CactiEZ v0.7 – Update

As the completion of the latest version of CactiEZ nears, I figured I would give you all a sneak peak into what is coming.

Read the rest of this post »

May 6, 2011 · Jimmy · 5 Comments
Posted in: Cacti, CactiEZ

CactiEZ – Centos 5

This past weekend I was feeling a bit under the weather, so I took some time off and rebuild my CactiEZ CD using CentOS 5.  Here a few bullet points

Read the rest of this post »

December 7, 2009 · Jimmy · 12 Comments
Posted in: CactiEZ

ESXi 4.0 – Lessons Learned

I’m not sure how many people were paying attention on a Friday night / Saturday morning, but I decided to do the long put off upgrade to ESXi 4.0 (from an old CentOS 4 install running VMWare Server v1.0, yuck).  While it wasn’t an extremely painful experience, I can say that I wish a few things were more common knowledge on the internet.

To begin the install was easy, I just had to do a little prep work first.  Since my websites were going to be offline (included the others I host for other people) I wanted to do a redirection of all HTTP traffic to another host which would stay up so that I can display a page about the site being under maintenance.  Normally you would use a F5 or something to do this for you, but I certainly don’t have anything that fancy laying around so I had to settle for something simpler.  I borrowed a small ASUS Eeepc from my good friend Brian Yeager.  I did a quick install of windows (could have done linux too, but I had my windows CD handy already) and installed XAMPP on it.  I did a quick index.html and added a .htaccess file to do a redirect of any webpage back to that index.html  (so if you tried to goto download.php it would redirect, etc…).  Now this was easy enough to do.  I gave it a spare static IP I had and it was up and running.  I had originally planned on doing a Destination NAT on my Mikrotik to redirect all port 80 traffic over to this server, but I ran into a few issues and decided to instead just add the IPs of the VMs to this server as I take them off line.  Simple enough.

Read the rest of this post »

October 10, 2009 · Jimmy · 9 Comments
Posted in: Cacti

Mikrotik – QOS Per File

Today’s article will be a bit more complex.  If you played with your Mikrotik enough, you should know how to use QOS to limit connection speeds for different things (if not, maybe I will do a quick article on that).  Well we will build on that today to show you how you can limit HTTP download speeds on particular files or file types (for instance all Zip files).  To make this work, we will be utilizing Queues, Mangle Rules (for Connection and Packet Marking), and Layer7 Protocols.

This is something I currently use to limit the download speed of my CactiEZ CD that I release.  This one download uses an ungodly amount of bandwidth a month, and would use even more if it wasn’t tightly controlled.  The problem comes in that all my downloads were previously QOSed solely by destination IP (the download site as a static IP).  If several users were downloading the CD (560 Megs a pop each) it would slow down and limit the speed of all my other plugins could be downloaded.  So I had to figure out how to separate them out.

Read the rest of this post »

May 27, 2009 · Jimmy · 2 Comments
Posted in: Mikrotik

Mikrotik – Port Knocking

Following up on my last post, I decided to give a few more details on the various things I mentioned.  The first of which is a more in depth look at Port Knocking using Layer 7 packet sniffing.  I will go over a few quick steps to get this running on your Mikrotik, and let you expand from there.  Since I generally don’t use the command line on mine, you will have to suffice with some screen shots.  I feel its easier to learn the concepts this way, rather than blindly typing in commands anyway.

The concept itself is a simple one, your router will watch for an incoming sequence of packets, and will grant you access to specific parts of the network if you know the secret knock.  While the security of this method is fairly laughable, it can be used to define a second layer of defense (must knock before you can SSH or VPN).  Since most attempts to exploit systems nowadays is done by automated bots, not having SSH open to the outside world can be the difference between your server being assimilated into the bot net, or not.

Read the rest of this post »

April 17, 2009 · Jimmy · One Comment
Posted in: Mikrotik