lunedì 10 settembre 2012

D-link switches and .. "martians packets" ??

Device: Dlink DGS-1224T
Firmware: 4.21.01
IP addr: 10.2.2.8

I have a VLAN interface on my linux router built on eth2 with VID 6

eth2 = 10.2.2
eth2.6 = 10.6.6 (VLAN)

This VLAN is configured on my Dlink switch as well with untagged VLAN ports. My Dlink management interface is set on 10.2.2

Since we use shorewall as iptables interface, we have found this on syslog:

Sep 10 10:03:56 lurch kernel: [2651431.667008] martian source 10.2.2.1 from 10.2.2.8, on dev eth2.6
Sep 10 10:03:56 lurch kernel: [2651431.667011] ll header: ff:ff:ff:ff:ff:ff:00:15:63:45:05:c5:08:04


Martians ??

A possible explanation:
Packets with 10.2.2 as source reach the Dlink management interface on 10.2.2.8 (for management or just a nagios ping); as reply, the Dlink perform an ARP request like "Who has 10.2.2.x" on every ports, even on the VLAN 10.6.6 ones. As result, the Linux kernel see those 10.2.2 source packets on its eth2.6 interface and complains consequently.

A possible fixaround:
Force Dlink management interface being reachable from one network only, in my case 10.2.2, on "Configuration/802.1Q Management VLAN" tab.
Pubblicato da alle Nessun commento:
Etichette:

giovedì 6 settembre 2012

Nagios: check_http with --extra-opts

We have to check a https page which needs a login.

We want to store our login informations in a nagios only-readable file.

root@lurch:~# touch /etc/nagios/private/custom.ini
root@lurch:~# chown root.nagios /etc/nagios/private/custom.ini
root@lurch:~# chmod 640 /etc/nagios/private/custom.ini


In this example Im going to create an [https] section which includes the credentials for my login web page. This file, which will be passed to --extra-opts= plugin argument, could contains all the options listed by ./check_http -h command in the literally form. For instance:

./check_http -h
...
-a, --authorization=AUTH_PAIR
    Username:password on sites with basic authentication
...

Then:

root@lurch:~# su - nagios
nagios@lurch:~$ vim /etc/nagios/private/custom.ini


[https]
authorization = *user*:*password*


Let's write the 'commands' section. I want to call this command like 'check_https_auth'

nagios@lurch:~$ vim /etc/nagios/objects/commands.cfg


# zmo: check_https_auth 
define command{
	command_name    check_https_auth
	command_line    $USER1$/check_http -H $ARG1$ -I $HOSTADDRESS$ -s $ARG2$ --ssl -c $ARG3$ -u $ARG4$ --extra-opts=https@/etc/nagios/private/custom.ini
	}
Pubblicato da alle Nessun commento:
Etichette:
Iscriviti a: Post (Atom)