• Linux Network Firewall with IPTABLES and DMZ

    Most firewalls in the consumer world are ones that are either bought at Bestbuy or supplied by your ISP as an all-in-one type of network device. These devices, such as the Linksys WRT54GL, are good enough for most user’s home setups. Providing Wireless and Wired network access with built in Firewall security. Blocking most inbound network threats , and other unwanted requests that are not pre-established (i.e. return path from an outbound request). Some of these consumer routers can be even further enhance with a rich set of plugins and network tools by using custom firmwares. DD-WRT, Tomato, or openWRT are all interdependent communities, who develop custom firmware to be used with these consumer all-in-one routers. You can check your devices compatibility with their firmware at each of their websites.

    I for one own a Linksys WRT54GL router and have used both DD-WRT and Tomato. Both of these custom firmwares as well as the stock firware(Linksys) provide enough security, accessibly, and capacity for a typical consumer. However, that’s not what this article is about! This article is how to setup your own Network Firewall using a standalone Linux box! Woot!.

    Why build a standalone Network Firewall?

    [Read More…]

  • Inter-VLAN routing with Linux & PowerConnect 5324

    I recently purchased a 24-port Gigabit Layer 2 Switch that supports VLAN tagging and trunking. Dell PowerConnect 5324, see here, has 24 Ethernet ports and is capable of tagging and untagging Frames at wire speed. It is a discontinued model, however doing some googling I found a updated firmware and IOS image!

    Physical Topology

    The topology is pretty typical of “routing-on-a-stick” for Multiple VLANs. I have a Linux server running Ubuntu 12.04 with a single NIC and the Dell PowerConnect switch.

    Port configuration:
    Network 1 = g1 – g16
    Network 2 = g17 -g23

    802.1q Information:
    Switch Trunk Port = g24
    Router Trunk Port = eth1

    Logical Topology

    I have a single LAN I want logically separated using a single switch. The VLAN IDs are 100 & 200. The VLAN subnets and ports will be as follows;

    Subnets:
    VLAN 100 = 192.168.1.1/24
    VLAN 200 = 192.168.2.1/24

    VLAN Access Ports:
    VLAN 100 = g1 – g16
    VLAN 200 = g17 -g23

    [Read More…]

  • Linux iSCSI Target using open-iscsi

    I recently set up an iSCSI SAN for use with VMWare Server. The set up was basically a Linux Ubuntu Server target with 2 network links to a single VNWare Server as the integrator. I also included iSCSI multi-pathing by enabling it on the initiator (VMWare Server).

    This is how I set up an Linux SAN Target with iSCSI, interfacing with VMWare 5.1. as the iSCSI Initiator.

    [Read More…]

  • Apache Logs -Stop Logging Certain URIs

    I recently posted an article talking about HAProxy as a load balancer. In the article I spoke about using a HTML health check file to maintain status of each servers Apache instance. The problem is this will flood your Apache server access logs every time this health check occurs, which I believe is every 2 seconds.

    So you end up with a log file like this:

    To correct this issue we need to modify the apache2.conf file on each server, and explicitly tell Apache NOT to log this URI to the access logs. So, from the previous article the culprit URI is /healthcheck.html. Open your Apache configuration file.

     sudo vi /etc/apache2/apache2.conf

    Now add this above the CustomLog section:

    #logs
            SetEnvIf Request_URI "^/healthcheck.html$" dontlog
            CustomLog /www/logs/mysite_access_logs combined env=!dontlog
            ErrorLog /www/logs/mysite_error_logs
    

    NOTICE: Make sure you have the ” escape character for any special characters.

    That’s it! No more spamming of all the health checks to our Apache logs!!

    Sources:

  • HTTP Load Balancing with HAProxy 1.4

    I’ve posted a few articles on load balancing with the use of BIGIP F5 hardware appliances. However, there are also a few alternatives available, some even free! HAProxy is a popular load balancing application that has a robust collection of features.

    HAProxy isĀ  “The Reliable, High Performance TCP/HTTP Load Balancer”, taken right from the title of their web page. It has many different uses available, for this article I am going to focus on the HTTP load balancing functionality of it. Our scenario is as follows:

    [Read More…]

  • mdadm — Recovering from Drive Failure

    So it happened. I had a drive fail on me. Degrading my RAID 6 media server. Luckily I was notified by mdadm and was able to order a new one from newegg.com and rebuild it.

    I want to walk through the steps I took getting my RAID file system backup and running, starting with the notification I received to my gmail account (which i received on my phone).

    [Read More…]

  • NAT, Dynamic NAT, NAT Overloading/Masquerade with IPTables

    If you have had experience with NATs via Cisco Routers or read about them in your CCNA studies, there are 3 Network Address Translation(NAT) types. Technically, two, see here, plus a third special case.

    • Static NAT, one-to-one mapping
    • Dynamic NAT, pool-to-pool mapping
    • Dynamic NAT with PAT Overload, many-to-one mapping

    So as you can see the two types are static NAT and Dynamic NAT, with the special case of Dynamic NAT with PAT overload.

    [Read More…]