星期六, 3月 10, 2007

NFS exports FUSE problem

It is a known problem since, at least 2003, but haven't been fixed so far.

A patch for fuse kernel modules is available here.

Discussion on FUSE list.

If you try to export FUSE file system over NFS, you would see error message in daemon.log like this:

Mar 2 13:49:46 235-194 mountd[3211]: authenticated mount request from nb:907 for /mnt/sdb3 (/mnt/sdb3)
Mar 2 13:49:46 235-194 mountd[3211]: getfh failed: Operation not permitted

To be able to export over NFS, a file system driver should implement export_operations functions.

iptables SAME target

The history of SAME is to make a target act like SNAT, but choose the SAME source address for SAME destination address.

Before kernel 2.6.11 you could specify more than one --to-source option for SNAT, kernel will choose any of these addresses to do NAT. After 2.6.11 you could still assign a block of continuous address in --to-source, for example --to-source 192.168.0.1-192.168.0.5. But you can not assign multiple --to-source like --to-source 192.168.0.1 --to-source 192.168.1.1.

Instead, you should use SAME target,
iptables -A POSTROUTING -j SAME --to-source 192.168.0.1 --to-source 192.168.1.1
This gives a client the same source-/destination address for each connection.

Add/Remove Services in Windows

Some program may install services on your system, and when they have problem during install/uninstall. There may be a zombie service left on your system. You will see the error message "At least one service or driver failed during system startup. Use Event Viewer to examine the event log for details." every time you boot, and this slow down the boot process. You try to set the service to be Disabled in Services Manage Console,but could not find that service exist.

What you need is SC.exe - a command line program used for communicating with the Service Control Manager and services.

sc query lists all services installed on your system, the list could be too long to display on console, use sc query > service.txt to redirect all services to a file.

All service description looks like this:

SERVICE_NAME: ALG
DISPLAY_NAME: Application Layer Gateway Service
TYPE : 10 WIN32_OWN_PROCESS
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN))
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

To start/stop a service : sc start/stop service_name
To uninstall : sc delete service_name

I have had an ASInsHelp service from ASUS Monitor , which failed to install on 2003 and could not uninstall cleanly. Give me the annoying warring message every boot. After the service removed, booting obviously faster.

Windows Server 2003 NAT

Windows XP/Vista裡面用的網路共享叫 ICS(Internet Connection Sharing).
非常簡單,private lan的ip固定在192.168.0.0/24,也只可以有一個wan.

Windows 2000/2003 server版本的有Routing And Remote Access 這個路由服務,雖然XP也有這個,但是沒有辦法設定.

Windows Server 可以設定成VPN Server,Router,NAT 等功能.
從控制台->Administrative Tools->Routing and Remote Access 裡面設定

這個工具可以一次管理很多台server ,先用Add Server 加入本機.
然後執行Configure and Enable Routing and Remote Access
每次Enable/Disable一次就要重新設定,沒有辦法儲存,很麻煩
有幾個預設選項 VPN/NAT 之類的組合,可以選Custom看看總共有哪些選項
選取NAT and basic firewall之後讓他啟動就好

在左邊IP Routing->NAT/Basic Firewall 底下新增你的public/private介面.
Public interface 記得要enable NAT. Address Pool的地方很方便,可以設定一群public IP來使用,有點像是linux multipath routing.

底下有簡單的packet filter,可以根據IP/PORT來決定要不要FORWARD.

設定好之後,可以在Interface右鍵選show mappings來看目前NAT的狀況