Tuesday, May 31, 2005

Vonage or something else?

As part of the customer go live on the 30th I was on a long con call.

Twice during the call I got the receiver off-hook tone. At first I was
thinking that it might be interference between the cordless and my
wavelan. Since I was hardwired that was right out.

So I had two calls, that terminated at exactly 4 hours (4:00:00) into
the calls. A Vonage limitation? Some sort of counter overrun?

Since I don't see anything after a quick search about 4 hour call limits
for Vonage calls...

I assume, maybe I am wrong that other people have phone calls for more
than 4 hours. I assume that it is not the VT1005V, since it is
reasonable that some number of people who have calls longer than four
hours have the same device.

What most of those people probably don't have is an ipfilter firewall.

Could it be an aspect of keep state? Maybe I need to upgrade to
unlimited calling...since I have unlimited calling on my cell phone I
think I have the perfect test setup!

Monday, May 30, 2005

DNS Woes

So the new site go live... Current DNS lookups depending on who you ask
return: www is a CNAME to CDN www is an A record to old site foo is a
CNAME to www foo is a CNAME to CDN Which in addition to the above can
return: foo is a CNAME for www is a CNAME to CDN is an A record for a CDN
server foo is a CNAME for www is an A record to the old site This shows
that the lookup for foo sometimes goes to a DNS server that has the old
info for foo. Foo previously being a CNAME for www results in a lookup for
www. The lookup for www sometimes goes to a server that has the new info
and sometimes the old. The real confusion being the belief that if the
final answer is the CDN there should be no intermediate CNAME. We just had
a spirited conversation that resulted in browsers being restarted, which
cleared up a number of interesting behavior patterns. Now to try and find
some lunch since I didn't get a good breakfast and it is almost 3pm

Wednesday, May 25, 2005

BlogEd Strange Display Behavior

BlogEd is writing HTML for me. Historically I am not a fan of HTML

And it appears that this one is doing strange things to the fonts in

  • Bulleted

  • Lists

As well as

  1. Numbered

  2. Lists

It is probably style sheet related.

Solaris 10 ipfilter ipnat and PPTP

I have been having a problem setting up PPTP tunnels since I upgraded my
firewall to Solaris 10 (nv_12).
Some basic tests clearly
indicated that the problem was with my configuration.

  1. My BSD firewall with ipfilter worked

  2. My laptop direct worked

As part of the migration I copied the ipf.conf and ipnat.conf files that I
had been using.
Once the firewall was up on Solaris 10, I
installed the files and changed the interface names to match.

After installing the rules, I had to edit pfil.ap and add a new
interface type. svcadm start ipfilter and everything started
working...almost. All of my web browsing, inbound/outbound mail, inbound
http and ssh worked. The only thing that I couldn't do was create a PPTP

I have been poking the config for a few weeks never making the time to
sit down and really think about the problem. Last night I took some time
to start at the beginning and see if I could work it out.

After reading through the Section 4 of the ipf and ipnat man pages a few
more times to make sure I wasn't doing anything obviously wrong. I
practiced my googlescholar skills and looked at a bunch of mailing-list
posts, the pptp rfc and piles of other stuff. The trigger was seeing a
post indicating that all GRE traffic needed to be redirected to the PPTP

Kicking off a number of snoops an ipmon and finally (and I don't know
why I didn't do this a while ago) I ran a tcpdump for proto gre on my

  • From the external snoop I was able to see the inbound and outbound

  • From the ipmon I was able to see the inbound and outbound traffic

  • From my laptop, I could only see the outbound gre

The "fix" is to specifically route all gre traffic to the address of my

I need to see if I can do it without the hard coding of the IP addresses
that part is lame.  

The rules that make everything work are:

:::::::: ipf.conf ::::::::
pass out quick on extint proto tcp from any to any port = 1723 flags S keep state
pass out quick on exitint proto 47 from any to any
pass in quick on extint proto 47 from any to any keep state

:::::::: ipnat.conf ::::::::
rdr extint PPTPserverip/32 port 0 -> laptopip port 0 gre

Tuesday, May 24, 2005


I prefer plain text mail.

No fancy
fonts and colors required.

So this mail from Sun of all places was a bit of a disapointment.

It's one thing to send HTML mail it is another to send HTML mail and
call it text/plain.


The Dashboard widget blogger is neat, but I think it is missing some of
the features I would want like drafts. The interface is also overly large
and not resizeable.

Friday, May 20, 2005

Solaris 10 Zones and N1GE6

I am trying to decide if it is cool or if I have no life(this is generally
rhetorical) I recently (last night) created some more zones on one of my
machines. Subsequently I installed N1 Grid Engine 6. The install was
surprisingly easy. Literally 1) Install Packages 2) run
$SGE_ROOT/install_qmaster 3) share $SGE_ROOT via nfs 4) mount shared
$SGE_ROOT at $SGE_ROOT on each node 5) run $SGE_ROOT/install_execd on each
node 6) run jobs $SGE_ROOT/examples/jobs/pascal.sh 200 Things I have found
out: 1) 50000 jobs in simple queuing results in horrible io wait on an
underpowered PC         e.g. qstat may as well never respond for how long
it takes at 99% io wait 2) 20000 jobs in BerkeleyDB queuing isn't to bad,
but it will be a while before they are done running.         e.g. qstat
takes 3s to return the list (15727 entries currently) Things to try: 1)
add the little PCG-U3 laptop as an execution host 2) add my powerbook as
an execution host 3) add C-'s ibook as an execution host 4) pascal.sh 500,
just to see if 125250 jobs will kill it Remaining Jobs at 60s + qstat run
time intervals Fri May 20 17:40:56 EDT 2005 | 15688 Fri May 20 17:42:04
EDT 2005 | 15673 Fri May 20 17:43:14 EDT 2005 | 15661 Fri May 20 17:44:26
EDT 2005 | 15646 Fri May 20 17:45:37 EDT 2005 | 15631 Fri May 20 17:46:44
EDT 2005 | 15616 Fri May 20 17:47:56 EDT 2005 | 15604 Fri May 20 17:49:07
EDT 2005 | 15589 Fri May 20 17:50:15 EDT 2005 | 15574 Fri May 20 17:51:27
EDT 2005 | 15562 About the server: s10_69 (still haven't gotten around to
the upgrade to Nevada Build 14 I want to see New Boot) System
Configuration: Sun Microsystems i86pc Memory size: 768 Megabytes AMD: K6
600MHz Currently Running 5 zones(3 execution hosts, apache, torrus
collector) Technorati Tag: Technorati Tag: Technorati Tag: Technorati Tag:

Friday, May 13, 2005

Solaris DHCP and Replay TV

I have a ReplayTV, I have had it for a couple of years. Until now I
haven't had any problems to speak of. I recently installed Solaris 10 on
my firewall. As part of that process, I moved DHCP to a different Solaris
10 server in my network. The ReplayTV (named Bob), sends dhcp requests
asking for addresses with the host name "RTV Bob". 42856e77: Datagram
received on network device: rtls0(limited broadcast) 42856e77:
select_offer: hostname request for RTV Bob 42856e77: name_avail(F):
gethostbyname_r failed, err 2 42856e77: select_offer: name_avail false or
no address for RTV Bob This is a problem. So now I have manually assigned
it an address, but it appears hung. I think it might be running an update,
but I can't be sure. I am tempted to powercycle it, but instead I think I
will go to bed. It might get kicked in the morning. On another note, the
email support link specifically says "Not for technical problems"...WTF I
guess it would be silly to send them mail about hostnames with spaces
then. Or not, it just started responding right before I was about to
submit this entry

Monday, May 2, 2005

Solaris 10 Beta Exam Part 1 - Passed

From the ~180 questions the end result was a field of 58. I Passed! I am
curious to know how I did on the full spread. Things that could have gone
better: Printing (So not a surprise) Software Installs File systems High
points: Security Booting and Shutting Down Backups and Restores It is a
shame that you don't get immediate feedback on Beta exams, I might have
better remembered the things that I thought were problematic aside from
the general printing kicked my butt. Part 2 will be the real question, it
was much more Solaris 10 specific, or rather there are a lot of things
that had different ways of being done before Solaris 10. It is however
suggested that Sun Edu. Services would be more than willing to help me out
on the weaker aspects.

Referrer Humor (To me anyway)

Unfortunately YakShaving appears to fit in quite well with thoughts of
"Itcy and Scratchy" Most of the other direct hits have to do with my next
post, which not existing yet probably gets a special tense from the "Hitch
Hiker's Guide to The Galaxy" This post will probably get some poor people
who are looking for something useful or informative or both as well.