Most firewalls in the consumer world are ones that are either bought at Bestbuy or supplied by your ISP as an all-in-one type of network device. These devices, such as the Linksys WRT54GL, are good enough for most user’s home setups. Providing Wireless and Wired network access with built in Firewall security. Blocking most inbound network threats , and other unwanted requests that are not pre-established (i.e. return path from an outbound request). Some of these consumer routers can be even further enhance with a rich set of plugins and network tools by using custom firmwares. DD-WRT, Tomato, or openWRT are all interdependent communities, who develop custom firmware to be used with these consumer all-in-one routers. You can check your devices compatibility with their firmware at each of their websites.
I for one own a Linksys WRT54GL router and have used both DD-WRT and Tomato. Both of these custom firmwares as well as the stock firware(Linksys) provide enough security, accessibly, and capacity for a typical consumer. However, that’s not what this article is about! This article is how to setup your own Network Firewall using a standalone Linux box! Woot!.
Why build a standalone Network Firewall?
I recently purchased a 24-port Gigabit Layer 2 Switch that supports VLAN tagging and trunking. Dell PowerConnect 5324, see here, has 24 Ethernet ports and is capable of tagging and untagging Frames at wire speed. It is a discontinued model, however doing some googling I found a updated firmware and IOS image!
The topology is pretty typical of “routing-on-a-stick” for Multiple VLANs. I have a Linux server running Ubuntu 12.04 with a single NIC and the Dell PowerConnect switch.
Network 1 = g1 – g16
Network 2 = g17 -g23
Switch Trunk Port = g24
Router Trunk Port = eth1
I have a single LAN I want logically separated using a single switch. The VLAN IDs are 100 & 200. The VLAN subnets and ports will be as follows;
VLAN 100 = 192.168.1.1/24
VLAN 200 = 192.168.2.1/24
VLAN Access Ports:
VLAN 100 = g1 – g16
VLAN 200 = g17 -g23
I recently set up an iSCSI SAN for use with VMWare Server. The set up was basically a Linux Ubuntu Server target with 2 network links to a single VNWare Server as the integrator. I also included iSCSI multi-pathing by enabling it on the initiator (VMWare Server).
This is how I set up an Linux SAN Target with iSCSI, interfacing with VMWare 5.1. as the iSCSI Initiator.
I recently posted an article talking about HAProxy as a load balancer. In the article I spoke about using a HTML health check file to maintain status of each servers Apache instance. The problem is this will flood your Apache server access logs every time this health check occurs, which I believe is every 2 seconds.
So you end up with a log file like this:
To correct this issue we need to modify the apache2.conf file on each server, and explicitly tell Apache NOT to log this URI to the access logs. So, from the previous article the culprit URI is /healthcheck.html. Open your Apache configuration file.
sudo vi /etc/apache2/apache2.conf
Now add this above the CustomLog section:
SetEnvIf Request_URI "^/healthcheck.html$" dontlog
CustomLog /www/logs/mysite_access_logs combined env=!dontlog
NOTICE: Make sure you have the ” escape character for any special characters.
That’s it! No more spamming of all the health checks to our Apache logs!!
I’ve posted a few articles on load balancing with the use of BIGIP F5 hardware appliances. However, there are also a few alternatives available, some even free! HAProxy is a popular load balancing application that has a robust collection of features.
HAProxy is “The Reliable, High Performance TCP/HTTP Load Balancer”, taken right from the title of their web page. It has many different uses available, for this article I am going to focus on the HTTP load balancing functionality of it. Our scenario is as follows:
So it happened. I had a drive fail on me. Degrading my RAID 6 media server. Luckily I was notified by mdadm and was able to order a new one from newegg.com and rebuild it.
I want to walk through the steps I took getting my RAID file system backup and running, starting with the notification I received to my gmail account (which i received on my phone).
If you have had experience with NATs via Cisco Routers or read about them in your CCNA studies, there are 3 Network Address Translation(NAT) types. Technically, two, see here, plus a third special case.
- Static NAT, one-to-one mapping
- Dynamic NAT, pool-to-pool mapping
- Dynamic NAT with PAT Overload, many-to-one mapping
So as you can see the two types are static NAT and Dynamic NAT, with the special case of Dynamic NAT with PAT overload.