Monday, December 29, 2008

Rescuing Linksys WRT54G

Is your Linksys WRT54G power light blinking continuously and not in working order? If it is, then it simply means you most likely have been playing around with 3rd party firmware and the previous firmware was not properly flashed.

Have you tried to re flash it but problems still persist? Then the following rescue method applies if your Linksys WRT54G still respond to pings at its default IP. As long as your Linksys WRT54G is a v4 or below, then you're in luck.

Basically you will be doing the same thing, which is to re flash the firmware but this time use this particular one which you can find here. Instead of a .bin file, you will flashing a .trx file.

If you have never flash before, then you can follow these simplified steps.

1. Download the firmware from the link above.

2. Set up your system (PC or notebook) with static IP of 192.168.1.2/255.255.255.0

3. Connect your system to one of the 4 ports on the wireless router.

4. Open up a command prompt and go to the folder where the firmware you downloaded from the link above is located

5. Power up the router

6. Execute this command and wait till it is finished

tftp -i 192.168.1.1 PUT openwrt-brcm-2.4-squashfs.trx

7. If the power light stops blinking, you've have successfully recovered your router!

You can access the router's management page through your web browser at http://192.168.1.1.

If you prefer to use back Linksys official firmware, just upgrade it through the web interface.

Sunday, December 21, 2008

Cable breaks

Experiencing slow Internet access? Well here's the reason

http://uk.reuters.com/article/rbssTechMediaTelecomNews/idUKLK37775420081220

Saturday, December 20, 2008

Glitch

This is not exactly a InfoTech post but it does drives the message across. If the conventional don't work, maybe this will

Sunday, November 30, 2008

Using 2Wire adsl wireless router with Starhub cable

You can use it but not all of its function will be available. If you plan to use it to share your cable Internet, then it can't.

The 2Wire is a 4-in-one device comprising of adsl modem, a router, a switch and an access point. Of the 4, you can no longer use it an adsl modem as it won't work with your cable. You also can no longer use the the router function as it work between the adsl interface and the ethernet (switch) interface. Since you're not using the adsl interface, then there's no routing. That also means no NAT hence no sharing.

So what it can function now is as a switch and an access point. To share your cable, you still need a router, although need not be wireless, to share your internet. So what it should look like then is as below

cable modem <> ethernet router <> 2 wire

This way, you will have wireless networking without having to buy another wireless access point or router.

All you have to do is the turn off the DHCP function on the 2wire by setting a static IP on it as shown below.

Monday, November 24, 2008

Sharing Starhub digital voice

Your Starhub digital voice is working fine but only the phone in the same room can be used?

If you want all the telephone points in the house to be able to use the service, what you need to do simply place a splitter on the modem where one line goes to a phone in the same room and the other to the nearest telephone point in the room

Sunday, November 23, 2008

Old articles

I still have my old articles at www.azacamis.com. If anyone needs any of the pages, let me know and I will post it here

Tuesday, November 18, 2008

Dual core/processors

Everyone wants dual core and many don't even know what the hell it is other than 2 is always better than one.

Dual core is similar to having two processors or what they call dual processors, duh. The most common misconception with dual core/processors is that it equals twice the speed. In reality 2Ghz dual core or dual processors does not equal 4Ghz. That is not how it works.

Let's use the analogy of a car. A car's top speed usually depends on its engine capacity. The higher the engine capacity, the more likely its top speed increases. When it can travel faster, it can reach a destination faster too. This is why a processor keeps increasing in speed as well. The faster it is, the faster it can complete its task too.

Having dual core/processors is not like having the engine overhauled with twice the engine capacity. In fact what you get is two of the exact same cars. How does it helps in completing a task faster?

Say there are 10 of you planning to go somewhere. If you have only one car, only 5 person can travel at one time. If the journey takes 30mins, then the total time taken will be 60mins for all 10 to reach the destination (exlude the time taken for the car to travel back to pick up the other 5). Now if you have 2 cars, all 10 people can travel at the same time and hence reach the destination in 30mins. That is half the time taken as compared to if you only have one car. If you translate that passenger load into tasks a processor has to compute, then it means a dual core/processor equipped computer will take half the time to finish a task as compared to a single core/processor computer.

So sounds good doesn't it? However, there are few things you have to take note of.

Your operating system and applications must be dual core/processor aware to take advantage. That means it must know that there are two processors it can use. If they are not, then they can only detect one processor and the other one will not be used at all. When that happens, you are better off with one processor instead. This is the same as having 10 people with 2 cars but none of them realised they have a second car that they can use.

Also, dual core/processors will only be effective when the load requires more than 1 processor. In the example of the car, even if there are 2 cars but only 5 people, then effectively one of the two car is useless as only one car is required.

Now, not to confuse you but although I did mentioned that it is pointless if your applications cannot make use of dual core/processors, it still have its advantages as long as your operating system does. Having dual core/processors with an operating system that is aware of its existance means that your operating system no longer need to fight with your applications for resources. In single core/processor system, if an application sucks up all the resources a processor has, your operating system is left breathless and that is how systems hangs or slows down. An application runs on top of the operating system. If the operating system is dying, how can the application run? In a dual core/processor system, an application can suck up all the resources on one core/processor and the operating system can rely on the other to stay alive.

So yes it does speed things up (depending on the scenario above) but no, it is not all the time.

Phishing

This is for those who are still in the dark about phishing. Phishing means a bogus site that masquerades as the real site.

Look at the screenshot below that shows a site that looks like PayPal



If it's the real PayPal, then the address bar will usually show http://www.paypal.com and not numbers (which are IP addresses) like the ones in the picture above.

However, that does not mean that you cannot use IP address to visit PayPal website but you need to make sure that the IP address you use is correctly pointing to the real PayPal website.

To do that, go to this site. There, choose LOOKUP and enter the URL, in this case www.paypal.com, in the box.


For www.paypal.com, the results are these


IP address: 66.211.168.193
Host name: www.paypal.com
66.211.168.193 is from United States(US) in region North America

Therefore, by entering http://66.211.168.193 and http://www.paypal.com in your browser should bring you to the true PayPal website.

Clearly, the IP address 213.242.251.60 in the screenshot above, which differs from official records, are fake and pointing to a machine to harvest your real account details.

The details of this fake website are as below


IP address 213.242.251.60
Location RU RU, Russian Federation
City Yekaterinburg, 71 -

Also, reputable sites like paypal will not have an unsecured login page with. Secured login page will start with https:// eg https://www.paypal.com. Sometimes even fake sites do provide a secured page, so to ensure that you a
re visiting the right secured page, click on the security tab, usually an icon of a lock at bottom of your browser, to verify that the certificate assigned to the site is authentic.

Monday, November 17, 2008

Intel PROset/Wireless software installation error

If you receive the following error while installing Intel PROSet/Wireless software on your Windows

Cannot run installer for Intel PROSet/Wireless software. Please make sure that there are no 'Found New Hardware Wizard' dialogs open and that the installer has only been launched once.

Go to Services and set Plug and Play service to disabled. Restart your system and run the installation program again. You can turn back to automatic after you have finish installing

Thursday, November 13, 2008

Choosing the right notebook/laptop

I have always been asked "What is the best notebook to buy?" and everytime I would answer with "What is your budget?". Some answered "no budget" but when I told them to get something expensive, they would retract and say they don't need high end models.

Another frequently asked question is "what is the best brand?". If only one brand is considered the best, the rest would have fold up their business long ago right?

So what's my point here? Choosing notebooks is actually really easy. You just get what you need, not want, but need. If we go by 'want', then it is endless, price wise.

Let me give a run down on what you would want to look out for

1. Weight
2. Screen size
3. Usage
4. Battery life
5. Comfort
6. Features

The thing is, all of them are related. If you choose one feature, you have to forgo some of the others. So this guide will hopefully help you, if you're looking for one, to choose what fits your needs.

Before I elaborate further, let me remind you that choosing a notebook by giving too much priority to the processor alone is pointless. A notebook can never perform as good as a desktop, period. Well, never might be the wrong word to use, but for now it certainly is. Currently, any dual core equipped notebook will do, and I really mean any. Processors are only part of what makes a notebook 'powerful'. Most of the time, a processor is more than enough to do what you want but other factors prevent it from doing its job. Memory and hard disk are the two main culprits. A notebook with a high end processor but low on memory will cause the hard disk to work harder hence slowing everything down.

Since we are on this, let me just touch briefly on the purpose of the Random Access Memory (RAM).

If you are processing something huge, the memory can only take what it can (its size) and will pass (write) data to the hard disk before it can continue processing other parts of a job. This whole process, depending on how huge a job is can take a toll on the hard disk which is way slower than the memory. So for example, opening a certain program can take quite sometime because the hard disk is being writen to and read from until the whole process completes. If you have more memory, the amount of data being writen to and read from the hard disk could be less and speeding up the whole process. So to put simply, more memory helps.

Hard disks, most of the time are the bottleneck. Take a look at any notebook. If it is slow, look at the hard disk activity. Most of the time the notebook is waiting for the hard disk to finish its job. Too bad, there aren't many choices for hard disks. Even if you go for 7200rpm ones, they are battery killers. So if battery life is important to you, take note of this.

For now, 1GB of memory is good enough. If you can afford it, go for more.

So forget about the processor and pay attention to other details. Getting a higher end processor may give the notebook higher resale value but after 2 years, most notebooks are obsolete hence pretty worthless. Pointless isn't it? Dual core is a gift, take it. Don't bother about Core 2 or 3 or 4. I have been using dual processor systems almost throughout my computer life and it really does make a difference; a single processor/core machines from dual ones.

If you are a very mobile person who plans to bring your notebook like your handphone, then carrying a brick everywhere is crazy. It is the same as carrying your bowling ball everywhere you go. Weight rules here. Problem is, most lightweight notebooks are expensive due to their size. Lightweight notebooks are usually small because that is the most effective way for manufacturers to cut down on weight.

If screen size is important to you, then there are 17" notebook nowadays called desktops replacement because that is what it is meant to be use as. With that kind of size, who would want to carry it everywhere? So another pointer here. The bigger the screen size, the bigger the total size of the notebook and the heavier it gets. Big screen notebooks uses more power and hence require bigger battery packs which adds up to the weight else the battery life will dissapoint. So if you are looking for lightweight notebooks, most big screen notebooks are out.

If you want to use your notebook for games, then you need to get a notebook with good graphics card. For all other usage, any graphics cards will do.

So if you ask me how do I choose my notebook, for starters, I would ensure that I go for 1GB memory and 2yrs warranty minimum. I have had a notebook that died a few days after its one year warranty is over. The cost to replace the motherboard is almost the same as buying a new one.

Next comes the part I hate mentioning - budget. You have to have one. Any amount will do, reasonable ones of course. Once you have the amount you made up your mind to part with, you can narrow down your choices.

For the rest, arrange by priorities

1. Screen size.

If you want to go for lightweight ones but will not be comfortable with 12" screen, then there is no point either. As mentioned weight will be affected by the size of the screen.

2. Format - wide or conventional.

Widescreen is good for watching movies although you will need getting use to if you have used conventional all your life. If you hate widescreen, conventional it is.

3. Graphics card.

If you're not choosy, any notebook will do. If you are particular, then there will be less to choose from. Generally, the more memory the graphics card has, the better it is. This memory is independent of the system's memory. Remember how memory helps? Also, there are many kinds of graphics card with different chipset. If you are a gamer, I think you should know what you want.

4. Features.

This is when you looked out for bluetooth, firewire, web-cam etc. For those going for lightweight notebooks, a lot of them comes with external optical drive to reduce the weight of the main system itself. So you have to make your choice if you really must have one built-in. If you do not mind external ones, make sure you get those that do not need external power. A lot of them nowadays come with their own battery pack that charges each time you USB plug it to a system. Wireless is standard nowadays, so no worries.

5. Physical attraction.

Choose which notebook appeals to you, in terms of looks. For me, I would choose something thin, something you can slide down your bag easily. A light and fast but thick as a brick notebook may not be appealing overall. A notebook normally tapers from the back. So something within 3.0-3.5cm at the front and 4.0-4.5 cm at the back is reasonable. Anything more is simply too thick. If you don't care at all, you will have more to choose from.

6. Battery life.

No brainer here. The longer it is, the better they are. No point bringing a notebook out for 1hr and it later becomes a useless brick

7. Weight

Actually this part is somewhere in between. If weight is more important to you, then maybe you can forgo a little battery life. Up to you which one is of more priority.

8. Feel

Lastly, go try it out. Feel how the keyboard works for you. Try to get those with full size keyboards so it will not be a nightmare to switch constantly from a desktop to your notebook. If at this stage you find the notebook not satisfying, then go back a few steps and start again.

There, that's it. How hard is it? I am sure most would ask what brand? Again, does it matter? As long as it fits your budget, any brand would do right? Personally, there are a few brands I like.

First of all, Panasonic. They are light and have super long battery life. Check out their range of Toughbooks. Downside, they are expensive! Most are 3.4k and above.

Next would be Dell. They are considered very much affordable. Downside, most are not that light. If they are, they are expensive. I would rather go for Panasonic.

Acer are affordable too, a little more expensive than Dell. Design wise is not bad and its feature packed with built-in web cam etc.

Fujitsu makes nice notebooks. They are considered expensive and they are conservative, so they are quite slow feature wise. As compared to Panasonic, Fujitsu wins by looks and comfort. I have always like how Fujitsu notebooks feels - their keys etc. Battery life, Panasonic wins hands down.

I have always hate IBM/Lenovo, no offence to IBM/Lenovo lovers. Ugly, heavy and not necessarily reliable, I can assure you of that. Lenovo knows that and they are trying to change. Not bad price wise, since most are made in China.

Compaq notebooks looks good too. Price wise is ok too.

Toshiba are generally expensive. Design pales in comparison but they try to be in between everyone else and may satisfy those who can't find what they want from other brands.

So remember, get what you need and not want, unless you can sign a blank cheque.

Wednesday, November 12, 2008

Starhub free broaband with HubStation

Starhub TV now allows renting of HubStation which comes with a free 1Mbps Broadband Internet Access till 31 December 2009. They'll extend it for sure, just like the free incoming calls for their mobile service.

The rent may $4 more than the standard digital set up box (or $6 more than analog set up box although soon there will no more of those) but for a few dollars more, it comes with free broadband. So the total minimum cost to subscribe to their TV service with the HubStation now is $32 before GST.

So if you are not a heavy user which means you just browse, check email, watch videos on YouTube, listen to mp3 on imeem etc, 1Mbps should be more sufficient.

Official details here

Friday, November 7, 2008

Modifying default gateway as added security

You plan to build a web server that needs to be restricted to certain users on the Internet with static IPs as it involves sensitive information. As always, security is one of the most important consideration to administrators and putting up services in public networks means being paranoid is warranted.

There are many ways to secure your web server.

First of all, the basic thing you can do is secure it with SSL. There is no point in restricting access when you allow unauthorised users the ability to possibly sniff an established session for sensitive information.

Next, restrict access to it by IP. You can edit your web server configuration files to accept connection only from the IPs you trust.

You can also restrict access by using certificates if it is not a hassle.

If you are paranoid, you can also implement usernames and password although this would be an overkill on top of certificates.

You have pretty much covered all that you need to at this stage although it is not impossible that they might not be enough.

You see, when you restrict your web server only to trusted IPs, hackers can masquerade as those IPs and still gain access. Of course, the other security measures we have taken such as certificates etc are the secondary security layer which should prevent such unauthorised access but what if all those layers were penetrated?

This is where modifying the system's default gateway will help.

Say for example your clients are on IP range of 123.123.123.0/24

For Linux

route del gw [current gateway]
route add -net 123.123.123.0/24 gw [current gateway]

For Windows

route delete 0.0.0.0 mask 0.0.0.0 [current gateway]
route add 123.123.123.0 mask 255.255.255.0 [current gateway] -p

What this does is to inform the operating system the web server is running on how to communicate to trusted host other than the ones within the same local network. So even if an unauthorised host masquerades as a trusted host and able to fool the web server, the operating system however will not be able to communicate with the unauthorised host because it has no information on how to do that.

Even if the operating system if fooled into thinking that a packet is coming from a trusted host when it is actually not, it will still try to communicate back with the trusted host and not the unauthorised host. The communication will obviously fail because no host from the trusted IPs initiated it.

A simply analogy is when someone disguised as John to get your data. When you use the web server IP restriction security feature, you are simply telling the web server to release the data to a person named 'John' but anyone can simply disguised as John and get the data.

By modifying the default gateway, it does not matter who disguises as John because the data will be sent to the real John. Since the real John did not ask for the data, the data will not reach anyone and kept safe.

Even if the server is fooled and tried to sent the data to the fake John's address, the operating system is not able to because it only has the real John's address to outgoing delivery and no one else.

So there you go. Hope it helps but remember, doing this means you are cutting the web server off from any other host other than the local network it's on and the specified IPs but that's what being paranoid is all about.

How to block Windows Live Messenger with Squid

Most network administrators don't really care if the users waste their time chatting away on the net. It's not their job to make sure that users are productive. That is up to their respective department managers to decide.

However, for most administrators, P2P programs such as Windows Live Messenger are security risk as it has the capabilities of files transfer. With that, any form of files, inclusive of damaging scripts etc can get into the network.Users can always claim ignorance but network administrators do not have that luxury

If you are using squid as a proxy and would like to block your users from using Windows Live Messenger, you can take the example from the following ACLs

# Windows Live Messenger
acl wlm_mimetype req_mime_type -i ^application/x-msn-messenger$
acl wlm_urlregex url_regex -i gateway.dll
http_access deny wlm_mimetype
http_access deny wlm_urlregex

Creating FreeRADIUS 1.1.7 package with SLES 10 SP1

So you've been happily using FreeRADIUS to authenticate your Windows 802.1x clients. Thinking of upgrading to Vista or already did and things are not working? Then you've come to the right place.

As expected something will not work as usual in Vista. PEAP 802.1x authentication will fail in Vista unless you use FreeRADIUS version 1.1.4 and above.

SLES 10 SP1 do not have a FreeRADIUS rpm version 1.1.4 and above so you have to either compile from source or make yourself an rpm file. The latter is preferable with most users especially with SLES.

The steps below will show how to make an rpm package with FreeRADIUS 1.1.7 on your SLES. If they have a new release, just substitute the version number accordingly. This guide is based on one from Novell's Cool Solutions


1. download the latest FreeRADIUS

wget ftp://ftp.freeradius.org/pub/radius/freeradius-1.1.7.tar.gz


2. untar the file

tar -zxf freeradius-1.1.7.tar.gz


3. remove the file postgreslippool.conf from the folder raddb

rm freeradius-1.1.7/raddb/postgreslippool.conf


4. tar back the files

tar -cf freeradius-1.1.7.tar freeradius-1.1.7/*


5. move the new tar file to the SOURCES folder

mv freeradius-1.1.7.tar /usr/src/packages/SOURCES/


6. copy the SUSE spec file into the SPECS folder

cp freeradius-1.1.7/suse/freeradius.spec /usr/src/packages/SPECS/


7. edit the specs file and change the Source to simply .tar

vi /usr/src/packages/SPECS


8. create the package. It will fail because of dependencies issue. Resolve them by installing what is missing and then repeat the process.

rpmbuild -ba /usr/src/packages/SPECS/freeradius.rpm


9. install the rpm. Substitute the build accordingly eg i586. The right rpm for your build will be in the right RPMS folder

rpm -ivh /usr/src/packages/RPMS/build/freeradius-1.1.7-0.sles10.i586.rpm

Virus scanner for mail servers

There are tons of guides on this but hopefully mine is the easiest for you to follow

I am a SUSE fan, so this guide is based on the latest SLES10 which you can download from Novell. Everything you need is available in that distribution.

If you are new to SUSE, or even Linux, this distro is very easy to use. Just follow the guide and you will get it up and running in no time. If you just want to get to the configuration part then proceed straight there


1. INTRODUCTION

1.1 What's all this?

You'll get an SMTP server that can check for virus.

1.2 Why this set up?


This way, it will work with your current mail server. It will just be a firewall for your incoming/outgoing mails

1.3 Why use SUSE?

Because I am a SUSE fan and it is Linux which means it is free.


2. INSTALLATION

2.1 Components

You will need the following

SUSE 10 (any package, inclusive of SLES)
LDAP
Postfix
Amavisd
Clamd

2.1. Partitions

If you are using a new harddisk, then SLES will do the partition automatically for you. If you already have an existing partition, then maybe you want to customise it. The standard partitions by SLES are

partition 1 - swap = 1.5x of your available memory (if more than 256. Min 256MB, max 1GB
partition 2 - root directory = balance space

what I suggest is to divide the balance space to two and use the other half to mount a spare directory. This is where you can store junks and prevent your server from choking up if case space runs out

2.2 Package

Just choose default configuration and proceed with the installation.

2.3 Host Name / Domain

When prompted to enter machine and domain name, enter accordingly. The settings here will be used for your LDAP server.

2.4. Certificate Authority

If you want to customise your Certificate Authority, then maybe you want to change the settings when prompt to. Suggest you change to reflect your domain

2.5. LDAP

When prompted if you want to start OpenLDAP, then choose yes. Basic configuration are

Base DN - dc=yourdomain, dc=yourdomain
Administrator - cn=administrator (append DN)

When prompted to use LDAP for authentication, choose YES. Also choose Allow user to authenticate but disable login. It should choose localhost. Proceed with the installation.

2.6. Installation Source

If you have the ISO, it is time to copy it to one of the directories. It will help when it comes to installing additional feature so you do not need to insert the CDs or DVD everytime. To do this, you need to specify the location of the ISO. Once in X window, launch YAST and go to Software>Installation Source. Choose Add>Local Directory, tick ISO and browse to the CD1 file and click OK. Move the newly added source up and disable the existing one


3. CONFIGURATION

3.1 Mail Server

Run YaST and go to Software>Software Management. Search for yast2-mail-server and install it. It will ask you to remove yast2-mail. Do it.

Restart YaST and go to Network Services>Mail Server. It will prompt to enter LDAP password. Enter the password you entered earlier

Once in, go to Local Delivery and choose No Local Delivery.

Go to Mailserver Prevention and choose Start Virus scanner AMAVIS. You are done here.

3.2 Postfix

Edit /etc/postfix/main.cf

relay_domains=yourdomain
local_recipients_map - remove the whole subnet and put in your current mail server IP address.

Edit /etc/postfix/master.cf

change localhost to 127.0.0.1

restart postfix by running this command 'rcpostfix restart'

3.3 Amavisd

Edit file /etc/amavisd.conf. Look for the first instance of Clamd. Uncomment the following lines and change it to look like this. Those in italics are the one you should change. The rest, just uncomment it.

['ClamAV-clamd',
\&ask_daemon, ["CONTSCAN {}\n", "/var/lib/clamav/clamd-socket"],
qr/\bOK$/, qr/\bFOUND$/,
qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],

restart amavisd by running the command 'rcamavisd restart'

3.4 Clamd

Start clamd by running command 'rcclamd start'

Update the database by giving command 'freshclam'

You may want to update to the latest clamav. Current is 0.88.7. You can get it here

ftp://ftp.suse.com/pub/suse/update/10.0/rpm/

update it by running this command 'rpm -Fvh newrpm'


That is it! You can now forward your existing server mails to this server for your outgoing mails. You can also update your external DNS to point to this server for your incoming mails

How to build a VLAN router on Linux

First of all, lets go through the reason why we have VLANs on a linux box.

Say you have multiple isolated networks that need to access the internet. You can either have one internet connection for each network or one internet connection to be shared by all the different network. Obviously the former is not cost effective. How do you convince your boss to get multiple internet connections?

To set up the latter, you will need a router with more than 2 interface. The number of networks you have, including the one with the internet connection will be the number of network interface you need. So if you have 4 isolated network, you will need 5 interface which normally equals 5 network cards. Here is where the problem lies. What if your machine do not have enough slots to accommodate that many cards?

To counter the lack of slots available, you can get multiple interface network card. Here lies another problem. First, the cards are not cheap. A four interface network card will cost you approx 8x more than buying 4 separate cards. Second, even if you can get the budget approved for it, what if you have 40 different networks, just to be exaggerating? Even with multiple interface network card, your machine may not have enough slots to fit 40/4=10 of those cards.

A more simpler and cost effective way is by using VLAN to add virtual interface on top of a physical one. All you need is two network cards to build yourself a multiple interface router.

The question most would ask is, is it stable? If you ask me, from experience, if you have a stable machine and a stable network card, then you should not be worried.

You have to be familiar with VLAN before you find this guide useful. If you are, then proceed on.

By default, all interface on linux box will be an untagged VLAN, therefore it depends what untagged VLAN you set on the other end, normally a switch port. If the switch port is set to VLAN 1 untagged, then the interface it is connected to will be VLAN 1 as well.

For this example, I will show configurations more suitable for SUSE which supports VLAN by default but it should work the same on other distros. Once you install SUSE 10 on a machine with two interface cards and assign IP addresses accordingly, choose the interface that you want to have multiple vlan on eg eth1

Connect interface eth0 to the internet modem and connect interface eth1 to a switch port configured as VLAN 1 untagged and VLAN 2 tagged. Because of this, eth1 will be VLAN 1 as default.

VLAN 1 untagged is assigned network 192.168.0.0/24 and VLAN 2 tagged is assigned network 192.168.1.0/24.

Internet <> eth0 <> Suse 10 <> eth1<>VLAN 1

The next thing we need to do is to add the virtual interface on the physical interface of eth1. Since eth1 is VLAN 1 untagged, then you cannot add a virtual interface with VLAN 1 anymore. Following the example above, you can only add VLAN 2

To add an virtual interface, we use the command vconfig

vconfig add eth1 2

The syntax is vconfig [options] [interface] [vlan]

Confirm that the interface is added

ifconfig

You should see something like this

eth0 Link encap:Ethernet HWaddr 00:11:25:22:10:9c
inet addr:200.201.1.0 Bcast:200.201.1.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:4899 errors:0 dropped:0 overruns:0 frame:0
TX packets:10277 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:526908 (514.5 Kb) TX bytes:5725852 (5.4 Mb)

eth1 Link encap:Ethernet HWaddr 00:11:25:22:10:9B
inet addr:192.168.0.1 Bcast:192.168.0.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:4899 errors:0 dropped:0 overruns:0 frame:0
TX packets:10277 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:526908 (514.5 Kb) TX bytes:5725852 (5.4 Mb)

eth1.2 Link encap:Ethernet HWaddr 00:11:25:22:10:9B
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:4899 errors:0 dropped:0 overruns:0 frame:0
TX packets:10277 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:526908 (514.5 Kb) TX bytes:5725852 (5.4 Mb)

As you can see, now you have an additional interface which is virtual interface eth1.2 on top of the two physical interface eth0 and eth1. The number after the dot is the VLAN number so for eth1.2, 2 = VLAN 2

Next give interface eth1.2 an IPv4 address

ifconfig eth1.2 192.168.1.1 netmask 255.255.255.0

Again, confirm the settings

ifconfig

It should look something like this

eth1.2 Link encap:Ethernet HWaddr 00:11:25:22:10:9B
inet addr:192.168.1.1 Bcast:192.168.1.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:4899 errors:0 dropped:0 overruns:0 frame:0
TX packets:10277 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:526908 (514.5 Kb) TX bytes:5725852 (5.4 Mb)

You can confirm if the VLAN interface is up and running by pinging the IP address of the new VLAN interface

ping 192.168.1.1

It should give a reply. That's it! You can add as many VLANs as your other end can support.

Oh, just remember to turn on routing by making sure the file

/proc/sys/net/ipv4/ip_forward

has a 1 on it.


Optional

If you have a dhcp server on the same machine, you can also lease out IP addresses on multiple VLAN interface. The scope of the DHCP configuration is out of this guide but a common addition to /etc/dhcpd.conf file is simply to add another subnet settings

subnet 192.168.1.0 netmask 255.255.255.0 {
option routers 192.168.1.1;

Lastly, edit /etc/sysconfig/dhcpd to include the new vlan interface

DHCPD_INTERFACE="eth1 eth1.2"

You can see if your DCHP is working fine by running tcpdump

tcpdump -i eth1.2

If you've set everything correctly, your clients will be receiving the right lease on the right interface