[[tips:linux]]
This site is a part of Przemoc's network. Look also at my news page.
 
Trace: » linux
You are here: start » tips » tips:linux
Table of Contents

linux tips

Problems

NetBeans 6 - empty window in installer

Turn of Compiz/Beryl and restart installer.

Debian/Ubuntu and VirtualBox with host interface networking and bridging

Have you followed instructions and now you have network problems with host (but not with guest)? 

# << start of lacking part
auto eth0
iface eth0 inet manual
    up ifconfig $IFACE 0.0.0.0 up
    down ifconfig $IFACE down
# >> end of lacking part
 
auto br0
iface br0 inet dhcp
    bridge_ports eth0

Without lacking part eth0 interface conflicts with br0, because they have the same address.

UPDATE: Above information is suitable only for VirtualBox < 2.1

Tasks

GRUB reinstallation

mount /dev/sdXY /mnt/sys
mount -t proc none /mnt/sys/proc   # or --bind
mount -o bind /dev /mnt/sys/dev    # or --bind
chroot /mnt/sys
#mount /dev/sdXZ /boot             # if needed
grub-install /dev/sdX

Setting processor affinity

taskset -p 0x00000001 13545
taskset -cp 1 13545
taskset -cp 3,4 13545

Mounting partition from VDI fixed-size image

WARNING: You must have little-endian machine and this how-to works only with primary partitions.

UPDATE: fdisk was permanently replaced with more reliable sfdisk.

UPDATE2: I divided this how-to into sections and wrote about usage of my new vdiwrap shared library.

Locate partition - manual way

First test if your VDI image is fixed-size. 

$ od -j76 -N4 -td4 image.vdi | awk 'NR==1{print $2;}'    # read 4-byte unsigned int from offset 76
2                                                        # "2" means that this is a fixed-size image

You must find out where virtual disk exactly starts. 

$ od -j344 -N4 -td4 image.vdi | awk 'NR==1{print $2;}'   # read 4-byte unsigned int from offset 344
33280                                                    # your data offset

Next step is copying beginning of the virtual disk to some file. I named it vdstart 

$ dd if=image.vdi of=vdstart bs=1 skip=<data offset> count=1b

Now look at partition table. 

$ /sbin/sfdisk -luS vdstart                              # list partition table (units = sectors)
Disk vdstart: cannot get geometry

Disk vdstart: 0 cylinders, 255 heads, 63 sectors/track
Units = sectors of 512 bytes, counting from 0

   Device Boot    Start       End   #sectors  Id  System
 vdstart1   *        63  16771859   16771797  83  Linux
 vdstart2             0         -          0   0  Empty
 vdstart3             0         -          0   0  Empty
 vdstart4             0         -          0   0  Empty

Locate partition - half-automatic way

If you want to mount logical partition you have to use this method. Create new file vdiwrap.c with code available at C snippets page. Compile it accordingly to instructions, i.e. 

$ gcc -fPIC -c               -o vdiwrap.o  vdiwrap.c &&
  gcc -nostdlib -shared -ldl -o vdiwrap.so vdiwrap.o

Run sfdisk directly on VDI fixed-size image with LD_PRELOAD equal to ./vdiwrap.so: 

$ LD_PRELOAD="./vdiwrap.so" /sbin/sfdisk -qluS image.vdi

Look at the printed partition table. In output you will find VDI data offset needed in the next step.

Math

Time for some math. Calculate offset (and length if you plan to mount encrypted partition) of chosen partition: 

offset = <data offset> + <start sector> * 512
length = <number of sectors> * 512

In my image there is only one partition, so I have no choice: offset = 65536, length = 8587160064.

Mounting

Last part is mounting (turn off VM which uses your VDI image) and you must be superuser to do this (I'm using sudo, but if you haven't configured it, try su -c): 

$ sudo mount image.vdi <mount point> -t <filesystem> -o loop,offset=<offset>  # add sizelimit=<length>
                                    # if partition is encrypted; your losetup must support this option

In my case I ended with: 

$ sudo mount image.vdi /mnt/vd -t ext3 -o loop,offset=65536,ro

Maybe I should write some script for automating this? 8-)

Making SOCKS proxy transparent

If we have a limited connectivity to the world from current location, but still can connect to a shell account fully open to the world (or open to the other non-public network), than dynamic port forwarding available in ssh can save us. This feature (accessible by -D option) in fact makes ssh acting as SOCKS server. OK, but what can we do if our application doesn't support SOCKS proxy? It's important question, because vast majority of software is unaware of such protocol. In Linux we have a great tsocks (http://tsocks.sourceforge.net/), shell wrapper which transparently allow an application to use SOCKS proxy. In Windows there is FreeCap (http://www.freecap.ru/eng/), which does the same thing, but in a different way. Nice, but what if we have dozens of machines to set up. Teaching all users how to use any of mentioned application can be also really inconvenient. Making SOCKS proxy transparent will solve (almost?) all our problems. Is it feasible? YES, but you must have an access to superuser account on a gateway server (it can be also any other server, but gateway is used here for simplicity).

I'm assuming that you already have SOCKS server bound to localhost on standard port 1080 (e.g. you started ssh with -D1080).

  1. Install libevent (http://www.monkey.org/~provos/libevent/). It can be already available in your distribution repository. This will be used for compiling in next step, so you must get development package (usually libevent-dev).
  2. Download transocks_ev (http://oss.tiggerswelt.net/transocks_ev/ - use svn or simply wget files) and build it using make.
  3. Run transocks_ev with following arguments: -p 12345 -H localhost -s 1080 -S localhost. -H tells where to bind transocks_ev, -p where to listen for incoming connections, -s and -S point SOCKS server.
  4. Change iptables configuration. This step requires superuser powers. Below you have example script (heavily based on tranSOCKS_ev's README) with some common alternatives: 
    #!/bin/sh
 
IPTABLES="/sbin/iptables"
 
TRANSOCKS_PORT="12345"
SOCKS_HOST="192.168.0.1"
SOCKS_PORT="1080"
 
# Create our own chain
$IPTABLES -t nat -N TRANSOCKS
 
# Do not try to redirect local traffic
$IPTABLES -t nat -I TRANSOCKS -o lo -j RETURN
 
# Do not redirect LAN traffic and some other reserved addresses.
$IPTABLES -t nat -A TRANSOCKS -d 0.0.0.0/8 -j RETURN
$IPTABLES -t nat -A TRANSOCKS -d 10.0.0.0/8 -j RETURN
$IPTABLES -t nat -A TRANSOCKS -d 127.0.0.0/8 -j RETURN
$IPTABLES -t nat -A TRANSOCKS -d 169.254.0.0/16 -j RETURN
$IPTABLES -t nat -A TRANSOCKS -d 172.16.0.0/12 -j RETURN
$IPTABLES -t nat -A TRANSOCKS -d 192.168.0.0/16 -j RETURN
$IPTABLES -t nat -A TRANSOCKS -d 224.0.0.0/4 -j RETURN
$IPTABLES -t nat -A TRANSOCKS -d 240.0.0.0/4 -j RETURN
 
# Do not redirect traffic for the SOCKS server (not needed if server is already excluded by above rules)
$IPTABLES -t nat -I TRANSOCKS -p tcp -d $SOCKS_HOST --dport $SOCKS_PORT -j RETURN
 
## Redirect only specified addresses.
#$IPTABLES -t nat -A TRANSOCKS -m iprange ! --dst-range 123.45.6.78-123.45.6.90 -j RETURN
 
# Redirect all traffic that gets to the end of our chain
$IPTABLES -t nat -A TRANSOCKS -p tcp -j REDIRECT --to-port $TRANSOCKS_PORT
 
# Filter (i.e. just branch into the TRANSOCKS-chain) all traffic that is routed over this host
$IPTABLES -t nat -A PREROUTING -j TRANSOCKS
 
## Filter all traffic from the own host (BE CAREFUL HERE IF THE SOCKS SERVER RUNS ON THIS MACHINE!)
#$IPTABLES -t nat -A OUTPUT -j TRANSOCKS
  5. Now all hosts with your machine as a gateway use SOCKS proxy accordingly to iptables rules. Transparently!
  6. Open another beer bottle and enjoy. 8-)
 
tips/linux.txt · Last modified: 2009.03.20 18:09 by przemoc
 
Recent changes RSS feed Creative Commons License Donate Powered by PHP Valid XHTML 1.0 Valid CSS Driven by DokuWiki