Handy info to know… the path a packet takes through the router…
..webcache…policy routing….routing… NAT….crypto (IPSec)….Encryption…
more details here
- to let the packet go through the IPSec tunnel, you have to deny it in NAT and permit it in the crypto
By default, Windows 7 doesn’t allow ping from hitting its firewall.
Here’s the guide I found on enabling that.. follow this link
see this page
remember that in the vSwitch0, vlan0 = vlan1 in the Cisco world. So if you want your VMs to be on the same subnet as your ESXi Box.. set the vlan to 0.
Using the Open Source software, CDPR (Cisco Discovery Protocol Reporter) from SourceForge, you can decode CDP advertisements from within Windows to find out which port on which switch you are connected to.
the process:
1. install winpcap from here
2. download CDPR windows version from here
3. Open a command prompt window, change to the directory where cdpr.exe is located and type cdpr . You will be asked to select a number corresponding to a particular network adapter where you wish to decode CDP packets from. Enter the relevant number and press enter.
references:
Where art thou? – CDPR
I used this guide recently. Very handy and quick.
Below is my shell script to run in the /etc/rc.d/rc.local
#!/bin/bash
### INTERFACE IPs
## OUTSIDE INTERFACES
/sbin/ifconfig eth0 10.10.10.123 netmask 255.255.255.0
/sbin/ifconfig eth0:1 192.168.200.2 netmask 255.255.255.0
## INSIDE INTERFACES
/sbin/ifconfig eth1 10.23.0.1 netmask 255.255.255.0
## DEFAULT GATEWAY
route add default gw 10.10.10.254
### NAT STUFF
echo 1 > /proc/sys/net/ipv4/ip_forward
/sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
/sbin/iptables -A FORWARD -i eth0 -o eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT
/sbin/iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT
### port forward to the internal Server1 box
# Server1 port 8080
/sbin/iptables -t nat -A PREROUTING -p tcp -i eth0 -d 10.10.10.123 --dport 8080 -j DNAT --to 10.23.0.123:8080
# Server1 snmp traps
/sbin/iptables -t nat -A PREROUTING -p udp -i eth0 -d 10.10.10.123 --dport 162 -j DNAT --to 10.23.0.123:162
# Server2 port 80
/sbin/iptables -t nat -A PREROUTING -p tcp -i eth0 -d 10.10.10.123 --dport 80 -j DNAT --to 10.23.0.122:80
###EXTERNAL Network ROUTE NOT VIA THE DEFAULT GATEWAY
route add -net 10.0.1.0 netmask 255.255.255.0 gw 192.168.200.1
route add -net 10.0.0.0 netmask 255.255.255.0 gw 192.168.200.1
route add -net 10.0.4.0 netmask 255.255.252.0 gw 192.168.200.1
route add -net 10.0.5.0 netmask 255.255.255.0 gw 192.168.200.1
at server, go to network interfaces
TEAM interface> properties> configure> Settings> Modify Team> Type> IEEE 802.3ad dynamic link aggregation OR static link aggregation
combinations are:
at server = IEEE 802.3ad dynamic link aggregation
at switch = channel-group mode active (LACP)
at server = static link aggregation
at switch = channel-group mode on (no PAgP or LACP negotiation)
Group Port-channel Protocol Ports
——+————-+———–+———————————————–
4 Po4(SU) LACP Gi1/0/25(P) Gi2/0/25(P)
How to setup direct IP to IP port forwarding for FTP server behind a cisco router/firewall/nat.
in the cisco router
setup cisco forwarding from internal (10.10.10.5) to external public IP x.x.x.x
ip nat inside source static 10.10.10.5 x.x.x.x
in internet explorer disable passive ftp, go to:
- tools> internet options> advanced tab> uncheck the use “use passive FTP” (its the second from the bottom of the Browsing category
- click on apply, then click on OK
to upload the file:
- click on start> computer, a windows explorer window opens
- click the address bar that says “computer”
- type in ftp://x.x.x.x (hit enter), where x.x.x.x is the public ftp ip address
- enter the username & password, it will connect to the ftp server
- drag and drop the files to upload.
when done, just close the window.
Note that this isn’t an issue when doing ftp from a cli client.
I was uploading IOS to a new switch and found “O!!!O!!!O!!!O!!O” errors.
this link said that the tftp udp packets were arriving on the switch out of sequence. The fix was to set tftpd32′s option to:
a.) double the timeout from 3 to 6 seconds
b.) double the max retransmits from 6 to 12 seconds
I didn’t know that Dell’s PERC S100/S300 RAID only worked for windows.. no Linux for us. I found this out after buying the Dell T110 server. Booting it said it had 2 SATA 250GB drives in a RAID1 setup. Installing CentOS, it still saw the 2 physical drives instead of just 1 drive in a RAID 1 array. I rang Dell and they let me know this fact.
This was due to code not being released to the public so linux drivers can be written for it or something like that. Some people call this FAKE RAID.
How do I use the Dell PowerEdge S100 and S300 Software RAID controllers with Linux operating systems?
You cannot use the Dell PowerEdge S100 and S300 PERC RAID controllers under Linux and they are software only RAID (fake RAID device) and it only works with MS-Windows operating systems.
Option 1: Disable RAID storage – the S100/S300 controllers by visiting BIOS settings.
You can now use standard software RAID provided by Linux. see here for CentOS 5 guide.
And if the software RAID breaks, here’s the guide to fix it.
Option 2: Use add-on hardware RAID card to server such as PERC 6/E SAS controller with RAID or SAS 6I/R SAS controller with RAID. This means more expense since I had 2 SATA drives and meant getting SAS drives to match the SAS RAID controller cards.
Option 3: There are also hardware RAID cards that do IDE, SATA, eSATA drives, etc. So you can use your SATA drives and build the RAID.
