Ajitabh Pandey's Soul & Syntax

Exploring systems, souls, and stories – one post at a time

Category: FLOSS

About Free/Libre/Open Source Software

  • NIC Bonding

    NIC Bonding is a technique in which multiple Network Interface Cards (NICs) are logically bonded together and presented as a single interface to the outside world.

    Before activating bonding it is recommended that the NICs are working alright. mii-tool can be used for this:

    $ sudo /sbin/mii-tool
eth0: negotiated 100baseTx-FD, link ok
eth1: negotiated 100baseTx-FD, link ok

    Bonding Driver in the Kernel

    The first thing is to check whether the bonding driver module is already loaded or not.

    $ sudo lsmod|grep bonding

    If you do not see anything in the output then the bonding driver is not loaded. Most distribution’s default kernel compiles and installs the bonding driver module. To find out whether your distribution has the bonding driver module available. Use the following command:

    $ sudo /sbin/modprobe --list | grep -i bonding
/lib/modules/2.6.8-2-386/kernel/drivers/net/bonding/bonding.ko

    The output of the command shows that the bonding driver is available as a module. To load the bonding driver you can do the following:

    $ sudo modprobe bonding
$ sudo lsmod|grep bonding
bonding                59112  0

    If your distribution does not have the bonding driver module available then you need to recompile your kernel with the support. Select the “Bonding Driver Support” in the “Network Device Support” section. Remember to configure the driver as a module as currently it is the only way to pass parameters to it.
    Configuring the bonding driver to load automatically at boot time.

    To load the bonding driver automatically at boot time:

    • On RHEL 3 modify the /etc/modules.conf file to contain the following: 
      $ cat /etc/modules.conf
alias bond0 bonding
options bond0 miimon=100 mode=1 downdelay=2000 updelay=5000
    • On RHEL 4 modify the /etc/modprobe.conf file to contain the following: 
      $ cat /etc/modprobe.conf
alias bond0 bonding
options bond0 miimon=100 mode=1 downdelay=2000 updelay=5000
    • On the Debian Sarge system with the 2.6.8 kernel, I had to create the /etc/modprobe.conf file and add the following lines to it. 
      $ cat /etc/modprobe.conf
alias bond0 bonding
options bond0 miimon=100 mode=1 downdelay=2000 updelay=5000

      In debian if you install a package called modconf then there is another way to do this.

      $ sudo apt-get install modconf
$ sudo /usr/sbin/modconf

    modconf is ncurses based. Select the bonding driver modules from it and install it. Enter the parameters for the driver when prompted and exit from the utility. Your bonding driver is loaded with the parameters and also set to be loaded automatically next time the server reboots.

    This method of using modconf basically modifies the /etc/modules file(which basically lists the modules to be loaded at boot time) to include the bonding driver name and creates a file by the driver name in /etc/modprobe.d/ to contain the parameters for the drivers. Here are the two files on my system:

    $ cat /etc/modules
bonding
$ cat /etc/modprobe.d/bonding
options bonding mode=1 miimon=100 updelay=2000 downdelay=3000

    Userspace Tools

    You need the ifenslave utility also in addition to the bonding driver in the kernel. For Debian Sarge you can install the metapackage ifenslave. This currently points to the ifenslave-2.4 package. Since the Sarge has 2.4 kernel as the default if you just install ifenslave metapackage then ifenslave-2.4 will be installed. If you have installed the 2.6 kernel instead of the default 2.4 kernel then you should install ifenslave-2.6 package.

    $ uname -a
Linux noddy 2.6.8-2-386 #1 Thu May 19 17:40:50 JST 2005 i686 GNU/Linux
$ sudo apt-get install ifenslave-2.6

    Configuring the system

    Once the bonding driver has been loaded with the required parameter, the system needs to be configured to use the bonding driver.

    • Red Hat Enterprise Linux (all versions) and FedoraCreate a file /etc/sysconfig/network-scripts/ifcfg-bond0 with the following contents: 
      DEVICE=bond0
IPADDR=172.16.100.3
NETMASK=255.255.0.0
NETWORK=172.16.0.0
BROADCAST=172.16.255.255
ONBOOT=yes
BOOTPROTO=none
USERCTL=no
PEERDNS=no
TYPE=Ethernet
GATEWAY=172.16.200.254

      Modify the file /etc/sysconfig/network-scripts/ifcfg-eth0 to contain the following:

      DEVICE=eth0
USERCTL=no
ONBOOT=yes
MASTER=bond0
SLAVE=yes
BOOTPROTO=none
TYPE=Ethernet

      For other NICs in the system which you want to bond together with eth0 do the same and replace eth0 with the respective NIC like eth1, eth2 and so on.

      Restart the networking:

      $ sudo /sbin/service network restart
    • Debian and DerivativesOn Debian systems edit the /etc/network/interfaces file and remove the reference of all the NICs and just leave the loopback adapter details. Then add the following interface details: 
      # The bonding interface
auto bond0
iface bond0
inet static
address 172.16.202.2
netmask 255.255.0.0
gateway 172.16.200.254

up ifenslave bond0 eth0 eth1
down ifenslave -d bond0 eth0 eth1

      After that a simple restart of networking services will bring the bonding interface up.

      $ sudo invoke-rc.d networking restart

      • ifconfig will list all the interfaces along with the bond0 interface. All will have the same MAC address and same ip address.

  • Security Softwares

    On Unixreview.com came across a secrity tool to be used for SSH servers. Denyhost is a python script which finds out invalid login attempts from the log files and can add the IP address from where the login attempt was made to /etc/hosts.deny file automatically. Can be run manually, through command line or as a dameon. Worth giving a try.

    mod_security is a an Apache module meant to work as an intrusion detection and prevention engine for web applications or a web application firewall. It is stable and worth giving it a try. It has a  very beautiful way of making Apache installation in chroot jail.

  • Textpattern 4 is out

    Finally after a long wait Textpattern 4.0 has been released yesterday. Looks good. Updated the Asha NYC/NJ textpattern installation to this version. Has a lots of new features as well. Still playing with it since the Asha implementation is not yet in production. The only thing which I found lacking is the absence of a list of all TXP tags and their explanatins. Although a Textbook exists, but that is still under development stage. However this is an excellent package with hosts of features. Will definitely recommend it.