Linux network diagnostics

Dave Farquhar Linux , ,

I was doing a little research for Gatermann about Linux networking. I didn’t find what I was looking for, but I found something interesting: a pair of tools co-written by Donald Becker called mii-tool and mii-diag.
The source code for it is available at scyld.com but Debian includes a package for it (mii-diag). It allows you to force your network card to re-negotiate its speed with your hub or switch, which is useful if it’s constantly negotiating the wrong speed. In Windows you can usually open the network control panel and force duplex operation and speed. In Linux, that requires playing around with module options, which aren’t always consistent across drivers (because they’re not all written by the same people) or, if you compiled your driver into the kernel, passing boot parameters. Either way, you’re forced to reboot.

Run mii-diag to find out the status of your card (and commentary on the situation from the authors, in some cases). You can run mii-tool -r to force a renegotiation nicely, or run with the -f parameter to force it to a certain speed (if you’re interested in forcing a speed, you’re probably chasing 100 megabit, full duplex).

If your system is mysteriously not connecting, like my Web server was yesterday after I moved it, this tool can be useful in fixing it. I wish I’d known about it yesterday. I eventually solved the problem by rebooting until it worked right. (I don’t think my server’s 3Com NIC likes my Linksys router/switch much.)

So if you want to change your network’s speed for any reason without rebooting, this is the tool to do it (and it doesn’t make you hunt the Web and Usenet for the module parameters).

More wireless networking

Dave Farquhar Hardware , , , ,

Well, I took the plunge. What good is credit when you don’t use it, right? I didn’t want to run CAT5 Ethernet cable everywhere and I didn’t want to spend hours playing with Linux drivers for phone-line networks that have been in beta for a year. Especially not with what few Usenet posts mention those drivers also mentioning kernel panics. No thanks.
Dan Bowman pointed out that JustDeals had good prices available on wireless gear. So I picked up a plain-old access point for $70 (I don’t want a combo access point/router/switch because I want something I can turn off when I’m not using it–can’t beat that for security) and a PCMCIA NIC for $29 and a pair of USB NICs for $29. That’ll let me put a computer in the front room and a computer in the spare room and it’ll let me wander around with my work laptop.

Dirt-cheap prices, no rebate hassles. Gotta love it. CompUSA’s prices on Netgear kit are good, but there are rebates involved, which is always a pain.

My plan for security, besides powering off the access point when I’m not using it, is to turn off DHCP, hard-code it to my NICs, turn on 128-bit WEP, use obnoxious passphrases, and place the access point as far from the outside wall as possible. That should give me acceptable security, especially considering the physical location of my house. Neither of my next-door neighbors has a wireless LAN, and I seriously doubt the neighbors behind me do either, and they’re pretty far back and might even be out of range anyway. I’m at the end of a street deep in a residential area, so most wardrivers probably won’t bother. And if they do, I’ll be home and I’ll probably see them.

One thing I learned today, which reveals my ignorance yesterday, is that most wireless NICs accept the “Any” parameter that we used to get a Linksys NIC talking with a 3Com access point so we could configure it. But your documentation may or may not mention it.

Let’s talk wireless networking

Dave Farquhar Hardware , , ,

When I was at church tonight looking at a power supply they asked me to help them set up a wireless network. I didn’t go about securing it just yet because I was paranoid about locking myself out.
I learned enough anyway.

The first thing I learned was that mix-and-matching your stuff for initial setup isn’t the best of ideas. We had a 3Com access point, a D-Link PCMCIA NIC, and a Linksys USB NIC. The D-Link and the 3Com didn’t want to talk to each other. Differing SSIDs turned out to be the culprit. The 3Com’s SSID was “3Com”. The D-Link’s SSID was “default”. The Linksys’ SSID was “Linksys”. But the Linksys setup program hinted that if you changed the SSID to “Any”, it would work with anything. It was right. It linked right up to the 3Com access point, while the D-Link just kept blinking away, looking for something. So we used the Linksys to configure the 3Com access point and changed the D-Link’s SSID. We had to reboot a couple of times before it kicked in, but then the D-Link connected up and held a link.

So the moral of that story is to make sure your access point and at least one of your cards match. And if you can’t match brands, get one Linksys, since you can set its SSID to “Any” and it’ll connect to anything. (I couldn’t figure out how to make the D-Link do that; maybe if I’d set it to “Any” it would have found the 3Com too.) Of course the only way to find out the 3Com’s SSID was to connect to it, so if we hadn’t had that Linksys, we’d have been up a creek.

So now I just have to figure out how to secure the network and they’ll be set. The plan is to only break the wireless stuff out during events, so it’s not like they’ll become much of a wardriving target, but I’ll still feel better if it’s secure. I’m a little bit afraid to just connect to the access point, enter a passphrase and turn on 128-bit encryption, because I couldn’t figure out how to give the cards themselves the passphrase and I didn’t want to take the chance of whether it’ll ask for it upon initial connection.

Time for more research.

And I think I’ll be getting some wireless stuff for myself soon. I’ve thought about phone networking, but Linux support is spotty. Wireless is less secure and more expensive, but it’s a whole lot easier. And it’ll be nice to be able to take a laptop anywhere I want and still be connected. CompUSA has their wireless gear on sale right now.

That Middle East oil rumor

Dave Farquhar General ,

You’ve probably seen the e-mail circulating around about what companies buy Middle Eastern oil and thus could be indirectly funding terrorism.
That e-mail came up in conversation today, and then I remembered the Truth or Fiction Web site, which I’d stumbled across while researching the story of Butch and Eddie O’Hare. When I’d first seen that e-mail, I went to the Department of Energy web site to see if I could, as it said, “easily document” who was buying oil from countries that don’t like us very much. I didn’t find anything.

They did. And the e-mail rumor, based on their research, has the numbers wrong but is mostly correct about which companies are buying oil from the Middle East and which ones aren’t, even if it was wrong about the number of barrels (and sometimes they were off by a factor of 10).

The question is, will it do any good? Economic boycotts have worked in the past–take a look at the early days of the Civil Rights movement for an example–but you have to really want it, want it enough to stick to your guns. Based on the rumor, I bought all my gas at Phillips 66 for months, figuring I probably wasn’t doing any harm and might be doing some good. But my last couple of tanks have come from the Mobil station that’s on my way to work. There are a couple of Phillips stations not far out of my way, but they are out of my way.

That’s pretty typical. These days, we’ll talk tough, and we’ll even act tough for a while. But more often than not, ultimately what wins out is what’s cheap or convenient. That Mobil station is close and on the way, so it couldn’t be any more convenient, and it always seems like it’s the first station to lower its prices and the last to raise them. So I’ve been buying there.

I probably should start driving that extra mile to buy somewhere else. There’s a Citgo close by too.

Oh, and by the way… Next time someone forwards you that Pepsi can Pledge of Allegiance rumor, tell them to stop circulating it. It was Dr Pepper, not Pepsi. I can’t say anything with my dollars there. I don’t know that I’ve bought anything from either company in the past year because I almost never drink soda.

A moving story

Dave Farquhar Personal

My mom came in and helped me move this weekend. Moving is a pain, which is why I do it as little as possible. I’m hardly a neat freak, as any of my coworkers can attest to, which makes it harder.
But Mom told me a story.

Not long after she met my Dad, she helped him move. She came over to his apartment, and he handed her two boxes. One was a small box, slightly bigger than a shoebox. The other was a really big box. She pointed over to the box my 19″ monitor came in, and said the box he handed her was bigger than that one.

“Put the clean dishes in the small box, and the dirty dishes in the big box,” he told her.

She opened the cabinet and found a couple of dishes. She put them in the small box. She found a few dirty dishes in the sink.

“But there aren’t that many dirty dishes,” she said.

“Hold on,” he said. He opened the dishwasher. It was bursting. Then he walked over and opened up the oven. More dirty dishes. “And I think there are some in here too,” he said, opening up the freezer. There were.

“David, your dad was a slob,” Mom said.

Suddenly I don’t feel so bad about those times I waited until all my dishes were dirty before I washed them. I’ve never had to resort to putting dirty dishes in the oven and freezer.

Adding a network card to Linux

Dave Farquhar Linux ,

I said yesterday I didn’t remember exactly how to add a network card to Linux machines. I found instructions today. They weren’t entirely correct. So here are instructions (hopefully more correct–I have access to exactly one Linux box right now) for adding a NIC in Linux.
First, determine which module your NIC uses, then install it temporarily with the following:

insmod [module name]

For example:

insmod rtl8139

In RPM-based distributions (Red Hat, Mandrake, Caldera, TurboLinux, UnitedLinux), edit the file /etc/modules.conf or /etc/conf.modules to add an alias for the module. In Debian-based distributions, edit the file /etc/modutils/aliases and then run the command update-modules. In any case, the format of the line to add is the same:

alias eth0 rtl8139

More likely, you’re adding a second NIC, in which case the line would look more like this:

alias eth1 rtl8139

In RPM distros, next you create an interface config file in /etc/sysconfig/network-scripts. The file is called ifcfg-[interface]. Here are a couple of example ifcfg-eth0 files:

# Static IP
DEVICE=eth0
IPADDR=192.168.0.33
NETMASK=255.255.255.0
BROADCAST=255.255.255.255
ONBOOT=yes

# DHCP
DEVICE=eth0
BOOTPROT=dhcp
ONBOOT=yes

In Debian, all network configuration info is kept in /etc/network/interfaces. Here’s a sample configuration:

iface eth0 inet dhcp

iface eth1 inet static
address 192.168.1.1
netmask 255.255.255.0
network 192.168.1.0
broadcast 192.168.1.255

SuSE is likely to be a bit different. Slackware is virtually guaranteed to be different. I haven’t looked at SuSE in three years and Slackware in five. Hopefully they’re similar enough that this can give you a start.

I’m sure there’s a graphical way to do this in some, if not all distributions, but I prefer to hit the configuration files directly. It’s much easier to explain, and the knowledge is much more portable.

A semi-easy firewall

Dave Farquhar Linux , , , , , , , ,

A single-floppy firewall mini-distribution can be a quick and easy way to save yourself some money if you’ve got an old PC in a closet not doing anything, assuming you stumble across a combination of hardware that works right.
If you don’t stumble across a combination of hardware that works together, you can just as easily spend a weekend and accomplish nothing but uttering strings of four-letter words in combinations never before heard by mankind.

In case you came here looking for hardware that works, here are a few hints. A 10-megabit PCI NE2000 clone in combination with virtually any 10/100 PCI card ought to work fabulously. A pair of 10/100 PCI cards based on the RealTek 8139 chipset, which includes the majority of today’s inexpensive cards, probably will not. If you’re buying new stuff and want ease of use, get a 3Com card and a cheapie. If you want cheap and a little inconvenience, get a Netgear FA311 or 312 and a Realtek 8139-based card, such as a D-Link DFE-530+ or a Linksys. You’ll have to hunt down and install the natsemi.o module to get the Netgear working; most other inexpensive cards on the market will work with the rtl8139.o driver.

Freesco doesn’t supply a driver for the Intel EtherExpress Pro series out of the box. If you’ve got an EEpro, you can make it work by downloading the module and copying it to the floppy, but don’t rush out to buy one. And yes, the 3Com and Intel chipsets are high-performance chipsets, especially compared to the 8139, but remember, routers are machines that pull packets out of a 1.5-megabit pipe (if you’re lucky) and shove packets down an even smaller pipe. In this application, a $40 big-brand card doesn’t give you any advantage over a no-name card that costs $6 at Newegg.com

While these firewalls will technically work fine even on a 386sx/16, trying to make them work with ISA cards can be a long, difficult road. Used Pentium-75s are dirt cheap (and Pentium-60s and 66s are even cheaper, when you can find them) and they’re a lot less trouble because PCI cards don’t require you to rejumper them or hunt down a plug-and-play configuration disk to find out its IRQ and address. I’ve had the best luck with Pentiums that used an Intel Triton chipset or newer (the 430FX, HX, VX, or TX). I’ve tried a couple of boards that had a SiS chipset of 1995 vintage or so, and I could get one network card or the other working, but not both. I don’t want to generalize and say that based on two isolated incidents that all Taiwanese chipsets are junk for this application–for all I know, the problem could have been the BIOS on those boards–but I’ve done this on a handful of Triton-series boards and done well on all of them, and on two SiS boards and failed. Your mileage will probably vary.

How much memory do you need? 16 megs is sheer luxury.

Once you put all this together, the question becomes whether you use a floppy distribution or a full-blown distribution. If you want peace and quiet and cheap, the answer is pretty easy–use a floppy and pull out whatever hard drive was in there.

A full-out distribution like Red Hat or Debian will give you more versatility. You can run meaningful Web and FTP servers if you want (and your ISP allows it). You can run a caching nameserver to speed up your Web browsing. If you feel adventurous, you can even install the Squid caching proxy and speed up your browsing even more (but either use a SCSI drive or put in a bunch of extra memory and run Squid’s cache out of a ramdisk–Squid’s performance on IDE is, to put it mildly, terrible).

I’m having a hard time finding the documentation on how to set up a second network interface quickly. I believe it involves the file /etc/interfaces and the files /etc/sysconfig/ifconfig.eth0 and .eth1, but I don’t have a Linux box handy to investigate at the moment.

Anyway, I like Debian for this application (of course) because I can easily fit a minimal Debian on a 100-meg hard drive.

Once you get your network cards all working and talking to each other, you can build your firewall using this online tool. I just copy it, then Telnet into my Linux box using PuTTY, fire up a text editor, and right-click in the window to paste.

If you want versatility and quiet and don’t mind spending some cash, pick up a CompactFlash-to-IDE adapter and a CompactFlash card of suitable size. Don’t create a swapfile on the CF card–you’ll quickly burn it up that way. Your system will recognize it as a small IDE drive, giving you silent and reliable solid-state storage on the cheap.

Phoenix hits 3, er, 0.3

Dave Farquhar Windows

I think I have a new most favoritest Web browser of all time for Windows. Or I will soon.
Phoenix is Mozilla on a diet. The idea is to cut out all the stuff not related strictly to Web browsing in order to make it as small and fast as possible.

Early releases were slightly faster than Mozilla. But the Mozilla feature I use most was missing: The ability to right-click on an image and select “Block images from this server.” It’s a good way to block objectionable content, be it an especially annoying ad (though most ads are tolerable if I keep animation turned off, I’ve found) or anything else I don’t want to look at.

Version 0.3 brought that feature back and nearly halved the memory consumption. It’s still not as slim and fast as Galeon on Linux, but it’s getting there. The last time I tried using a Mozilla theme to change its appearance (I like the TinyMozilla theme because it lets me use my screen space to display Web pages at the expense of big buttons–since I don’t need big buttons, that’s a good thing) I crashed it. But I can live without my fave theme for a while.

The nice thing is we’ve got a reasonable-sized Web browser that incorporates popup blocking without having to run additional programs. You can easily chew up 4, 8, 12 megs of RAM by keeping a popup blocker running. That’s the amount of memory a Web browser all by itself should be using.

Check it out. It’ll keep getting smaller, faster, better.

Telemarketers, go away

Dave Farquhar General , ,

I spent the night fighting off telemarketers. I lost count of how many calls I got. It might have been as low as three. It seemed like a lot more though. Two different companies wanted to sell me alarm systems. Well, right now I can’t really afford an alarm system.
I thought about getting caller ID, or call-block on anonymous calls, but that’s like $7 a month. That’s not a lot, but I think I’m paying $20 a month for basic phone service (I called the phone company and told them I wanted two things: a dial tone and DSL. Nothing else.) so raising my phone bill by 33% to avoid telemarketers doesn’t quite seem right. I’m better off stashing that $7 a month into a repairs fund.

Then I remembered that at the apartment I got about five telemarketing calls a month. Missouri has a pretty liberal no-call law that eliminates most telemarketing calls to those who put themselves on a list. I signed up months ago, when it was first offered, and then I forgot about it. I just enjoyed not getting the telemarketing calls my friends always complain about. Those I do get usually are during the day, so my answering machine gets them. You can report the infringements and Missouri will go after them, but I’ve never bothered.

So, in between calls, I went and put my name on the no-call list.

I’ll have peace and quiet soon.