Linux – Page 2 – TECHJOCKEY.net

F5 BIGIP — Alternative using HAProxy and keepalived — Part 1

I come from a strong BIG IP F5 background and wanted to explorer alternatives to their LTM product line. BIG IP F5 LTMs are their Highly Availability and Load-Balancing network products, see here. They are primarily used as a means to mitigate infrastructure failover across server clusters. How this is done is by use of a floating IP address that is shared between two independent devices, in this case LTMs. One LTM is always active and responds to request for this Floating IP from client devices. In the event of a device failure, the secondary LTM will sense this via a variety of means and take over as the Active LTM. This essentially is how the High-Availability or failover is maintained at an infrastructure connectivity perspective. The second piece to these devices is their load-balancing functionality. Load-balancing has many forms, for this case, we are talking about network service load balancing (pretty much layer 4 and above. This allows more intelligence into the distribution of request to a server farm or cluster.

Now as I stated previously, I was looking into alternative solutions and I came across a GNU free software called keepalived which seemed to do exactly what I needed. Remember their are two pieces I wanted to fullfill as an alternative solution to LTM; it has to be able to maintain Network failover (seamlessly) and provide load-balancing for serivce endpoints. Also, surprisingly, much of the configuration statements in the keepalived.conf look very simlar to F5 LTM bigip.conf file.
Continue reading…

November 5, 2013 by jim F5 Linux 6

Linux — MRTG in Minutes!

MRTG is one of those tools a Network Engineer has on his/her toolbelt. MRTG allows the graphing of trending network activity for a wide range of devices. It uses SNMP to query a host and poll it’s network information and statistics. It can be used with Routers, Switches, Linux Hosts, etc.

I’m going to run MRTG against a Linux Router(running IPtables), a HP PowerConnect Switch, a Cisco Router, and an ESXi host. Anyway….Let’s get started.

August 18, 2013 by jim Linux 1

Cisco IOS — Link Aggregation with LACP and NIC Teaming

Hi All!, been awhile since I posted an article and I don’t think I have ever posted one on Network Link Aggregation!! Link Aggregation is the physical combining of network links into one logical link. There are two main advantages to this practice. First is the increase throughput that you obtain by combining links, for example combining 2x 1GB links will increase your total bandwidth to 2GB.(Keep in mind this will not change your latency…) Secondly, link aggregation grants the benefits of redundancy. Imagine the setup above. If 1 of the 1GB links fails, you would still have the other 1GB link to fall back on, woot!.

Wikipedia Image
–Image From Wikipedia
Continue reading…

June 18, 2013 by jim Cisco 7

Squid Proxy — Splash Page

Hi All! So after my last article regarding securing a guest network web access with Squid and SquidGuard, I wanted to share how I came about creating a Splash Page for Guest users of my Free WiFi hotspot. My goal was to present new Guests with a splash page identifying certain Terms of Usage, etc. Basically we will need a HTML or PHP Splash Page, an ACL identifying the Guests by IP, an external ACL program (squid_session), and a Deny with Information (deny_info).
Continue reading…

May 17, 2013 by jim Linux Network 4

Squid Proxy — Caching Proxy with SSL with Squid3.1

Hello, hello! Recently I posted a two part article on creating a Guest wireless network using OpenWRT, VLANs, and Firewall rules. Now we left things kinda open from a security standpoint. WE gave our Guest users full Internet access with no restrictions on sites, bandwidth usage, or ports!! Yikes! For this article I am going to walk you through the steps to close those gaps. We are going to first configure a Web Proxy server that will proxy outbound Internet connections. This allows us to check where and what are Guests are trying to get their hands on. Good and bad. We will also force Guests to connect to this Web Proxy server transparently. What I mean by that is the Guests will not be required to do anything on their side to connect, our firewall will take care of that. And lastly, I want only allow limited bandwidth of HTTP traffic. You will see later on how we can accomplish this. I’ve expanded upon this article of mine that uses squid proxy to filter Ads.
Continue reading…

May 17, 2013 by jim Network Security 32

Linux — dd Operations Notes

I recently was helping a friend with some computer trouble which resulting in me first creating a full disk Image backup using “dd”. I’ve done this before years ago, but I wanted to add some of the common dd backup/restore methods to my notepad. There are so many articles online on how to use dd to do a Full disk backup and restore it. I will be using similar methods.

dd Terms

if — input device (file,hardware,CD,etc).
of — output device (file,hardware,CD,etc).
bs — sets “dd” read and write size.
noerror — continues after read errors.
readom — CD to ISO utility.
mount — Linux command to mount file-systems
gz — gunzip is a compression utility which helps to reduce the size of images created with dd.
md5sum — a checksum utility to ensure integrity when moving large image files.

May 6, 2013 by jim Linux SAN 0

Linux — IPTABLES Network Firewall

Most firewalls in the consumer world are ones that are either bought at Bestbuy or supplied by your ISP as an all-in-one type of network device. These devices, such as the Linksys WRT54GL, are good enough for most user’s home setups. Providing Wireless and Wired network access with built in Firewall security. Blocking most inbound network threats , and other unwanted requests that are not pre-established (i.e. return path from an outbound request). Some of these consumer routers can be even further enhance with a rich set of plugins and network tools by using custom firmwares. DD-WRT, Tomato, or openWRT are all interdependent communities, who develop custom firmware to be used with these consumer all-in-one routers. You can check your devices compatibility with their firmware at each of their websites.

I for one own a Linksys WRT54GL router and have used both DD-WRT and Tomato. Both of these custom firmwares as well as the stock firware(Linksys) provide enough security, accessibly, and capacity for a typical consumer. However, that’s not what this article is about! This article is how to setup your own Network Firewall using a standalone Linux box! Woot!.

Why build a standalone Network Firewall?

March 20, 2013 by jim Linux Security 6

Inter-VLAN routing with Linux & PowerConnect 5324

I recently purchased a 24-port Gigabit Layer 2 Switch that supports VLAN tagging and trunking. Dell PowerConnect 5324, see here, has 24 Ethernet ports and is capable of tagging and untagging Frames at wire speed. It is a discontinued model, however doing some googling I found a updated firmware and IOS image!

Physical Topology

The topology is pretty typical of “routing-on-a-stick” for Multiple VLANs. I have a Linux server running Ubuntu 12.04 with a single NIC and the Dell PowerConnect switch.

Port configuration:
Network 1 = g1 – g16
Network 2 = g17 -g23

802.1q Information:
Switch Trunk Port = g24
Router Trunk Port = eth1

Logical Topology

I have a single LAN I want logically separated using a single switch. The VLAN IDs are 100 & 200. The VLAN subnets and ports will be as follows;

Subnets:
VLAN 100 = 192.168.1.1/24
VLAN 200 = 192.168.2.1/24

VLAN Access Ports:
VLAN 100 = g1 – g16
VLAN 200 = g17 -g23

March 11, 2013 by jim Linux Network 4

OpenVPN — Creating a Client VPN Setup

Before we begin I want to clearly identify the scope of this tutorial. There are different types of VPN, we will be creating a Client VPN which implies a many to one relationship. We will have multiple clients connecting via VPN to a single OpenVPN server. This OpenVPN server will assign IP addresses to each successfully authenticated client. Using this IP Address, client’s may, depending on your network security, access devices on a private network. Effectively appearing as if the Client was directly tied into the Private Network. If you are looking for a site-to-site VPN tunnel via IPSEC this is out of the scope of this tutorial.

Our Simple Client VPN Topology

February 20, 2013 by jim Linux Network 0

Linux — iSCSI Target using open-iscsi

I recently set up an iSCSI SAN for use with VMWare Server. The set up was basically a Linux Ubuntu Server target with 2 network links to a single VNWare Server as the integrator. I also included iSCSI multi-pathing by enabling it on the initiator (VMWare Server).

This is how I set up an Linux SAN Target with iSCSI, interfacing with VMWare 5.1. as the iSCSI Initiator.

Continue reading…

January 13, 2013 by jim Linux SAN 4