Archive for the 'How-To' Category

Private VLANs w/ VMware vDS and Cisco Nexus 5000: A Configuration Reference

PVLANs
When configuring the networks of a virtualized environment, private VLANs expand the functionality of a standard VLAN.  This article describes the configuration of PVLANs from both the VMware and Cisco perspectives.  The purpose of this article is to provide a brief configuration overview.  It’s likely you already know what PVLANs are and how they work, so I won’t go into much detail there.  For more information about VLANs and PVLANs, check out Cisco’s Securing Networks with Private VLANs and VLAN Access Control Lists.

Usage Scenarios

  1. DMZ security – Servers running in a DMZ can be isolated from one another. Should a DMZ guest be compromised, the guest is unable to communicate with any other guest in the the DMZ (given each are a part of an isolated PVLAN)
  2. Hosted cloud infrastructure – A customer environment (consisting of multiple guests) in a community PVLAN are able to communicate amongst themselves, but cannot communicate with a different community PVLAN
  3. Overcome standard VLAN limitations – While PVLANs exist with their own set of limitations, private VLANs greatly extend the functionality and usefulness of a standard VLAN

Configuration Overview

vlan 2410 int: 192.168.7.1 (primary 2410, secondary 2411)
vlan 2412 int: 192.168.8.1 (primary 2412, secondary 2413)
vlan 2411 – isolated
vlan 2413 – community
bperove-vm1: 192.168.7.10 – dvPortGroup1 – primary 2410, secondary 2411
bperove-vm2: 192.168.7.11 – dvPortGroup1 – primary 2410, secondary 2411
bperove-vm3: 192.168.8.10 – dvPortGroup2 – primary 2412, secondary 2413
bperove-vm4: 192.168.8.11 – dvPortGroup2 – primary 2412, secondary 2413
bperove-vm5: 192.168.8.12 – dvPortGroup2 – primary 2412, secondary 2413
bperove-vm6: 192.168.8.13 – dvPortGroup3 – primary 2412, secondary 2412

Configuration of VMware vDS (DVS)

CDP information for vmnic2

CDP information for vmnic3

dvSwitch Settings

dvPortGroup Settings

VLAN Configuration

vlan 2410
  private-vlan primary
  private-vlan association 2411
vlan 2411
  private-vlan isolated
vlan 2412
  private-vlan primary
  private-vlan association 2413
vlan 2413
  private-vlan community

Interface Configuration

interface Ethernet1/19
  description bperove - bs-tse-i127 - vmnic2
  switchport mode trunk
  switchport trunk allowed vlan 2410-2411

interface Ethernet1/20
  description bperove - bs-tse-i127 - vmnic3
  switchport mode trunk
  switchport trunk allowed vlan 2412-2413



Communication logic

vm1 can ping vlan 2410 int @ 192.168.7.1, but cannot ping vm2
vm2 can ping vlan 2410 int @ 192.168.7.1, but cannot ping vm1
vm3-5 can ping vlan 2412 int @ 192.168.8.1, and can all ping each other
vm6 can ping vlan 2412 int @ 192.168.8.1, vm3-5, and vm3-5 can ping vm6
vm1-2 cannot ping vm3-6

 

About Benjamin Perove

Benjamin has been associated with computer technology starting from a very early age, and has contributed to the success of many businesses and enterprises since 2001. He loves to crush pow at Keystone, play acoustic guitar, climb rocks, and ascend mountains on his road bike. Benjamin is an Avalanche fan and currently resides in Boulder, Colorado.

Bullet-proof Apache: Nikto Security Scanner

apache

If you’ve ever been responsible for maintaining an Apache web server, you know how important security is.

Nikto provides an easy way to scan for known (and unknown) vulnerabilities within your Apache server.  Actually, it does a fairly comprehensive scan on over 200 web servers, not just Apache.  To run a security scan, download the tool, then extract the archive to the desired location.  To initiate a scan from the Nikto directory, type:

./nikto.pl -host [ip address]

Note: when specifying an IP address, make sure you use the external IP of your webserver, not the internal IP.

Here is what my results look like:

- Nikto v2.03/2.04
—————————————————————————
+ Target IP:          10.0.0.1
+ Target Hostname:    blurred for security
+ Target Port:        80
+ Start Time:         2009-01-26 16:44:36
—————————————————————————
+ Server: Apache
+ OSVDB-3092: GET /manual/ : Web server manual found.
+ OSVDB-3268: GET /manual/images/ : Directory indexing is enabled: /manual/images
+ OSVDB-3233: GET /icons/README : Apache default file found.
+ 3577 items checked: 3 item(s) reported on remote host
+ End Time:        2009-01-26 16:45:25 (49 seconds)
—————————————————————————
+ 1 host(s) tested

Test Options: -host 10.0.0.1
—————————————————————————

I would then look up the results and fix each issue until there have been no issues detected.  See the OSVDB-ID?  These IDs are found in the Open Source Vulnerability Database.  Each ID will contain a description, classification, and solution.

To aid in your research, I have created an OSVDB Firefox search plugin.  Install the plugin and then search for 3092, 3268, 3233, etc.

Hopefully this makes securing your web server quick & painless.

 

About Benjamin Perove

Benjamin has been associated with computer technology starting from a very early age, and has contributed to the success of many businesses and enterprises since 2001. He loves to crush pow at Keystone, play acoustic guitar, climb rocks, and ascend mountains on his road bike. Benjamin is an Avalanche fan and currently resides in Boulder, Colorado.

Find Linux CPU Temperature

The easiest way to get a CPU temperature readout from Linux is by looking at an ACPI function called temperature:

cat /proc/acpi/thermal_zone/THRM/temperature

You could also try sensors-detect and then sensors, but I had some trouble detecting the correct modules on 8 year old hardware.

 

About Benjamin Perove

Benjamin has been associated with computer technology starting from a very early age, and has contributed to the success of many businesses and enterprises since 2001. He loves to crush pow at Keystone, play acoustic guitar, climb rocks, and ascend mountains on his road bike. Benjamin is an Avalanche fan and currently resides in Boulder, Colorado.

Dual-Boot a Sansa e260 with Sandisk OG and Rockbox

Hi, thanks for reading. I’m a friend of Ben’s and he’s letting me put down this post. I run a small electronic music blog at astropope.com. If you have seen the post about how to boost wordpress audio with Amazon S3, then you know we are the guinea pigs to test a new breed of online music blogging.

Pompous? Maybe. Fun? Yes. If you like music as much as we do, you probably want to be wearing it around your neck 24/7. In my case, you want it to listen to on your public transportation commute to work. Right? Or you’re having a hard time transporting 100+ gigs of music to your FreeBSD workstation. I know the feeling.

In this article, I am going to show how to set up your Sansa e260 as a “dual boot” with Sandisk’s original firmware and the Rockbox software.

I am not an expert on the technical differences between MSC or MTP, but in order to install the Rockbox software, you MUST have your Sansa in MSC mode. In Sansa’s original operating software, you will need to navigate to the “Settings” part of the wheel menu. Within there, you will find an option to switch between MCP and MTP. Many Google searches will give you quite intoxicating information of the minute details of both protocols.

The first thing it would be nice for you to do is update the firmware (since mine was refurbished, I had to update the firmware). Download the firmware updater and install it. I cannot always guarantee the accuracy of that link, but if it ever goes down, go to sandisk.com and look around.

Once you have updated what I called the “OG” Sansa software, you are ready to start installing Rockbox. You can begin by going to the install page and selecting the appropriate device.

At the time of this version, we are working with version 3.1 of Rockbox and SanDisk Sansa e200. I tried Option 1, the Automatic Install, but this did not work for me as it constantly claimed it could not detect my Sansa device, so I opted for the manual install.

Download the archive for the Rockbox installation and extract the contents to the root of your Sansa’s file system. For example, H:\.rockbox

Once that has been completed, you can access both the Rockbox software and Sandisk original firmware by installing sansapatcher.exe.

You should now have a pretty sweet “dual booting” mp3 player. Upon reboot, it will default to Rockbox, but you can get to the “OG” by pressing left on the main control.

You have any problems, please let us know!

http://www.sandisk.com

http://www.rockbox.org

 

Boost WordPress Audio w/ Amazon S3

The Simple Storage Service (S3) from Amazon is an easy way to serve information. Its high availability and low cost make it a no-brainer when it comes to hosting.

Recently, a friend moved his website (the Astropope) from my server to that of a hosting company (for which he presently works). Along with his account comes 3 GB of storage, except he currently uses about 5 GB. To help with the transition, we decided to move the majority of content over to S3.

In order to do this, we got an account, uploaded everything, made a DNS record, and then ever-so-slightly modified a WordPress plugin.

The steps we took are detailed for your convenience:

1. Sign up for an S3 account.

2. Download, install & configure the S3Fox plugin for Firefox.

3. Amazon uses a bucket as a means for organizing information. You may refer to a bucket as a unique, top-level directory. Many directories may exist within a bucket, but the most absolute of those contained within is a ‘bucket’. Create a bucket named s3.[yourdomain].com. In that bucket, make an audio directory. So now we have something along the lines of s3.[yourdomain].com/audio.

4. Using S3Fox, upload your mp3 files to the newly created audio directory within the bucket.

5. Right-click the audio directory and specify an ACL with read access for public requests. Note: Without specifying an ACL w/ public read access, it won’t work.

6. Within WordPress, install the Audio Player plugin.

7. Once installed, modify the plugin as such:

edit audio-player.php

Under // Options Default add:
add_option(‘s3_url’, ”, “Amazon S3 URL”, true);

Under // Global variables change $ap_audioURL to:
$ap_audioURL = get_settings(‘s3_url’) . get_option(“audio_player_web_path”);

Under // Update plugin options add:
update_option(‘s3_url’, $_POST['s3_url']);

edit options-panel.php

<tr>
<th width=”33%” valign=”top”><label for=”ap_audiowebpath”>Audio files directory:</label></th>
<td>
<input type=”text” id=”ap_audiowebpath” name=”ap_audiowebpath” size=”40″ value=”<?php echo( get_option(“audio_player_web_path”) ); ?>” /><br />
Recommended: <code>/audio</code>
</td>
</tr>
<!– snipit starts here –>
<tr>
<th width=”33%” valign=”top”><label for=”s3_url”>Amazon S3 URL:</label></th>
<td>
<input type=”text” id=”s3_url” name=”s3_url” size=”40″ value=”<?php echo( get_option(“s3_url”) ); ?>” /><br />
<?php $string = get_option(“siteurl”);
$url2 = substr($string, 7);
echo “(e.g. http://s3.” . $url2 . “)”; ?>
</td>
</tr>
<!– snipit ends here –>

Alternately, you can upload/replace with these pre-modified files:
wp-content/plugins/audio-player.php
wp-content/plugins/audio-player/options-panel.php
(be sure to rename from .ph_ to .php)

Login to WordPress, then go to Settings -> Audio player and add http://s3.[yourdomain].com to the new field below the audio files directory.

8. Add a cname (alias) at your domain registrar:
S3 -> bucketname.s3.amazonaws.com
(e.g. s3.[yourdomain].com.s3.amazonaws.com)
where S3 points to bucketname.s3.amazonaws.com. (TTL of 1 hr is acceptable.)

9. Post a song according to the directions for the plugin.

Audio clip: Adobe Flash Player (version 9 or above) is required to play this audio clip. Download the latest version here. You also need to have JavaScript enabled in your browser.

Did it work for you? Did you run into any trouble? (I’d be happy to help you set this up if you’d like assistance.)

– Edit:  9.16.09 –

Version 2.0 beta 6 of the Audio Player plugin includes an option for a custom URL.  When upgrading to this most recent version, there is no need to modify any source code.  Nice!

Also, the most recent version of the WordPress S3 plugin version .4 adds a setting for virtual hosting:

Make sure you check the ‘Bucket is setup for virutal hosting’ box.  If you see DNS warnings at the top of the plugin screen, refresh the page and it should go away (if you had this setup previously).

 

About Benjamin Perove

Benjamin has been associated with computer technology starting from a very early age, and has contributed to the success of many businesses and enterprises since 2001. He loves to crush pow at Keystone, play acoustic guitar, climb rocks, and ascend mountains on his road bike. Benjamin is an Avalanche fan and currently resides in Boulder, Colorado.

Next Page »

Add this site to your Firefox Search Bar

Twitter Updates


No public Twitter messages.

Recent Entries

Topics

Archives

This site is optimized for Firefox.