configuration question

configuration question

[Charles Holbrook]

I have written a script that calls sensors parses the data and then
loads that data into a MIB tree with either ucd or net SNMP.  I have run
into a small problem with the via686a chipset though.  In all other
chipset configs you can set an inX even if that chipset doesn't
monitor(causing either a bad or null value to be returned)  However with
the via686a chipset I have not been able to figure out for the life of
me how to do that.  The reason I am trying to create placeholders for
all values that can be monitored is so that the same MIB structure would
apply across all systems.

EXAMPLE:
.1.3.6.1.4.1.2021.5822.20.101.20 is -5V on a system with the
w83627hf-isa-0290 chipset and even if it wasn't there I could add a line
for in6 creating that value.

.1.3.6.1.4.1.2021.5822.20.101.20 on a via686a motherboard will return a
fan RPM speed.

Because of this difference I cannot actually use this to get any usefull
data from my server cluster.  Having a mib return different values
depending on the chipset is a bad bad thing.  Is there a set command I
can use in the config script to force the via686a configuration to
insert a line for -12V or for that matter any place holder I want to
create?

Thanks in advance.

configuration question

[Philip Pokorny]

Another way to attack this would be to create some "standard" labels 
that your SNMP module would look for.

Then a user of your script would need to make sure the sensors.conf uses 
the "LABEL" directive to name the appropriate values correctly.  In that 
way, your script is independant of the chipset in use.

You could then create entries for -5V, 5V, 3.3V, 12V and -12V (which are 
the standard power supply voltages and generally available). 
5V-standby, 3.3V-standby and Vbat (battery voltage) are also frequently 
available.

Then create a table? for Fan speeds and number them fan1, fan2, fan3. 
Some motherboards have multiple monitoring chips and can monitor as many 
as 6 or more fans.

Basically, pick a common subset of readings and then name them in a 
standard way.  We may be doing something along these lines for the next 
release of the libsensors library...

:v)

Charles Holbrook wrote:
> I have written a script that calls sensors parses the data and then
> loads that data into a MIB tree with either ucd or net SNMP.  I have run
> into a small problem with the via686a chipset though.  In all other
> chipset configs you can set an inX even if that chipset doesn't
> monitor(causing either a bad or null value to be returned)  However with
> the via686a chipset I have not been able to figure out for the life of
> me how to do that.  The reason I am trying to create placeholders for
> all values that can be monitored is so that the same MIB structure would
> apply across all systems.
> 
> EXAMPLE:
> .1.3.6.1.4.1.2021.5822.20.101.20 is -5V on a system with the
> w83627hf-isa-0290 chipset and even if it wasn't there I could add a line
> for in6 creating that value.
> 
> .1.3.6.1.4.1.2021.5822.20.101.20 on a via686a motherboard will return a
> fan RPM speed.
> 
> Because of this difference I cannot actually use this to get any usefull
> data from my server cluster.  Having a mib return different values
> depending on the chipset is a bad bad thing.  Is there a set command I
> can use in the config script to force the via686a configuration to
> insert a line for -12V or for that matter any place holder I want to
> create?
> 
> Thanks in advance.
> 
> 
> 



-- 
Philip Pokorny, Director of Engineering
Tel: 415-358-2635   Fax: 415-358-2646   Toll Free: 888-PENGUIN
PENGUIN COMPUTING, INC.
www.penguincomputing.com

configuration question

[Charles Holbrook]

Thanks but I figured out how to get it to work no matter what board I
was using.  Below is the script I ended up with.  Kinda long but will
allow everything to show up in the same order in SNMP even if the item
returns a "0" value.

### BEGIN SCRIPT ###
A[1]="VCORE1"
A[2]="VCORE2"
A[3]="+3.3V"
A[4]="+5V"
A[5]="+12V"
A[6]="-12V"
A[7]="-5V"
A[8]="V5SB"
A[9]="VBat"
A[10]="CPUFan1"
A[11]="CPUFan2"
A[12]="SYSFan"
A[13]="CPUTemp1"
A[14]="CPUTemp2"
A[15]="SYSTemp"
A[16]="SBrTemp"
A[17]="Adapter"
A[18]="Algorithm"

for line in `sensors -f|tr -s ' '|cut -d' ' -f1,2|tr -d ' '|tr '\260'
'|'|sed s/\|F//g`
do
   NAME=`echo $line|cut -d':' -f1`
   VALUE=`echo $line|cut -d':' -f2`
   case $NAME
   in
      "VCORE1")
         A[1]=$NAME
         B[1]=$VALUE
         ;;
      "VCORE2")
         A[2]=$NAME
         B[2]=$VALUE
         ;;
      "+3.3V")
         A[3]=$NAME
         B[3]=$VALUE
         ;;
      "+5V")
         A[4]=$NAME
         B[4]=$VALUE
         ;;
      "+12V")
         A[5]=$NAME
         B[5]=$VALUE
         ;;
      "-12V")
	  A[6]=$NAME
	  B[6]=$VALUE
	  ;;
     "-5V")
         A[7]=$NAME
         B[7]=$VALUE
         ;;
      "V5SB")
         A[8]=$NAME
         B[8]=$VALUE
         ;;
      "VBat")
         A[9]=$NAME
         B[9]=$VALUE
         ;;
      "CPUFan1")
         A[10]=$NAME
         B[10]=$VALUE
         ;;
      "CPUFan2")
         A[11]=$NAME
         B[11]=$VALUE
         ;;
      "SYSFan")
         A[12]=$NAME
         B[12]=$VALUE
         ;;
      "CPUTemp1")
         A[13]=$NAME
         B[13]=$VALUE
         ;;
      "CPUTemp2")
         A[14]=$NAME
         B[14]=$VALUE
         ;;
      "SYSTemp")
         A[15]=$NAME
         B[15]=$VALUE
         ;;
      "SBrTemp")
         A[16]=$NAME
         B[16]=$VALUE
         ;;
      "Adapter")
         A[17]=$NAME
         B[17]=$VALUE
         ;;
      "Algorithm")
         A[18]=$NAME
         B[18]=$VALUE
         ;;
    "it87-isa-0290")
         ;;
      "w83782d-i2c-0-28")
         ;;
      "w83781d-isa-0290")
         ;;
      "via686a-isa-6000")
         ;;
      "lm75-i2c-0-4c")
         ;;
      "w83627hf-isa-0290")
         ;;
        *)
        echo "$NAME -- $VALUE -- No Match"
        ;;
esac
done
    echo ${A[1]}
    echo ${B[1]}
    echo ${A[2]}
    echo ${B[2]}
    echo ${A[3]}
    echo ${B[3]}
    echo ${A[4]}
    echo ${B[4]}
    echo ${A[5]}
    echo ${B[5]}
    echo ${A[6]}
    echo ${B[6]}
    echo ${A[7]}
    echo ${B[7]}
    echo ${A[8]}
    echo ${B[8]}
    echo ${A[9]}
    echo ${B[9]}
    echo ${A[10]}
    echo ${B[10]}
    echo ${A[11]}
    echo ${B[11]}
    echo ${A[12]}
    echo ${B[12]}
    echo ${A[13]}
    echo ${B[13]}
    echo ${A[14]}
    echo ${B[14]}
    echo ${A[15]}
    echo ${B[15]}
    echo ${A[16]}
    echo ${B[16]}

On Fri, 2003-06-27 at 20:09, Mark D. Studebaker wrote:
> I don't understand what your mapping is from a MIB entry to what 'sensors' handles.
> You are translating an SNMP 'set' to a config file and running 'sensors -s' ??
> I don't understand what's returning (or not returning) a 'null or bad value'.
> Perhaps you could elaborate on the functions of your script...
> 
> 
> Philip Pokorny wrote:
> > Another way to attack this would be to create some "standard" labels 
> > that your SNMP module would look for.
> > 
> > Then a user of your script would need to make sure the sensors.conf uses 
> > the "LABEL" directive to name the appropriate values correctly.  In that 
> > way, your script is independant of the chipset in use.
> > 
> > You could then create entries for -5V, 5V, 3.3V, 12V and -12V (which are 
> > the standard power supply voltages and generally available). 5V-standby, 
> > 3.3V-standby and Vbat (battery voltage) are also frequently available.
> > 
> > Then create a table? for Fan speeds and number them fan1, fan2, fan3. 
> > Some motherboards have multiple monitoring chips and can monitor as many 
> > as 6 or more fans.
> > 
> > Basically, pick a common subset of readings and then name them in a 
> > standard way.  We may be doing something along these lines for the next 
> > release of the libsensors library...
> > 
> > :v)
> > 
> > Charles Holbrook wrote:
> > 
> >> I have written a script that calls sensors parses the data and then
> >> loads that data into a MIB tree with either ucd or net SNMP.  I have run
> >> into a small problem with the via686a chipset though.  In all other
> >> chipset configs you can set an inX even if that chipset doesn't
> >> monitor(causing either a bad or null value to be returned)  However with
> >> the via686a chipset I have not been able to figure out for the life of
> >> me how to do that.  The reason I am trying to create placeholders for
> >> all values that can be monitored is so that the same MIB structure would
> >> apply across all systems.
> >>
> >> EXAMPLE:
> >> .1.3.6.1.4.1.2021.5822.20.101.20 is -5V on a system with the
> >> w83627hf-isa-0290 chipset and even if it wasn't there I could add a line
> >> for in6 creating that value.
> >>
> >> .1.3.6.1.4.1.2021.5822.20.101.20 on a via686a motherboard will return a
> >> fan RPM speed.
> >>
> >> Because of this difference I cannot actually use this to get any usefull
> >> data from my server cluster.  Having a mib return different values
> >> depending on the chipset is a bad bad thing.  Is there a set command I
> >> can use in the config script to force the via686a configuration to
> >> insert a line for -12V or for that matter any place holder I want to
> >> create?
> >>
> >> Thanks in advance.
> >>
> >>
> >>
> > 
> > 
> > 
> 

configuration question

[Mark D. Studebaker]

I don't understand what your mapping is from a MIB entry to what 'sensors' handles.
You are translating an SNMP 'set' to a config file and running 'sensors -s' ??
I don't understand what's returning (or not returning) a 'null or bad value'.
Perhaps you could elaborate on the functions of your script...


Philip Pokorny wrote:
> Another way to attack this would be to create some "standard" labels 
> that your SNMP module would look for.
> 
> Then a user of your script would need to make sure the sensors.conf uses 
> the "LABEL" directive to name the appropriate values correctly.  In that 
> way, your script is independant of the chipset in use.
> 
> You could then create entries for -5V, 5V, 3.3V, 12V and -12V (which are 
> the standard power supply voltages and generally available). 5V-standby, 
> 3.3V-standby and Vbat (battery voltage) are also frequently available.
> 
> Then create a table? for Fan speeds and number them fan1, fan2, fan3. 
> Some motherboards have multiple monitoring chips and can monitor as many 
> as 6 or more fans.
> 
> Basically, pick a common subset of readings and then name them in a 
> standard way.  We may be doing something along these lines for the next 
> release of the libsensors library...
> 
> :v)
> 
> Charles Holbrook wrote:
> 
>> I have written a script that calls sensors parses the data and then
>> loads that data into a MIB tree with either ucd or net SNMP.  I have run
>> into a small problem with the via686a chipset though.  In all other
>> chipset configs you can set an inX even if that chipset doesn't
>> monitor(causing either a bad or null value to be returned)  However with
>> the via686a chipset I have not been able to figure out for the life of
>> me how to do that.  The reason I am trying to create placeholders for
>> all values that can be monitored is so that the same MIB structure would
>> apply across all systems.
>>
>> EXAMPLE:
>> .1.3.6.1.4.1.2021.5822.20.101.20 is -5V on a system with the
>> w83627hf-isa-0290 chipset and even if it wasn't there I could add a line
>> for in6 creating that value.
>>
>> .1.3.6.1.4.1.2021.5822.20.101.20 on a via686a motherboard will return a
>> fan RPM speed.
>>
>> Because of this difference I cannot actually use this to get any usefull
>> data from my server cluster.  Having a mib return different values
>> depending on the chipset is a bad bad thing.  Is there a set command I
>> can use in the config script to force the via686a configuration to
>> insert a line for -12V or for that matter any place holder I want to
>> create?
>>
>> Thanks in advance.
>>
>>
>>
> 
> 
> 

Configuration question

[Jean-Damien.Pogolotti]

Hi there,

I'm new to netfilter, so please excuse my dumb questions.. I'm working on a captive portal appliance and have some issues to understand how to alter the netfilter config to do what I expect :

- Eth0 connected to the internet (192.168.70.0/24)
- Eth1 connected to a wireless network (192.168.69.0/24)
- Eth2 connected to an enterprise network (172.19.58.128/26)

I'm already using this captive portal that is working, wireless clients are authenticated then have access to the internet. Domain authentication are done using the Eth2 interface to the enterprise LDAP catalog. I've not done this config and don't really understand how it works.

What I want to achieve may looks really simple for you : I need to have access to the appliance from the enterprise network (Eth2) on the ssh and https ports.

Here is the config file :



# Generated by iptables-save v1.4.5 on Wed Mar  3 12:34:48 2010
*raw
:PREROUTING ACCEPT [2728479:934194667]
:OUTPUT ACCEPT [1108062:571157557]
COMMIT
# Completed on Wed Mar  3 12:34:48 2010
# Generated by iptables-save v1.4.5 on Wed Mar  3 12:34:48 2010
*nat
:PREROUTING ACCEPT [1288:104586]
:POSTROUTING ACCEPT [6:578]
:OUTPUT ACCEPT [16:1243]
-A PREROUTING ! -d 192.168.69.1/32 -i tun0 -p tcp -m tcp --dport 80 -m state --state NEW -j ULOG --ulog-prefix "RULE Transfert2 -- ACCEPT "
-A PREROUTING ! -d 192.168.69.1/32 -i tun0 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 8080
-A PREROUTING -d 192.168.69.1/32 -i tun0 -p tcp -m tcp --dport 8080 -j ULOG --ulog-prefix "RULE direct-proxy -- DENY "
-A POSTROUTING -o eth0 -j MASQUERADE
COMMIT
# Completed on Wed Mar  3 12:34:48 2010
# Generated by iptables-save v1.4.5 on Wed Mar  3 12:34:48 2010
*mangle
:PREROUTING ACCEPT [2728480:934194946]
:INPUT ACCEPT [1141791:637901737]
:FORWARD ACCEPT [483271:145278163]
:OUTPUT ACCEPT [1108063:571157645]
:POSTROUTING ACCEPT [1586481:716229937]
:tcfor - [0:0]
:tcout - [0:0]
:tcpost - [0:0]
:tcpre - [0:0]
-A PREROUTING -d 192.168.69.1/32 -i tun0 -p tcp -m tcp --dport 8080 -j MARK --set-xmark 0x1/0xffffffff
COMMIT
# Completed on Wed Mar  3 12:34:48 2010
# Generated by iptables-save v1.4.5 on Wed Mar  3 12:34:48 2010
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [685:203841]
-A INPUT -i lo -j ACCEPT
-A INPUT -i eth1 -p udp -m udp --sport 68 --dport 67 -j ACCEPT
-A INPUT -i eth1 -j ULOG --ulog-prefix "RULE Protect1 -- REJECT "
-A INPUT -i eth1 -j REJECT --reject-with icmp-port-unreachable
-A INPUT ! -s 192.168.69.0/24 -i tun0 -j ULOG --ulog-prefix "RULE Antispoof1 -- DENY "
-A INPUT ! -s 192.168.69.0/24 -i tun0 -j DROP
-A INPUT -s 192.168.69.0/24 -i eth0 -j ULOG --ulog-prefix "RULE Antispoof2 -- DENY "
-A INPUT -s 192.168.69.0/24 -i eth0 -j DROP
-A INPUT -m addrtype --dst-type BROADCAST,MULTICAST -j DROP
-A INPUT -s 192.168.69.0/24 -i tun0 -p icmp -m icmp --icmp-type 0 -j ACCEPT
-A INPUT -s 192.168.69.0/24 -i tun0 -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A INPUT -i tun0 -p tcp -m tcp --dport 3990 -j ACCEPT
-A INPUT -i tun0 -p udp -m udp --dport 123 -j ACCEPT
-A INPUT -i tun0 -p tcp -m tcp --dport 443 -j ACCEPT
-A INPUT -i tun0 -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -i eth2 -p tcp -m tcp --dport 443 -j ACCEPT
-A INPUT -i eth2 -p tcp -m tcp --dport ssh -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i tun0 -p tcp -m tcp --dport 8080 -m mark --mark 0x1 -j DROP
-A INPUT -i tun0 -p tcp -m tcp --dport 8080 --tcp-flags FIN,SYN,RST,ACK SYN -m state --state NEW -j ACCEPT
-A INPUT -i tun0 -j ULOG --ulog-prefix "RULE rej-int -- REJECT "
-A INPUT -i eth0 -j ULOG --ulog-prefix "RULE rej-ext -- REJECT "
-A INPUT -p tcp -j REJECT --reject-with tcp-reset
-A INPUT -p udp -j REJECT --reject-with icmp-port-unreachable
-A FORWARD -i tun0 -p udp -m udp --dport 53 -j ACCEPT
-A FORWARD -i tun0 -m state --state NEW -j ULOG --ulog-prefix "RULE Transfert1 -- ACCEPT "
-A FORWARD -i tun0 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -o tun0 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
COMMIT
# Completed on Wed Mar  3 12:34:48 2010


I've added those lines :

-A INPUT -i eth2 -p tcp -m tcp --dport 443 -j ACCEPT
-A INPUT -i eth2 -p tcp -m tcp --dport ssh -j ACCEPT

..but no luck.

Can someone give me hand here?

Kind regards,
JD.

--------------------------------------------------------------------------
This message may contain confidential information. If you are not the designated recipient, please notify the sender immediately, and delete the original and any copies. Any use of the message by you is prohibited.

Configuration question...

[Martín]

This is the situation:

I hace a linux machine, giving internet access to a win98 machine. The 
win98 machine has a soft wich does not accept NAT, so the soft does not 
work when has to connect to internet.
Linux: eth0 (wich is conected to the adsl modem > ppp0 ) 192.168.1.10
       eth1 (interface conected to the LAN, IP 192.168.2.1)

Win98: IP 192.168.2.5

What I need to do is: make the win98 software believe that it is connecting 
to a server service in the linux machine to port 10329, and that traffic 
has to be redirected to an external Ip in internet (the real server with 
the service in port 10329). And the, the traffic comeing fron that server 
has to be redirected to the win98 machine but with the source IP changed to 
192.168.2.1 (the internal IP of the linux)

Can tell me the comands to configure the linux and iptables to do this?
Thanks
       

RE: Configuration question...

[Edmund Turner]

Martin,

You can use a prerouting :
Assuming you want to connect to a tcp port 10329 on the linux machine.
 
/iptables -t nat -A PREROUTING -i eth1 -d 192.168.2.1 -p tcp --dport
10329 -j DNAT --to (the real server IP)


regards
edmund


-----Original Message-----
From: netfilter-admin@lists.netfilter.org
[mailto:netfilter-admin@lists.netfilter.org] On Behalf Of Martín
Sent: Monday, November 03, 2003 12:48 PM
To: netfilter@lists.netfilter.org
Subject: Configuration question...

This is the situation:

I hace a linux machine, giving internet access to a win98 machine. The 
win98 machine has a soft wich does not accept NAT, so the soft does not 
work when has to connect to internet.
Linux: eth0 (wich is conected to the adsl modem > ppp0 ) 192.168.1.10
       eth1 (interface conected to the LAN, IP 192.168.2.1)

Win98: IP 192.168.2.5

What I need to do is: make the win98 software believe that it is
connecting 
to a server service in the linux machine to port 10329, and that traffic

has to be redirected to an external Ip in internet (the real server with

the service in port 10329). And the, the traffic comeing fron that
server 
has to be redirected to the win98 machine but with the source IP changed
to 
192.168.2.1 (the internal IP of the linux)

Can tell me the comands to configure the linux and iptables to do this?
Thanks
       

RE: Configuration question...

[Edmund Turner]

Sorry, previous email was incomplete. This should work.

/iptables -t nat -A PREROUTING -i eth1 -d 192.168.2.1 -p tcp --dport
10329 -j DNAT --to (the real server IP):(port)

regards
edmund


-----Original Message-----
From: netfilter-admin@lists.netfilter.org
[mailto:netfilter-admin@lists.netfilter.org] On Behalf Of Edmund Turner
Sent: Monday, November 03, 2003 3:00 PM
To: 'Martín'; netfilter@lists.netfilter.org
Subject: RE: Configuration question...

Martin,

You can use a prerouting :
Assuming you want to connect to a tcp port 10329 on the linux machine.
 
/iptables -t nat -A PREROUTING -i eth1 -d 192.168.2.1 -p tcp --dport
10329 -j DNAT --to (the real server IP)


regards
edmund


-----Original Message-----
From: netfilter-admin@lists.netfilter.org
[mailto:netfilter-admin@lists.netfilter.org] On Behalf Of Martín
Sent: Monday, November 03, 2003 12:48 PM
To: netfilter@lists.netfilter.org
Subject: Configuration question...

This is the situation:

I hace a linux machine, giving internet access to a win98 machine. The 
win98 machine has a soft wich does not accept NAT, so the soft does not 
work when has to connect to internet.
Linux: eth0 (wich is conected to the adsl modem > ppp0 ) 192.168.1.10
       eth1 (interface conected to the LAN, IP 192.168.2.1)

Win98: IP 192.168.2.5

What I need to do is: make the win98 software believe that it is
connecting 
to a server service in the linux machine to port 10329, and that traffic

has to be redirected to an external Ip in internet (the real server with

the service in port 10329). And the, the traffic comeing fron that
server 
has to be redirected to the win98 machine but with the source IP changed
to 
192.168.2.1 (the internal IP of the linux)

Can tell me the comands to configure the linux and iptables to do this?
Thanks