Saturday, June 2, 2012

Mapped IP configuration on Netscreen



         I'm going to talking about MIP feature on Nescreen via a sample network design. This network uses private addresses in the Internal Side and has got public addresses to use external side. The network structure is shown below,


         As shown on network design, we have a computer which has got 172.16.100.11 ip address and we want to map it to 21x.xxx.xx.236 public IP address. What we want is shown below:

         When computer sends any request to public Internet side, devices which are located on Internet side will see it as 21x.xxx.xx.236 and when a request is sent from Internet to 21x.xxx.xx.236 IP address, FW redirects it to 172.16.100.11 IP address. So 172.16.100.11 means 21x.xxx.xx.236 and 21x.xxx.xx.236 means 172.16.100.11.

We will set MIP configuration on Netscreen for this purpose.

(The external side is defined as Internet zone and the internal network is defined as system zone on firewall before. Following configurations are illustrating as that zone names)

         First of all, 21x.xxx.xx.236 is an IP address which is located in the segment between FW and Main router. This segment is not behind of a firewall, conversely, front of the firewall. The firewall should be taken on itself like a sub-interface. Anyway we have to see 21x.xxx.xx.236 IP address in the main router ARP Table with a MAC address which is got from firewall. Otherwise, packages which contains 21x.xxx.xx.236 in the destination field is not able to arrive to target. I will explain this background info at the end of this article. Let's continue to configuration.

1)
         Select “Interfaces” item on the menu which is located on left side of the netscreen configuration web-interface.


2) 
         When Interfaces item is clicked, we can see a page as shown below on the right side of page.


3)
         Clicking to Edit link which is marked on above picture. When It is clicked, following page will be opened.


4)
         Clicking to MIP link, this page is listing already created MIPs.


5)
         Clicking to New button on the right side.


6)
         When clicking to OK and check MIP list again, we will see our configuration on the MIP list,



7)
         Right now, Mapped IP configuration is done. But we have to create the policy to permit traffic. It should have both directions. The following one is about Internet to system direction.


         When you are clicking to policies under the policy menu, you can see policy list on the right side of the page. There are “from” and “to” commands at top of the right side. Select the “Internet” option from the combobox “from” and select system using the “to” part.  


         Right now, The firewall is listing policies from internet to system. Clicking to “New” buttom on the top-right side.

         These two points are important at this step. First, destination address should be MIP. Second, action should be “Permit”.

8)
         Select “system” for 'from' part and select “Internet” for 'to' part on top side and click “go” button after than click to “New” button.


         Source address should be 172.16.100.11 and destination address should be “any”. Than select permit for action.  

         This step permits access to Internet side for 172.16.100.11 addressed computer. If you want to permit access from internet to your internal workstation only, you don't need this step.  


Let's analyse communication background on this scenario.

Telnet to Main router (It's Cisco 3661) and run “show arp” command. Getting output like below,

UGC_Topkapi_3661#show arp
Protocol  Address          Age (min)  Hardware Addr   Type   Interface
..
Internet  21x.xxx.xx.250          0   0010.dbff.22e0  ARPA   FastEthernet4/0
….
Internet  21x.xxx.xx.236        161   0010.dbff.22e0  ARPA   FastEthernet4/0
…
...


As you know, 21x.xxx.xx.236 and 21x.xxx.xx.250 ip addresses has got exactly same MAC address. The Main router should be send 21.x.xxx.xx.236 packages to firewall mac. The firewall know already how to access to main router. If you understand any step, let me know please.
Author: Ismail DOGAN 0 Comment(s)
Labels , , ,

Compiling Happycoders libsocket in Ubuntu


 Happycoders libsocket is an object oriented and platform independent socket library for C++. It has a nice structure for both tcp and udp sockets. It runs like a charm if you want to connect a server and get the content as well as listen from a port and accept the connections.

Since package maintainers published a debian package mainly for Debian and Ubuntu distros, it can easly be installed on those systems. If you use another os the solutions is to compile it yourself. However, GCC throws an error message which can be easily solved. In order to compile the package and use it with your C++ applications, first open an console and type


wget http://www.speedblue.org/conf/libsocket-1.8.tar.gz


so we have the source package downloaded. Extract the tar archive 

gunzip libsocket-1.8.tar.gz
tar -xvf libsocket-1.8.tar


Now we have a folder with a name of libsocket-1.8. Get in this folder and start the compilation process: 

./configure


and then type 

make


After getting some output, GCC throws an error: 

make  all-recursive
make[1]: Entering directory `/tmp/socket/libsocket-1.8'
Making all in src
make[2]: Entering directory `/tmp/socket/libsocket-1.8/src'
Making all in tests
make[3]: Entering directory `/tmp/socket/libsocket-1.8/src/tests'
make[3]: Nothing to be done for `all'.
make[3]: Leaving directory `/tmp/socket/libsocket-1.8/src/tests'
make[3]: Entering directory `/tmp/socket/libsocket-1.8/src'
if /bin/bash ../libtool --mode=compile g++ -DHAVE_CONFIG_H -I. -I. -I.. -I../src    -g -O2 -Wall -ansi -pedantic -MT socket.lo -MD -MP -MF ".deps/socket.Tpo" \
   -c -o socket.lo `test -f 'socket.cc' || echo './'`socket.cc; \
 then mv -f ".deps/socket.Tpo" ".deps/socket.Plo"; \
 else rm -f ".deps/socket.Tpo"; exit 1; \
 fi
 g++ -DHAVE_CONFIG_H -I. -I. -I.. -I../src -g -O2 -Wall -ansi -pedantic -MT socket.lo -MD -MP -MF .deps/socket.Tpo -c socket.cc  -fPIC -DPIC -o .libs/socket.o
socket.cc: In member function 'void Network::Socket::_write_str_bin(int, const string&) const':
socket.cc:238:44: error: 'memcpy' was not declared in this scope
make[3]: *** [socket.lo] Error 1
make[3]: Leaving directory `/tmp/socket/libsocket-1.8/src'
make[2]: *** [all-recursive] Error 1
make[2]: Leaving directory `/tmp/socket/libsocket-1.8/src'
make[1]: *** [all-recursive] Error 1
make[1]: Leaving directory `/tmp/socket/libsocket-1.8'
make: *** [all] Error 2


When you look into to error message we can see the key point: 

socket.cc: In member function 'void Network::Socket::_write_str_bin(int, const string&) const':
socket.cc:238:44: error: 'memcpy' was not declared in this scope


It is clear that, GCC needs memcpy to be declared before it is used. It is a function defined in the standar C package string.h and it cstring in C++. Simply open the socket.cc and add the line 

#include <string.h>


and compile again. After typing the make command you will get a new error message. A part of this error message is given below: 

udpsocket.cc: In member function 'virtual std::string Network::UdpSocket::_read_line_bin(int, unsigned int)':
udpsocket.cc:68:29: error: 'memset' was not declared in this scope


and this is a similar error. memset is an other standard function defined in string.h in C++ and C. Simple edit the file udpsocket and add the same header 

#include <string.h>


After compiling many times, GCC will throw similar errors. To cope with this
  • Include string.h in socket.cc
  • Include string.h in udpsocket.cc
  • Include string.h in tcpsocket.cc
  • Include string.h and stddef.h in localsocket.cc
  • Include string.h in netsocket.cc
After all, we you type make again, GCC compiles and produces binary outputs. Then type 

sudo make install


if you want to install. Happycoders socket library is a static library by default and your application will not depent it externally. Have fun!
Author: jbytecode 0 Comment(s)
Labels , ,

Friday, June 1, 2012

Installing Fuzuli on Ubuntu 12.04 LTS


Following pictures are explaining how to install Fuzuli on Ubuntu 12.04 LTS using the DEB package given in http://code.google.com/p/fuzuli/downloads/list









Author: Ismail DOGAN 0 Comment(s)
Labels ,

Thursday, May 31, 2012

Mathematics with Fuzuli

Our new general purpose interpreter and language Fuzuli was first introduced in Practical Code Solutions and has the official web page in FuzuliProject.org.

Fuzuli has several packages which are mostly wrappers of C++ libraries. One of them is the math package. It is math.nfl and stated in /usr/lib/fuzuli/nfl in Linux installations by default.

The math.nfl package simple wraps some basic mathematical functions such as square root, exponential, logarithms, floor, ceil and round as well as trigonometric functions such as sin, cos, tan, atan, acos, etc. These functions are directly inherited from the standard C++ library.  A list of functions in the math.nfl package is shown below:


FunctionDescriptionExampleResult
PIReturns a short presentation of PI
(let a (sin (/ PI 2)))
1.0
sinReturns sin of a given reference
(let a (sin 0))
0.0
cosReturns cos of a given reference
(let a (cos 0))
1.0
tanReturns tan of a given reference
(print (tan 1))
1.55741
absReturns absolute value
(print (abs -5))
5
sqrtReturns square root
(print (sqrt 25))
5
expReturns E^x
(print (exp 1))
2.71828
logReturns natural logarithm
(print (log (exp 1)))
1.0
log10Returns logarithm in base 10
(print (log10 10))
1.0
log2Returns logarithm in base 2
(print (log2 2))
1.0
coshReturns hyperbolic cos
(cosh x)
sinhReturns hyperbolic sin
(sinh x)
tanhReturns hyperbolic tan
(tanh x)
asinReturns inverse sine
(asin 1)
acosReturns inverse cosine
(acos 0)
atanReturns inverse tangent
(atan 1.55741)
1
atan2Two arguments arctan function
(atan2 1 1)
0.7853981634
powReturns a^x
(print (pow 5 2))
25
ceilReturns ceil of a given reference
(print (ceil 2.3))
3.0
floorReturns floor of a given reference
(print (floor 2.3))
2.0
roundReturns round of a given reference. (nearest integer)
(print (round 2.3))
2.0
isinfReturns 1 if the given reference is either negative or positive infinitive else returns 0
(print (isinf (/ 19 0)))
1


The table shown above is hopefully enough to introduce our functions in the math package. Any Fuzuli program should include the math package using the (require) expression if any math function shown above is planned to use. Look at the code below:


(require "/usr/lib/fuzuli/nfl/math.nfl")
(print (isinf (/ 19 0)))


Although math functions are collected in an external package, Fuzuli supports built-in arithmetic functions. The code shown below is calculating ordinary least squares regression coefficients. As you see, no math functions required and only the arithmetic functions are used. 

(let x (list 1 2 3 4 5 6 7 8 9 10))
(let y (list 10 20 30 40 50 60 70 80 90 100))

(function sum (params a)
 (block
  (def s FLOAT)
  (def i INTEGER)
  (let s 0.0)
  (for (let i 0) (< i (length a)) (inc i)
   (let s (+ s (nth a i)))
  )
  (return s)
 )
)

(function mean (params a)
 (block 
  (def total FLOAT)
  (def result FLOAT)

  (let total (sum a))
  (let result (/ total (length a)))
   
  (return result)
 )
)


(function covariance (params c d)
 (block
  (def meana FLOAT)
  (def meanb FLOAT)
  (def xy FLOAT)
  (def i INTEGER)
  (let meana (mean c)) 
  (let meanb (mean d))
  (let xy 0.0)
  (for (let i 0) (< i (length a)) (inc i)
   (block
    (let xy (+ xy (* (- (nth c i) meana) (- (nth d i) meanb ))))
   )
  ) 
  (return xy)
 )

)


(let beta1 (/ (covariance x y) (covariance x x)))
(let beta0 (- (mean y) (* beta1 (mean x))))
(print "beta0 " beta0  "\n") 
(print "beta1 " beta1  "\n")


The result is 0.0 for beta0 and 10.0 for beta1.

See you in next entry. Have fun!
Author: jbytecode 1 Comment(s)
Labels

Wednesday, May 30, 2012

Defining variables and variable scopes in Fuzuli



Fuzuli has a basic variable scoping strategy and it is easy to understand. Many Algol family languages support variable types, variable defining, initial value setting and updating values. Internally, everything in Fuzuli is a Token. A Token is a C++ object. It can hold an INTEGER, a FLOAT, a STRING, a LIST of all types and a COBJECT. Variables are basically type of an INTEGER, a FLOAT or a STRING. A Fuzuli LIST is a vector or array of those kind of objects. A LIST may be a member of an other LIST. So, objects in Fuzuli can be recursively deep. A COBJECT is a (void*) pointer and can be anything. This type of variable is used for external function calls, usually from C++ or C libraries such as Math, IO and MySQL. Integration of COBJECT types expands the universe that Fuzuli can access. However, a standard user does not need this kind of object because Nafile (nfl) packages wrap those external function calls.

We use (let) expression to set value of a variable in Fuzuli:


# Value of a is set to 10
(let a 10)

# a is now 20
(let a 20)

# a is now a string
(let a "Hello!")

# a is now a double precision number
(let a 3.141592)


(block) expression defines a block in which variables are locally scoped. If a variable defined in a higher scope, it is current in the child scope. In other terms, if a variable set in a deeper scope but it is first defined in the higher scope, the first defined variable is current. Have a look at the example below:


# Value of a is set to 10
# a is defined in higher level
(let a 10)

# this block defines a deeper (local) scope
(block
  (let a 20)
)

# out of the block, a is 20 because global a is accessed from the local scope
(print a)
# the answer is 20


However, one can want to define a local variable with same name of the higher scoped variable. For this, (def) expressions can be used. Look at the example below: 

# Defined in an higher scope
(let a 10)

# deeper scope
(block
  (def a NULL)
  (let a 7)
)

# we are in higher scope again
(print a)
# the answer is 10.


So, in Fuzuli, a user does not need to define variables if they want to give a reference them. Look at the (for) expression given below: 

(let i 5)

(for (let i 0) (< i 10) (inc i)
    (block
        (print "i is " i "\n")
    )
)

(print "Finally, i is " i  "\n")


The output is 

i is 0
i is 1
i is 2
i is 3
i is 4
i is 5
i is 6
i is 7
i is 8
i is 9
Finally, i is 10


because, i is first defined in a higher level of scope. If i is not defined before the (for) expression, the code should be like this 

(for (let i 0) (< i 10) (inc i)
    (block
        (print "i is " i "\n")
    )
)

(print "Finally, i is " i  "\n")


and the output is 

i is 0
i is 1
i is 2
i is 3
i is 4
i is 5
i is 6
i is 7
i is 8
i is 9
Finally, i is NULL


because i is defined locally and it is invisible in the higher scope. Strategy of variable scoping in function calls is an other special issue in Fuzuli Suppose that we have an (sum) function defined as follows: 

(function sum (params x)
    (block
        (def t FLOAT)(def i FLOAT)
        (let t 0.0)
        (foreach i in x
            (let t (+ t i))
        )
        (return t)
    )
)


In the example above, the (sum) function takes a list 'x' as parameter and returns the sum of elements of this list. The variable 't' is defined and set in the function body. This is unnecessary if we don't use a variable with name 't' in the higher level of scopes. For convenience and security, defining all local function variables before they were used is a good habit. For the rest of the example, the sum function can be called using 

(let mylist (list 1 2 3 4 5))
(let result (sum mylist))
(print result "\n")
and gives the result of 15. Hope you have fun !

Author: jbytecode 0 Comment(s)
Subscribe to: Posts (Atom)