woe to the passive mode, woe to the active mode

#This always seems to bite me in the ass.
#dont’ forget to :
# modprobe ip_conntrack_ftp

-A INPUT -p tcp -m tcp –dport 21 -m conntrack –ctstate NEW,ESTABLISHED -j ACCEPT
# -A OUTPUT -p tcp -m tcp –dport 21 -m conntrack –ctstate NEW,ESTABLISHED -j ACCEPT
-A INPUT -p tcp -m tcp –dport 20 -m conntrack –ctstate ESTABLISHED,RELATED -j ACCEPT
#-A OUTPUT -p tcp -m tcp –dport 20 -m conntrack –ctstate ESTABLISHED -j ACCEPT
-A INPUT -p tcp -m tcp –sport 1024: –dport 1024: -m conntrack –ctstate ESTABLISHED -j ACCEPT
#-A OUTPUT -p tcp -m tcp –sport 1024: –dport 1024: -m conntrack –ctstate ESTABLISHED,RELATED -j ACCEPT

xen xcp xapi change from eth0 to eth1 (after you delete eth0 eth1 becomes eth0 orn reboot)

#get the uuid of the box you want to add the eth1 to
xe vm-list

#list the interfaces that are associated with that box
xe vif-list | grep

#get list of network-uuids to pick from (in my case there are only 2)
xe vif-list |grep network-uuid| sort -u

# make the eth1 interface
vif-create device=1 vm-uuid= network-uuid=

# plug in the eth1 interface (uuid from prior step)
xe vif-plug uuid=

# unplug the eth0 interface (uuid from step 2)
xe vif-unplug uuid=

#delete the eth0 interface (after a reboot your new eth1 will be eth0)
xe vif-destroy uuid=

funky networking bug

Able to download at 8-20 Mbps, only able to upload at 300kbps. Advertised rate is more than 10x that. It was on all uploads I tried (ssh, ftp, http).

Aside: it is nearly impossible to do anything on Charter’s website but get stuck in their endless “help pages”.

Finally called and they eventually got me to plug directly into the cable modem, and the problem is gone. So after giving their tech support person high marks, I tried to upgrade to latest free router software but no go, my wrt couldn’t get an IP from charter – downloaded next most recent version to my smart phone and then ftp’d it from my smart phone with an FTP server app over wifi. (I didn’t have the right software to download data from my new smartphone over the cable – darn MTP)

The initial problem was with a very old version of the free router software on a WRT and 1 year old motorola cable modem. The version that would install kinda worked with faster uploads but would frequently crash, so switched to a red vegetable variant with much better results.

xcp add disk

xe sr-list #gives you a list of sr’s from which to pick a sr-uuid

xe vdi-create sr-uuid= name-label= type=user virtual-size=
#the above vdi-create outputs a vdi-uuid

xe vm-list # gives you a list of vm’s from which to pick a vm-uuid

xe vbd-create vm-uuid= vdi-uuid= bootable=false mode=RW type=Disk device= #pick an unused device name (my box had “disks” up to xvdc so I used xvdd)
# the above vbd-create outputs the vbd’s uuid

xe vbd-plug uuid=
#your new devices should now be visible from your domU

new vps with centos 6 for tinydns secondary

yum update -y ;

vi /etc/sysconfig/iptables; #configuring iptables is an exercise for the reader
iptables-restore /etc/sysconfig/iptables;

/etc/init.d/httpd stop;
chkconfig --del httpd;

/etc/init.d/sendmail stop;
chkconfig --del sendmail;

/etc/init.d/xinetd stop;
chkconfig --del xinetd;

#install daemontools (djb does crazy things with symlinks - trust me when I say you want this package installed and built under /usr/local)
yum install gcc -y;
cd /usr/local/src;
wget wget http://cr.yp.to/daemontools/daemontools-0.76.tar.gz;
tar zxf daemontools-0.76.tar.gz;
pushd admin/daemontools-0.76;
vi src/conf-cc;# append gcc line with this: -include /usr/include/errno.h ;
./package/install;
popd;

#install ucspi
wget http://cr.yp.to/ucspi-tcp/ucspi-tcp-0.88.tar.gz;
tar zxf ucspi-tcp-0.88.tar.gz;
pushd ucspi-tcp-0.88;
vi conf-cc ;# append gcc line with this: -include /usr/include/errno.h ;
make setup check;
popd;

#install djbdns
wget http://cr.yp.to/djbdns/djbdns-1.05.tar.gz;
tar zxf djbdns-1.05.tar.gz;
pushd djbdns-1.05;
vi conf-cc; # append gcc line with this: -include /usr/include/errno.h ;
make setup check;
popd;

#install a local dns server for looking up addresses
useradd -d /var/dnscache -s /bin/false dnscache;
useradd -d /var/dnscache -s /bin/false dnslog;
rm -rf /var/dnscache;
dnscache-conf dnscache dnslog /var/dnscache 127.0.0.1;

touch /var/dnscache/root/ip/127.0.0.1;
ln -sf /var/dnscache /service/;

#update the root nameservers that dnscache above uses
yum install bind-utils -y;

/etc/init.d/named stop;
chkconfig --del named;

for file in `dig |grep root-servers.net|awk '{ print $5 }'`;do host $file;done|grep -v IPv6|grep -v mail|grep -v pointer|awk '{ print $4 }'|sort -n > /var/dnscache/root/servers/@ ;

#setup svscan
#this next line is for centos and variants -- ubuntu doesn't seem to have an #/etc/inittab
vi /etc/inittab # get rid of this line: SV:123456:respawn:/command/svscanboot
#the next 5 lines work on centos and kin and ubuntu and kin
echo "start on runlevel [12345]" > /etc/init/svscan.conf;
echo "respawn" >> /etc/init/svscan.conf;
echo "exec /command/svscanboot" >> /etc/init/svscan.conf;
initctl reload-configuration;
initctl start svscan;

#setup tinydns
useradd -d /var/tinydns -s /bin/false -M tinydns;
useradd -d /var/tinydns -s /bin/false -M tinylog;
tinydns-conf tinydns tinydns /var/tinydns IP;
ln -sf /var/tinydns /service/
# configure your replication
# e.g. rsync over ssh triggered from the Makefile on the primary
# exercise for the reader ...

backup to warm-swapable disk

#physically insert disk
# on this next line the hostN number may be different
echo “- – -” > /sys/class/scsi_host/host5/scan
mount /dev/sdc1 /mnt
rsync -aHxv /boot /mnt
rsync -aHxv /dev /mnt
rsync -aHxv / /mnt
#this is for a special home directory
mount –bind / /media
rsync -axv /media/home/user /mnt/home/
umount /media
umount /dev/sdc1
#stuff to spindown disk
sudo hdparm -Y /dev/sdc
#physically remove disk

djbdns dnscache

This is great simple way to get off of your ISP’s dns, e.g. stop them redirecting you to their search partner when you typo. And very handy if you’re working with DNS or changing webhosts, in that a quick sudo killall dnscache clears out your cache so you can see the new site right away.

#install daemontools (djb does crazy things with symlinks – trust me when I say you want this package installed and built under /usr/local)
yum install gcc
cd /usr/local/src
wget wget http://cr.yp.to/daemontools/daemontools-0.76.tar.gz
tar zxf daemontools-0.76.tar.gz
pushd admin/daemontools-0.76
vi src/conf-cc # append gcc line with this: -include /usr/include/errno.h
./package/install
popd

#install ucspi
wget http://cr.yp.to/ucspi-tcp/ucspi-tcp-0.88.tar.gz
tar zxf ucspi-tcp-0.88.tar.gz
pushd ucspi-tcp-0.88
vi conf-cc # append gcc line with this: -include /usr/include/errno.h
make setup check
popd

#install djbdns
wget http://cr.yp.to/djbdns/djbdns-1.05.tar.gz
tar zxf djbdns-1.05.tar.gz
pushd djbdns-1.05
vi conf-cc # append gcc line with this: -include /usr/include/errno.h
make setup check
popd

#install a local dns server for looking up addresses
useradd -d /var/dnscache -s /bin/false dnscache
useradd -d /var/dnscache -s /bin/false dnslog
rm /var/dnscache/.bash*
dnscache-conf dnscache dnslog /var/dnscache 127.0.0.1
touch /var/dnscache/root/ip/127.0.0.1
ln -sf /var/dnscache /service/

#update the root nameservers that dnscache above uses
yum install bind-utils
for file in `dig |grep root-servers.net|awk '{ print $5 }'`;do host $file;done|grep -v IPv6|grep -v mail|grep -v pointer|awk '{ print $4 }'|sort -n > /var/dnscache/root/servers/@

#setup svscan
# this next line is for centos and kin (ubuntu doesn’t seem to have /etc/inittab
vi /etc/inittab # get rid of this line: SV:123456:respawn:/command/svscanboot
# the next 5 lines are for both centos and kin, and for ubuntu and kin
echo " start on runlevel [12345]" > /etc/init/svscan.conf
echo "respawn" >> /etc/init/svscan.conf
echo "exec /command/svscanboot" >> /etc/init/svscan.conf
initctl reload-configuration
initctl start svscan

The above is a copy from my other post: http://rln.d13dns.com/2014/07/20/new-vps-with-centos-6-for-tinydns-secondary/

Others have also talked about setting up dnscache:
http://packetnexus.com/2010/12/how-to-install-djbs-dnscache-on-ubuntu-10-10/