Quick Post: Using another linux machine as a Gateway

I’ve got two networks on my Apache machine, an internal and an external. The internal network is used to communicate to the MySQL machine housing databases for use by the sites on my Apache machine. The MySQL machine only has an internal network, with no gateway to the world. I need to be able to temporarily add a route to the internet so I can update the MySQL machine. For the explicit purpose of giving internet access for updates to my MySQL machine, I will use my Apache machine as the gateway.

Interfaces:
Apache Internal = eth0 (192.168.1.32)
Apache External = eth1 (unimportant)
MySQL Internal = eth0 (192.168.1.31)

Step 1 (Apache machine)
sudo -i
iptables --table nat --append POSTROUTING --out-interface eth1 -j MASQUERADE
iptables --append FORWARD --in-interface eth0 -j ACCEPT
echo 1 > /proc/sys/net/ipv4/ip_forward

Step 2 (MySQL machine)
sudo -i
route add default gw 192.168.1.32

Test your new gateway by pinging an external IP address (like google.com). We didn’t save the firewall rules, or the gateway configuration to any permanent settings so a reboot will clear the configuration.

Adding More Space to LVM Filesystems

I’m adding a new hard disk to an Ubuntu 12.04.3 LTS system that is using LVM2. I had to pull my sources from a few different sites, so I figured I’d post my steps for easier reading later. The short 6-step process boils down to this:

  1. Add and Scan for the new Physical Volume
    echo "- - -" > /sys/class/scsi_host/host#/scan
  2. Partition the new physical volume for use by LVM (type = 8e)
    fdisk [DISK]
  3. Enable the Partition as a Physical Volume in LVM
    pvcreate [PARTITION]
  4. Add the new LVM Physical Volume to the Volume Group
    vgextend [VGNAME] [PARTITION]
  5. Extend the Logical Volume to include the new Physical Volume
    lvextend -l +100%FREE [LVNAME]
  6. Extend the Filesystem of the Logical Volume
    fsadm resize [LVNAME]

For a deeper explanation, read on! [Read more...]

Quick Tip: SSH Tunneling

For the longest time I didn’t realize how easy it was to use an SSH connection as a path to the services only available on the Local Area Network of an SSH-enabled machine. Now that I am “thinking with tunnels”, almost everything I use behind a firewall is through an SSH tunnel. Like a tunnel used for pedestrian or vehicle traffic, an SSH tunnel has two endpoints. One end, the machine I am connecting from, is where the traffic goes in. The other end, the machine I connect to, is where the traffic comes out. One consideration that needs to be made of tunnels is that traffic that exits the tunnel appear to come from the exiting node, not the originating node. In most cases this will make things easier, but depending on what you’re using the tunnel for it’s best to know going in that the origin of the data is not the origin the destination thinks it is.

In my example, I’ve set up a Plex server on a public IP address but part of the setup requires that I point the browser to the localhost address (and the traffic must come from the server itself). Being that the server is a “headless” virtual machine, I don’t have a GUI or a graphical web browser — just a terminal window via an SSH connection. With SSH Tunneling, I can set up the proper forwarding and browse using the graphical web browser on my local machine, connecting through the tunnel, and using the remote machine’s accessibility. It should be noted that on Windows, I use KiTTY as my SSH/Telnet/Serial client; so my examples will be the configuration windows for KiTTY though they are very familiar for PuTTY users. KiTTY is a drop-in replacement for PuTTY with some add-ons and upgraded features. To get KiTTY, or learn more about it, visit the project page.

First, connect to your SSH machine. It doesn’t need to be the target of the tunnel, just the end of the tunnel that has access to the resource you want to utilize.

[Read more...]

Installing Logstalgia on Raspberry Pi (and other Debian systems)

AS OF NOW THIS PROJECT IS A NO-GO FOR THE RASPBERRY PI, as the Pi doesn’t support OpenGL adequately. However, the steps below will work on other architectures. This post will be updated if the project ever does become viable on the Raspberry Pi.

Logstalgia is an open-source project that aims to display your web server’s log files as a pong-like visualization. It can be pretty mesmerizing during high-traffic times or even DDOS-attacks (as seen below). I am experimenting with it as a Network Operations Center display piece, and thought I’d parse out the steps I took to install it on a Raspberry Pi or any other device running a Debian based linux operating system.

The first installation I had running was on a laptop to see how easy it was going to be to install it on a known working platform. I had it running on a Linux Mint 14 (MATE) install in 15 minutes, and that included all the reading I did to figure out what packages I needed to install.

[Read more...]

How to patch an ESXi 4.1 Hypervisor Host

Today I’m running a ESXi, 4.1.0, 800380 on a baremetal server and want to keep it current. Here are the steps I took to successfully update my VMWare ESXi host.

Enable SSH on the host.

You can do this one of two ways, either via the vSphere Client on the host configuration tab or via the physical console. If you use the physical console, you’ll log in and change the Troubleshooting Mode Options to enable “remote tech support”. If you are remote, you can edit the Security Profile and enable Remote Tech Support in the Host’s Configuration tab.

Download the patches.

Make sure you’re downloading the patches for the ESXi Product, and not ESX. Here’s the VMWare portal for patches.

[Read more...]

One Way to Utilize Static Routing in Windows

One of my friends was having an issue passing specific traffic on a network he was using and came to me for assistance (all web traffic was allowed, but certain ports were blocked to specific hosts). I couldn’t duplicate the problem on my home network so we went over the various options that were successful in passing the traffic as desired. Connecting via an Open Wireless network in the area allows him to bypass the issue entirely. Being that this was non-sensitive information, this could provide the path to creating a happy environment for his applications. I’m being purposefully vague here. The gist is that while connected to one network he couldn’t access non-standard port services, but while on the open wifi connection he was unable to access LAN services. He wants to be able to access both at the same time, and doesn’t want to bother the firewall administrator every time there’s a new port change he needs to make to continue using the corporate network.

We first attempted a metric change to the wireless adapter to have higher priority, thinking that it would fall back to the wired interface for anything inaccessible by the wireless adapter (similar to a load balancer – of sorts). That didn’t work as I expected so we were back to square one.

The solution I am cooking up is an attempt to remedy that. [Read more...]

Changing Your Windows 7 Boot Drive

If you followed the methods in my earlier post, upon unplugging the hard drive from the computer’s USB port you would have been unable to boot to the newly installed Operating System. Keeping the drive tethered to your computer is probably not what you had intended. There’s a simple procedure that fixes this!

In my example, the USB Installer is on Drive D:, and the operating system is installed  to the desired Drive C:.

Step 1 — Open a command prompt with administrative privileges. To do so, open the Start Menu, and type “CMD” in the search prompt. Right-Click on the resulting program and “Run as Administrator”. This will invoke UAC as configured.

Step 2 — In the command prompt, type the following command:

bcdboot C:Windows /s C:

Step 3 — Open up Disk Manager. To do so, right click on the “Computer” hotlink in the start menu (or your “My Computer” if you’ve added it to the desktop) and select “Manage”. Again, this will invoke UAC as configured. On the Explorer Window you are presented with, the left pane will contain Disk Manager. Click it once to open it to the main pane.

Step 4 — Mark the C: Partition as Active by right clicking on the graphical map and selecting “Mark Partition as Active..” from the context menu.

Step 5 — Unmount the USB drive (Eject first), and reboot. All Done!

 

Creating a Windows 7 Bootable Hard-drive Installer

If you don’t have a DVD drive in your computer you might have a hard time converting that .ISO into a usable method to install Windows 7. Fortunately, I have a method that works using a USB-connected Hard Drive.

Step 1 – Collect the iso images.

Step 2 – Install Virtual Drive that can read .iso images. I use VirtualCloneDrive from Elaborate Bytes. Freeware that works well. I’ve also used Daemon Tools in the past.

Step 3 – Partition and format your hard drive. Partition an 8GB section of the hard drive you’re planning to use and format it with the FAT32 file system.

Step 4 – Mount the ISO and copy the files to the newly created partition using XCOPY

xcopy [SOURCE]:* [DESTINATION]:* /e

Step 5 – Mark the partition as active. Right click on your Computer and select “Manage”. Go to Disk Management, right click on your new partition, select “Mark Partition as Active”.

Step 6 – Reboot and select your USB Hard Drive as your boot device. All BIOSes are different so the process is not documented here.

You will need to follow up with my next post to complete the whole process and be able to disconnect your hard drive.

Blocking Countries From Accessing Your Apache Website

Admit it, a lot of your traffic is spambots. I know I see a lot of traffic from other countries to my blog for various reasons, and a good portion of them are SPAM. Blogging aside, what if you’ve got a community site that only a limited number of users will need access to? Well what about using that .htaccess for the purposes of keeping everyone else out!

That was the problem I ran into with one of my community sites. I was getting daily notifications of “new users” most of which were obvious combinations of a first-name/last-name dictionary attack, using out-of-country email addresses or free domain email addresses that require no invite, from IP addresses of non-community origin. I needed to remove the annoyance of these persistent email notifications. The solution was to eliminate access to the site from outside my community. [Read more...]

Building a New Computer with Nehalem in Mind

Some of you may have been watching my Facebook and Twitter feeds recently and have deducted that I was building a new computer. I wanted to share my experiences and the details in this post so I can direct people to it later. It’s been about a year since I started putting together the wish list and I’ve finally reached a point where I am running the machine, albeit not in its final form.

So to start out, let me say that the reason the process took so long is because I’ve spent a lot of time waiting for items to go on sale. By doing so, I have saved over $175 on the original price as specified by rebates and coupons. Sometimes I managed to combine coupons or “check out codes” with rebates for significant savings. Any savings leave room for upgrades and improvements without a lot of loss to the original budget. Budgeting your computer build is just as important to sticking to it.

In the list below I’ll show you the computer part, make and model, original price (at the time of purchase, including shipping), sale price after any coupons or discounts (also including any shipping), any rebates available, and savings. I’ll also put a link to the online storefront of my place of purchase on the make and model of the computer part, so you can read the details of each part and view the item itself.

Total savings came in at $273.89 after rebates (I’m still waiting on Zotac and Corsair to send me theirs). It’s worth noting that Corsair and Thermaltake send rebate debit cards, a move in the rebate field I’m not terribly fond of. Zotac, I think, sends a check. [Read more...]