Category Archives: linux

Showing (and/or) Clearing the arp cache

Posted on by

The arp cache should (normally) be cleared within 20 minutes (or less, this depends on what platform is used).

If you don’t know what ARP is and what is is good for, then perhaps you should take a moment and read the man page:

DESCRIPTION
Arp manipulates or displays the kernels IPv4 network neighbor cache. It can add entries to the table, delete one or display the current content.
 
ARP stands for Address Resolution Protocol, which is used to find the media access control address of a network neighbor for a given IPv4 Address.

On a windows platform to show the arp cache

C:\> arp -a
Interface: 192.168.1.49 --- 0xb
  Internet Address      Physical Address      Type
  192.168.1.29          00-1d-92-08-49-25     dynamic
  192.168.1.34          00-24-81-85-ab-b6     dynamic

To clear the cache

C:\>netsh interface ip delete arpcache
Ok.

To show the arp cache on a nix machine:

$  arp -vn; cat /proc/net/arp
Address                  HWtype  HWaddress           Flags Mask            Iface
192.168.1.254            ether   00:08:ae:09:20:a0   C                     eth0
IP address       HW type     Flags       HW address            Mask     Device
192.168.1.254    0x1         0x2         00:08:ae:09:20:a0     *        eth0

To clear the apr cache on a nix machine.

$  ip neigh flush all

apt-get update gives the error “E: Could not get lock /var/lib/apt/lists/lock – open (11: Resource temporarily unavailable)”

Posted on by

If running apt-get (or aptitude) and you get the following error:

$ apt-get update
E: Could not get lock /var/lib/apt/lists/lock - open (11: Resource temporarily unavailable)
E: Unable to lock the list directory

Then (most likely) explenation is that one of the sources have gotten a timeout and that a (cron) sheduled update task have gotten locked.
A simple solution for this is to find the cron process is locked, and kill it.

$ ps -a |grep apt
Warning: bad ps syntax, perhaps a bogus '-'? See http://procps.sf.net/faq.html
 3737 ?        SN     0:00 /bin/sh /etc/cron.daily/apt
 3833 ?        SN     0:00 apt-get -qq -y update -o APT::Update::Auth-Failure::=cp /usr/share/apt/apt-auth-failure.note /var/lib/update-notifier/user.d/
 3835 ?        SN     0:00 /usr/lib/apt/methods/http
 3838 ?        SN     0:00 /usr/lib/apt/methods/http
 3842 ?        SN     0:00 /usr/lib/apt/methods/http
 3869 ?        SN     0:00 /usr/lib/apt/methods/http
 4223 pts/0    R+     0:00 grep apt
$ kill -9 3833

If this happens often, then perhaps you should try to debug the sources and remove (or exchange) the source that is causing the problems.

sudo without password

Posted on by

Use visudo to edit /etc/sudoers

user host = NOPASSWD: /bin/kill, /bin/ls, /usr/bin/lprm

user, host and or the list of commands to be run can be swapped with the keyword ALL.
However that is probably not a good idea in most cases.

more info on this is in the manpages sudoers(5)

Ubuntu: Buffer I/O error on device sr0 logical block

Posted on by

Most of the time this error occurs that is a bad disk or a bad drive (or a bad cable).
Ubuntu 8.10 seams (from own experience and google) to be commonly affected by this.

You can try the following (I try them in this order)

  • If you only get buffer errors and no CRC errors, just try and wait (a few minutes) It might still be possible to install
  • Try another installation CD [from the same installation image] – if this works, then the other disk is bad
  • Try to swap out the cable to the drive (if you have a ribbon cable use one with 80 connectors, not one with 40)
  • Try to swap out the drive
  • Try another installation CD [from another installation image, old version, other dist, windows] – if this works then there is an issue with the installation image – there might be an issue worth reporting

If all this fails or you wish to install the version you have, then using a usb stick to install the image might be a good idea.

Linux: Converting a file encoded in ISO-8859-1 to UTF-8

Posted on by

If you have a file that is saves as ISO-8859-1 (or ISO-LATIN-1 if you like to call it that) and wish to convert it to UTF-8 you can use:

 iconv --from-code=ISO-8859-1 --to-code=UTF-8 ./oldfile.htm > ./newfile.html

This will create a new file with the converted encoding.

iconv can of of course convert to and from several other charsets. To see a list of all the encodings that iconv can work with use:

 iconv -l

If you wish to massconvert files find can be used with exec

 find . -name "*.txt" -exec iconv -f ISO-8859-1 -t UTF-8 {} -o {}.utf8 \;

apt-get update The following packages have been kept back

Posted on by 
 apt-get upgrade
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages have been kept back:
  bind9-host dnsutils libbind9-50 libdns50 libisc50 libisccc50 libisccfg50 liblwres50 linux-generic linux-generic-pae linux-image-generic
  linux-image-generic-pae
0 upgraded, 0 newly installed, 0 to remove and 12 not upgraded.

The message has been kept back most often means that the upgrade was kept back due to dependencies that are not met.

Some possible solutions

  • A simple way is to invoke dselect to help out with the update. dselect performs the actions necessary to realize that state (for instance, the removal of old and the installation of new packages). 
     apt-get dselect-upgrade
  • While apt-get and aptitude are basically the same, aptitude is sometimes better at handling dependencies than apt-get 
     aptitude upgrade
  • Another solution is to install the package using apt-get install to install the upgraded package and let apt-get install the missing dependencies 
     apt-get install dnsutils

Quickly configure shorewall on Debian

Posted on by

By definition shorewall is not a firewall, it is a way to (more) easily configure iptables to work as a firewall.

  • First install shorewall “$ apt-get intall shorewall”
  • Enter /etc/shorewall
  • Copy the example files from /usr/share/doc/shorewall-common/default-config/ (might also be located in /usr/share/doc/shorewall/default-config/) “$ cp /usr/share/doc/shorewall-common/default-config/* .”
  • Edit the files and enter the data that your system has
    • First create zones “$ nano zones” 
       #ZONE   TYPE            OPTIONS         IN OPTIONS                OUT OPTIONS
fw      firewall
net     ipv4
vpn     ipv4
    • Connect zones with interfaces”$ nano interfaces” 
       #ZONE   INTERFACE       BROADCAST       OPTIONS
net     eth0            detect          tcpflags,blacklist,dhcp
vpn	tun0		-
    • Create policies “$ nano policy” 
       #SOURCE         DEST            POLICY          LOG LEVEL       LIMIT:BURST
fw              net             ACCEPT
vpn             net             ACCEPT
vpn             fw              ACCEPT
fw              vpn             ACCEPT
net             all             DROP            info
all             all             DROP            info
    • Create rules “$ nano rules” 
       #ACTION SOURCE          DEST            PROTO   DEST    SOURCE          ORIGINAL        RATE            USER/
#                                               PORT(S) PORT(S)         DEST            LIMIT           GROUP
ACCEPT          net             fw             tcp     22 # ssh
ACCEPT          net             fw             tcp     80 # web
    • Verify that the rules are fine “$ shorewall check”
    • Edit /etc/default/shorewall and set startup to 1 
       # prevent startup with default configuration
# set the following varible to 1 in order to allow Shorewall to start
 
startup=1
    • Start the firewall “$ /etc/init.d/shorewall start”

If you later decide to update rules, zones etc run “$ /etc/init.d/shorewall restart” to load the changes.

Linux: Turning off window scaling

Posted on by

A fairly common issue on the Internet is that some routers can’t handle window scaling.
This will might give some odd messages to email servers (such as not being able to send mails over a certain size to one receiving mail server)

On option is to turn off window scaling by editing sysctl.conf and adding the following lines

# Uncomment to turn off window scaling (most usefull for linux MTA)
net.ipv4.tcp_window_scaling = 0

A warning about doing this; In the long run throughput will not be optimal on this server, but sending mails should work better (so best used on a dedicated mail server).