Thursday, August 25, 2011

Transfer Files from Linux to a Samsung Tab 10.1v

There are instances that Samsung won't mount automatically there is a couple of fixes out there but this one works fine with my setup. I am using a Mint Linux

Works on 32bit and 64bit Linux. Just a quick guide on how to configure Linux for file transfers using MTP. The instructions and config is intended for Ubuntu Natty 32bit and 64bit, though the same process will work on other platforms – the only real difference being the package manager commands and possibly the config file locations.

The attached files are for the Galaxy Tab 10.1v but should work for the 10.1g / 10.1 as well. See the end of the post to learn how to modify this config to work for other devices.

How to configure for gMTP and other Media Sync tools

1) Install aptitude

sudo apt-get install aptitude

2) Install mtp-tools and mtpfs

sudo aptitude install mtpfs mtp-tools

3) Download this file: for 32bit Linux or for 64bit Linux to your desktop.

4) Extract the 98-gtab.rules file to your desktop

5) Copy the rules file to /etc/udev/rules.d/

sudo cp ~/Desktop/98-gtab.rules /etc/udev/rules.d

6) Reboot

7) Connect your Tab

8) Run the following command to confirm it is working:

ls /dev | grep gtab

This command should return “gtab” if successful. If not, follow the “Modifying” guide below.

9) Download / install gMTP

sudo apt-get install gmtp

10) Open gMTP and select “connect” from the menu

Setting up for Automount (Optional, but recommended)

Before follow these instructions, you must have completed Steps 1-8 above.

1) Edit your fstab file to add your gtab:

sudo gedit /etc/fstab

2) Add this to the end of the file:


mtpfs /media/gtab fuse user,noauto,allow_other 0 0

3) Save and exit

4) Open fuse.conf for editing:

sudo gedit /etc/fuse.conf

5) Find the following line and remove the #


6) Save and exit

7) Open and edit the groups file:

sudo gedit /etc/group

8) Find the details for the group ‘fuse’ and append your username to the end of the line eg.


9) Save and exit

10) Create the folder to mount your Tab:

sudo mkdir /media/gtab

11) Take ownership of the folder:

sudo chown :users /media/gtab

12) Reboot

13) Plug in your Tab.

14) Click on the Places menu and click gtab.

15) You’re in business!

Modifying for other devices

If the above doesn’t work immediately on the 10.1g / 10.1 (I have only tested on the 10.1v), you can easily edit the rules file to support your device.

1) Install lsusb

sudo apt-get install lsusb

2) Run lsusb


3) Check the output of this command to find your device. The 10.1v is shown like this:

Bus 001 Device 010: ID 04e8:6860 Samsung Electronics Co., Ltd

4) Make a note of the Vendor and Product IDs. In the example above, the vendor ID is 04e8 and device ID is 6860 (note 04e8:6860 in the output).

5) Open the rules file for editing (if it’s not already in /etc/udev/rules.d, copy it there now)

sudo gedit /etc/udev/rules.d/98-gtab.rules

6) Find this line

ATTRS{idVendor}==”04e8″, ATTRS{idProduct}==”6860″, MODE=”0666″ SYMLINK+=”gtab”

7) Replace the Vendor ID (04e8) and Product ID (6860) with the ones that you got from step 3 above.

8) Save and exit

9) Reboot

10) Follow step 7 onward in the first guide above


ACTION!=”add”, GOTO=”gtab_rules_end”
SUBSYSTEM!=”usb|usb_device”, GOTO=”gtab_usb_end”

ATTRS{idVendor}==”04e8″, ATTRS{idProduct}==”6860″, MODE=”0666″ SYMLINK+=”gtab”




ACTION!=”add”, GOTO=”gtab_rules_end”
SUBSYSTEM!=”usb|usb_device”, GOTO=”gtab_usb_end”

ATTRS{idVendor}==”04e8″, ATTRS{idProduct}==”6860″, MODE=”0777″ SYMLINK+=”gtab”



Tuesday, August 23, 2011

Additional Datastores for your ESXi 4.1 server via NFS running on CentOS 6

I've recently run out of storage for creation of new instances of servers to our test environment and the IBM 300X series has maxed out. What I did was introduce an NFS drive and mount it on EXSi using vSphere client running on Windows. There are a couple of chores to do first before you can perform this. In my case, I have a spare server running on CentOS 6 with enough SATA/ports to get the job done. So basically, the idea was to prep a new hardrive and configure it to be used as an NFS drive. Lets get down to the details.

First make a directory to place the NFS export mount and assign permissions. Also open up write permissions on this directory if you’d like anyone to be able to write to it, be careful with this as there are security implications and anyone will be able to write that mounts the share:

# mkdir /nfs
# chmod a+w /nfs

Now we need to install the NFS server packages. We will include a package named “rpcbind”, which is apparently a newly named/implementation of the “portmap” service. Note that “rpcbind” may not be required to be running if you are going to use NFSv4 only, but it is a dependency to install “nfs-utils” package.

# yum -y install nfs-utils rpcbind

Verify that the required services are configured to start, “rpcbind” and “nfslock” should be on by default anyhow:

# chkconfig nfs on
# chkconfig rpcbind on
# chkconfig nfslock on

Configure APF Firewall for NFS

Rather than disabling the firewall it is a good idea to configure NFS to work with APF for (iptables). For NFSv3/v4 we need to lock several daemons related to rpcbind/portmap to statically assigned ports. We will then specify these ports to be made available in the INPUT chain for inbound traffic. Fortunately for NFSv4 this is greatly simplified and in a basic configuration TCP 2049 should be the only inbound port required.

First edit the “/etc/sysconfig/nfs” file and uncomment these directives. You can customize the ports if you wish but I will stick with the defaults:

# vi /etc/sysconfig/nfs


We now need to modify the APF firewall configuration to allow access to the NFS ports. For simplicity I did not use “iptables” command and insert the appropriate rules, in my case I am using APF to get the iptables done.

# vi /etc/apf/conf.apf and look for the:
IG_TCP_CPORTS="111,662,875,892,2049,32803" <-- add="" also="" and="" br="" ig_udp_cports="111,662,875,892,2049,32769" look="" ports="" section="" the="" these="" to="" udp="">

Now save the APF configuration to the config file so it will apply when APF is restarted:

# service apf restart

Now we need to edit “/etc/exports” and add the path to publish in NFS. In this example I will make the NFS export available to clients on the subnet. I will also allow read/write access, specify synchronous writing, and allow root access. Asynchronous writes are supposed to be safe in NFSv3 and would allow for higher performance if you desire. The root access is potentially a security risk but AFAIK it is necessary with VMware ESXi.

# vi /etc/exports


Configure SELinux for NFS Export

Rather than disable SELinux it is a good idea to configure it to allow remote clients to access files that are exported via NFS share. This is fairly simple and involves setting the SELinux boolean value using the “setsebool” utility. In this example we’ll use the “read/write” boolean but we can also use “nfs_export_all_ro” to allow NFS exports read-only and “use_nfs_home_dirs” to allow home directories to be exported.

# setsebool -P nfs_export_all_rw 1

Now we will start the NFS services:

# service rpcbind start
# service nfs start
# service nfslock start

If at any point you add or remove directory exports with NFS in the “/etc/exports” file, run “exportfs” to change the export table:

# exportfs -a

Implement TCP Wrappers for Greater Security

TCP Wrappers can allow us greater scrutiny in allowing hosts to access certain listening daemons on the NFS server other than using iptables alone. Keep in mind TCP Wrappers will parse first through “hosts.allow” then “hosts.deny” and the first match will be used to determine access. If there is no match in either file, access will be permitted.

Append a rule with a subnet or domain name appropriate for your environment to restrict allowable access. Domain names are implemented with a preceding period, such as “” without the quotations. The subnet can also be specified like “192.168.10.” if desired instead of including the netmask.

vi /etc/hosts.allow


Append these directives to the “hosts.deny” file to deny access from all other domains or networks:

vi /etc/hosts.deny


And that should just about do it. No restarts should be necessary to apply the TCP Wrappers configuration. I was able to connect with both my Ubuntu NFSv4 and VMware ESXi NFSv3 clients without issues. If you’d like to check activity and see the different NFS versions running simply type:

# watch -n 1 "nfsstat" 

If you encounter errors while attaching/adding the new NFS resource to your ESXi host via vCenter do the following steps:

1. Ensure that you check the "setup" command and un-tick the enable Firewall option and save.
2. Edit the /etc/selinux/config file and do the changes on the line SELINUX=enforcing and change it to SELINUX=disable, save and close.
3. Reload -- rpcbind, nfslock and nfs services.

Try again and cheers!!!

Tuesday, August 16, 2011

Force Apache2 to Redirect All Inbound Traffic to SSL

In this post, I will make another good attribution from a very good post from the net. Configuring apache2 to force redirection of http to https traffic.

Apache2: Forcing All Inbound Traffic to SSL

So, you have an Apache 2 web server and you have decided that you want to force all inbound traffic to be encrypted via HTTPS (port 443) instead of HTTP (port 80). This method actually “dumbs down” the connection so the average user can’t inadvertently negotiate your web site without encrypting their traffic.

My web server of choice is Apache2, running on a Linux Operating System. Preferably Debian but we’ll discuss an option for Red Hat Enterprise Linux 4 (RHEL-4). That being said, you need Apache installed and running on Linux. You also need the Apache module “” installed and an encryption key generated for your server.

In the following snippet of .conf file we will first load mod_rewrite and then redirect all inbound port 80 traffic to port 443.

Add the following code section to your httpd.conf down around line #220, right after the big “load modules” section.

Be aware that “#’s” indicate a comment line in the .conf file and are ignored by Apache2.

#### This is intended to force HTTPS ####
#### for all inbound HTTP requests ####

# This module (mod_rewrite) simply tells Apache2 that all connections to
# port 80 need to go to port 443 – SSL – No exceptions

LoadModule rewrite_module modules/

RewriteEngine on

# The line below sets the rewrite condition for
# That is, if the server port does not equal 443, then this condition is true

ReWriteCond %{SERVER_PORT} !^443$

# The line below is the rule, it states that if above condition is true,
# and the request can be any url, then redirect everything to https:// plus
# the original url that was requested.

RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 [NC,R,L]


Add the code to httpd.conf and restart Apache2, check your logs for errors to ensure a clean startup and connect to your server on port 80. It should be instantly redirected to 443.

Alternatively, on RHEL4, you can add the code above into a file (you create) called mod_rewrite.conf in the /conf.d directory (/conf.d/mod_rewrite.conf).

Note the “XXX” marks in my comments, I make a habit to “tag” any configuration files I edit on a linux server so when I come back to it later i can find my edits easily. Your initials work well for this and helps identify which admin makes the change.


Thursday, August 11, 2011

Convert Matroska file formats to Avi

In this post we will dig into a simple linux command line tool which can help you convert your Mastroska file formats into .avi files:

ffmpeg -i harry_potter_sorcerer_stone.mkv -target vcd harry_potter_sorcerrer_stone.avi

Depending on the size of the file it usually takes an hour or hour and half to convert one video into an .avi file. Cheers!!!