Saturday, August 11, 2012

SOCKS Proxy over SSH with OpenSSH (Linux) or PuTTY (Windows)

Do you want to use a proxy for surfing Internet without using untrusted proxies? If you have a SSH account to a server with an Internet connection, this article will show you how to create your own SOCKS proxy for above purpose. I will also show you how to do that on both Linux and Windows.

1. Create SOCKS Proxy

Linux

On Linux, all you need is an OpenSSH client which is normally installed by default by almost distros. Open Terminal and run the following command to create a SOCKS proxy which listens for connections on port 1080.

$ ssh -D 1080 username@hostname

A more advantage command which I normally use is as follow.

$ ssh -NCf -o "ServerAliveInterval 300" -D 1080 username@hostname

Please check the man page of ssh for options.

Windows

PuTTY might be the most popular SSH client on Windows. Fortunately, it also supports SOCKS proxy. You should use the latest version which can be downloaded from here.

Open PuTTY an declare information such as host name as normal.

The main window of PuTTY where you can declare host name, port, etc.
The important part is to open a port for listening locally as a SOCKS proxy. Change to "Tunnels" category; fill the port to "Source port" and choose "Dynamic"; click on "Add" button.


Now, you can back to the "Session" category and click on "Open" button to log in to your server.

To avoid session timeout, you should tell PuTTY to send some null packets to the server after some duration. To do that, go to "Connection" category and fill out the number of seconds between null packet sending.


That is enough for proxy. You now have a SOCKS proxy listening on port 1080. It is time to configure web browser redirect every connection via newly created proxy.

2. Web Browser Configuration

Firefox

If you use Firefox, you can set the proxy information by accessing "Options" dialog on Windows or "Preferences" dialog on Linux. Then change to "Advanced" category; choose "Network" tab and click con the "Settings..." button.


Declare the proxy information as in the following screenshot.


Click on OK and OK again. That's all! You now can access to an IP check service to confirm that your web connection routed via the proxy. You can try IP2LOCATION.

Chrome and Internet Explorer

Both Google Chrome and Internet Explorer use the system settings for the proxy. You can declare the information by opening "Internet Options" dialog from Control Panel or Internet Explorer or Chrome.


Change to "Connections" tab and click on "LAN settings" button.


On the "Local Area Network (LAN) Settings" dialog, un-check "Automatically detect settings" and check on "Use a proxy server for your LAN (These settings will not apply to dial-up or VPN connections)." Then click on "Advanced" button.


Declare information as in the above screenshot and click on OK.

On Google Chrome, you can open the system proxy settings by choosing "Settings -> Show advanced settings... -> Change proxy settings..."

Hope this article is useful to you, sometime ;).


Tuesday, July 31, 2012

Cache Issues in the I/O Performance Test

Sometime you have to benchmark IO performance such as file read/write. If it was the first time you did such kind of task, you almost probability notice that the reading speed is very high, hundreds of MB per second, with a slow hard disk, such as mechanical one with 5400rpm. That is the effects of file caching.

I will show you here some techniques to overcome or minimize the cache effects.

1. Re-mount


The easiest way is to umount and re-mount the corresponding mount point. For example,

# umount /home
# mount /home

2. Clear Cache of the OS


On Linux, you can clear or drop cache of the OS by using the following command.
# sync && echo 3 > /proc/sys/vm/drop_caches

The former part of the above command will commit buffer cache to disk, and the latter part will tell OS to drop buffer caches immediately.

There are three levels of dropping cache with corresponding numbers.
1 - Free pagecache
2 - Free dentries and inodes.
3 - Free pagecache, dentries, and inodes.

3. Use Direct I/O for POSIX


When you open a file with the flag O_DIRECT, you bypass the I/O buffers and therefore bypass the cache effects of cache at the operating system level. Almost device drivers support POSIX compatible API also support O_DIRECT flag, except of some parallel distributed file systems such as PanFS.

Benchmark tools such as IOR (-B), IOzone (-I), dd (direct) have flag for this feature. In programming, use the following example.

open(filename, O_DIRECT);

4. Clear Cache for a Specific File


If you want to clear cache for a specific file, you can use the following program clearcache.c to tell OS not to cache the file. It actually helps you clear cache of a list of files provided via program's arguments.

/* clearcache.c - mrcuongnv */

#include <stdio.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>
#include <errno.h>
#include <string.h>

int
clear_file_cache(filename)
     char *filename;
{
  int fd, rs;

  printf("%s", filename);
  if ((fd = open(filename, O_RDONLY)) != -1) {
    if ((rs = posix_fadvise(fd, 0, 0, POSIX_FADV_DONTNEED)) == 0) {
      printf(" --> Cleared\n");
      return 0;
    }
  }
  printf(" --> %s (%d)\n", strerror(errno), errno);
  return 1;
}

int
main(argc, argv)
     int argc;
     char *argv[];
{
  if (argc < 2) {
    fprintf(stderr, "Syntax: %s FILES\n", argv[0]);
    return 1;
  }

  int i, rs = 0;
  for (i = 1; i < argc; i++) {
    rs += clear_file_cache(argv[i]);
  }

  return rs;
}

The most important part in the above code is posix_fadvise(), which tells OS that the specified data will not be accessed in the near future.

Thursday, July 19, 2012

Git: Ignore All Contents of a Directory but the Directory Itself

You sometime want to ignore all contents of a directory but the directory itself in a commitment, such as cache/ directory for example. It can both reduce the amount of data and temporary files to be stored in the repository.

In case of Git, all you need is to create a .gitignore file inside the cache/ directory with  the content as follows.

*
!.gitignore

The first line tells Git to ignore all contents, but the second line tells Git to keep the file .gitignore, and therefore, keeps it to be a non-empty directory.

Monday, June 11, 2012

Activate OpenMPI on Fedora 17/18/19

On Fedora 17/18/19, and some previous version, there is no default link to OpenMPI binaries and libraries. On 64-bit system, they are located in /usr/lib64/openmpi/{bin,lib,share}. To activate them for everyone to use, we have to make some changes as follows.

For OpenMPI's libraries

$ sudo /bin/sh -c 'echo "/usr/lib64/openmpi/lib" >> /etc/ld.so.conf.d/openmpi-64.conf'
$ sudo ldconfig

For OpenMPI's binaries

$ sudo echo 'export PATH=/usr/lib64/openmpi/bin:${PATH}' >> /etc/profile.d/openmpi.sh
$ sudo echo 'set path = ( /usr/lib64/openmpi/bin ${path} )' >> /etc/profile.d/openmpi.csh

Exit your terminal screen and open it again to activate the new settings.

Done!

@10/Jul/2013: I have made a minor change in title and change the double quote to single quote of the echo command to keep ${PATH} from auto-expansion.

Thursday, April 26, 2012

How to Overcome "Nautilus cannot handle smb locations"

I recently meet a problem with Nautilus in accessing the Windows shares or Samba shares. Whenever I tried "smb://" in Nautilus, I received "Nautilus cannot handle "smb" locations". When I tried to use "Connect to Server" dialog, there was no option "Windows share" in Type field.

After looking at a series of posts on the Internet, I have found that it is the problem of GVFS without Samba support. Consequently, the solution on Fedora is very very simple, just install the gvfs-smb package.

# yum install gvfs-smb

Actually, the most time-consuming part is the problem caused by myself, perhaps. There is some conflict between samba4 and samba (3) on my Fedora 17. The _local repository contains libwbclient v4 which is conflict with gvfs-smb which uses libwbclient v3. It takes very long  time to recognize the reason and to solve it. If you meet the same problem on new Fedoras (16, 17) and cannot solve it, please leave a comment here.

Saturday, April 7, 2012

Setting up RSH on RHEL/CentOS

Although SSH dominates on remote control of Linux/Unix system because of its secure, RSH still has dedicated area to work such as in the internal network of a cluster, for example. However, setting up RSH server is not as trivial as SSH server. It takes some little effort for working properly.

At first step, install RSH server using yum as usual. Do it on every machines.

# yum install rsh-server rsh

RSH service is put under xinetd service, and it is disabled by default. To enable rsh service, open file /etc/xinetd.d/rsh and change "yes" to "no" at the line "disabled".

sed -i "s/^\(.*disable.*=.*\)yes\(.*\)$/\1no\2/g" /etc/xinetd.d/rsh

Next, you have to edit file /etc/securetty to append rsh at the end of it.

# ( grep rsh /etc/securetty ) || ( echo "rsh" >> /etc/securetty )

Now, you can restart xinetd to start rsh.

# service xinetd restart

For each user who wants to use rsh to run commands on remote machines, edit files ~/.rhosts on remote machines to include the hostname or IP address of the local machine. For example, a typical .rhosts file looks like follows.

master
compute-0-0
compute-0-1
compute-0-2

The user on a machine that has such .rhosts file in the home directory allows others from hosts master, compute-0-0, compute-0-1, compute-0-2 run a command on it. Check the man page of rhosts for advanced options.

If you meet some errors related to "back connection", please turn off the firewall of the local machine or at least open ports in range 1011 to 1023, which is normally used for back connection in rsh protocol. By the way, port 514 should be opened on the remote machine too.

Tuesday, April 3, 2012

Decode .HQX File on Linux

A very simple solution is to use UUDeview which is available in many Linux distros. You can also use macutils on Debian-based distros. Or even easier, an online tool is here.

On Fedora:
# yum install uudeview

On Debian/Ubuntu:
# apt-get install uudeview

To decode file fxppd1110bm922ien.hqx, for example, you can use the following command.

$ uudeview -i fxppd1110bm922ien.hqx

Have a good day!