Linux Czar

Well, my Dell 1950 isn’t printing out “Bad PBR signature.” anymore. I figured out how to fix the below error and how to recreate it, fix it again. There seems to be some issue with Grub involving the device mappings. While the device mappings that Anaconda wrote to disk look fine, something isn’t right.

I’ve been using my Grub CD to boot the machine and attempt to correct the Grub installation issues. Also the Grub CD is handy to boot the system by using the ‘configfile’ option. Once booted into the system proper I started up a Grub shell and ran the following:

device (hd0) /dev/sdaroot (hd0,0)setup (hd0)device (hd0) /dev/sdbroot (hd0,0setup (hd0)

The last 3 lines are for my RAID 1 configuration for /boot. I rebooted and the box booted up like a champ. When I boot of my Grub CD and reinstall Grub to the MBR I get the old non-bootable behavior. Its strange. I wonder what’s going on…

Some references:

• Post to anaconda-devel
• Article on why you should raid not only your data disks but your system disk too

I was smiling as my new Dell 1950 server installed. A replacement web server, its configuration is more complex than most things. It installed beautifully via the automated installation process. How system administration should work. Then came its first boot. It printed ” Bad PBR signature” and stopped.

Looks like this appears to be something with the MBR on the drives that I’m attempting to setup in a RAID 1. So, let’s re-install Grub per the suggestions I got off of IRC. I did. I keep a Grub boot CD handy. No matter how I installed grub the machine wouldn’t boot. I never saw the above message again, but instead received clutter, random bits of what must have been the Dell utility partition, or “Grub loading stage 1.5″ over and over and over.

Alas…nothing can ever be easy and simple. I could have gotten something done.

Hmmm…you know, I’ve had complaints from folks installing RHEL 4.4 on a RAID 1 system and having Grub problems. I chalked it up to BIOS issues or not understanding what’s going on. But, perhaps there is more to Bug 217176.

I run ftp.linux.ncsu.edu which is a FTP/HTTP mirror of Fedora, CentOS, and other things I find useful. Apparently, my HTTP side has been “discovered.” The pages day in and day out telling me my server was down quickly became annoying. Especially as this was not the server being down put being DoS’d by your average download accelerator. Like the FTP side I wanted to limit the mount of connections each IP could have so the next time I got out grep I wouldn’t find on IP connected 63 times to download an ISO.

Apache itself doesn’t do this without 3rd party modules. Looking more closely at my RHEL 3 server I find that the IPTables tool has the ‘iplimit’ module but the kernel isn’t built with that module. The kernel is built with the ‘recent’ NetFilter module, however the IPTables tool is not. Good grief, Red Hat. (I also noted that RHEL 4’s IPTables have the ‘connlimit’ module but that kernel does not have the matching module either.)

I decided to use the NetFilter tools and grabbed the IPTables source RPM from RHEL 4, rebuilt, and installed that on my server. Now, I can use the ‘recent’ match. I typed in the following rules:

1. iptables -A INPUT -p tcp –dport 80 –tcp-flags FIN FIN -m recent –name httpusers –remove -j ACCEPT
2. iptables -A INPUT -p tcp –dport 80 –syn -m recent –name httpusers –rcheck –seconds 120 –hitcount 5 -j REJECT
3. iptables -A INPUT -p tcp –dport 80 –syn -m recent –name httpusers –set -j ACCEPT

These rules are very order specific. The first rule checks to see if a HTTP connection is closing and removes the IP from the list. The second rule checks to see if this is a new connection to the http port and looks to see if there are 5 other recorded SYN packets from this IP in the last 120 seconds. If this matches (more than 5 connections) the packet is rejected and the user informed with an ICMP packet. Finally, all new connections are recorded in the IP list.

Is this perfect? Far from it. I’d really like to have the ‘conntrack’ module built for the kernel to do this right. If one connection closes in the above example the connection counter is reset to 0. However, this should level the playing field against those script kiddies.