/sec
[  3]  2.0- 4.0 sec  22.4 MBytes  94.1 Mbits/sec
[  3]  4.0- 6.0 sec  22.4 MBytes  94.0 Mbits/sec
[  3]  6.0- 8.0 sec  22.5 MBytes  94.2 Mbits/sec
[  3]  8.0-10.0 sec  22.4 MBytes  94.0 Mbits/sec
[  3]  0.0-10.0 sec    112 MBytes  94.2 Mbits/sec

You can see that the bandwidth has fallen back down to 94Mbits but the line still worked correctly without any traffic loss.

That’s it!  Pretty simple to setup and test the bond.   If you are creating a bond purely for the bandwidth increase keep in mind that system bottlenecks can still hinder performance – your hard drive write speed being the most likely.

With such a simple setup for this networking task it shows another benefit Linux servers can provide in comparison to Windows servers which (to my knowledge) do not natively support link aggregation.

The question I asked myself after this setup was: How does the 802.3ad configuration (mode 4) differ from mode 0 which doesn’t require switches with 802.ad support?  After some further research I found that while mode 0 uses sequential transmission, it can often receive packets out of order which creates the need for segment retransmission (as mentioned here).  It seems that mode 4 is able to receive all packets in order which produces an overall increase in efficiency.  I would be curious to see some performance benchmarks between the two and plan to do so once I have a managed switch – so stay tuned!

Now a quick guide to get things up and running. The guide will be for two Ubuntu machines, testing network performance between the two.

1.Install – Type the following in terminal “sudo apt-get install iperf ” for both machines

2.Server Setup – Decide upon a server machine and a client. On the server type the following in terminal “iperf -s ”. This will place iperf in server mode, and it will listen for incoming connections.

3.Client Setup - On the client machine you have a lot of options to play around with regarding how you want to connect to the server. You can explore what each of these are by typing “iperf –-help ”. The following is a simple test between the server (192.168.2.104), and the client (192.168.2.103).

4.Testing - Type “iperf 192.168.2.104 -i 2” (replacing the IP here with the test server IP and then enter key to start testing. This will connect to the server running on 192.168.2.104 and have an interval of 2 seconds. There will then be 6 tests completed. This should give you all of the information you need regarding your connection speed between the two machines.

This should be enough to get you started using iperf. Check out the man page here if you have any usage questions.