Showing posts with label linux. Show all posts
Showing posts with label linux. Show all posts

Friday, June 12, 2009

A hand made freeware windows firewall

I have two windows servers that shouldn't talk to each other. How do I make sure they don't?
Right, why not use some firewall? well, because I can't just install any software on these servers, company regulations, and windows' built-in firewall suck big time (only inbound, have to configure ALL exceptions).
On Linux this is quite a trivial IPTables command. Run the following on server#1:
iptables -I INPUT -s server#2 -j DROP
iptables -I OUTPUT -d server#2 -j DROP

Unfortunately there's nothing like IPTables built into windows.
Driving inspired from the IPTables concept of routing the packets to the trashcan ("-j drop"), I realized that much same could be implemented on windows by twicking the OS routing table causing it to deliver packets for server#2 to no where.
Here's my hand tailored, freeware, no software required, windows firewall that sends packets to a vacation in /dev/null:
route ADD 1.1.1.2 MASK 255.255.255.255 1.1.1.0

Where:
Server#1 IP is 1.1.1.1
Server#2 IP is 1.1.1.2
1.1.1.0 isn't assigned to anyone - our /dev/null for the occasion.

Additional blabber:
If you add the route instruction only to server#1, but not to server#2, then server#2 can still send IP packets to server#1, while this breaks TCP completely, server#2 could still send UDP datagrams to server#1.
Make sure the servers are configured with static IP, otherwise your solution would break over time. In order to make the route persistent across server reboots, add the -p flag.
[caption id="attachment_132" align="alignnone" width="514" caption="wrong way! Packet! turn back now!"]wrong way! Packet! turn back now![/caption]
Posted by at No comments:
Labels: , , ,

Sunday, June 29, 2008

Book of the month - Linux Server Hacks

I just read through most of O'Reilly's Linux Server Hacks book.
I expected another dull Linux how-to book, which goes over the man/info of the most obvious commands, but instead I found an interesting, original, advanced hardcore book, full of Linux goodies to brag about in front of my colleagues.

toilet fun

Some note worthy items:

  • A thought effective usage of SSH, especially as a secure channel for moving bits around the network, between a pair of processes each running on its own host.

  • How to reset your root password, without a rescue disk, using the LILO boot loader.

  • I didn't knew about ext2/3 chattr and lsattr before reading the book...

  • Periodical rsync runs could save a lot wasted scp time.

  • (#44) burning a CD over the network using a pipe - cool

  • (#50) setting up a VPN using IPIP tunneling :-)

  • (#57) lsof - hey, I've been using it for years.

  • (#63) loved to learn that the send_arp utility can help me to revoke all of the subnet's machine (and router?) IP->mac mapping. Handy when setting up a two bits IP fail-over system.

  • (#68) ssh-agent - now I know what it is - very useful in the hands of an all mighty admin ruling over hundreds of minions machines.

  • (#73) loved the one-liners perl scriptlets.


To conclude, a must have in your bathroom library.
Posted by at 3 comments:
Labels: , , ,

Saturday, June 28, 2008

VMWare: converting a hosted VM to a hypervisor VM - Linux troubleshooting

When using the VMWare convertor utility to convert between VmWare player/Workstation/server VM images to an ESX image, if the VM you are converting is Linux you might run into boot problems ("kernel panic" message) due to SCSI drivers problems.



I found a couple of resources about the problem but none fully worked for me, here is my special recipe:
The configuration I used was: RHEL 5.1 VM, and ESX 3.x server.


  1. Use the converter to load the image to the ESX

  2. If you will start the converted image on the ESX you will see a kernel panic message

  3. Go to VMWare infrastructure client -> ESX server -> vm props -> hardware -> SCSI controller -> change from buslogic to LSI Logic

  4. Load the vm CD-ROM drive with RHEL5 install disk (also serves as a rescue disk)

  5. Boot the VM from the CD -> when prompted, enter: linux rescue

  6. The rescue disk should identify the linux partition and mounts it on /mnt/sysimage

  7. After getting a prompt enter: chroot /mnt/sysimage

  8. Backup, and then edit /etc/modules.conf, add this line: alias scsi_hostadapter BusLogic

  9. Backup the current ramdisk file: cp /boot/init-[version].img /boot/init-[version].img.bak

  10. Rebuild with new module and overwrite existing:  mkinitrd -f -v /boot/initrd-[version]-img [version]

  11. Reboot the OS.

  12. Boot from the hard drive - The system will start normally




Weird that VMWare do not bother with their official proper documentation.
Kudos to the vmware user community!

Posted by at No comments:
Labels: , , , ,
Subscribe to: Posts (Atom)