Tag Archives: following line

How to – Debian Static IP Configuration

On a basic Debian machine without a graphical interface assigning the same IP address all the times can be achieved in two ways.

Static IP Address

To configure a static IP, (an IP that will never change), and not use DHCP you must edit the file /etc/networking/interfaces.
Insert the following code at the end of the file and don’t change anything else unless you know what you do:

# The first network card – this entry was created during the Debian installation
# (network, broadcast and gateway are optional)
#Private Interface
iface eth0 inet static
address 192.168.0.254
netmask 255.255.255.0
network 192.168.0.0
broadcast 192.168.0.255
## only use gateway if your machine is not multi-homed, (two network cards). You can only have a default route.
# gateway 192.168.0.1

In our case the IP of the Debian machine is 192.168.0.254. The gateway, (the router), is 192.168.0.1 and it is a standard Class C network.

To refresh the network configuration without restarting the server execute:
/etc/init.d/networking restart

If that doesn’t work reboot the machine (reboot or init 6).

For a second network card you should add at the end of the file another entry for your second card:
#External interface
iface eth1 inet static
address 1.1.2.2
netmask 255.255.255.0
network 1.1.2.0
gateway 1.1.2.254

Check the new configuration by issuing the command:
ifconfig

DHCP Reserved address

If you want to set this via DHCP you have to make a reservation into your DHCP server for your network card’s MAC address.
You can find your MAC address by using the command ifconfig.
The server will spit some information on the screen that looks like this:
eth0 Link encap:Ethernet HWaddr 00:33:ff:c4:2f:2b
inet addr:192.168.0.254 Bcast:192.168.10.255 Mask:255.255.255.0
inet6 addr: fe80::230:f4ff:fdd4:bf33/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:93373 errors:0 dropped:0 overruns:0 frame:0
TX packets:38320 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:76539317 (72.9 MiB) TX bytes:5551726 (5.2 MiB)
Interrupt:17 Base address:0x6000

The first line is the one you are interested in:
HWaddr 00:33:ff:c4:2f:2b
In your DHCP server make a reservation using 0033ffc42f2b as your MAC address. Note the removal of the colons in between.
Reboot the server and when the machine will try to renegociate its IP address the DHCP server will assign it the newly reserver address.

If you want to add a static route on your Debian machine edit your /etc/networking/interfaces file and add the following two lines at the end of your eth1, (eth0), configuration.
up route add -net 192.168.22.0 netmask 255.255.255.0 gw 192.168.100.254
down route del -net 192.168.22.0 netmask 255.255.255.0 gw 192.168.100.254
The two lines tell Debian to add a static route when the computer boots, and to remove the static route when it shuts down.

The parameters mean: 192.168.22.0 is the network you want to make your Debian machine aware of; 255.255.255.0 is the netmask of your added network, 192.168.100.254 is the gateway to that network.

Why would you need a static network? In our configuration example your default route is through your public network interface.
Any additional internal networks or VPN’s will not be available. The configuration above tells your Debian machine how to reach any VPN or networks not reachable via the default Network.

There is another change needed if you plan to configure this machine as a simple router. You need to enable IP forwarding, in other words allow the machine to forward traffic for its clients.
# nano /etc/sysctl.conf
Change the following line : net.ipv4.ip_forward = 0
to net.ipv4.ip_forward = 1

Reboot the machine to make the setting active, or issue the following command to make the kernel aware of the change:
# echo 1 > /proc/sys/net/ipv4/ip_forward

Why do you want your Debian machine to connect to other networks or VPN’s? If your machine is a proxy, or a gateway it needs to know where to route packets for its clients. Even if your remote networks or VPN’s have their own proxy, if you have a shared server in one of these networks you need to make it available for your users. It is easier to maintain a static route on one server than add it to all of the clients.

Browser Auto-config and Wpad deployment

Using a Proxy Server in your Company’s Network is one of the best decisions you have made.
But this decision can bring you some administration overhead if you don’t have an automatic way to provision the browser settings.
Fortunately, for Microsoft Operating Systems there is a way to accomplish this.
The procedure involves a configuration file that tells browsers how to connect to Internet.
This file is published via the existing Infrastructure using DNS, DHCP and a WEB Server.

Create the configuration file

Create the wpad.dat file inserting the following text:
function FindProxyForURL(url, host) {
return "PROXY 192.168.100.10:3128; DIRECT";
}

IIS

Create a new website and link it to a folder of your choice, (for instance c:\wpad). Place the wpad.dat file inside the folder.
Create a mime type for the .dat  file type with the mime type  “application/x-ns-proxy-autoconfig”.
Restart IIS. If you already have an IIS just place the file in the root directory.

Apache:

Create the wpad.dat file on the www directory depending on your distribution (on a Debian is /var/www/).
For instance:
#nano /var/www/wpad.dat
would open the nano editor. If nano is not install use vi or mcedit or any other text editor.
Edit httpd.conf:
#nano /etc/apache/httpd.conf
and insert the following line:  
AddType application/x-ns-proxy-autoconfig .dat

Make sure apache daemon is starting at boot time, (update-rc.d  apache2 defaults)
Restart apache #/etc/init.d/apache2 restart.

DHCP – Configuration for Proxy Auto discovery

(on a Microsoft DHCP server)

  1. Click Start, point to All Programs, point to Administrative Tools, and then click DHCP.
  2. In the console tree, right-click the applicable DHCP server, click Set Predefined Options, and then click Add.
  3. In Name, type WPAD.
  4. In Code, type 252.
  5. In Data type, select String, and then click OK.
  6. In String, type http://internalserver/wpad.dat where:
    • internalserver is the domain name of the Server that hosts the wpad.dat file. (Alternatively you can use fully qualified domain name, (eg. http://internalserver.domain.local:3129/wpad.dat)
    • Port is the port number on which automatic discovery information is published. You can specify any port number. I put 3129.
  7. Right-click Server options, and then click Configure options.
  8. Confirm that Option 252 is selected.

If you configure this on a Unix DHCP server you might need to add an extra blank character at the end of the DNS Configuration
Create an alias (CNAME) with the name wpad pointing at the webserver that hosts your wpad.dat file. For instance the alias is wpad and the fully qualified domain name is internalserver.domain.local

Troubleshooting

WPAD alias DNS entry not responding
After creating your alias when you ping wpad you get host not found this could be related to a security improvement on Microsoft’s DNS servers.
To fix this you need to edit the following registry value: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNS\Parameters\GlobalQueryBlockList
Edit this on all of your Microsoft DNS servers and remove wpad from the list of values. See the image below:

Registry Fix for Implementation of WPAD

Note that this configuration requires you or your user to configure your browser to “Automatically Detect Settings”.
For Internet Explorer this can be automatically configured for all the users in an Active Directory domain via a Group Policy.
The same policy will be used by Google Chrome, which uses the Windows Internet Connection configuration.
Other browsers such as Opera, and Mozilla will have to be manually configured. Alternatively, for an automatic configuration they can be tweaked via registry hacks or configured via third party software.
The disadvantage with manual configuration is of course the cost of deployment and the fact that this can be changed by the user. If you want to enforce the use of the proxy you have to restrict the gateway access and allow only the proxy machine to access it. Another way would be to configure your proxy to be your router and set up a transparent proxy.

How to use 301 Redirect for moved or missing pages

What is 301 redirect?

301 redirect is a method of redirecting pages on your website to other pages on your site or elsewhere.

Why would you need to redirect content?

It is a method to retain search engine rankings for a page. If a page has previously been ranked by search engines and you changed the file name during a major redesign, or moved some of the content to another website the ranking is lost if you just move the page. If instead you do a 301 redirection the old ranking will be passed on to the new page.
Another use is to redirect traffic for deleted content somewhere on your website so that the traffic is not lost. Sometimes you need to remove outdated content and since you are still receiving traffic for those pages you would like to keep those visits.

What means a 301 Redirection?

301 redirect means “moved permanently”. When a search engine accesses a file marked as “Moved Permanently” it will note the new address and consider the new location as the valid one, passing on the ranking for the new page.

How to do a 301 Redirection

Apache 301 Redirection
Look for the .htacces file on the root of your website’s directory.
If there isn’t one create it. On Windows you might have difficulties to create a file with an empty name and only the extension. But once the file created, for instance on the host operating system you can edit the file using notepad or wordpad.
The simplest method is to place the following line into your .htaccess file:
redirect 301 /old-directory/old.htm http://www.mywebsite.com/new.htm
Don’t add the whole address on the first part, (the www) as the server uses its root directory as the referral point and not the http address.
Copy paste the statement below and modify it to reflect your needed redirection.
Upload the file on the server or overwrite the old file if you use direct access.
Test the redirection.

What if you want to redirect all of your files to another address? Fortunately you don’t need to add a redirect for each of your files. You can use the Apache’s URL Rewriting Engine module, which can handle complex redirections using regular expressions.

Redirect for a Moved Website

A rule that will redirect ALL of the files on your web server to another address:
redirectMatch 301 ^(.*)$ http://www.domain.com

A rule that will redirect http://mywebsite.com to http://www.mywebsite.com for SEO purposes:
RewriteCond %{HTTP_HOST} ^mywebsite\.com
RewriteRule ^(.*)$ http://www.mywebsite.com/$1 [R=permanent,L]

Redirect to a Different File Extension

A rule to redirect your .htm pages to .php pages:
RewriteBase /
RewriteRule (.*).htm$ /$1.php

Redirect an Entire Directory

Redirect An Entire Directory/Folder to a single page. You got rid of the old content and you want to keep your visitors and keep the ranking of your old pages.
RewriteBase /
RewriteRule ^old-directory/(.*) http://www.mywebsite.com/new-directory/ [R=301,L]

You moved content in another folder or on another webpage and you would like to redirect visitors to exactly the same page at the new address.
Another use of this, is if your test site got indexed by search engines and is ranking better or the same as the regular website. It happened to me… Somehow my robots file got overwriten
RewriteBase /
RewriteRule ^old-directory/(.*) http://www.mywebsite.com/new-directory/$1 [R=301,L]

Redirection Troubleshooting

Make sure that you leave a single space between the different elements of the statement.
Make sure you have “RewriteEngine on” on your .htaccess file, without it your rules will not function.
Regex Tip:
The content between the round brackets is kept in memory and called when needed with the syntax $1 for the content of the first bracket, $2 for the content of the second bracket, etc.

What if I don’t have an Apache server? I use IIS.
The alternative for IIS is ISAPI_Rewrite for IIS. ISAPI_Rewrite gives you all the nice features that you have with Mod_Rewrite.

More on the Rewriting Engine module and the regex here:
http://httpd.apache.org/docs/1.3/mod/mod_rewrite.html