linux: how to stop the firewall

To stop your linux firewall, first login as root, else use sudo for the following commands.

Option A - If you are on a RedHat or Fedora based system:

/etc/init.d/iptables stop

OR

service iptables stop

Option B - If you are on a Debian-based system,:

iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT[/code]

Source

esx: obtaining a vm's ip address from the command line

You can get a VM's IP adrress just using:

vmware-cmd [vmx_path] getguestinfo "ip"

When the guest operating system is running inside a virtual machine, you can pass information
from a script (running in another machine) to the guest operating system, and from the guest
operating system back to the script, through the VMware Tools service. You do this by using a class of shared variables, commonly referred to as GuestInfo.
VMware Tools must be installed and running in the guest operating system before a GuestInfo variable can be read or written inside the guest operating system. (source: VMware Scripting API - 2.3 User's Manual)

source

esx: killing a stuck vm from the command line

On the ESX 3 console find the PID by:

ps -ef|grep [VM name]

and then kill it by:

kill -9 PID

source

esx: stopping a vm from the command line using powerop_mode

Login to the Service Console and try the following:

vmware-cmd [vm-cfg-path] stop [powerop_mode]

where [vm-cfg-path] is the location of the vmx file for the VM and [powerop_mode] is either hard, soft or trysoft .

It is tempting to just use hard for the [powerop_mode] when it appears that the VM is really stuck :)




source

esx: ide vs sata

Installation on IDE or SATA Drives:

(source: vi3_esx_quickstart.pdf)




The installer displays a warning if you attempt to install ESX Server software on an IDE drive or a SATA drive in ATA emulation mode. It is possible to install and boot ESX Server software on an IDE drive. However, VMFS, the filesystem on which virtual machines are stored, is not supported on IDE or SATA. An ESX Server host must have SCSI storage, NAS, or a SAN on which to store virtual machines.

networking: tso (tcp segmentation offload) overview

TSO, a feature found in the OS, improves performance by offloading packet formation from the host processor to the Ethernet network controller.



TSO does not require special end-to-end enablement because it uses IEEE® standards-based 1500-byte frames. TSO allows the host to send 64 KB blocks of data to the network adapter, instead of 1518-byte packets. The network adapter's controller parses the 64 KB block into standard Ethernet packets, thus reducing the host processor utilization. By increasing network throughput and reducing CPU utilization, TSO increases network efficiencies.







IT managers considering Linux can benefit from choosing a server with a network connection that includes support for the new TCP Segmentation Offload (TSO) technology (also known as Large Send Offload [LSO] in Microsoft operating systems). TSO, originally designed for the Microsoft Windows® 2000 OS, is now also available for Windows XP and Windows .NET Server 2003. The performance gains offered by TSO were so substantial in the Microsoft operating systems that Intel took advantage of TSO in the Linux environment. Today, the Intel 82545EM, 82546EB, and 82540EM Gigabit Ethernet controllers support TSO. Intel continues to work closely with Linux kernel developers to make TSO a robust Linux offering.



Jumbo frames (frames larger than the standard 1518 bytes) is another technology that improves performance by reducing the amount of processing that the operating system must complete (see Figure 3). When a large block of data is requested-64 KB or more-the OS must break the block into packet-sized pieces, and then further process these pieces into packets that can ultimately be driven out onto the network.











When Jumbo frames is enabled on the network, packets going out on the network are simply oversized and the OS has fewer packets to create and transmit. However, when block sizes are smaller, Jumbo frames performance begins to diminish as latencies are introduced. Both TSO and Jumbo frames achieve performance gains. However, there is a disadvantage with Jumbo frames. With Jumbo frames, every node on the network and all of the switching infrastructure in between must be specifically enabled.





Source: http://www.dell.com/content/topics/global.aspx/power/en/

esx: DMZ within a single esx box

DMZ in a box



In this example, we have four virtual machines running two Firewalls, a Web server and an Application Server to create a DMZ. The Web server and Application server sit in the DMZ between the two firewalls. External traffic from the Internet (labeled External) is verified by the firewall inside the VM, and if authorized routed to the virtual switch in the DMZ – the switch in the middle. The Web Server and Application Server are connected to this switch and hence can serve external requests.





This switch is also connected to a firewall that sits between the DMZ and the internal corporate network (labeled Internal). This second firewall filters packets and if verified, routes them to the VMNIC0, connected to the internal corporate network. Hence a complete DMZ can be built inside a single ESX Server. Because of the isolation between the various virtual machines, even if one of them were to be compromised by, say, a virus the

other virtual machines would be unaffected.















Source1

Source2: tommy walker ppt - Virtualization Reducing Costs, Time and Effort with VMware (2002)

linux basics: umask

Question: Your umask value is set to 022 and you create a file. Which set of permissions are associated with this file?

A. rw-r--r--

B. rwxr--r--

C. ----w--w-

D. rw-rw-rw-

E. rwxrwxrwx



Answer: A.

Explanation: Remember that the permissions for created files will always be the numeric value 666 minus the umask value. (666 – 022 = 644) Important Points: to make permanent change, change the umask value in user’s .profile or .cshrc. If you just change it on the current shell session, the effect is only temporary! (Next time, you log in, it will be lost!)



Source

linux basics: bash shortcuts

alt+f : move forward one word
alt+b : move backwards one word

ctrl+a : takes you to the begining of the line you are currently typing
ctrl+e : takes you to the end of the line you are currently typing
ctrl+b : move backward one character
ctrl+f : move forward one character

ctrl+c : kills the current command or process.
ctrl+d : kills the shell.
ctrl+z : puts the currently running process in background

ctrl+h : deletes one letter at a time from the line you are typing in
ctrl+w : delete word before cursor
ctrl+k : clears the line after the cursor
ctrl+u : clears the line before the cursor
ctrl+l : clear screen



ctrl+r : does a search in the previously given commands so that you don't have to repeat a long command

esc+b : takes you back by one word while typing a command
esc+p : like ctrl+r + lets you search through the previously given commands
esc+. : gives the last command you typed.

esx: you can't run it on a vm!

Running ESX on a VM - vmware.esx-server | Google Groups:

">On Feb 26, 7:03 pm, "yy" ...@yahoo.com.ph> wrote:
>Has anyone successfully setup/ran an ESX on a Virtual Machine? I need
> to do this as a proof of concept before dealing with real hardware.

ESX server won't run on in a VM virtualized by ESX server.

I've tried. There is something ESX looks for in the CPU that is not
virtualized by ESX server."