I’m the happay owner of a Huawei E1750 modem and it is real easy to get it running in Ubuntu. This guide will probably work with many other 3G USB modems.

Just type from the command line:

sudo apt-get install usb-modeswitch

Plug in the modem

Go to the Network manager and enter your Mobile Broadband credentials and now it works!

Background

I was with my geekfriends at a ski resort and I managed to get an Internet connection using a cellphone. Of course I wanted to share it with my friends. As geeks we brought a switch and a couple of ethernetcables.

Solution

Using this script on a Ubuntu 9.10 I managed to share my connection:

sudo ifconfig eth0 10.8.16.1
sudo sysctl -w net.ipv4.ip_forward=1
sudo sysctl -w net.ipv4.conf.default.forwarding=1
sudo sysctl -w net.ipv4.conf.all.forwarding=1
sudo iptables -P FORWARD ACCEPT
sudo iptables --table nat -A POSTROUTING -o ppp0 -j MASQUERADE

Conmnect everymachine with the switch and the clients just needed to use a 10.0.0.0/8 network adress and add 10.8.16.1 as default gateway and it works!

After some Google search and reading of man pages I finally get it working.

My setup is a Nokia E52 and a IBM T60 laptop running Ubuntu 9.10. I have tested it with a Ericsson P1i and a Dell D630 aswell and I think the guidlines below will work with many other setups. One exception is probably iPhone

From a bash shell run:

peter@svarten:~$ sdptool search DUN
Inquiring ...
Searching for DUN on A8:7E:33:20:40:0F ...
Service Name: Dial-Up Networking
Service RecHandle: 0x10030
Service Class ID List:
  "Dialup Networking" (0x1103)
Protocol Descriptor List:
  "L2CAP" (0x0100)
  "RFCOMM" (0x0003)
    Channel: 5
Language Base Attr List:
  code_ISO639: 0x454e
  encoding:    0x6a
  base_offset: 0x100
Profile Descriptor List:
  "Dialup Networking" (0x1103)
    Version: 0x0100

peter@svarten:~$ sudo rfcomm connect 1 A8:7E:33:20:40:0F 5
[sudo] password for peter:
Connected /dev/rfcomm1 to A8:7E:33:20:40:0F on channel 5
Press CTRL-C for hangup

Now my phone asks if I accept the connection and I choose "yes".

And now the networkmanager has a new "Mobile Broadband connection". Just choose your operator and it will work.

I use MythTV quite frequently and noticed that it is instable when using sasc-ng as a decoder to decrypt encrypted DVB-T channels. So approximatly every third day the MythTVbackend server stops and need to be started again. I have wriiten an earlier article about howto monitor MythTV with Nagios or op5 Monitor so I get noticed that it has stopped. But I need to manually start it again. This article describe howto make Nagios or op5 Monitor to start a stopped MythTVbackend. It can be used for starting almost any service.

I have used the examples provided by Ethan at Nagios official documentation describing eventhandlers.

Normally it is not recommended to let a tool like Nagios or op5 Monitor start a service that has stopped, because it is probably a reason why the service has stopped and the correct procedure is to fix the root cause of the problem, not the symptom.

The MythTV backend runs on one machine called lala (after a character in Teletubbies) which is not the same as the Nagios or op5 Monitor server. I use nrpe to run the start script i.e.

 /etc/init.d/mythtv-backend start

There is several options here but I already setup the nrpe agent and it is simple to make Nagios or op5 Monitor to use nrpe to run a script.

Implementation

I used the script I found at Nagios documentation about eventhandlers as a base and modiied it slightly.

At my op5 Monitor machine

/opt/plugins/custom/restart-mythtv-lala.sh

#!/bin/sh
#
# Event handler script for restarting the mythTVbackend server on lala
#
# Note: This script will only restart the mythtvbackend if the service is
#       retried 2 times (in a "soft" state) or if the service somehow
#       manages to fall into a "hard" error state.
#

# What state is the mythbackend service in?
case "$1" in
OK)
	# The service just came back up, so don't do anything...
	;;
WARNING)
	# We don't really care about warning states, since the service is probably still running...
	;;
UNKNOWN)
	# We don't know what might be causing an unknown error, so don't do anything...
	;;
CRITICAL)
	# Aha!  The HTTP service appears to have a problem - perhaps we should restart the server...

	# Is this a "soft" or a "hard" state?
	case "$2" in

	# We're in a "soft" state, meaning that Nagios is in the middle of retrying the
	# check before it turns into a "hard" state and contacts get notified...
	SOFT)

		# What check attempt are we on?  We don't want to restart the web server on the first
		# check, because it may just be a fluke!
		case "$3" in

		# Wait until the check has been tried 3 times before restarting the web server.
		# If the check fails on the 4th time (after we restart the web server), the state
		# type will turn to "hard" and contacts will be notified of the problem.
		# Hopefully this will restart the web server successfully, so the 4th check will
		# result in a "soft" recovery.  If that happens no one gets notified because we
		# fixed the problem!
		2)
			echo "`date` Restarting mythtv service (2rd soft critical state)..." >> /tmp/mythtvstart
			# Call the init script to restart the mythbackend server
			#/etc/rc.d/init.d/httpd restart
			#date >> /tmp/mythtvstart
			/opt/plugins/check_nrpe -H lala -c start_mythtvbackend
			;;
			esac
		;;

	# The mythtvbackend service somehow managed to turn into a hard error without getting fixed.
	# It should have been restarted by the code above, but for some reason it didn't.
	# Let's give it one last try, shall we?
	# Note: Contacts have already been notified of a problem with the service at this
	# point (unless you disabled notifications for this service)
	HARD)
		echo "`date` Restarting mythtv service (hard state)..." >> /tmp/mythtvstart
		# Call the init script to restart the HTTPD server
		#/etc/rc.d/init.d/httpd restart
		#date >> /tmp/mythtvstart
		/opt/plugins/check_nrpe -H lala -c start_mythtvbackend
		;;
	esac
	;;
esac
exit 0

/opt/monitor/misccomands.cfg

# command 'restart-mythtv-lala'
define command{
    command_name                   restart-mythtv-lala
    command_line                   /opt/plugins/custom/start-mythtv-lala.sh $SERVICESTATE$ $SERVICESTATETYPE$ $SERVICEATTEMPT$
    }

/opt/monitor/etc/services.cfg

# service 'Mythbackend'
define service{
    use                            default-service
    host_name                      lala
    service_description            Mythbackend
    check_command                  check_tcp!6543
    servicegroups                  MythTV,it-slav
    event_handler                  restart-mythtv-lala!$SERVICESTATE$ $SERVICESTATETYPE$ $SERVICEATTEMPT$
    contact_groups                 it-slav_sms,it-slav_jabber,it_slav_mail
    }

At my mythbackend machine lala

/etc/nrpe.d/mycommands.cfg
command[start_mythtvbackend]=/usr/bin/sudo /etc/init.d/mythtv-backend start

/etc/sudoers
nobody ALL= (root) NOPASSWD:/etc/init.d/mythtv-backend start

Test

I stopped the mythtvbackend by running:

peter@lala:/etc/nrpe.d$ date
Mon Jun 15 20:40:55 CEST 2009
peter@lala:/etc/nrpe.d$ sudo /etc/init.d/mythtv-backend stop
 * Stopping MythTV server: mythbackend

And run

[root@op5 ~]# tail -f /tmp/mythtvstart
Mon Jun 15 20:47:09 CEST 2009 Restarting mythtv service (2rd soft critical state)...

YES it works!

Links:

• op5 Monitor a Nagios based supported enterprise Monitoring software.
• MythTV a free OpenSource Digital Video Recorder
• Nagios Open Source Monitoring

This is a typical log message in /var/log/authlog

Feb  9 20:15:49 pedro sshd[30934]: Failed password for root from 67.205.85.119 port 35603 ssh2
Feb  9 20:15:49 pedro sshd[2656]: Received disconnect from 67.205.85.119: 11: Bye Bye
Feb  9 20:15:51 pedro sshd[15299]: Failed password for root from 67.205.85.119 port 35753 ssh2
Feb  9 20:15:51 pedro sshd[15791]: Received disconnect from 67.205.85.119: 11: Bye Bye
Feb  9 20:15:53 pedro sshd[9043]: Failed password for root from 67.205.85.119 port 35882 ssh2
Feb  9 20:15:53 pedro sshd[31484]: Received disconnect from 67.205.85.119: 11: Bye Bye
Feb  9 20:15:54 pedro sshd[27717]: Failed password for root from 67.205.85.119 port 36030 ssh2
Feb  9 20:15:55 pedro sshd[30185]: Received disconnect from 67.205.85.119: 11: Bye Bye
Feb  9 20:15:56 pedro sshd[27718]: Failed password for root from 67.205.85.119 port 36164 ssh2
Feb  9 20:15:56 pedro sshd[28005]: Received disconnect from 67.205.85.119: 11: Bye Bye
Feb  9 20:15:58 pedro sshd[30648]: Failed password for root from 67.205.85.119 port 36314 ssh2
Feb  9 20:15:58 pedro sshd[21087]: Received disconnect from 67.205.85.119: 11: Bye Bye

Of course this is a script kiddie that tries to break into my firewall just because it answers on port 22 and it is annoying. One way of make it a little harder to break in is by let the packetfilter drop all packages that comes from an ip-address that did this.

This one way of doing it.

Create a pf blacklist /etc/pf.conf

–snipp–

table <ssh_blacklist> persist file "/var/pf/ssh_blacklist"
...

block in quick log on $ext_if from <ssh_blacklist> to any

–snipp–

Create a script that detects failed ssh breakin attempts and updates the blacklist

root@pedro:/var/log# cat /root/scripts/blockbadssh.sh
#!/bin/sh
logger "Check for bad ssh behavior"
PATH=/bin:/usr/bin
BL=/var/pf/ssh_blacklist
TEMPFILE=$(mktemp /tmp/bl_XXXXXX) || exit 1
TEMPFILE2=$(mktemp /tmp/bl2_XXXXXX) || exit 1

#cp $BL $TEMPFILE
grep "Invalid user" /var/log/authlog | awk '{print $10}' | sort | uniq > $TEMPFILE2
grep "Failed password for invalid" /var/log/authlog | awk '{print $13}' | sort | uniq  >> $TEMPFILE2
grep "Failed password for root" /var/log/authlog | awk '{print $11}' | sort | uniq  >> $TEMPFILE2

sort $TEMPFILE2 |uniq > $TEMPFILE
#echo "Nu är TEMPFILE"
#cat $TEMPFILE

#cat $BL >> $TEMPFILE
for i in `cat $TEMPFILE`
do
  grep $i $BL>/dev/null
  if [ "$?" == "1" ]
  then
    logger "Added $i to ssh-blacklist"
    echo "Added $i to ssh-blacklist"
  fi
done

cat $BL >> $TEMPFILE
sort $TEMPFILE | uniq > $BL

rm $TEMPFILE
rm $TEMPFILE2

/sbin/pfctl -t ssh_blacklist -Treplace -f $BL 2>&1 | grep -v "no changes"

Make it run every minute

root@pedro:/var/log# crontab -l 

*     *       *       *       *       /root/scripts/blockbadssh.sh

I know this is a dirty way of doing it and it is a good idea to have another pf rule that accept traffic from well known hosts so you do not get blocked because you failed a login.

In my case the backup script is started on another host then op5 Monitor or Nagios server, so I also will need a way of sending the data from the passive check over the network, the recommended way is to use nsca. Read the theory at http://nagios.sourceforge.net/docs/3_0/addons.html#nsca

In my op5 Monitor system the nsca daemon to recieve nsca information was installed so I only had to start it:

/etc/init.d/nsca start

This is the steps I did to install it on the client:

1. Download nsca from here.

2. Untar and compile nsca

3. Create a ncsa config file i.e. send_nsca.cfg

encryption_method=0

Now the data will be transmitted unencrypted over the network, this might not be what you want. Make sure that the corresponding nsca config file on the Nagios or op5 Monitor host has the same encryption method.

4. Create a passive check for testing.

# service 'Passive check test'

define service{

    use                            default-service

    host_name                      dull

    service_description            Passive check test

    check_command                  check_dummy!3 "No Data from passive check"

    max_check_attempts             1

    active_checks_enabled          0

    check_freshness                1

    freshness_threshold            300

    flap_detection_options         n

    contact_groups                 it-slav_mail,call_it-slav,it-slav_msn

    stalking_options               n

    }

Explanation:

The check_dummy command will be run if no passive check has been recieved within 5 minutes (300 seconds).

4. test

-First test, wait 5 minutes and your service "Passive check test" should be in status UNKNOWN

-Second test, create a file passive_file_test_critical (the separator is TAB):

dull    Passive check test      2       CRITICAL:test critical

run command:

send_nsca -H nagios_host  -c  send_nsca.cfg < passive_check_data_critical

and the status should change to CRITICAL

-Third test, create a file passive_check_data_ok (the separator is TAB):

dull    Passive check test      0       OK: test ok

Run the command

send_nsca -H  nagios_host -c  send_nsca.cfg < passive_check_data_ok

And the status should change to OK

Now you can set the status of a Nagios or op5 Monitor service by using commands that can be used in scripts. I will in a later article describe how I use it in my MySQL backup script.

Links:

• NSCA
• Nagios passive check theory
• op5 Monitor
• An article about monitor automysqlbackup with passive checks

Troubleshooting hint:

If it does not work, a good hint is to take a look into nagios.log

It is a shell script that has very modest requirements list:

• mysqldump, included in mysql client
• gzip or bzip2 if you want it compressed.
• mail if you want the status of the script to be emailed.

Features:

• Backup mutiple MySQL databases with one script. (Now able to backup ALL databases on a server easily. no longer need to specify each database seperately)
• Backup all databases to a single backup file or to a seperate directory and file for each database.
• Automatically compress the backup files to save disk space using either gzip or bzip2 compression.
• Can backup remote MySQL servers to a central server.
• Runs automatically using cron or can be run manually.
• Can e-mail the backup log to any specified e-mail address instead of “root”. (Great for hosted websites and databases).
• Can email the compressed database backup files to the specified email address.
• Can specify maximun size backup to email.
• Can be set to run PRE and POST backup commands.
• Choose which day of the week to run weekly backups.

Download it, modify some parameters and put in /etc/cron.daily and now your database is backuped.

The script looks in /etc/fstab and compares it with the file systems mounted. If anything is missing, return CRITICAL and the name of the missed mountpoint. The script does not check that some system file systems are mounted i.e. /proc

I have uploaded this script to nagios exchange.

#!/bin/sh
#By peter@it-slav.net
#GPLv2

RESULT=0
TMPFILE=`mktemp /tmp/mount.XXXXXXXXXX`
FSTABMOUNTS=`grep -e '^#' -v /etc/fstab|grep -v  tmpfs |grep -v devpts|grep -v sysfs|grep -v proc|grep -v swap| awk '{print $2}'`
for i in $FSTABMOUNTS
do
        mountpoint $i > /dev/null
        if [ $? != "0" ]
        then
                echo -n "$i " >>$TMPFILE
                RESULT=2
        fi

done
#echo $RESULT
if [ $RESULT != "0" ]
then
        echo "is not mounted" >> $TMPFILE
        echo -n "CRITICAL: "
        cat $TMPFILE
else
        echo "OK: All disks mounted"
fi
rm $TMPFILE
exit $RESULT

Links:

• check_mounts.sh at Nagiosexchange
• op5 Monitor
• My other blog about the problems when I did a kernel upgrade