May
17
2012

Mass-blocking IP addresses with ipset

I was sponsoring an upload of ipset to Debian the other day. This reminded me of ipset, a very cool program as I am going to show. It makes administering related netfilter (that is: firewall) rules easy along with a good performance. This is achieved by changing how rules match in iptables. Traditionally, an iptables rule matches a single network identity, for example a single IP address or a single network only. With ipsets you can operate on a bunch of (otherwise unrelated) addresses at once easily. If you happen to need bulk actions in your firewall, for example you want to blacklist a long list of IP addresses at once, you will love IP sets. I promise.

Read the rest of this entry »

Oct
03
2011

Apache Traffic Server the better web cache

From time to time you find yourself discovering a piece of software you never heard before but you immediately realize you certainly missed something like that up to that point. Apache Traffic Server is such a piece of software, a comparable HTTP proxy server which virtually appeared from nowhere. Read on to learn more on Apache Traffic Server and how to configure it on Debian Linux and why it is way better than both, Squid and Varnish.

Read the rest of this entry »

Jul
07
2011

Setting up an iSCSI target with ZFS support on Debian kFreeBSD

Until recently Debian kFreeBSD, the FreeBSD powered Debian branch, had some serious issues when dealing with ZFS. The situation improved dramatically since then and ZFS is quite usable in recent snapshots. That’s enough reason to work on an iSCSI target for kFreeBSD which combines the powers of ZFS with an industry standard for block level data access. Read on, to learn how to get a Debian kFreeBSD iSCSI target share for ZFS volumes.

Read the rest of this entry »

Apr
17
2011

How to bootstrap Debian over another running Linux system

Sometimes you feel the requirement to replace an installed operating system in-band, which means while the old system is running and providing you access to the hardware. Say you’ve got a “less desired” Linux distribution on a server and you want to replace it by Debian, but you have no physical access to it and neither the possibility to install a bootable installation media (CD, USB, …) through a KVM switch or similar.

In this tutorial I’m going to replace a running Fedora Linux installed on a single hard disk by Debian Squeeze, only by using a remote SSH connection and its swap partition.

Read the rest of this entry »

Mar
20
2011

Configure MAC based VLAN assignment with FreeRADIUS and JUNOS

Have you ever been annoyed from managing a complex VLAN setup on switches? It is a complex task. Not so much to actually configure a VLAN but to track state among different hardware, allowed and forbidden group memberships, configurations and to keep an eye on your networks. You can ease your live by assigning VLANs dynamically by MAC address. All you need is a switch supporting MAC Authentication (“Mac-Auth“) and a RADIUS server providing a data base of your assignments. Afterwards your switch will automatically assign your clients to the right VLAN.

I’m going to explain how to achieve this with a Juniper EX series switch running JUNOS and a Debian server running a FreeRADIUS server.

Read the rest of this entry »

Mar
05
2011

Deploy JUNOS on a VirtualBox virtual machine

People interested to learn how to use enterprise hardware routers usually won’t have the possibility to access those devices in an experimental lab environment because its price. Hence, to get pratice you need some workarounds: This is where “Olive” enters the game. Olive the pure software skeleton, forming the essential software component of a JUNOS router. You might know, the JUNOS platform is based on ordinary PC hardware (e.g. in contrast to IOS which runs on a MIPS like architecture). It is not entirely straightforward to deploy such a machine, this is why I am going to present you a step by step tutorial how to install and configure a virtual machine image based on the VirtualBox platform. However, chances are, other hypervisors will work as well.

Read the rest of this entry »

Feb
25
2011

The Internet in a Nutshell

The Internet, as we know it today is a large system of interconnected autonomous networks. That means a lot of diverse authorities are involved, each playing a certain role. The only common ground is, that computers connected to “the” Internet want to communicate with each other. Or not. Or sort of at least. Oh, and by the way: No, the Internet is not the blue “e” icon on your desktop. And neither the “web” or whatever people think the Internet would be.

I will present the big picture, an overview of the Internet’s architecture. This is going to be a bit simplified and some parts are really superficial but still a valid outline.

Read the rest of this entry »

Feb
16
2011

Hands-On experience with Debian GNU/kFreeBSD

Recently Debian 6.0 “Squeeze” has been released. Among a lot of improvements and enhancements, the community introduced a completely new distribution as technology preview namely GNU/kFreeBSD. There you get pretty much what the name indicates: a BSD kernel (from the FreeBSD project) altogether with a GNU user land as known from Debian.

Read the rest of this entry »

Aug
14
2010

zsh – Die bessere Shell

In der Linuxwelt gibt es einen großen Grad an Freiheit. Die Freiheit der Wahl. Das ist nicht immer von Vorteil, zum Beispiel, wenn man mal wieder leidlich darüber diskutieren möchte, welcher Texteditor der bessere sei, welche Distribution die beste sei, welche Programmiersprache und warum um alles in der Welt KDE besser sei als Gnome. Und welche Shell genutzt werden müsse.

Doch da ist die Antwort für mich neuerdings leicht gefunden: zsh. Warum? Weil das Ding eine phänomenal geniale Befehlsvervollständigung hat ohne, dass ich mich umgewöhnen müsste. Sie ist einfach die bessere bash.

Read the rest of this entry »

Mar
22
2010

Ressourcenverwaltung mit Xen

Virtualisierung ist in aller Munde. Wie kaum ein anderes Thema, hat dieser Begriff in den letzten Jahren den Servereinsatz konsolidiert. Für Endkunden gibt es ganze vServer für ein Taschengeld und für professionellere Anwender bringen virtualisierte Server große Einsparpotentiale.

In der Art und Weise, wie Server virtualisiert werden, gibt es viele Möglichkeiten. Die populärste für Linux ist vermutlich Xen. Dieses besticht durch Performance, echten und paravirtualisierten Gastsystemen (bei Xen DomU genannt) und ausgereifte, einfache Handhabe im Hostsystem (bei Xen: Dom0). Das Hauptaugenmerk der Entwicklung liegt damit auf Geschwindigkeit, nicht auf Ressourcenlimitierung und Accounting. Erwähnte Hoster von vServern benutzen aus diesem Grund üblicherweise andere Virtualisierungstechniken wie Virtuozzo/OpenVZ. Diese erlauben eine umfassende Ressourcenverwaltung und die hermetische Abgrenzung von zugesprochenen Limits. Im Detail ist dies bei Xen nicht so tiefgründig möglich, wie bei OpenVZ zum Beispiel.

Read the rest of this entry »

Pages (9): 1 2 3 ...Last »