A collection of note-to-self's
When doing some research on the different tables in iptables, I was trying to figure out in what order what tables are traversed. Obviously PREROUTING happens before POSTROUTING, but it becomes more difficult to figure out if mangle happens before are after nat.
I found a post which links to this overview (local copy):
Recent tests on kernel 3.13.0 (Ubuntu Trusty 14.04) show that tcpdump captures before mange-PREROUTING and after nat-POSTROUTING.
Everyone that has used the Cisco IOS command line knows this problem. When you mistype a command, the router tries to resolve the “hostname” and you have to wait for 24 very long seconds:
Router#conft Translating "conft"...domain server (255.255.255.255) (255.255.255.255) Translating "conft"...domain server (255.255.255.255) % Unknown command or computer name, or unable to find computer address Router#
Until recently I used the “no ip domain-lookup” configuration entry to counter this. This disables DNS-lookups altogether, which might not always be what you want. I recently found the proper solution to fix this:
IPv6 is, big surprise, the new version of IP. The current internet runs on IPv4, which has some drawbacks. Practically both versions are the same: they allow connections from one host to another host. Technically however, there are some major differences, most notably the enlarged address space. For the moment, most hosts will run a dual-stack configuration.
I decided that it was time to implement IPv6 on my home network and get a IPv6 connection to the IPv6-Internet.
Cisco switches are very verbose in their layer 1 error reporting as shown in the output below:
FastEthernet0/1 is down, line protocol is down
Hardware is Fast Ethernet, address is 0030.94bd.4041 (bia 0030.94bd.4041)
MTU 1500 bytes, BW 0 Kbit, DLY 100 usec, rely 255/255, load 1/255
Encapsulation ARPA, loopback not set, keepalive not set
Duplex setting unknown, Unknown Speed, 100BaseTX/FX
ARP type: ARPA, ARP Timeout 04:00:00
Last input never, output 00:35:31, output hang never
Last clearing of "show interface" counters never
Queueing strategy: fifo
Output queue 0/40, 0 drops; input queue 0/75, 0 drops
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
1 packets input, 64 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 watchdog, 0 multicast
0 input packets with dribble condition detected
3 packets output, 444 bytes, 0 underruns
0 output errors, 0 collisions, 1 interface resets
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier
0 output buffer failures, 0 output buffers swapped out
On this page on the Cisco website, there is a table listing all error counters and their meaning for Ethernet interfaces.
When experimenting with Cisco routers, it’s very nice to have a (small) lab environment to test things. Unfortunately, Cisco routers tend to be fairly expensive and noisy, especially if you need 5 or more of them. So I was looking for a cheaper and more flexible solution.
Dynamips is a Cisco router emulator which loads an official Cisco IOS-image and runs it on emulated hardware. It started out as an emulation of 7200 routers only, but now supports 3600 and 2600 series as well.
When you want more than a single router, you’ll need dynagen as well. Dynagen connects to a running dynamips instance and does some magic to get the (emulated) ethernet-ports connected to wherever you specify. The network-topology is created using plain text files. While this seems scary at first, the excellent tutorial covers every frequently used scenario.
Both tools are Open Source software and run on Linux and Windows (although it needs cygwin and doesn’t run as stable). The only catch is that you need real Cisco IOS images. The cisco.com site provides downloads only to selected users. Another way to get them is to copy them from a real router.
This work by
http://blog.dest-unreach.be/ is licensed under a
Creative Commons Attribution-Noncommercial-Share Alike 2.0 Belgium License.