CactiEZ – Centos 5
This past weekend I was feeling a bit under the weather, so I took some time off and rebuild my CactiEZ CD using CentOS 5. Here a few bullet points
December 7, 2009
Posted in: CactiEZ 
12 Comments
ESXi 4.0 – Lessons Learned
I’m not sure how many people were paying attention on a Friday night / Saturday morning, but I decided to do the long put off upgrade to ESXi 4.0 (from an old CentOS 4 install running VMWare Server v1.0, yuck). While it wasn’t an extremely painful experience, I can say that I wish a few things were more common knowledge on the internet.
To begin the install was easy, I just had to do a little prep work first. Since my websites were going to be offline (included the others I host for other people) I wanted to do a redirection of all HTTP traffic to another host which would stay up so that I can display a page about the site being under maintenance. Normally you would use a F5 or something to do this for you, but I certainly don’t have anything that fancy laying around so I had to settle for something simpler. I borrowed a small ASUS Eeepc from my good friend Brian Yeager. I did a quick install of windows (could have done linux too, but I had my windows CD handy already) and installed XAMPP on it. I did a quick index.html and added a .htaccess file to do a redirect of any webpage back to that index.html (so if you tried to goto download.php it would redirect, etc…). Now this was easy enough to do. I gave it a spare static IP I had and it was up and running. I had originally planned on doing a Destination NAT on my Mikrotik to redirect all port 80 traffic over to this server, but I ran into a few issues and decided to instead just add the IPs of the VMs to this server as I take them off line. Simple enough.
October 10, 2009
Posted in: Cacti 9 Comments
Mikrotik – QOS Per File
Today’s article will be a bit more complex. If you played with your Mikrotik enough, you should know how to use QOS to limit connection speeds for different things (if not, maybe I will do a quick article on that). Well we will build on that today to show you how you can limit HTTP download speeds on particular files or file types (for instance all Zip files). To make this work, we will be utilizing Queues, Mangle Rules (for Connection and Packet Marking), and Layer7 Protocols.
This is something I currently use to limit the download speed of my CactiEZ CD that I release. This one download uses an ungodly amount of bandwidth a month, and would use even more if it wasn’t tightly controlled. The problem comes in that all my downloads were previously QOSed solely by destination IP (the download site as a static IP). If several users were downloading the CD (560 Megs a pop each) it would slow down and limit the speed of all my other plugins could be downloaded. So I had to figure out how to separate them out.
May 27, 2009
Posted in: Mikrotik 2 Comments
Mikrotik – Port Knocking
Following up on my last post, I decided to give a few more details on the various things I mentioned. The first of which is a more in depth look at Port Knocking using Layer 7 packet sniffing. I will go over a few quick steps to get this running on your Mikrotik, and let you expand from there. Since I generally don’t use the command line on mine, you will have to suffice with some screen shots. I feel its easier to learn the concepts this way, rather than blindly typing in commands anyway.
The concept itself is a simple one, your router will watch for an incoming sequence of packets, and will grant you access to specific parts of the network if you know the secret knock. While the security of this method is fairly laughable, it can be used to define a second layer of defense (must knock before you can SSH or VPN). Since most attempts to exploit systems nowadays is done by automated bots, not having SSH open to the outside world can be the difference between your server being assimilated into the bot net, or not.
April 17, 2009
Posted in: Mikrotik One Comment
Mikrotik
I’ll be the first to admit, that I’m not much of a network guy. Granted, I understand the concepts and can follow along well enough. Its just that without having the Cisco gear at my disposal to play with, it makes it kinda difficult at best (now I have GNS3 which fixes that problem though). Well a few years ago my friend turned me onto Mikrotik’s and honestly, I haven’t looked back since. Its just amazing what you can do with these cheap little routers with a few clicks of the mouse (its got an awesome GUI). This site currently runs behind one, as does my house and my dad’s. One of the recent features in the last year has been Layer7 packet inspection (scanning the actual contents of the packet). What this entails is I am able to create regex rules, and apply these to different firewall and mangle rules and have that rule only match if the data in the packet matches the regex. As you ponder all the possibilities, you can see how useful this can be. I take full advantage of this, and several other features, to ensure the integrity and speed of the site. As examples, I will show you a bit of what I currently do.
March 30, 2009
Posted in: Mikrotik 4 Comments