Archive for August, 2008

[ DNS ] Setting hostnames based on PTR

Friday, August 29th, 2008

Xsan 2 will use the hostname to connect to a client, normally this is set correctly but due to some caching issues I had to manually set this via ARD the other day. Enjoy the quick code:

scutil --set HostName "$(host $(ifconfig en0 |

awk '/inet /{ print $2;exit}') |

awk '{print $NF;exit}' |

sed 's/.$//g')"

If would you like to contact me with comments or inaccuracies about this article, feel free

Mac OS X: Using tail

Saturday, August 16th, 2008

You can dynamically watch new lines come into log files in Mac OS X. In order to do this you can use the tail command with the -f switch. So if you want to watch your system.log file and run some processes you think will cause errors you can use the following command:

tail -f system.log

Traversing SonicWALLs with NetBIOS

Friday, August 15th, 2008

This article assumes that you already have a functioning Site to Site VPN connection setup.

1. On the SonicWALL with OS Standard, go to the ‘VPN > Advanced’ page and uncheck the box next to ‘Disable all VPN Windows Networking (NetBIOS) Broadcasts This is a global setting, and unless unchecked, no VPN SA will be able to pass NetBIOS broadcasts. When done, click on the ‘Apply’ button in the upper-right-hand corner to save and activate the change.

2. Then, go to the ‘VPN > Settings’ page and click on the ‘Configure’ icon next to the VPN policy you previously created to connect to the central site. On the pop-up that appears, go to the ‘Advanced tab and check the box next to ‘Enable Windows Networking (NetBIOS) Broadcast’. This is a per VPN SA setting and applies to this VPN tunnel only. When done, click on the ‘OK’ button to save and activate the change.

3. On the central site SonicWALL with OS Enhanced, go to the ‘VPN >Settings’ page and click on the ‘Configure’ icon next to the VPN policy you previously created to connect to the remote site. On the pop-up that appears, go to the Advanced tab and check the box next to ‘Enable Windows Networking (NetBIOS) Broadcast’. When done, click on the ‘OK’ button to save and activate the change.

4. Then, go to the ‘Network > IP Helper’ page. Check the box next to ‘Enable IP Helper’, make sure the box next to ‘Enable DHCP Support’ is unchecked (unless you are using this feature – DHCP enabled enabled you may not be able to uncheck this setting), and check the box next to Enable NetBIOS Support’. You will notice that there will be an autocreated IP Helper Policy listed as a result of the previous step’s configuration. When done, click on the ‘Apply’ button in the upper-right-hand corner to save and activate the change.

5. On XP workstations you will need to reboot them (or wait about 30 minutes) for the broadcasting to work, and NetBIOS results to populate “Network Neighborhood”
NOTE: On Vista workstations you can hit refresh a couple of times (this may take up to 5 minutes – but no reboot required), and it should start populating pretty quickly.

Mac OS X Server 10.5: NATd

Tuesday, August 12th, 2008

There are certain aspects of Mac OS X Server that it just isn’t that great at. One of them is acting as a router. It’s just a fact that an appliance by SonicWALL, Cisco, Watchguard and sometimes LinkSys will run circles around the speed and feature set of Mac OS X Server. So with that in mind, let’s look at how you would go about configuring a basic port forward on OS X Server if you decided not to listen to us on this point…

You can use the /etc/nat/natd.plist. The key you’ll want to edit is the redirect_port, one per port or a range of all in one key… Basically the array would look something like this assuming you were trying to forward afp traffic to 192.168.0.2 from a WAN IP of 4.2.2.2:

redirect_port

proto

TCP

targetIP

192.168.0.2

TargetPortRange

548

aliasIP

4.2.2.2

aliasPortRange

548

You could also use the route command or ipfw depending on exactly what you’re trying to do with this thing. Route is going to be useful if you’re trying to respond to network traffic over a different interface than the default interface.

Configuring a SonicWALL for Fonality/Trixbox

Thursday, August 7th, 2008

The Fonality/Trixbox server and phones should be on the same subnet, separated from the data network.

On the SonicWall:

Under Network/Interfaces, create a new Interface for the Phone System. Under the Zone option, create a new Zone for the Phone System. Name the zone Phone System. Under the “Switch Ports” tab, assign it a port on the SonicWall. Label this port for the phone system (in the SonicWall OS and physically).

Mac OS X Server: Cascading Software Updates

Thursday, August 7th, 2008

Software Update Services allow your server to cache updates from Apple and then redistribute them to clients within your organization. Now, this is going to greatly cut down on the amount of bandwidth consumed when new software patches are released. But if you have a large distributed organization you might want to have multiple Software Update Servers daisy-chained together in a cascade to download updates from each other and provide updates to sets of clients (maybe they’re geographically separated or you just have too many clients to provide updates to for just one server). Cascading the Software Update Services would further conserve bandwidth in your environment if you have multiple Software Update Servers.

In order to cascade Software Updates from one server to another you would first setup your first Software Update Server. Let’s say that we set it up as SUS1.domain.com and set it to run on port 8080. Next you would setup your second server (let’s call it SUS2.domain.com) and edit the “metaindexURL” key (by default it’s set to be swscan.apple.com) of the file, /etc/swupd/swupd.plist. So you would change the key to be SUS1.domain.com/content/meta/mirror-config-1.plist.