A bit about

Hello, everyone! All you can see below is just my bank of information. Some material I've found in the fathomless net, some I've learned myself. Don't think all of the information here is right or actual, but may be it could be of use for you :) All feedback is welcome, especially constructive ones :)

Friday, July 31, 2009

Debian: "Waiting for root file system..."

After installation of Debian RC4 on my server I noticed that sometimes in hangs on boot with message like "Waiting for root file system...". I didn't know how to deal with this problem and as long as it appeared not often I didn't pay attention to this.

But then I decided to upgrade my kernel to the latest version (2.6.30.3 at that moment) and the new version hanged each time. I spend some time in Google and finally found the solution here http://www.debianhelp.org/node/11653. Big thanks to this guy for full description.

The problem hides in conflicts of kernel's devices naming convention and udev's one. For example, in my grub/menu.lst the root partition is /dev/hda1 while kernel considers it as /dev/sda1. I've solved this problem by using UUID's of devices.
$ blkid /dev/hda1
/dev/hda1: UUID="38ed6c23-3908-49f6-81eb-9945a173a60a" TYPE="ext3"

And then just typed this identifier into /etc/fstab and /boot/grub/menu.lst:

fstab:
{...}
UUID=38ed6c23-3908-49f6-81eb-9945a173a60a / ext3 defaults,errors=remount-ro 0 1
{...}

/boot/grub/menu.lst:
{...}
title Debian GNU/Linux, kernel 2.6.30.3
root (hd0,0)
kernel /boot/vmlinuz-2.6.30.3 root=UUID=38ed6c23-3908-49f6-81eb-9945a173a60a ro
initrd /boot/initrd.img-2.6.30.3
savedefault
{...}

Tuesday, July 28, 2009

NAT configuration in Debian

Currently my home network consists of several computers and each of them needs access to the Internet. My provider requires VPN connection, so one computer should be a router and control traffic by means of NAT. The easiest way is to buy a special router which has convenient web interface, but I hadn't enough money, so I decided to configure my Linux server for this purpose.

That's what I had: local home network with subnet number 192.168.1.0/24 (the first server's Ethernet controller is connected to it); DHCP in provider's network (the second server's controller) and VPN connection. I won't describe creation of VPN connection in this post, may be later.

Let's say that my eth0 interface has IP 192.168.1.1 (home network); eth1 interface obtains network setting through DHCP; and ppp0 is the interface which is created on VPN connection.

My routing table is simple and just describes my connections and default route:
$ sudo route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
213.219.200.230 0.0.0.0 255.255.255.255 UH 0 0 0 ppp0
10.251.50.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
0.0.0.0 0.0.0.0 0.0.0.0 U 0 0 0 ppp0

Now I have to configure my firewall, which will replace IP address for outgoing packets. The POSTROUTING chain of NAT is responsible for this. So I do this by simple command:
# /sbin/iptables -v -t nat -A POSTROUTING -o eth1 -j MASQUERADE
This activates NAT for eth1 interface. Each packet which is routed on this interface will be processed by firewall in order to replace source IP address of the packet with server's one (that's how NAT works).

I also duplicated this command for ppp0, and later wrote a script which is executed on system startup. This script fully configures iptables according to my requirements:
#!/bin/bash

echo "IpTables Loading";

int_if="eth0";
ext_if="eth1";
ppp_if="ppp0";

lo_if="lo";

cmd="/sbin/iptables -v";

$cmd -F;
$cmd -t nat -F;
$cmd -t mangle -F;
$cmd -X;

$cmd -A INPUT -i $lo_if -j ACCEPT;

$cmd -A INPUT -j ACCEPT;
$cmd -A OUTPUT -j ACCEPT;
$cmd -A FORWARD -j ACCEPT;

$cmd -t nat -A POSTROUTING -o $ext_if -j MASQUERADE;
$cmd -t nat -A POSTROUTING -o $ppp_if -j MASQUERADE;

echo 1 > /proc/sys/net/ipv4/ip_forward;
echo 1 > /proc/sys/net/ipv4/ip_dynaddr;