50. Sharing an internet connection over a network switch on debian

What it does: One computer has two network cards. One card is used to connect to the internet, the other one is connected to a switch making up a local network. Two more computers are connected to the switch. They all share the internet connection of the first computer. All computers on the local network can ssh into each other.

I have to register the MAC address of each computer which I want to connect to the network at work. The reason probably has more to do with cost than security.

I do not use /etc/network/interfaces in this example
Instead we're only using Network Manager, but from the CLI.

The sharing is enabled using Firestarter. You can probably figure out how to use it yourself without reading this rather lengthy post, but I'll leave it all up here in case you want to know the exact configuration.

Since I use apt-cache to cut down on network traffic (http://verahill.blogspot.com/2012/01/debian-testing-64-wheezy-apt-cache.html) I don't feel too bad about surreptitiously putting a few additional units online.

This is my network:

internet ----- eth0 -Beryllium - eth2 --- switch----( eth0-tantalum, eth0-boron)

Or in words --  I have three computers. One, Beryllium, has two network cards, eth0 and eth1. eth0 is connected to the internet (dhcp). eth1 is connected to a gigabit switch (essentially a dumb router -- no dhcp). Two more computers are connect to the same switch -- Tantalum (eth0) and Boron (eth0). Tantalum has local ip address 192.168.1.102 and Boron has ip address 192.168.1.101.

I do have an additional ethernet card on Beryllium, eth1, which we will ignore.

This way of sharing an internet connection relies on firestarter, which has one problem -- it won't (easily) allow two network cards on the same local network i.e. if eth0 is connected to the internet and you want both eth1 and eth2 on the same local network, firestarter won't help you.

I also need to be able to ssh from any computer on the local network to any other computer on the local network. This method allows for that. Same goes for apt-cache and mpich.

To satisfy my paranoia I've replaced a lot of the more incriminating numbers with X's.


Firestarter:
Firestarter is a firewall -- you'd typically use it to restrict traffic, not enable it. But iptables -- the true firewall and traffic shaper of linux -- is a powerful and slightly odd beast, and firestarter provides a gui-friendly way of editing some aspects of it.

Install firestarter on your internet connected computer (here, beryllium):
sudo apt-get install firestarter

Start it:
sudo firestarter

Chances are it will ask you questions about internet connected network device -- which is eth0 -- and local network connected device -- here it's eth2. Also, check Enable internet connection sharing. If it doesn't ask you, go to Edit, Preferences and select Firewall -- Network Settings.

In my case I've set it up for static ip. I would suspect it to be fairly easy to set up dhcp as well.

I don't know how to put TWO network cards from the same computer on the same local network.

In the main firestarter windows, under policy, you might want to add the IP addresses of the computers on the local network under 'Allow connections from host' -- but that depends on your needs. I prefer to expose all ports in order to deal with mpich.

You may also want to edit what services are allowed. Firestarter is fairly simple to use.

Configuration: Beryllium
eth0 is connected to the internet, and is assigned an IP address by the university using dhcp.
eth2 is connect to the switch and I've manually set the IP address to 192.168.1.1 in network manager. You can edit the file (see below) directly.

The gateway for eth2 is set to 192.168.1.1. Subnet mask is 255.255.255.0 which shows up as 24 in the configuration file below (i.e. 192.168.1.1;24;192.168.1.2 would mean IP 192.168.1.1, subnet 255.255.255.0 and gateway 192.168.1.2)

sudo cat /etc/NetworkManager/system-connections/eth0

[802-3-ethernet]
duplex=full
mac-address=XX:XX:XX:XX:XX:XX
[connection]
id=eth0
uuid=XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX
type=802-3-ethernet
timestamp=1326324509
[ipv6]
method=auto
[ipv4]
method=auto

sudo cat /etc/NetworkManager/system-connections/eth2

[802-3-ethernet]

duplex=full
mac-address=XX:XX:XX:XX:XX:XX
[connection]
id=eth2
uuid=XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX
type=802-3-ethernet
timestamp=1326690564
[ipv6]
method=auto
[ipv4]
method=manual
addresses1=192.168.1.1;24;192.168.1.1;

Configuration: Tantalum
sudo cat /etc/NetworkManager/system-connections/eth0

[802-3-ethernet]
duplex=full
mac-address=XX:XX:XX:XX:XX:XX
[connection]
id=lan
uuid=XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX
type=802-3-ethernet
timestamp=1326152420
[ipv6]
method=auto
[ipv4]
method=manual
dns=XXX.XXX.1.99;
addresses1=192.168.1.102;24;192.168.1.1;

Configuration: Boron
sudo cat /etc/NetworkManager/system-connections/eth0

[802-3-ethernet]
duplex=full
mac-address=XX:XX:XX:XX:XX:XX
[connection]
id=lan
uuid=XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX
type=802-3-ethernet
timestamp=1326152420
[ipv6]
method=auto
[ipv4]
method=manual
dns=XXX.XXX.1.99;
addresses1=192.168.1.101;24;192.168.1.1;

Quick word on apt-cache:
If you follow this guide: http://verahill.blogspot.com/2012/01/debian-testing-64-wheezy-apt-cache.html
and you're running your apt-cache server on 192.168.1.1 in the example above, change your /etc/apt/sources.list so that

deb http://192.168.1.2:3142/ftp.au.debian.org/debian/ testing main contrib non-free

becomes

deb http://192.168.1.2:3142/ftp.au.debian.org/debian/ testing main contrib non-free

49. Gromacs -- hangs on multicore when doing normal mode analysis

Symptom:
when doing
mdrun -s nm.tpr -mtx nm.mtx -v -deffnm nm
on a system with 637 atoms you end up with:

...Finish step 636 out of 637

and it hangs there with all cores running at 100%

Reason:
For some reason the normal mode analysis of at least this particular system won't run on multiple cores.

Solution:
Use an mpi compiled version of mdrun (see previous posts on compiling _dd, _mpi and _ddmpi versions of gromacs) and force the use of ONE core.

mpd --ncpus=4 &
mpdrun -n 1 mdrun_mpi -s nm.tpr -mtx nm.mtx -v -deffm nm

works!

Confirmation
This was confimed by running it on four computers:
64 bit: a six core AMD 64 using a compiled version of gromacs. Hangs.
64 bit: a four core intel i5 using both the debian version and a compiled version of gromacs. Hangs.
64 bit: an older four core intel using a compiled version of gromacs. Hangs.
32 bit: an old single-core laptop using the debian version of gromacs. Works.

Next, three single-core virtual machines were set up -- a stable 32 bit, a testing 32 bit and a testing 64 bit machine, all with the debian version of gromacs (sudo apt-get install gromac). They all worked, as they only had a single core.

48. nvidia gt520 issues and solutions on debian testing

EDIT: see here for a Linux Mint Debian Edition take on the GT 520 nouveau issue -- http://community.linuxmint.com/tutorial/view/824

EDIT: Someone made a succinct how-to for nvidia driver installation on debian: http://blog.libremath.org/2012/04/07/debian-nvidia-quick-guide/ NOTE: site seems to be down.

--start here --
I recently bought an nvidia gt520 1 GB graphics card. To my surprise it turned out to be a bit of a pain to actually get it working properly.

Sadly, we don't always document all the steps when trying to get something to work, but here's roughly what I remember.

The problem:
I plugged the nvidia gt520 into the pci express slot, connected the vga cable to the vga socket on the new graphics card and started my computer. My setup autostarts gdm3. Everything went fine -- the boot messages were flashing by as per normal, then gdm3 started. And got stuck. I experience two different types of hanging  -- either just a black screen, or a black screen with a single cursor indicator (a single _ in the top left corner).

Logging in remotely (had ssh server running) and looking at top I could see that gdm3 was using up 50+% cpu power. Leaving the system for half an hour didn't allow for any progress.

Also, even when I did ctrl+alt+f1 to bring up tty1 I would be forcibly returned to tty7 over and over again. Trying to fix anything was thus difficult. After doing ctrl+alt+f1 a few times and being thrown around it would stop responding and strange symbols would appear on the screen when trying to use the keyboard.

One last piece of information: my onboard graphics is nvidia as well, but this probably isn't relevant.

Logging in remotely I tried using the excellent smxi / sgfxi scripts (http://smxi.org/) to install the proper graphics drivers. I tried nouveau, debian-nvidia and nvidia-current . I also tried just deleting /etc/X11/xorg.conf and hoping for the best

Diagnosis:
First I made sure gmd wasn't starting anymore so that the computer wouldn't hang and I'd be able to work in peace:
sudo vim /etc/default/grub

CMD_LINUX_DEFAULT="quiet splash"

was changed to

CMD_LINUX_DEFAULT="quiet splash text"

(there may be other things on the same line -- just add text)

Then to make the changes take effect,
sudo update-grub
and reboot

Second I tried unloading any modules

sudo rmmod nouveau
sudo rmmod nvidia

I edited /etc/modules and commented out nvidia, and made sure nouveau was there. I also edited etc/modprobe.d/nvidia-kernel-common.conf and commented out blacklist nouveau.

I then tried installing the nouveu driver a last time
sudo sgfxi -N nouveau
and rebooted
After the reboot had completed dmesg| grep nouv gave me the clue I needed -- the drivers had failed to load! I don't remember what the exact message was, but it was all about failure.


Solution:
(also see first post below)

I removed the xorg.conf
sudo rm /etc/X11/xorg.conf
then
startx
The desktop started! But I found myself in fallback mode -- the graphics acceleration obviously wasn't working -- but that wasn't a surprise since the drivers had failed to load.

I then ran
sudo rmmod nouveau
sudo apt-get install nvidia-kernel-dkms nvidia-settings nvidia-smi nvidia-xconfig
sudo nvidia-xconfig
startx

It worked!

My autogenerated /etc/modprobe.d/nvidia-kernel-common.conf now looks like this again:
alias char-major-195* nvidia

options nvidia NVreg_DeviceFileUID=0 NVreg_DeviceFileGID=44 NVreg_DeviceFileMode=0660
# To enable FastWrites and Sidebus addressing, uncomment these lines
# options nvidia NVreg_EnableAGPSBA=1
# options nvidia NVreg_EnableAGPFW=1

# see #580894
blacklist nouveau

Remember to remove any mention of nouveau in /etc/modules.

You can change your /etc/default/grub back to the way it was again to make gdm start again every time.

Edit: Reading between the lines it seems that Squeeze may not have the proper drivers available for GT520 -- binary installation using smxi might be a good idea in that case: http://forums.debian.net/viewtopic.php?f=17&t=72876

Lengthy output follows:

Here's dmesg | grep nvidia

###############################
[    7.192358] nvidia: module license 'NVIDIA' taints kernel.
[    7.278115] nvidia 0000:02:00.0: PCI INT A -> Link[LNED] -> GSI 18 (level, low) -> IRQ 18
[    7.278122] nvidia 0000:02:00.0: setting latency timer to 64

###############################

Here's lspci -vvnn

###############################

02:00.0 VGA compatible controller [0300]: nVidia Corporation GF119 [GeForce GT 520] [10de:1040] (rev a1) (prog-if 00 [VGA controller])
Subsystem: Giga-byte Technology Device [1458:3520]
Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B- DisINTx-
Status: Cap+ 66MHz- UDF- FastB2B- ParErr- DEVSEL=fast >TAbort- <TAbort- <MAbort- >SERR- <PERR- INTx-
Latency: 0
Interrupt: pin A routed to IRQ 18
Region 0: Memory at df000000 (32-bit, non-prefetchable) [size=16M]
Region 1: Memory at d0000000 (64-bit, prefetchable) [size=128M]
Region 3: Memory at dc000000 (64-bit, prefetchable) [size=32M]
Region 5: I/O ports at ec00 [size=128]
[virtual] Expansion ROM at def80000 [disabled] [size=512K]
Capabilities: <access denied>
Kernel driver in use: nvidia

###############################

Here's lshw -C display (run as user)
###############################
WARNING: you should run this program as super-user.

  *-display            
       description: VGA compatible controller
       product: GF119 [GeForce GT 520]
       vendor: nVidia Corporation
       physical id: 0
       bus info: pci@0000:02:00.0
       version: a1
       width: 64 bits
       clock: 33MHz
       capabilities: vga_controller bus_master cap_list rom
       configuration: driver=nvidia latency=0
       resources: irq:18 memory:df000000-dfffffff memory:d0000000-d7ffffff memory:dc000000-ddffffff ioport:ec00(size=128) memory:def80000-deffffff
WARNING: output may be incomplete or inaccurate, you should run this program as super-user.

###############################

And here's the xorg.conf:

###############################

# nvidia-xconfig: X configuration file generated by nvidia-xconfig
# nvidia-xconfig:  version 290.10  (pbuilder@cake)  Wed Nov 23 11:33:47 UTC 2011

Section "ServerLayout"
    Identifier     "Layout0"
    Screen      0  "Screen0"
    InputDevice    "Keyboard0" "CoreKeyboard"
    InputDevice    "Mouse0" "CorePointer"
EndSection

Section "Files"
EndSection

Section "InputDevice"
    # generated from default
    Identifier     "Mouse0"
    Driver         "mouse"
    Option         "Protocol" "auto"
    Option         "Device" "/dev/psaux"
    Option         "Emulate3Buttons" "no"
    Option         "ZAxisMapping" "4 5"
EndSection

Section "InputDevice"
    # generated from default
    Identifier     "Keyboard0"
    Driver         "kbd"
EndSection

Section "Monitor"
    Identifier     "Monitor0"
    VendorName     "Unknown"
    ModelName      "Unknown"
    HorizSync       28.0 - 33.0
    VertRefresh     43.0 - 72.0
    Option         "DPMS"
EndSection

Section "Device"
    Identifier     "Device0"
    Driver         "nvidia"
    VendorName     "NVIDIA Corporation"
EndSection

Section "Screen"
    Identifier     "Screen0"
    Device         "Device0"
    Monitor        "Monitor0"
    DefaultDepth    24
    SubSection     "Display"
        Depth       24
    EndSubS

###############################

---

Links to this page:
http://community.linuxmint.com/tutorial/view/824