Thursday, November 12, 2009

RHEL Installing Apache2 With PHP5 And MySQL Support LAMP Server

LAMP is short for Linux, Apache, MySQL, PHP. This tutorial shows how you can install an Apache2 webserver on a Fedora 11 server with PHP5 support (mod_php) and MySQL support.

Step 1
#yum install mysql mysql-server httpd php php-mysql php-gd php-imap php-ldap php-odbc php-pear php-xml php-xmlrpc phpmyadmin



Step 2
In this tutorial I use the hostname rajat.yeswedeal.com with the IP address 192.168.1.110 These settings might differ for you, so you have to replace them where appropriate.

Then we create the system startup links for MySQL (so that MySQL starts automatically whenever the system boots) and start the MySQL server:

chkconfig --levels 235 mysqld on
/etc/init.d/mysqld start

Run

mysqladmin -u root password yourrootsqlpassword
mysqladmin -h rajat.yeswedeal.com -u root password yourrootsqlpassword

to set a password for the user root (otherwise anybody can access your MySQL database!).


Apache2 is available as a RHEL package, therefore we can install it like this:

Now configure your system to start Apache at boot time...

chkconfig --levels 235 httpd on

... and start Apache:

/etc/init.d/httpd start

Now direct your browser to http://192.168.1.110, and you should see the Apache2 placeholder

Apache's default document root is /var/www/html on Fedora, and the configuration file is /etc/httpd/conf/httpd.conf. Additional configurations are stored in the /etc/httpd/conf.d/ directory.

We must restart Apache afterwards:

/etc/init.d/httpd restart


Testing PHP5 / Getting Details About Your PHP5 Installation

The document root of the default web site is /var/www/html. We will now create a small PHP file (info.php) in that directory and call it in a browser. The file will display lots of useful details about our PHP installation, such as the installed PHP version.

vi /var/www/html/info.php



Now we call that file in a browser (e.g. http://192.168.1.110/info.php):

As you see, PHP5 is working, and it's working through the Apache 2.0 Handler, as shown in the Server API line. If you scroll further down, you will see all modules that are already enabled in PHP5. MySQL is not listed there which means we don't have MySQL support in PHP5 yet.

Now restart Apache2:

/etc/init.d/httpd restart

Now reload http://192.168.1.110/info.php in your browser and scroll down to the modules section again. You should now find lots of new modules there, including the MySQL module:

Now we configure phpMyAdmin. We change the Apache configuration so that phpMyAdmin allows connections not just from localhost (by commenting out the stanza):

vi /etc/httpd/conf.d/phpMyAdmin.conf

# phpMyAdmin - Web based MySQL browser written in php
#
# Allows only localhost by default
#
# But allowing phpMyAdmin to anyone other than localhost should be considered
# dangerous unless properly secured by SSL

Alias /phpMyAdmin /usr/share/phpMyAdmin
Alias /phpmyadmin /usr/share/phpMyAdmin
#
# order deny,allow
# deny from all
# allow from 127.0.0.1
# allow from ::1
#


# This directory does not require access over HTTP - taken from the original
# phpMyAdmin upstream tarball
#

Order Deny,Allow
Deny from All
Allow from None


# This configuration prevents mod_security at phpMyAdmin directories from
# filtering SQL etc. This may break your mod_security implementation.
#
#
#
# SecRuleInheritance Off
#

#


Restart Apache:

/etc/init.d/httpd restart

Afterwards, you can access phpMyAdmin under http://192.168.1.110/phpmyadmin/:

Tuesday, November 3, 2009

RedHat / CentOS Clustering Linux HA

Creating a service in Red Hat Enterprise Linux using Conga



1. Log in to the Conga web interface

*

Go to https://:8084 (replacing with the hostname of the Conga web server) and login.
*

Click the cluster tab.
*

Choose the cluster to configure.



2. Add a service

*

In the navigation bar on the left, choose Services => Add A Service.
*

Enter a descriptive Name for the service.
*

Choose whether to Automatically start this service and/or Run exclusive
*

Choose a Failover Domain.
*

Choose a Recovery Policy.
*

Optionally enter the maximum number of restarts and the restart counter timeout.



3. Add an IP Resource

*

Click Add a resource to this service.
*

Under Add a new local resource, choose IP Address.
*

Enter the IP Address that clients will use to access the MySQL database.
*

Choose whether to monitor the link for failures or not.



4. Add an LVM Resource

NOTE: This step is only required if HA-LVM is in use. If LVM will not be used at all or if clvmd is running in this cluster, then an LVM resource is not needed.

*

Under the previously created IP resource, click Add a child.
*

Under Add a new local resource, choose LVM.
*

Enter a descriptive name for the resource.
*

Fill in the Volume Group Name and Logical Volume Name.



5. Add a filesystem resource

*

Under the previously created LVM resource (or the IP resource if step 4 was skipped), click Add a child.
*

Under Add a new local resource, select File System.
*

Enter a a descriptive Name for the resource.
*

Choose the File system type.
*

Enter a Mount point, such as /var/lib/mysql.
*

Enter the Device path. If step 4 was followed then this should match the device that was entered, such as /dev/mysqlvg/datalv.
*

Enter any mount Options to use.
*

Optionally choose to Force unmount the filesystem, Reboot the host node if unmount fails, and/or Check the file system before mounting.



NOTE A MySQL resource can be created in one of two ways. Follow only one of 6a or 6b:



6a. Add a MySQL resource

*

Under the above filesystem resource, click Add a child.
*

Under Add a new local resource, select MySQL.
*

Enter a descriptive Name for the resource.
*

Enter the path to the Config File, such as /etc/my.cnf. See the above section on Configuring MySQL to Use Shared Storage for details.
*

Enter a Listen Address. In most situations this should match the IP address that was created as a resource in step #3.
*

Optionally enter any Options that should be passed to the mysqld daemon.
*

Optionally enter a Shutdown Wait in seconds. This determines the length of time that rgmanager will wait while stopping the resource before determining something has gone wrong and throwing an error.



6b. Add a script resource

*

Under the above filesystem resource, click Add a child.
*

Under Add a new local resource, select Script.
*

Enter a descriptive name for the resource.
*

Enter the Full path to script file, such as /etc/init.d/mysqld.



7. Save the service

*

Click Submit at the bottom of the page


Creating a service in Red Hat Enterprise Linux 4 and 5 using system-config-cluster



1. Open the system-config-cluster tool by running


# system-config-cluster

in a terminal.



2. Create a Service

*

In the Cluster Configuration tab, highlight the Services group.
*

Click the Create a Service button on the right side.
*

Enter a descriptive Name for the service.
*

Choose whether to Autostart This Service and/or Run Exclusive.
*

Select a Failover Domain in the upper right corner.
*

Select a Recovery Policy.



3. Add an IP resource

*

Click the Create a new resource for this service button.
*

Select IP Adress from the drop-down menu.
*

Enter the IP address that clients will connect to the MySQL service on.
*

Choose whether to monitor the link for failures or not.
*

Click OK.



4. Add an LVM resource

NOTE: This step is only required if HA-LVM is in use. If LVM will not be used at all or if clvmd is running in this cluster, then an LVM resource is not needed.

*

Highlight the previously created IP resource.
*

Click Attach a new Private Resource to the Selection.
*

Select LVM from the drop-down menu.
*

Enter a descriptive Name for the resource.
*

Enter the Volume Group Name and Logical Volume Name.
*

Click OK.



5. Add a filesystem resource

*

Highlight the previously created LVM resource (or the IP resource if step #4 was skipped).
*

Click Attach a new Private Resource to the Selection.
*

Select File System from the drop-down menu.
*

Enter a descriptive Name for the resource.
*

Choose the File System Type.
*

Enter the Mount Point, such as /var/lib/mysql.
*

Enter the Device path. If step 4 was followed then this should match the device that was entered, such as /dev/mysqlvg/datalv.
*

Optionally enter any mount Options that should be used.
*

Optionally choose to Force unmount the filesystem, Reboot the host node if unmount fails, and/or Check the file system before mounting.
*

Click OK.



NOTE A MySQL resource can be created in one of two ways. Follow only one of 6a or 6b:



6a. Add a MySQL resource

*

Highlight the previously created filesystem resource.
*

Click Attach a new Private Resource to the selection.
*

Select MySQL Server from the drop-down menu.
*

Enter a descriptive Name for the resource.
*

Enter the path to the Config File, such as /etc/my.cnf.
*

Enter a Listen Address. In most situations this should match the IP address that was created as a resource in step #3.
*

Optionally enter any Options that should be passed to the mysqld daemon.
*

Optionally enter a Shutdown Wait in seconds. This determines the length of time that rgmanager will wait while stopping the resource before determining something has gone wrong and throwing an error.
*

Click OK.



6b. Add a script resource

*

Highlight the previously created filesystem resource.
*

Click Attach a new Private Resource to the selection.
*

Select Script from the drop-down menu.
*

Enter a descriptive Name for the resource.
*

Enter the path for the File that will be used as the script, such as /etc/init.d/mysqld.
*

Click OK.



7. In the Service Management dialog, click Close.



8. To save the changes to the local configuration file, choose File => Save.



9. To propagate the changes to the rest of the cluster and allow for the service to be started, click Send to Cluster.


Service Configuration Examples


Red Hat Enterprise Linux



A service example from /etc/cluster.xml for Red Hat Enterprise Linux 3 is as follows:












Red Hat Enterprise Linux



The following is a service example from /etc/cluster/cluster.conf for Red Hat Enterprise Linux 4 or 5 using the rgmanager MySQL resource agent:














or alternatively using a script resource:













Apache Clustering HA

1.

Select the Services tab and click New. The Service properties dialog box is displayed.
a. Give the service a name (for example, httpd).
b. Choose httpd-domain from the Failover Domain list.
c. Specify a value in the Check Interval field.
d. Specify /etc/rc.d/init.d/httpd in the User Script field.
e. Click OK.

a. Choose Add Device and click OK. The Device properties dialog box is displayed.
b. Enter the device special file name in the Device Special File field (for example,
/dev/hda7).
c. Enter the mount point in the Mount Point field (for example, /var/www/html/).
d. Choose ext3 from the FS Type list.
e. Enter rw in the Options field.
f. Ensure that Force Unmount is checked, and click OK.

2.

Select the httpd service on the Services tab and click Add Child. The Add Device or Service IP Address dialog box is displayed.
a. Choose Add Service IP Address and click OK. The Service IP Address properties dialog box is displayed.
b. In the IP Address field, specify an IP address, which the cluster infrastructure binds to the network interface on the cluster system that runs the httpd service (for example, 192.168.26.10).
c. Specify a netmask of None in the Netmask field.
d. In the Broadcast field, specify an IP address of None for broadcasting on the cluster subnet.
e. Click OK.

3.

Ensure that the httpd service is still selected in the Services tab and click Add Child. The Add Device or Service IP Address dialog box is displayed.
4.

Choose File => Save to save your changes.
5.

To start the Apache HTTP Server within the Cluster Status Tool, highlight the service and click Enable.

Sunday, October 25, 2009

Squid Setup a transparent

My Server Setup:

i) Server: Xeon CPU system with 8 GB RAM .
ii) Eth0: IP:192.168.1.1
iii) Eth1: IP: 192.168.2.1 (192.168.2.0/24 network)
iv) Red Hat Enterprise Linux 5.0

Eth0 connected to internet and eth1 connected to local lan i.e. system act as router.
Server Configuration

* Step #1 : Squid configuration so that it will act as a transparent proxy
* Step #2 : Iptables configuration
o a) Configure system as router
o b) Forward all http requests to 3128 (DNAT)
* Step #3: Run scripts and start squid service

First, Squid server installed (use up2date squid) and configured by adding following directives to file:
# vi /etc/squid/squid.conf

Modify or add following squid directives:
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
acl lan src 192.168.1.1 192.168.2.0/24
http_access allow localhost
http_access allow lan

Where,

* httpd_accel_host virtual: Squid as an httpd accelerator
* httpd_accel_port 80: 80 is port you want to act as a proxy
* httpd_accel_with_proxy on: Squid act as both a local httpd accelerator and as a proxy.
* httpd_accel_uses_host_header on: Header is turned on which is the hostname from the URL.
* acl lan src 192.168.1.1 192.168.2.0/24: Access control list, only allow LAN computers to use squid
* http_access allow localhost: Squid access to LAN and localhost ACL only
* http_access allow lan: -- same as above --

Here is the complete listing of squid.conf for your reference (grep will remove all comments and sed will remove all empty lines, thanks to David Klein for quick hint ):
# grep -v "^#" /etc/squid/squid.conf | sed -e '/^$/d'

OR, try out sed
# cat /etc/squid/squid.conf | sed '/ *#/d; /^ *$/d'

Output:
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
hosts_file /etc/hosts
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl purge method PURGE
acl CONNECT method CONNECT
cache_mem 1024 MB
http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
acl lan src 192.168.1.1 192.168.2.0/24
http_access allow localhost
http_access allow lan
http_access deny all
http_reply_access allow all
icp_access allow all
visible_hostname myclient.hostname.com
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
coredump_dir /var/spool/squid
Iptables configuration

Next, I had added following rules to forward all http requests (coming to port 80) to the Squid server port 3128 :
iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j DNAT --to 192.168.1.1:3128
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128

Here is complete shell script. Script first configure Linux system as router and forwards all http request to port 3128
#!/bin/sh
# squid server IP
SQUID_SERVER="192.168.1.1"
# Interface connected to Internet
INTERNET="eth0"
# Interface connected to LAN
LAN_IN="eth1"
# Squid port
SQUID_PORT="3128"
# DO NOT MODIFY BELOW
# Clean old firewall
iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
# Load IPTABLES modules for NAT and IP conntrack support
modprobe ip_conntrack
modprobe ip_conntrack_ftp
# For win xp ftp client
#modprobe ip_nat_ftp
echo 1 > /proc/sys/net/ipv4/ip_forward
# Setting default filter policy
iptables -P INPUT DROP
iptables -P OUTPUT ACCEPT
# Unlimited access to loop back
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT
# Allow UDP, DNS and Passive FTP
iptables -A INPUT -i $INTERNET -m state --state ESTABLISHED,RELATED -j ACCEPT
# set this system as a router for Rest of LAN
iptables --table nat --append POSTROUTING --out-interface $INTERNET -j MASQUERADE
iptables --append FORWARD --in-interface $LAN_IN -j ACCEPT
# unlimited access to LAN
iptables -A INPUT -i $LAN_IN -j ACCEPT
iptables -A OUTPUT -o $LAN_IN -j ACCEPT
# DNAT port 80 request comming from LAN systems to squid 3128 ($SQUID_PORT) aka transparent proxy
iptables -t nat -A PREROUTING -i $LAN_IN -p tcp --dport 80 -j DNAT --to $SQUID_SERVER:$SQUID_PORT
# if it is same system
iptables -t nat -A PREROUTING -i $INTERNET -p tcp --dport 80 -j REDIRECT --to-port $SQUID_PORT
# DROP everything and Log it
iptables -A INPUT -j LOG
iptables -A INPUT -j DROP

Save shell script. Execute script so that system will act as a router and forward the ports:
# chmod +x /etc/fw.proxy
# /etc/fw.proxy
# service iptables save
# chkconfig iptables on

Start or Restart the squid:
# /etc/init.d/squid restart
# chkconfig squid on
Desktop / Client computer configuration

Point all desktop clients to your eth1 IP address (192.168.2.1) as Router/Gateway (use DHCP to distribute this information). You do not have to setup up individual browsers to work with proxies.
How do I test my squid proxy is working correctly?

See access log file /var/log/squid/access.log:
# tail -f /var/log/squid/access.log

Above command will monitor all incoming request and log them to /var/log/squid/access_log file. Now if somebody accessing a website through browser, squid will log information.
Problems and solutions
(a) Windows XP FTP Client

All Desktop client FTP session request ended with an error:
Illegal PORT command.

I had loaded the ip_nat_ftp kernel module. Just type the following command press Enter and voila!
# modprobe ip_nat_ftp

Please note that modprobe command is already added to a shell script (above).
(b) Port 443 redirection

I had block out all connection request from our router settings except for our proxy (192.168.1.1) server. So all ports including 443 (https/ssl) request denied. You cannot redirect port 443, from debian mailing list, "Long answer: SSL is specifically designed to prevent "man in the middle" attacks, and setting up squid in such a way would be the same as such a "man in the middle" attack. You might be able to successfully achive this, but not without breaking the encryption and certification that is the point behind SSL".

Therefore, I had quickly reopen port 443 (router firewall) for all my LAN computers and problem was solved.
(c) Squid Proxy authentication in a transparent mode

You cannot use Squid authentication with a transparently intercepting proxy.

Thursday, October 15, 2009

Linux NIC Bonding

vim /etc/sysconfig/network-scripts/ifcfg-bond0

DEVICE=bond0
IPADDR=10.5.1.76
NETMASK=
GATEWAY=10.5.1.93
ONBOOT=yes
BOOTPROTO=static
USERCLT=no
BONDING_OPTS="miimon=100 mode=1"

edit vim /etc/sysconfig/network-scripts/ifcfg-eth0

# Broadcom Corporation NetXtreme II BCM5708 Gigabit Ethernet
DEVICE=eth0
HWADDR=00:26:55:7D:38:00
USERCTL=no
ONBOOT=yes
MASTER=bond0
SLAVE=yes
BOOTPROTO=none

edit vim /etc/sysconfig/network-scripts/ifcfg-eth1

# Broadcom Corporation NetXtreme II BCM5708 Gigabit Ethernet
DEVICE=eth1
USERCTL=no
ONBOOT=yes
HWADDR=00:26:55:7D:38:01
MASTER=bond0
SLAVE=yes
BOOTPROTO=none

edit vim /etc/modprobe.conf

alias eth0 bnx2
alias eth1 bnx2
alias bond0 bonding
alias scsi_hostadapter megaraid_sas
alias scsi_hostadapter1 ata_piix
alias scsi_hostadapter2 qla2xxx

#modprobe bonding

http://www.cisco.com/en/US/tech/tk389/tk213/technologies_configuration_example09186a0080094470.shtml Since I don't know the model of your switch

#service network restart

# cat /proc/net/bonding/bond0
Ethernet Channel Bonding Driver: v3.4.0 (October 7, 2008)

Bonding Mode: fault-tolerance (active-backup)
Primary Slave: None
Currently Active Slave: eth2
MII Status: up
MII Polling Interval (ms): 100
Up Delay (ms): 0
Down Delay (ms): 0

Slave Interface: eth2
MII Status: up
Link Failure Count: 0
Permanent HW addr: 00:26:55:19:4a:18

Slave Interface: eth3
MII Status: up
Link Failure Count: 2
Permanent HW addr: 00:26:55:19:4a:1c

add following lines to file
#vim /etc/sysctl.conf
# Gigabit tuning
net.core.rmem_max = 16777216
net.core.wmem_max = 16777216
# net.core.wmem_max = 8388608
net.ipv4.tcp_window_scaling = 1
net.ipv4.tcp_rmem = 4096 87380 16777216
net.ipv4.tcp_wmem = 2096 65535 16777216

net.ipv4.tcp_mem = 98304 131072 196608
net.core.netdev_max_backlog = 250000
net.ipv4.tcp_timestamps = 1
net.ipv4.ip_local_port_range = 1025 61000

# VM pressure fixes
vm.swappiness = 100
vm.inactive_clean_percent = 100

vm.pagecache = 200 10 20
vm.dirty_ratio = 10
vm.dirty_background_ratio = 5


# Security tweaks
net.ipv4.tcp_synack_retries = 3
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_max_syn_backlog = 10240
net.ipv4.tcp_fin_timeout = 30

net.ipv4.tcp_keepalive_time = 1200


What is bonding?
Bonding is the same as port trunking. In the following I will use the word bonding because practically we will bond interfaces as one.

But still...what is bonding?
Bonding allows you to aggregate multiple ports into a single group, effectively combining the bandwidth into a single connection. Bonding also allows you to create multi-gigabit pipes to transport traffic through the highest traffic areas of your network. For example, you can aggregate three megabits ports (1 mb each) into a three-megabits trunk port. That is equivalent with having one interface with three megabits speed.

Where should I use bonding?
You can use it wherever you need redundant links, fault tolerance or load balancing networks. It is the best way to have a high availability network segment. A very useful way to use bonding is to use it in connection with 802.1q VLAN support (your network equipment must have 802.1q protocol implemented).

The best documentation is on the Linux Channel Bonding Project page
I strongly recommend to read it for more details.

Credits: Linux Channel Bonding Project page , Thea

This small howto will try to cover the most used bonding types. The following script (the gray area) will configure a bond interface (bond0) using two ethernet interface (eth0 and eth1). You can place it onto your on file and run it at boot time..

#!/bin/bash

modprobe bonding mode=0 miimon=100 # load bonding module

ifconfig eth0 down # putting down the eth0 interface
ifconfig eth1 down # putting down the eth1 interface

ifconfig bond0 hw ether 00:11:22:33:44:55 # changing the MAC address of the bond0 interface
ifconfig bond0 192.168.55.55 up # to set ethX interfaces as slave the bond0 must have an ip.

ifenslave bond0 eth0 # putting the eth0 interface in the slave mod for bond0
ifenslave bond0 eth1 # putting the eth1 interface in the slave mod for bond0

You can set up your bond interface according to your needs. Changing one parameters (mode=X) you can have the following bonding types:
mode=0 (balance-rr)
Round-robin policy: Transmit packets in sequential order from the first available slave through the last. This mode provides load balancing and fault tolerance.

mode=1 (active-backup)
Active-backup policy: Only one slave in the bond is active. A different slave becomes active if, and only if, the active slave fails. The bond's MAC address is externally visible on only one port (network adapter) to avoid confusing the switch. This mode provides fault tolerance. The primary option affects the behavior of this mode.

mode=2 (balance-xor)
XOR policy: Transmit based on [(source MAC address XOR'd with destination MAC address) modulo slave count]. This selects the same slave for each destination MAC address. This mode provides load balancing and fault tolerance.

mode=3 (broadcast)
Broadcast policy: transmits everything on all slave interfaces. This mode provides fault tolerance.

mode=4 (802.3ad)
IEEE 802.3ad Dynamic link aggregation. Creates aggregation groups that share the same speed and duplex settings. Utilizes all slaves in the active aggregator according to the 802.3ad specification.

Pre-requisites:
1. Ethtool support in the base drivers for retrieving
the speed and duplex of each slave.
2. A switch that supports IEEE 802.3ad Dynamic link
aggregation.
Most switches will require some type of configuration
to enable 802.3ad mode.

mode=5 (balance-tlb)
Adaptive transmit load balancing: channel bonding that does not require any special switch support. The outgoing traffic is distributed according to the current load (computed relative to the speed) on each slave. Incoming traffic is received by the current slave. If the receiving slave fails, another slave takes over the MAC address of the failed receiving slave.

Prerequisite:
Ethtool support in the base drivers for retrieving the
speed of each slave.

mode=6 (balance-alb)
Adaptive load balancing: includes balance-tlb plus receive load balancing (rlb) for IPV4 traffic, and does not require any special switch support. The receive load balancing is achieved by ARP negotiation. The bonding driver intercepts the ARP Replies sent by the local system on their way out and overwrites the source hardware address with the unique hardware address of one of the slaves in the bond such that different peers use different hardware addresses for the server.

The most used are the first four mode types...

Also you can use multiple bond interface but for that you must load the bonding module as many as you need.
Presuming that you want two bond interface you must configure the /etc/modules.conf as follow:

alias bond0 bonding
options bond0 -o bond0 mode=0 miimon=100
alias bond1 bonding
options bond1 -o bond1 mode=1 miimon=100

Notes:

* To restore your slaves MAC addresses, you need to detach them from the bond (`ifenslave -d bond0 eth0'). The bonding driver will then restore the MAC addresses that the slaves had before they were enslaved.
* The bond MAC address will be the taken from its first slave device.
* Promiscous mode: According to your bond type, when you put the bond interface in the promiscous mode it will propogates the setting to the slave devices as follow:
o for mode=0,2,3 and 4 the promiscuous mode setting is propogated to all slaves.
o for mode=1,5 and 6 the promiscuous mode setting is propogated only to the active slave.
For balance-tlb mode the active slave is the slave currently receiving inbound traffic, for balance-alb mode the active slave is the slave used as a "primary." and for the active-backup, balance-tlb and balance-alb modes, when the active slave changes (e.g., due to a link failure), the promiscuous setting will be propogated to the new active slave.