How to enable CUPS remote administration

CUPS (Common UNIX Printing System) is the standards-based, open source printing system developed by Apple Inc. for Mac OS X and other UNIX-like operating systems.

The default installation of CUPS only enable you to manage it from localhost computer. However, if you are interested in remotely administering CUPS, you need to grant access from other systems than just localhost to the CUPS administration.

To do so, edit the /etc/cups/cupsd.conf and have it explicitly grant access to the systems you want. as for example, to grant access to the system with IP address of 10.0.0.1:

All come back to IP address

We normally use domain name in accessing a homepage like:

http://www.yahoo.com

However, if your computer is accessing to the Internet directly without using a proxy server, it will need to first resolve this domain name (in this case www.yahoo.com) into IP address before it will try to get data from the website.

As for this example, if you look up the IP address for www.yahoo.com, you will get information such as:

C:\nslookup
Default Server:  dns3.maxonline.com.sg
Address:  202.156.1.58:53

> www.yahoo.com
Server:  dns3.maxonline.com.sg
Address:  202.156.1.58:53

Name:    www.yahoo-ht3.akadns.net
Address:  209.131.36.158
Aliases:  www.yahoo.com

How to configure Cisco Devices to Use a Syslog Server

syslog is a client/server protocol standard uses for forwarding log messages in an IP network. It is typically used for computer system management and security auditing.

Most Cisco devices can use the syslog protocol to manage system logs and alerts. However Cisco devices does not have large internal storage space for storing its logs. There are two options available in Cisco devices in storing syslog:

1. By default, the most recent log messages are save in internal buffer. However, the buffer size is limited to few kilobytes. In this case, when the device is rebooted, these syslog messages are lost.
2. Cisco devices can also use a syslog protocol to send messages to an external device for storing. In this case, the storage size is limited only by the available disk space on the external syslog server.

Eth0 is not active at Linux Fedora Startup

Sometimes even though you have configure such that "Activate device when computer starts" for eth0 in Linux Fedora, it appears to do nothing - eth0 is not active at startup.

This maybe a bug with Fedora. One way to overcome this issue is to execute the following command:

chkconfig network on

This will enable the network service to be started on every time the machine boot.

Cisco IP Access List Logging

A Cisco IOS Access Control list (ACL) is used to define traffic. Once that "interesting" traffic is defined, some action can then be taken on that traffic.

Logging messages about packets permitted or denied by an IP access list is also available in Cisco IOS. Logging-enabled ACLs provide insight into traffic as it traverses the network or is dropped by network devices. Any packet that matches the access list will cause an informational logging message about the packet to be sent to the console.

You can monitor how many packets are being permitted or denied by a particular access list, including the source address of each packet.

To enable logging to all enabled destinations, configuring the following:

logging on

How to add static route to your Linux Fedora machine

To add a default route into your Linux box,

route add -net 0.0.0.0 netmask 0.0.0.0 gw 10.0.0.1

However, if you only execute this command, the route will disappears if you reboot your system.

So, what would be the best way to permanently add that route to your system?

You may add or edit the default gateway on /etc/sysconfig/network file, to make sure your default route setting is preserve after your system boot.

Configuration example on network file:

NETWORKING=yes
HOSTNAME=fedora.frontier.com
GATEWAY=10.0.0.1

How to setup access list for a Cisco VLAN

We can use VLAN ACL (also called VLAN map) to provide packet filtering for all types of traffic that are bridged within a VLAN or routed into or out of the VLAN. Unlike Router ACL, VACL is not defined by a direction (input or output). When you configure a VACL and apply it to a VLAN, all packets entering the VLAN are checked against this VACL.

In order to configure and apply a VACL (VLAN access map), we define the standard or extended access list to be used in VACL.

access-list 100 permit ip 10.0.0.0 0.0.0.255 any
access-list 100 permit ip 10.0.1.0 0.0.0.255 any
access-list 100 permit ip 10.0.3.0 0.0.0.255 any
access-list 120 permit ip any any 

Configuring default VLAN in Cisco switch

After connecting a switch to your network, it will be useful if the network administrator can login remotely into it to do troubleshooting, check logging and so on.

The easiest way to manage your switch remotely over the network is to configure an IP address for the default VLAN.

interface Vlan1
ip address 10.2.6.85 255.255.255.0

ip default-gateway 10.1.1.1

The purpose of default gateway configured is to enable network communication from another network to the switch. If communication is only limited to the same network, no default gateway setting is needed.

How Computer resolves hostname

On a TCP/IP network, name resolution has to occur whenever the host name such as www.canon.com.sg is used to connect to a computer and not the IP addresses. This has to occur so that the IP address can be resolved to the hardware address for TCP/IP based communication to occur. Basically there are several different name resolution mechanisms, however, the following two are the two methods are generally used in today's network environment.

1. DNS (Domain Name System)
2. Hosts file

DNS is a distributed, hierarchical naming system that is used on the network to resolve fully qualified domain names (FQDNs) to IP addresses. In the case of resolving host name with a DNS server, devices on the network are configured such that it will enquire DNS server for host name resolution.

How to limit access from network host to a Cisco device

Sometime you may like to limit only certain IP address to access your Cisco router / switch by using telnet. You may implement it by configuring the access list and apply it to the line vty 0 4 line.

access-list 5 permit 10.0.0.1
access-list 5 permit 10.0.0.2
access-list 5 permit 192.168.3.1
access-list 5 permit 192.168.0.1
access-list 5 deny any
!
line con 0
line vty 0 4
access-class 5 in
login

Default VLAN

The default VLAN on all switches is VLAN 1.

By default, all ports in a Cisco switch belong to VLAN 1. With all ports in the same VLAN (in this case VLAN 1), all ports can communicate with each other without going through a router.

However, if you change the VLAN assignment for a switch port to another VLAN, that switch port will not be able to communicate with the rest of the devices on other ports. In this case, you will need a router to route packet from one network to another network.

How to encrypt Cisco Password

One of the way to secure a Cisco router / switch is to encrypt password in it.

In order to encrypt passwords that are saved in the Cisco devices configuration file, you may use the “service password-encryption” global configuration command.


This command should be used as a simple cipher to prevent unauthorized users from viewing the passwords in router / switch configuration file. It is not against someone who obtains a copy of the router / switch configuration file as some software instantly can decode any passwords encrypted with the MD5 encryption scheme.

Workgroup vs. Domain in Windows 2003 environment

There are two modes of operation in Windows 2003 environment. Basically a computer can work as workgroup computer or domain computer. Most home and small business environments will be Workgroup, and most enterprise businesses will run in domain mode.

Basically when you install Windows 2003 server, by default it is a workgroup computer. Workgroup environment is suitable for a limited number of computers (usually no more than 10 computers) in close proximity. However, if the number of computer is huge, it is advisable to join individual computer into domain.

In Workgroup environment, each computer store ID and password locally. There is no centralized management in this case. A user needs a user account on each computer that he/she requires access. This means, if a user needs to access to several computers in the network, each of this computer will need to have the ID and password of the user store locally. It is not an easy task for administrator if there are many computers need to be managed and configured. It may take up a lot of time to just setting up account in various PCs for a new user. Changes to user accounts, such as changing a user’s password or adding a new user account, must be made on each computer in the workgroup. As a result, passwords can become out of synchronization, if changed happened on one computer and not others.

Quick fix to solve network connectivity problem in vmware guest virtual machine

This is a quick fix to vmware network virtualization.

Sometime while using vmware, your guest virtual machine may face the problem with network connectivity. I have this problem with two of my virtual machines the other day. Only one of the virtual machines is able to connect to the network. (By the way, both are created using same image) After trouble shooting for a while (such as changing the physical address of Ethernet, restarting it, or changing the network type to bridge or host-only networking and so on), I decided to add in an extra network interface to one of the virtual machine. After that I removed the existing Ethernet interface from it. Surprisingly these steps solved my problem.

Cisco Static Route

In my previous post on Static route configuration, I have touched on some basic of static route configuration. In this post, I will show you more details on how to configure static routing in Cisco devices.

IP routing is enabled on Cisco routers by default. If it has been previously disabled on your router, you can turn it on in config mode with the command ip routing.

Router0(config)#ip routing
Router0(config)#ctrl-Z

For routers to send or forward packets to networks that are not directly connected, they must know the path to reach the destination network. This information can be manually configured in router by network administrator -- the use of static routes. The router can also learn routes information by using a dynamic routing protocol. Anyway, static route is much easier to be configured. However, it provides very little fault tolerance or ability to discover new routes as the network changes.

As mentioned in my previous post, static routes are hard-coded on a router or switch. They tell the network device exactly where to send traffic, no matter what. It is a very quick and effective way to route data from one subnet to another subnet although it does not scale well in large network.

Cisco CCNA Certification

It is good to have CCNA credential if you would like to work as a network engineer. It shows that you have the basic foundation in the area of networking especially in the field of Cisco networking. Frankly, it would be easier when you are marketing yourself for a new IT job if you have this certification. Having CCNA may demonstrate that you are keeping up with technology. This is something important.

According to Cisco Systems,

The Cisco CCNA network associate certification validates the ability to install, configure, operate, and troubleshoot medium-size routed and switched networks, including implementation and verification of connections to remote sites in a WAN.

At a minimum, CCNA should have a basic understanding of the TCP/IP network technology, know how to configure Cisco IOS, Cisco access list, routing - static route and dynamic routing and install Cisco router, switch and even operating LAN and WAN.

Network Monitoring

One of the most important tasks of a network engineer or network manager is to manage his / her network. And one of the important items in network management is network monitoring. Through network monitoring, a network engineer will be able to know how his network perform - whether it is over utilized or under utilized. Based on this information, s/he will be able to plan for the network s/he manage.

I used to use MRTG in managing my network. As long as the network nodes - Cisco router, Cisco switch, server is having SNMP service enabled, it should be able to be monitored by MRTG. Not only MRTG can show us how much incoming and outgoing traffic through each of the network interface of a network node, we also can use an external program to gather data which should be monitored via MRTG.

How to attach photo or file in Hotmail

Following are the steps to attach photos or files in your email and send it to your friends. I will use Hotmail in this case.

Step 1:

In Hotmail interface, select New and compose your email. Select File from the Attach.

Static route configuration

It is important to understand the process of routing if you are interested in learning networking. One of the fundamental of this study is static routing. Static routing is not complicated, but it is the basic. We need to understand the basic in order to learn the advanced topics.

Static routing is the process of configuring network node with information necessary for successful packet forwarding. Routing table is constructed through manually entering routing information for every network that could be a destination.

An entire network can be configured using static route, but this is not fault tolerant especially if routing information has to be changed frequently. When there is a change in routing information, or network failure in any path in the network, network connectivity problem will occur. In this case, reconfiguration of static route manually to fix or repair the lost connectivity is required.

How to test if a port is open on a server or PC - Part II

In my previous post on testing of open port in a server, we have learned that telnet command can be used in confirming if a port is open in a server. However, even though a port is already opens in a server, it will show as not open in this testing.

How to find port number

In our previous post on How to test if a port is open on a server or PC, we have indicated that in TCP/IP networking,  port 25 is used in SMTP (Simple Mail Transfer Protocol), port 110 is for POP3 (Post Office Protocol) and so on. Anyway, where can a user find the port number information?


Of course, the easiest way is to get this information by using search engine like Google, Yahoo or MSN. However, this information is also available in your computer too. The list of port number information can be found in a services file available in Windows and Unix systems.

In Windows, the services information file is available at the following location in your computer hard disk:

C:\Windows\System32\drivers\etc\services

There are other important files located here too, however, we will go through it in our future posts.

How to test if a port is open on a server or PC

Further info to my previous post on How to access web page without using web browser, you may use the same method to confirm if a network service is running on a server or computer.

For example if you like to test if pop3 is running on a computer PC1, you may execute the following command in your terminal:

How to enable Chinese in wordpress

The best solution to the character encoding problem in WordPress is to convert the charset or database and collation to UTF-8 or Unicode. UTF-8 Database Converter can be used to overcome this problem.

Download UTF-8 Database Converter,

1. Open the file `wp-config.php` set `DB_CHARSET` to `utf8` and leave `DB_COLLATE` with nothing. (Just for WordPress 2.2.x)
2. Upload `UTF8_DB_Converter.php` to the `/wp-content/plugins/` directory.
3. Activate the plugin through the 'Plugins' menu in WordPress.
4. Go to the sub menu called 'UTF-8 Database Converter'.
5. And just follow the instructions on the screen.

Sogou Pinyin

Today Joojen from Nanjing introduced Sogou Pinyin - a popular Chinese character input method editor developed by Sogou, a Chinese search engine.

I have been using Microsoft default pinyin and recently has just switched to the Google Pinyin. However, Sogou Pinyin impress me much! The speed and precision is really excellent!

By the way, Sogou Pinyin can be downloaded for free from http://www.sogou.com/pinyin/.

Problem installing Google Talk on Vista

Recently I faced the following when installing Google Talk in my Vista machine:

"The new version of Google Talk cannot be installed because you are running an older version of Google Talk that is not compatible with Windows Vista. Please uninstall Google Talk as Administrator to remove the incompatible version and re-install Google Talk from http://www.google.com/talk."

Have tried many ways to overcome this problem but failed so far ...

Cisco DHCP Configuration

Dynamic Host Configuration Protocol (DHCP) is one of the most popular TCP/IP protocol uses today. It is used by networked devices to obtain information required to operate on an Internet Protocol network. These information may include

1. IP address
2. Default gateway
3. DNS server address

and so on.

When a DHCP client is first switched on, it sends a broadcast packet on the network with a DHCP request. If there is a DHCP server exists in the network, this request will be picked up by the DHCP server. The DHCP server will allocate an IP address to the PC, from one of the pools of addresses it managed.

What is Windows Clustering

Clustering is the connection of multiple devices together in such a way that to the outside world, the cluster appears to be a single system. Each device in a cluster is referred to as a node.

If critical service is unavailable, business will suffer. A properly installed and configured cluster provides continued operation during hardware and software failure, and/or planned maintenance. Ability to recover from failed server hardware and failed software is the main benefit of clustering.

Windows Server 2003 clustering consists of two different technologies: Server Cluster and Network Load Balancing (NLB). Each of these technologies can be used to provide high availability for different types of services.

Server Cluster is primarily used to provide availability for mission critical applications through fail-over. It is typically used for databases, e-mail services and custom applications. Windows 2003 supports server clusters of up to eight nodes. Most clustered applications, and their associated resources, are assigned to one cluster node at a time. Node failure in a cluster is detected by the absence of heartbeats from that node. If a node fails to transmit a heartbeat packet for a designated period of time, that node is considered to have failed and the remaining nodes will takeover the work load of the failed node. In this case, the clustered application will be started on remaining nodes. Client requests are immediately redirected to the backup cluster node and the impact of the failure will be minimized.

Chrome - Google's browser

Google has just released an open source browser - Google Chrome. It is now available at http://www.google.com/chrome. As with other Google application, it is available freely to the public.

In my tests, Chrome performed excellent in access to Gmail, Blogger page and so on. Each time launching a new tab, Chrome will show a customised homepage with graphical list of all recent visited websites. The address bar is really a google search engine - suggestions from Google search index pop up as I type URL in it. This smart predictive searching is really effective!

This new browser will surely become the top alternative to Internet Explorer and also Firefox.

What is Download

Donwload is transfering a file from a computer from the Internet to your computer. The computer from the Internet can be a web site, or can be a private PC.

Most of the time, people are downloading freewares / applications from the Internet to be installed in their computer.

IPv6 is the future!

The number of available IPv4 addresses is getting lesser and lesser today. Undoubtedly IPv6 is the future IP addressing standard.

In fact, IPv6 is already implemented out of the box in OS like Microsoft Windows Vista, Linux. Not only that, some newer printer or copier machines also have this implemented in their system.

As such, knowing and understanding IPv6 is getting more and more important!