• Recent
    • Unsolved
    • Tags
    • Popular
    • Users
    • Groups
    • Search
    • Register
    • Login
    1. Home
    2. SomeOne
    S
    • Profile
    • Following 0
    • Followers 0
    • Topics 2
    • Posts 7
    • Best 0
    • Controversial 0
    • Groups 0

    SomeOne

    @SomeOne

    3
    Reputation
    382
    Profile views
    7
    Posts
    0
    Followers
    0
    Following
    Joined Last Online
    SomeOne Unfollow Follow

    Latest posts made by SomeOne

    • RE: PXE boot configuration Fortigate help

      Hi Mantvydas,
      Would you mind posting your fortigate config ?

      Thanks!

      posted in General
      S
      SomeOne
    • Ntfsclone and pigz stuck @ Syncing

      Hi,
      I built a custom kernel and init.gz using the buildroot method detailed here ([url]http://www.fogproject.org/wiki/index.php/Build_FOG_Core_Kernel[/url]) and here ([url]http://www.fogproject.org/wiki/index.php/Build_FOG_file_system_with_BuildRoot_-_init.gz[/url]), but using the 3.9.4 Kernel.

      I modified the /bin/fog under the init.gz to use ntfsclone like so
      ntfsclone --save-image -o - $part | pigz -c1 > $imgpart.gz

      I does the image and then goes up to 100 percent and gets stuck at this point

      100.00 percent completed
      Syncing …

      I hit Ctrl-C and it continues and it does the same thing for all the NTFS partitions.
      If I change the /bin/fog to this
      ntfsclone --save-image -o - $part | gzip -c1 > $imgpart.gz

      It works fine.

      It does the same thing if I try to pigz a normal folder… so it is not ntfsclone related.

      If I use the pigz -p1 switch (turning off multi-threading), it works fine also.

      I suspect something I selected or deselected while doing the custom kernel does this.

      Any ideas ?

      Here is the FOG core.config updated for 3.9.4 ([url]http://paste2.org/PU9ULw5z[/url])
      Here is my core.config based on that one, but a lot of drivers that I did not need removed ([url]http://paste2.org/pcg0CWd2[/url])

      BTW, this new core.config I created works with Servers (Tested working on Dell PE 2850, HP ProLiant DL380 G3, ProLiant DL380 G5). Working testing on others servers we have.

      Edit : I just build a 2.6.34 kernel and it does the same thing. I have a 2.6.34 kernel that I did a custom build but not using the buildroot method and that one works fine…
      Also it does this on physical and virtual machines.

      Thanks!

      posted in General
      S
      SomeOne
    • RE: FOG Image Size Difference

      Hi,
      After checking other tools (bandwidthd and ifstat), I confirmed that the size match and there is no issue.

      Moral of this post : double check with other tools before posting!

      Sorry!

      posted in General
      S
      SomeOne
    • FOG Image Size Difference

      Hi,
      I have found difference size in FOG Images size on disk (FOG Server) and what was captured using a network monitoring equipment.

      I did an Multi-partition Image All disk of a Windows 2008 Server.
      Used Space : 38G (Actual space in use according to Windows OS)
      Compressed to : 18 G (Actual used space of all files on FOG Server)

      Data Transferred : 7.25GB (Network Monitoring equipment @ switch level)

      I then did and MD5 sum of all files on the server and then compared with an MD5 of all files contained in the FOG image and they match 100%

      Is there compression used somewhere on the network transfer ?

      I checked on the net for NFS and that does not seem to do any compression

      FYI: Using ntfsclone and pigz (gzip multi-processor) ([url]http://zlib.net/pigz/[/url])

      Thanks!

      posted in General
      S
      SomeOne
    • RE: Firewall Config

      Hi,

      Here is what works for me. I did a multipart all disk image, I would assume it works for the other types too. But I did have to configure NFS to run on specific ports.
      I followed this
      [url]http://bryanw.tk/2012/specify-nfs-ports-ubuntu-linux/[/url]

      But I used the following… the -p one was not working for me
      [CODE]RPCMOUNTDOPTS=“–manage-gids --port 4002”[/CODE]
      instead of
      [CODE]RPCMOUNTDOPTS=“–manage-gids -p 4002”[/CODE]

      Here is my iptables script now. I run this script on the FOG server. So that is why i have this entry to allow localhost communication.
      I can use the browser to connect to the FOG Web console via localhost
      [CODE]
      iptables -A INPUT -i lo -j ACCEPT
      iptables -A OUTPUT -o lo -j ACCEPT
      [/CODE]

      I found port 2070-2073 and 1758-1759 here [url]http://www.symantec.com/business/support/index?page=content&id=HOWTO3401[/url]

      i also added
      [CODE]iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT[/CODE]

      see here for details : [url]https://help.ubuntu.com/community/IptablesHowTo#Allowing_Established_Sessions[/url]

      Hope it helps!

      script:
      [CODE]
      #!/bin/bash

      Flush old rules

      iptables -F

      Deny all incoming, allow all outgoing

      iptables -P INPUT DROP
      iptables -P FORWARD DROP
      iptables -P OUTPUT ACCEPT

      iptables -A INPUT -i lo -j ACCEPT
      iptables -A OUTPUT -o lo -j ACCEPT

      Exception for FTP

      iptables -A INPUT -p tcp --dport 20 -j ACCEPT
      iptables -A INPUT -p tcp --dport 21 -j ACCEPT

      Exception for SSH

      iptables -A INPUT -p tcp --dport 22 -j ACCEPT

      Exception for TFTP and DHCP

      iptables -A INPUT -p udp --dport 67 -j ACCEPT
      iptables -A INPUT -p udp --dport 68 -j ACCEPT
      iptables -A INPUT -p udp --dport 69 -j ACCEPT
      iptables -A INPUT -p tcp --dport 67 -j ACCEPT
      iptables -A INPUT -p tcp --dport 68 -j ACCEPT
      iptables -A INPUT -p tcp --dport 69 -j ACCEPT

      iptables -A INPUT -p udp --dport 4011 -j ACCEPT
      iptables -A INPUT -p tcp --dport 4011 -j ACCEPT

      iptables -A INPUT -p tcp --dport 2070:2073 -j ACCEPT
      iptables -A INPUT -p udp --dport 2070:2073 -j ACCEPT

      iptables -A INPUT -p tcp --dport 1758:1759 -j ACCEPT
      iptables -A INPUT -p udp --dport 1758:1759 -j ACCEPT

      Exception for HTTP(S)

      iptables -A INPUT -p tcp --dport 80 -j ACCEPT
      iptables -A INPUT -p tcp --dport 443 -j ACCEPT

      Exception for Portmap

      iptables -A INPUT -p tcp --dport 111 -j ACCEPT
      iptables -A INPUT -p udp --dport 111 -j ACCEPT

      Exception for NFS

      iptables -A INPUT -p tcp --dport 2049 -j ACCEPT
      iptables -A INPUT -p udp --dport 2049 -j ACCEPT

      Exception for NFS-common

      iptables -A INPUT -p tcp --dport 4000 -j ACCEPT
      iptables -A INPUT -p udp --dport 4000 -j ACCEPT

      Exception for NFS-lockd

      iptables -A INPUT -p tcp --dport 4001 -j ACCEPT
      iptables -A INPUT -p udp --dport 4001 -j ACCEPT

      Exception for NFS-mountd

      iptables -A INPUT -p tcp --dport 4002 -j ACCEPT
      iptables -A INPUT -p udp --dport 4002 -j ACCEPT

      Exception for transfer ports

      #iptables -A INPUT -p tcp --dport 1024:65535 -j ACCEPT
      #iptables -A INPUT -p udp --dport 1024:65535 -j ACCEPT

      iptables -I INPUT 5 -m limit --limit 5/min -j LOG --log-prefix “iptables denied:” --log-level 7

      iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT

      List rules

      iptables -L
      [/CODE]

      posted in General
      S
      SomeOne
    • RE: Firewall Config

      Thanks for the reply.

      So I would have to check iptables and tcpdump to see what protocol/service actually uses this and verify if ports can be specifically set.
      I will check it out and report any findings here.

      posted in General
      S
      SomeOne
    • RE: Firewall Config

      Hi
      I have been trying to find more information on these ports

      iptables -A INPUT -p tcp --dport 1024:65535 -j ACCEPT
      iptables -A INPUT -p udp --dport 1024:65535 -j ACCEPT

      Why such a huge range ?
      Is there a way to specify a smaller window ? I am not using UDPCast
      What component needs this range ?

      Thanks!

      posted in General
      S
      SomeOne