Posts

Showing posts from 2011

OSPF Simulation using Quagga

Image
There's a newer version of this article available in my blog.

IP DetailsAll the Routers in the diagram are actually Debian Machines.

Router Alpha:
eth0: 192.168.10.254/24
eth1: 10.0.0.2/30
Router Beta:
eth0: 192.168.20.254/24 eth1: 10.0.0.1/30 eth2: 10.0.0.5/30 Router Gamma:
eth0: 192.168.30.254/24 eth1: 10.0.0.6/30 ObjectiveWe would be configuring the Linux boxes with dynamic routing protocol OSPF for total connectivity. This would be done with the help of Quagga.

Router Alpha Configurationroot@alpha:~# apt-get install quagga


First, we have to enable the routing protocols needed.
root@alpha:~# cd /etc/quagga/
root@alpha:~# vim daemons
zebra=yes bgpd=no ospfd=yes ospf6d=no ripd=no ripngd=no isisd=no

Next, we would be configuring the interface parameters. Keep in mind, there are example configuration files stored in /usr/share/doc/quagga/examples.
root@alpha:/etc/quagga# vim zebra.conf
hostname AplhaRouter password zebra enable password zebra ! ! Interface's description. ! interface lo…

RSYNC with Different Port

If SSH is not listening to the default port 22, then naturally we can not use RSYNC without specifying the SSH port. For example, if SSH is listening to port 4321, RSYNC can be used like this -

# rsync -av -e "ssh -p 4321"   source_file   user@IP:/destination

Hope it helps.

Backing up with RSYNC

SSH Login Without Passwords (Alternate SSH Port)

Many people don't use the default SSH port 22 for security purposes. In such case, when sharing the public key with a remote host, the following command can be used -


SSH login without passwords

SSH Private-Public Key Pair Login Everyone would agree with the fact that SSH is the most widely used remote access protocol used in Linux based operating systems. The primary reason behind the popularity of SSH is, it utilizes one way encryption, supports many encryption algorithms as well as pre-shared keys for authentication.
There are a couple of remote file sharing software that rely on SSH for protection like SCP, SFTP, RSYNC. Among them, RSYNC is really popular for taking backups. But because RSYNC to a remote host relies on SSH, and SSH prompts for a password, automating the backup process cannot be done with default settings. Here is where private-public key pair kicks in to save the day. With the help of the key pair, it is possible to utilize SSH to a remote host without using passwords.
The methodology is pretty simple. HostA generates a private and public key pair.While generating the pair, no passphrases are used because the objective is to enable SSH without passwords.…

Adding Persistent Static Routes in Debian

Stumbled upon this just a while ago...

Adding a static Route in Debian can be easily done by using the command

route add -net 192.168.2.0 netmask 255.255.255.0 gw 192.168.1.2 dev eth1
Here, the network 192.168.2.0 is accessible through next hop 192.168.1.2 exit interface eth1. However, the problem is that the system forgets the route if the network service restarts. Here's how the route can be made permanent -


# The primary network interface
auto eth1
allow-hotplug eth1
iface eth1 inet static
    address 192.168.1.3
    netmask 255.255.255.0

up route add -net 192.168.2.0 netmask 255.255.255.0 gw 192.168.1.2 dev eth1
up route add -net 192.168.10.0 netmask 255.255.255.0 gw 192.168.1.2 dev eth1

down route del -net 192.168.2.0 netmask 255.255.255.0 gw 192.168.1.2 dev eth1
down route del -net 192.168.10.0 netmask 255.255.255.0 gw 192.168.1.2 dev eth1

The route is would now be updated every time the network service is restarted. Works like a charm :)

Common Squid Requirements - Part 2

7. Set Maximum Download SizeTo set the maximum size of a file to be downloaded, the parameter reply_body_max_size can be used. The size is calculated in bytes. For example, if the maximum size of download is 50 MB (50*1024*1024 = 52428800), then here's how it is done-


root@firefly:~# vim squid.conf


#### Declaring the ACL ####
acl our_network src 192.168.10.0/24
acl vip src 192.168.10.100



#### Applying the ACL ####
#### Again, the sequence is important ####


reply_body_max_size 0 allow vip
#### the vip has no size restrictions ####


reply_body_max_size 52428800 deny our_network
#### no one in our LAN can download files larger than the limit ####


root@firefly:~# squid -k reconfigure
#### this command can be used to tune squid with last configuration without restarting ####
8.Setting Specific Time/Date for Internet AccessThe following lines have been taken from the file squid.conf. Each day can be represented by an alphabet. Moreover, browsing time can be limited using h1:m1 – h2:m2 parameters…