Tag Archives: DHCP server

How to – Debian Static IP Configuration

On a basic Debian machine without a graphical interface assigning the same IP address all the times can be achieved in two ways.

Static IP Address

To configure a static IP, (an IP that will never change), and not use DHCP you must edit the file /etc/networking/interfaces.
Insert the following code at the end of the file and don’t change anything else unless you know what you do:

# The first network card – this entry was created during the Debian installation
# (network, broadcast and gateway are optional)
#Private Interface
iface eth0 inet static
address 192.168.0.254
netmask 255.255.255.0
network 192.168.0.0
broadcast 192.168.0.255
## only use gateway if your machine is not multi-homed, (two network cards). You can only have a default route.
# gateway 192.168.0.1

In our case the IP of the Debian machine is 192.168.0.254. The gateway, (the router), is 192.168.0.1 and it is a standard Class C network.

To refresh the network configuration without restarting the server execute:
/etc/init.d/networking restart

If that doesn’t work reboot the machine (reboot or init 6).

For a second network card you should add at the end of the file another entry for your second card:
#External interface
iface eth1 inet static
address 1.1.2.2
netmask 255.255.255.0
network 1.1.2.0
gateway 1.1.2.254

Check the new configuration by issuing the command:
ifconfig

DHCP Reserved address

If you want to set this via DHCP you have to make a reservation into your DHCP server for your network card’s MAC address.
You can find your MAC address by using the command ifconfig.
The server will spit some information on the screen that looks like this:
eth0 Link encap:Ethernet HWaddr 00:33:ff:c4:2f:2b
inet addr:192.168.0.254 Bcast:192.168.10.255 Mask:255.255.255.0
inet6 addr: fe80::230:f4ff:fdd4:bf33/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:93373 errors:0 dropped:0 overruns:0 frame:0
TX packets:38320 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:76539317 (72.9 MiB) TX bytes:5551726 (5.2 MiB)
Interrupt:17 Base address:0x6000

The first line is the one you are interested in:
HWaddr 00:33:ff:c4:2f:2b
In your DHCP server make a reservation using 0033ffc42f2b as your MAC address. Note the removal of the colons in between.
Reboot the server and when the machine will try to renegociate its IP address the DHCP server will assign it the newly reserver address.

If you want to add a static route on your Debian machine edit your /etc/networking/interfaces file and add the following two lines at the end of your eth1, (eth0), configuration.
up route add -net 192.168.22.0 netmask 255.255.255.0 gw 192.168.100.254
down route del -net 192.168.22.0 netmask 255.255.255.0 gw 192.168.100.254
The two lines tell Debian to add a static route when the computer boots, and to remove the static route when it shuts down.

The parameters mean: 192.168.22.0 is the network you want to make your Debian machine aware of; 255.255.255.0 is the netmask of your added network, 192.168.100.254 is the gateway to that network.

Why would you need a static network? In our configuration example your default route is through your public network interface.
Any additional internal networks or VPN’s will not be available. The configuration above tells your Debian machine how to reach any VPN or networks not reachable via the default Network.

There is another change needed if you plan to configure this machine as a simple router. You need to enable IP forwarding, in other words allow the machine to forward traffic for its clients.
# nano /etc/sysctl.conf
Change the following line : net.ipv4.ip_forward = 0
to net.ipv4.ip_forward = 1

Reboot the machine to make the setting active, or issue the following command to make the kernel aware of the change:
# echo 1 > /proc/sys/net/ipv4/ip_forward

Why do you want your Debian machine to connect to other networks or VPN’s? If your machine is a proxy, or a gateway it needs to know where to route packets for its clients. Even if your remote networks or VPN’s have their own proxy, if you have a shared server in one of these networks you need to make it available for your users. It is easier to maintain a static route on one server than add it to all of the clients.

Browser Auto-config and Wpad deployment

Using a Proxy Server in your Company’s Network is one of the best decisions you have made.
But this decision can bring you some administration overhead if you don’t have an automatic way to provision the browser settings.
Fortunately, for Microsoft Operating Systems there is a way to accomplish this.
The procedure involves a configuration file that tells browsers how to connect to Internet.
This file is published via the existing Infrastructure using DNS, DHCP and a WEB Server.

Create the configuration file

Create the wpad.dat file inserting the following text:
function FindProxyForURL(url, host) {
return "PROXY 192.168.100.10:3128; DIRECT";
}

IIS

Create a new website and link it to a folder of your choice, (for instance c:\wpad). Place the wpad.dat file inside the folder.
Create a mime type for the .dat  file type with the mime type  “application/x-ns-proxy-autoconfig”.
Restart IIS. If you already have an IIS just place the file in the root directory.

Apache:

Create the wpad.dat file on the www directory depending on your distribution (on a Debian is /var/www/).
For instance:
#nano /var/www/wpad.dat
would open the nano editor. If nano is not install use vi or mcedit or any other text editor.
Edit httpd.conf:
#nano /etc/apache/httpd.conf
and insert the following line:  
AddType application/x-ns-proxy-autoconfig .dat

Make sure apache daemon is starting at boot time, (update-rc.d  apache2 defaults)
Restart apache #/etc/init.d/apache2 restart.

DHCP – Configuration for Proxy Auto discovery

(on a Microsoft DHCP server)

  1. Click Start, point to All Programs, point to Administrative Tools, and then click DHCP.
  2. In the console tree, right-click the applicable DHCP server, click Set Predefined Options, and then click Add.
  3. In Name, type WPAD.
  4. In Code, type 252.
  5. In Data type, select String, and then click OK.
  6. In String, type http://internalserver/wpad.dat where:
    • internalserver is the domain name of the Server that hosts the wpad.dat file. (Alternatively you can use fully qualified domain name, (eg. http://internalserver.domain.local:3129/wpad.dat)
    • Port is the port number on which automatic discovery information is published. You can specify any port number. I put 3129.
  7. Right-click Server options, and then click Configure options.
  8. Confirm that Option 252 is selected.

If you configure this on a Unix DHCP server you might need to add an extra blank character at the end of the DNS Configuration
Create an alias (CNAME) with the name wpad pointing at the webserver that hosts your wpad.dat file. For instance the alias is wpad and the fully qualified domain name is internalserver.domain.local

Troubleshooting

WPAD alias DNS entry not responding
After creating your alias when you ping wpad you get host not found this could be related to a security improvement on Microsoft’s DNS servers.
To fix this you need to edit the following registry value: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNS\Parameters\GlobalQueryBlockList
Edit this on all of your Microsoft DNS servers and remove wpad from the list of values. See the image below:

Registry Fix for Implementation of WPAD

Note that this configuration requires you or your user to configure your browser to “Automatically Detect Settings”.
For Internet Explorer this can be automatically configured for all the users in an Active Directory domain via a Group Policy.
The same policy will be used by Google Chrome, which uses the Windows Internet Connection configuration.
Other browsers such as Opera, and Mozilla will have to be manually configured. Alternatively, for an automatic configuration they can be tweaked via registry hacks or configured via third party software.
The disadvantage with manual configuration is of course the cost of deployment and the fact that this can be changed by the user. If you want to enforce the use of the proxy you have to restrict the gateway access and allow only the proxy machine to access it. Another way would be to configure your proxy to be your router and set up a transparent proxy.

How to Troubleshoot Internet Connection Speed

Who didn’t have problems with the Internet speed at least once? OK, many of us, but as an IT professional I always meet and talk to the people who did have problems with their Internet Speed.
I hate to be run through standard procedure, which by the way I know by hearth, (I used to work in an ISP call center). You probably hate it too. If your problem is the Internet connection you will probably have to talk to an agent anyway, but, (with the help of my article), you will know from the start what’s wrong with your Internet connection.

Step 0 – Never Assume

First think I have learned in the Call Center was to never assume. Many times, when people call the Help Line they have a “pretty good idea” of what’s the problem. Usually they are wrong. Don’t do this mistake, do not presume or, do not presume without checking the facts. We hate the Call centers for making us do stupid things, check things that we don’t need to. The truth is that in most of the cases we overlook things and going by the book helps.
When we open up a browser and there is an error message “Page not found” we immediately assume that the connection is to blame. In fact many times this is just a temporary problem of our home page site. Try a different address to see if the connections is down or the home pages’s website is down. Try google.com for instance or ibm.com, or bing.com; if these don’t work it could be the connection

Step 1 – Try a reboot

Almost every time a reboot solves the problem. This might sound anecdotic but it actually works in many cases. Reboot the computer, reboot the modem, reboot the router behind the modem.

Isolate the problem
First of all we need to know that the problem is not in the network.

  • Use a computer that you are sure is not infected by any Mallware. Connect it directly to the DSL device, cable modem, or other type of modem.
  • Do not use the wireless; connect the computer with a network cable. This way you are testing the connection and nothing else.
  • As already mentioned, you need to make sure your computer works fine and is not infected. Use antivirus and antispyware if needed.
  • If you are not sure about the health of your computer you can always boot from a Live Linux CD. On the Live CD you will have a browser and other useful tools.
  • Once the system is up and you are connected to the Internet, test your connection with one of the free online services. Google-it and you will find many online DSL speed test websites. If the speed is OK then, the problem is in your computer, or your network, go to step 4.
  • Step 2 – Modem troubleshoot

    If the DSL speed test failed, (no connection or slow speed), you have a few things to try before calling the ISP
    Usually, for a DSL connection, the telephone line is shared with another device, a fax or a phone. Some of us have a separate line for DSL or they don’t even have a phone line, they only have a dry loop. If you don’t understand any of these you most likely don’t have it.

  • If you share the DSL line with another device you need to connect this second device through a DSL filter. I must stress: EVEN IF IT WORKED before without it, you must have the filter.
    DO NOT run the DSL line through a filter, you’ll only break your Internet Connection, only the phone or the fax, or Credit Card processing device, etc…
  • Check all the physical connections of the Modem Device, R6 or RJ11 or the RJ45 connectors and make sure that they are tight they don’t have the locking pins broken, etc…
  • For a DSL connection the length of the phone cable could be critical, so use the original cable, (the short one), provided with the modem at least for the testing period. The reason is because the length of the pair from the CO to your place can be at its length limits, it happens more often than you think. If you pass this limit your connection stability will be penalized. Another reason is because a long cable is more difficult to examine for defects than a short one.
    If needed, use a longer network cable to connect a device in the house. The network cable, (UTP – unshielded twisted pair), can go up to 100m (300 feet).
  • Some electric devices can interfere with the modem; avoid placing it near such devices.
  • Look at the modem’s lights. If the DSL light is off there is no service.
  • If there is no connection at all, (No DSL light), check the phone to see if you have a dial tone.
  • If the modem connects to a separate wall jack bring a phone and check if you have a dial tone, you might have a dial tone in the bedroom and not in the office.
  • Similarly check if there is TV service, if there is no TV service then most likely it is a bigger problem at your cable provider.
  • Look for the DSL filter as described above.
  • Check the LAN light on the modem. If the LAN LED is off your computer’s network adapter might be defective, or disabled, or the UTP cable that connects the computer with the modem might be defective. There is a chance that the modem’s LAN interface is defective.
  • If you have a solid DSL light, (check the modem’s manual, manufacturers have different signalling for established DSL connection), and you don’t have a connection check the password for the connection.
  • Step 3 – Connect to Your Modem’s Administration Interface

    All of the modern modems have a WEB Administration Interface. The admin Interface is usually accessible via a WEB browser. It lets you configure the authentication and other different settings.
    In order to administrate your modem you need the following:

  • The administrator’s password to access your router. If you don’t have it you can perform a hardware reset using the reset button located on the modem. You need to use a pin to press the button. This will reset all of your modem’s setting, including the admin password, to the factory defaults.
  • The IP address of the router. If the modem has its DHCP server started, (by default yes), it will lease your computer an IP address and provide it with other IP configuration settings such as: “Default Gateway”, netmask, and DNS. The important part is the gateway’s IP address as this is your modem’s internal interface and this is what you need to access your router’s web Interface. You can find all of this information by issuing the following command in a command prompt window with elevated rights, (admin credentials):
    ipconfig /all
    After issuing the command you will get a screen similar to this one. Note that the “Default Gateway” is the address of your modem.
    IPCONFIG
    In a web browser type: http://IPADDRESS where IPADDRES is your router.
    For instance if your router’s (gateway) IP address is 192.168.200.1 the address you are looking for is: http://192.168.200.1.
  • Once connected to the web interface you need to enter the authentication details. If you don’t have them you have to call your ISP which will make a reset after security verification.
  • If all of the previous steps did not solve the problem call your ISP. They might ask you to redo all of the steps above and maybe more. Be patient, they are just doing their job, they never assume, or they shouldn’t. The second they let themselves drawn into your speculation they make the same mistake as you do.

    Step 4 – Correct the problems behind the modem

    If the connection is OK the problem is behind the modem. This problem could be anything in your network.
    Some suggestions are:
    The router – many times the router can slow down your network. Try a reboot. If that doesn’t work try another model or another manufacturer. Do an upgrade of the firmware. Check the router’s configuration and try a default stripped down configuration.
    The computer – most of the times, the slow performance over Internet is actually the poor performance of a computer. This is a dense material that is treated in a separate article which you can find here: How to Refresh your Computer speed (coming soon).
    The network – many times a poor network will penalize al sorts of network traffic not only Internet. This makes the subject of another article here: How to Troubleshoot Your LAN, (Local Area Network). (coming soon)

    Ask me any technical question in the comments area so I can update the document or answer you directly on the comments. I would like to make this article as useful as possible.