Building The Net

How to build a Linux Firewall… Join us and Learn!

I will be speaking at the Simi Conejo Linux Users Group (SCLug) on August 15th 2009.

I will be demonstrating how to setup a Linux based PC with multiple network interfaces to act as a firewall. The presentation will cover the following topics:

1. Linux as a stateful firewall.
2. Using policy based routing to select between multiple  routes.
3. Performing source and destination network address translation.
4. Performing load balancing between multiple internet connections.

I plan to start with a base Debian install, and take the group step by step through setting up NAT for both static and DHCP internet connections. I’ll then move to setting up a second internet connection, and demonstrate the use of policy routing to choose an outbound route for different types of connections. Once we’ve covered policy routing, I”ll finish up with session based load balancing across both connections.

If you are going to be in the East Ventura County area on the 15th, I encourage you to join us!

The presentation will be held at the Simi Valley YMCA at 2:00PM on August 15th, 2009.

I look forward to seeing you there!

— Stu

What exactly is a DoS Attack?

In simple terms, a DoS or Denial of Service attack is when a system or group of systems, create traffic to a web site or network service, that causes an overload of the equipment and forces the web site or network service to drop or ignore real requests.

What we know at this time.

At the time or my writing, Twitter had gotten some control over this problem, and can now display web pages again, but are not accepting posts.

Facebook appears to have slowed down as well, but this is being attributed to the increased traffic to Facebook due to the Twitter problem.

— Stu

Why do I even try…

As my dad used to say, “Sometimes, the Dragon, he wins…”. For quite a while now, I have been on a mission to try to move my wife over to Open Office. She is a devoted Microsoft user, and runs the only jointly owned PC that has Windows as it’s primary operating system. Now, I’m not a totally anti-Microsoft, and I do believe that a person has the right to use whatever software they like, and are willing to properly license. But I really have a problem with paying for any software license when an equivalent Open Source option is available. I can’t seem to get through to my lovely wife, that Open Office will do all the things she uses MS Office for. The really sad thing, is she won’t even try Open Office. She gets mad if it’s on her PC! And when I ask her why she is against using it, she has the following reasons:

Read more »

Using Regular Expressions (RegEx) on the command line.

Questions about regular expressions come up at the Lug meetings on a regular basis. Here are some examples of regex commands I use all the time. Hope you find them useful.

Read more »

Firefox Web Browser enjoys it’s 1 Billionth download.

Wow, who would have thought that an open source project could do so well against the big “M”. Experts are saying that Firefox now has 32% of the browser market. This is probably the net result of all those crap plugins and the rest of the shoddy code that Micro$oft has been dumping on to the Internet these last 15 years. Looks like people are finally getting wise, at least when it comes to browsing…

Maybe this is a sign that the end user is starting to get it. Maybe Open Office, with it’s safer interface to the network, and it’s open standard file format will make a play for the end user desktop… Or maybe not…

Regardless, with this news, we can all say that open source has made a difference in a lot of peoples lives, and will continue to do so for a long time to come!

Congratulations Mozilla developers, you’ve done good!

— Stu

Where is the Autostart folder?

Looks like yet another change in KDE that messes with 3.5 users… Seems someone decided that the Autostart folder was a bad idea. This after having the Autostart folder in every KDE release I can remember.

Well, it seems that KDE 4 has adopted the same type of startup program control that Gnome has used for years.

A quick example.

Ok, let’s say that you want to start, oh I don’t know… Let’s say you want to start Krellm at login. here are the steps:

Read more »

Choosing the right software for your dynamic web content management is important.

There are tons of hosted and installable software packages out there that do web content management. Some good, some not so good. Only one thing is certain, you’ll have your work cut out for you if you choose the wrong one.

I’m going to talk about a few of the most popular open source packages that are out in the wild. Each are different, and do things differently. The one that’s right for you, depends on what your endgame is.

Read more »

Facebook has gone on the record stating that there has been no changes in it’s privacy policy.

Recently, a rumor that Facebook was allowing 3rd party advertisers to use members photos without their explicit permission, has turned out to be just that, a rumor.

Strangely, what appears to be fueling the rumor is a setting under privacy -> news feeds & wall, called facebook ads. This setting reads as follows:

“Facebook occasionally pairs advertisements with relevant social actions from a user’s friends to create Facebook Ads. Facebook Ads make advertisements more interesting and more tailored to you and your friends. These respect all privacy rules. You may opt out of appearing in your friends’ Facebook Ads below.”

This is set to “only my friends” by default. The rumor text is recommending you change this setting to “no one”.

When I found this, I felt a bit taken advantage of, I would have thought the proper default for this would be “no one”, but I guess that was why I got a “D-” in marketing…

The truth is, this rumor brought to light a privacy setting that everyone should be made aware of. The default setting in my opinion is clearly wrong.

Please read the Facebook Blog for more on this.

— Stu

Microsoft submits thousands of lines of code for inclusion in the Linux Kernel.

Yep, you’re not seeing things. On July 20, 2009 at OSCON, Microsoft announced their submission of three drivers to the Linux kernel. These drivers are licensed under the GPL2, and according to the group that handles such submissions, they have met all criteria for the drivers to be excepted in to the main line kernel.

At first glance, it would appear that all that screaming and jumping around that Ballmer is famous for managed to cause him to burst a blood vessel in his brain, but after reading the stories surrounding the submission, it turns out that this is no act of charity by Microsoft.

Why would Microsoft want to help Linux?

The short answer here is that they aren’t helping Linux, they are submitting code that’s sole goal is to make Linux run better under the Microsoft Virtualization platform. The drivers submitted are to allow Linux to work with Microsoft’s hypervisor. This will give Microsoft an advantage over competing virtualization platforms such as VMWare.

So, if this will give Microsoft an advantage, why would Linux except the code?

Most of the people I know, are asking why the kernel project would even consider accepting the code? Well, because Microsoft played by the open source rules, that’s why. Unlike Microsoft, the open source community sets guidelines to protect from discrimination. Unlike corporate models that favor certain groups over others when it comes to code or driver submission, most open source projects have a more down to earth approach. Check out what the rules are for submitting drivers to the Linux kernel, and you’ll understand why.

So, even though Microsoft’s intentions are not what I would consider angelic, as long as they meet the requirements for inclusion, they get to play on our field as well.

— Stu

Notes From My KVM (Kernel Virtual Machine) Talk.

First of all, thanks to all who attended the SCLug meeting on Saturday. I had fun talking with everyone there.

I wanted to follow up with some written examples of the KVM command lines I demonstrated at the meeting. I know I seemed to go over this stuff kind of fast, so I wanted to elaborate a bit in text.

Read more »