Iptables is used to set up, maintain, and inspect the tables of IP packet filter rules in the Linux kernel. Several different tables may be defined. Each table contains a number of built-in chains and may also contain user defined chains.
By default, Iptables log message to a /var/log/messages file. However you can change this location. I will show you how to create a new logfile called /var/log/iptables.log. Changing or using a new file allows you to create better statistics and/or allows you to analyze the attacks
Category Archives: Networking
Setting up IP Aliasing on A Linux Machine Mini-HOWTO
/sbin/ifconfig eth0:0 172.16.3.10
via Setting up IP Aliasing on A Linux Machine Mini-HOWTO.
Needed to set up ip aliasing. Some good other info as to how to incorporate into /etc/rc.local on that site — even though the site is over 10 years old LOL.
Pd-extended and random-data streams
Here’s a little something I wrote to take the checksums from incoming data on a network and turn these into useful data in Pd-extended. We communicate the data via the OSC (OpenSoundControl) protocol.
This uses:
- tcpdump
- Some sort of fifo
- Perl (to build our OSC packets)
- Pd-extended
Quagga Software Routing Suite
Quagga Software Routing Suite.
Quagga is a routing software suite, providing implementations of OSPFv2, OSPFv3, RIP v1 and v2, RIPng and BGP-4 for Unix platforms, particularly FreeBSD, Linux, Solaris and NetBSD. Quagga is a fork of GNU Zebra which was developed by Kunihiro Ishiguro. The Quagga tree aims to build a more involved community around Quagga than the current centralised model of GNU Zebra.
I’m not sure I want to support this. This is what Cisco et al. do and they do this very well. As a science project maybe but why would a small or medium biz need to do OSPF or RIP? I need to think about that question for awhile.
AWS Elastic Load Balancer sends 2 Million Netflix API Requests to Wrong Customer
When you deploy on Amazon Web Services with Elastic Load Balancers, you need to assume that random (untrusted) sources are reading client requests to your server (inbound traffic).
via AWS Elastic Load Balancer sends 2 Million Netflix API Requests to Wrong Customer.
Oops.
Welcome to the Tomato USB web site
Tomato USB is an alternative Linux-based firmware for powering Broadcom-based ethernet routers. It is a modification of the famous Tomato firmware, with additional built-in support for USB port, wireless-N mode support, support for several newer router models, and various enhancements.
Installing Fedora Using PXE Images
Booting grub with the Fedora PXE vmlinuz/initrd images allows you to perform a network installation of Fedora over any existing linux distro, should you not be able to write to or boot from the conventional CD/DVD install media. A PXE netinstall can both be done locally, and with extra care, remotely using VNC. Both methods are explained in this HOWTO.
via Installing Fedora Using PXE Images — Fedora Unity Project.
Die, VPN! We’re all “telecommuters” now—and IT must adjust
They can’t get the passcode into your cloud resources, and they don’t have the ability to generate the passcode. You don’t have to go that far, of course, but the point is that if there’s no local data on the device in normal use, there’s no local data on the device that can be stolen.
via Die, VPN! We’re all “telecommuters” now—and IT must adjust.
Here are a couple of interesting comments covering both sides of this issue:
I work in a large IT org in a large company. THis issue keeps creeping up all the time. I think most end users just really want access to email, ccontacts, calender and IM – this tends to cover at least 80% of the use cases. This can be done with a digital cert and loginid/password – without installing a VPN client. It took a while to convince the security group to do this. Full layer 3 routing access to the network should be for sensitive apps like SAP, etc. Sadly though most IT departments will continue to drive that square peg into that round hole.Hey, IPV6 will solve all our problems. LoL 🙂
How is SSL hopelessly broken? Let us count the ways
SSL made its debut in 1994 as a way to cryptographically secure e-commerce and other sensitive internet communications. A private key at the heart of the system allows website operators to prove that they are the rightful owners of the domains visitors are accessing, rather than impostors who have hacked the users’ connections. Countless websites also use SSL to encrypt passwords, emails and other data to thwart anyone who may be monitoring the traffic passing between the two parties.
It’s hard to overstate the reliance that websites operated by Google, PayPal, Microsoft, Bank of America and millions of other companies place in SSL. And yet, the repeated failures suggest that the system in its current state is hopelessly broken.
via How is SSL hopelessly broken? Let us count the ways • The Register.
XenServer for XenDesktop – How many network cards do I need?
Now, what about throughput? The host’s networking resources are shared amongst the virtual desktops it supports and users will suffer from poor performance if there’s insufficient bandwidth available. As such, consider routing virtual machine traffic over an SLB bond so that it’s automatically load balanced across two NICs. Virtual machine traffic is load balanced by MAC address and rebalanced every ten seconds. Failover support is provided for all other traffic types, including management and IP-based storage traffic. The load balancing algorithm associates traffic from each virtual interface to one of two NICs in the bond. It’s important to understand that it doesn’t allow a single virtual interface to utilize both NICs in the bond simultaneously.
via Open Source Rack » XenServer for XenDesktop – How many network cards do I need?.
I can see this getting complicated fast. XenDesktop seems to use a lot of network bandwidth. Someone must have done a study on this. Thin clients have been a marque product for the last couple of decades. Wouldn’t it be nice if our clients didn’t have a hard drive — as if merely eliminating a hard drive would eliminate all IT support for that device.
Todo: Get XenDesktop running and do some tests and estimations.