Saturday, June 6, 2009
Back in the days in our student house we used an old pentium II machine to share our internet access. Hardware routers were much more expensive those days.
A simple script to make a NAT router (replace INTERNET= and LOCALNET= if you have other devices).
Place the script in /etc/network/if-up.d/ (at least with debian) and call it natrouter.sh. Make sure you chmod +x natrouter.sh.
#!/bin/sh
INTERNET=eth0
LOCALNET=eth1
PATH=/usr/sbin:/sbin:/bin:/usr/bin
# delete all existing rules
iptables -F
iptables -t nat -F
iptables -t mangle -F
iptables -X
# Always accept traffic on individual interfaces
iptables -A INPUT -i lo,$INTERNET,$LOCALNET -j ACCEPT
# Allow established connections back to the LAN
iptables -A FORWARD -i $INTERNET -o $LOCALNET -m state --state ESTABLISHED,RELATED -j ACCEPT
# Allow outgoing connections from the LAN to INTERNET
iptables -A FORWARD -i $LOCALNET -o $INTERNET -j ACCEPT
# Masquerade
iptables -t nat -A POSTROUTING -o $INTERNET -j MASQUERADE
# Don't forward from the outside to the inside
iptables -A FORWARD -i $INTERNET -o $LOCALNET -j REJECT
# Enable routing
echo 1 > /proc/sys/net/ipv4/ip_forward
Roaming profiles. How convenient. No matter which computer you are sitting behind, the roaming profile will always make sure you have all your personal settings.
In practice however, roaming profiles tend to grow (slow logins), give problems with permissions, get corrupted and most of the time there’s nothing you can do but to start over with a whole new profile.
There is however something you can do to figure out what’s going on.
It’s called User Environment Logging (http://support.microsoft.com/kb/221833). You’ll get a log from milisecond to milisecond about what’s going on.
Paste this code into a regfile and import it.
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"UserEnvDebugLevel"=dword:00010002
Login and logout and afterwards you’ll have a nice logfile called %SystemRoot%\Debug\UserMode\Userenv.log giving you all the details you need to know about your profile, what happens in the background and what goes wrong.
Good luck!
In our line of work a bootable stick is nothing less but essential! CD’s can be used (in fact, sometimes you have no other option as the computer won’t boot from USB) but they are slow, easily scratched, have no option to add files (unless you’re going to burn a new cd), limited in size, etc.
Bootable sticks can be used for a lot of things, e.g.
- create backups
- recover non-bootable systems
- partitioning related stuff (mbr, set active, create, remove, resize)
- offline defragmentation
- offline editting of registry
- …
But first, let’s see how to create the sticks.
MSDOS
Download this utility (originally) from HP: hp_format_usb_sp27213.exe
You’ll also need these files msdos_files_for_bootable_usb.zip
- Extract the msdos files.
- Run the utility.
- Select the device (stick).
- “Create a DOS startup disk” “using DOS system files located at:” and select the location of the msdos files.
- Start
Now just add extra files, utilities, modified config.sys or autoexec.bat and you’re off to go!
XP
I presume everybody’s familiar with WinPE/BartPE cd’s. These can be booted from usb. Refer to this site for a how-to:
http://www.911cd.net … .php?showtopic=10806
There are some disadvantages when using XP-based bootable media:
- Limited hardware support (e.g. no AHCI/sata or other harddisk controllers)
- (usb) drives connected AFTER booting won’t be recognized. They must be connected when booting, not afterwards
I recommend using Vista based media.
Vista
Bootable media based on the Vista kernel have big advantages:
- Better/more hardware support
- (usb) drives connecter AFTER booting WILL be recognized
- (best of all) Vista supports user-mode driver loading.
Example: one of my customers uses an iscsi SAN. Servers are equiped with iscsi hba’s. In case of trouble, i can boot from usb, then load the driver and all of a sudden all drives on the SAN are visible. No reboot requred. No floppy + F6 etc.
I recommend the Active Boot Disk. They come pre-loaded with utilities for checking drives, changing passwords etc too!
Whenever you put a new piece of hardware into your computer, Windows will try to find a driver within it’s own database (”%windir%\inf”).
If no matching driver is found, you will be prompted for other approaches (windows update, choose, removeable media, etc).
You can however add extra directories for Windows to look for drivers.
The key used for this is:
HKLM\Software\Microsoft\Windows\CurrentVersion\DevicePath (REG_EXPAND_SZ)
Add extra directories separated by “;” e.g.
c:\windows\inf;c:\drivers\audio;c:\drivers\chipset;c:\drivers\massstorage;c:\drivers\modem
Ok but when do you actually need this?
This is often used when creating images for computer deployment and you want to add lots of drivers in order to support all sorts of computers. After deploying the image, Windows will find new hardware and look for drivers in all directories.
Whenever i create an image, i always run this batchfile first:
@echo off
mkdir C:\Drivers\audio
mkdir C:\Drivers\biometrics
mkdir C:\Drivers\bluetooth
mkdir C:\Drivers\chipset
mkdir C:\Drivers\hid
mkdir C:\Drivers\massstorage
mkdir C:\Drivers\modem
mkdir C:\Drivers\nic
mkdir C:\Drivers\proc
mkdir C:\Drivers\sensors
mkdir C:\Drivers\sound
mkdir C:\Drivers\storage
mkdir C:\Drivers\tpm
mkdir C:\Drivers\vga
mkdir C:\Drivers\wlan
mkdir C:\Drivers\extra1
mkdir C:\Drivers\extra2
mkdir C:\Drivers\extra3
mkdir C:\Drivers\extra4
mkdir C:\Drivers\extra5
mkdir C:\Drivers\extra6
mkdir C:\Drivers\extra7
mkdir C:\Drivers\extra8
mkdir C:\Drivers\extra9
echo "bla" >C:\Drivers\bogus.inf
copy C:\Drivers\bogus.inf C:\Drivers\audio
copy C:\Drivers\bogus.inf C:\Drivers\biometrics
copy C:\Drivers\bogus.inf C:\Drivers\bluetooth
copy C:\Drivers\bogus.inf C:\Drivers\chipset
copy C:\Drivers\bogus.inf C:\Drivers\hid
copy C:\Drivers\bogus.inf C:\Drivers\massstorage
copy C:\Drivers\bogus.inf C:\Drivers\modem
copy C:\Drivers\bogus.inf C:\Drivers\nic
copy C:\Drivers\bogus.inf C:\Drivers\proc
copy C:\Drivers\bogus.inf C:\Drivers\sensors
copy C:\Drivers\bogus.inf C:\Drivers\sound
copy C:\Drivers\bogus.inf C:\Drivers\storage
copy C:\Drivers\bogus.inf C:\Drivers\tpm
copy C:\Drivers\bogus.inf C:\Drivers\vga
copy C:\Drivers\bogus.inf C:\Drivers\wlan
copy C:\Drivers\bogus.inf C:\Drivers\extra1
copy C:\Drivers\bogus.inf C:\Drivers\extra2
copy C:\Drivers\bogus.inf C:\Drivers\extra3
copy C:\Drivers\bogus.inf C:\Drivers\extra4
copy C:\Drivers\bogus.inf C:\Drivers\extra5
copy C:\Drivers\bogus.inf C:\Drivers\extra6
copy C:\Drivers\bogus.inf C:\Drivers\extra7
copy C:\Drivers\bogus.inf C:\Drivers\extra8
copy C:\Drivers\bogus.inf C:\Drivers\extra9
del C:\Drivers\bogus.inf
pause
Then i use the “sysprep driver scanner” (http://www.vernalex. … spdrvscn/index.shtml). It will scan a directory and all subdirectories for .inf files. When found, the directory will be added to the list. This list will then be save to the registry key mentioned above.
Either use the GUI or use the commandline functionality, e.g.
spdrvscn.exe /d %SystemRoot%\inf /p C:\Drivers /e inf /a /s /q