Ubuntu 16.04 PXE Installs Fail Because it Mangles the Squashfs Path
Trying to set up a network install of Ubuntu 16.04 Xenial? Good luck with that. Looks like a PXE breaking bug has crept in at the last minute.
Read more
Whitelisting IP Address Ranges with iptables and ipset
If you run a firewall you know how important it is to block out the bad guys. Here's how to only allow parts of the world to even talk to you.
Read more
Automatically Create Jira Support Tickets From Network Events
I'm a big fan of Jira for tracking support tickets. It's easy to have certain security events on your network automatically create tickets.
Read more
Using VLAN's with ISC-DHCP-SERVER
I decided I wanted to provide DHCP to two different VLAN's each with their own subnet, connected to the same network card in my default router. All packets arriving on that network jack are tagged for either one or the other VLAN. Initially I had trouble with the DHCP server only seeing packets on the root eth0 device and ignoring all the packets on the vlan devices (eth0.1 for instance.) There's a couple of changes I had to make for this to work. These instructions assume an Ubuntu server.
Read more
Linux, iptables, SNAT and Too Many Adapters
I've had some weird glitches with my primary firewall this week. After a reboot, certain SNAT rules just didn't... happen. Or, other SNAT rules did. And it always seemed to only impact SIP traffic. For instance, after rebooting, SIP traffic from one internal phone server that's destined for another internal phone server at the other end of a VPN connection would spontaneously decide to SNAT itself to an external IP address, yet still go across the tunnel. Or, SIP traffic destined for the outside would decide to route correctly out the right adapter, but leave the private address on it, ignoring the SNAT rule I could plainly see in iptables.
Read more
Configuration of Asus Routers Running Merlin Firmware with OpenVPN
NOTE: This is now outdated and Matthew has emailed me to let me know he'll be doing a new write-up soon. Here's a guest blog post by Matthew Burkett on configuring the Merlin router firmware for OpenVPN.
Read more
IPTables Trickery
I've had a bit of a strange situation on my network - Googling never did come up with anything for me.
Read more
Stop Port Scans In Their Tracks With iptables
Sure, there's a lot of tutorials out there for blocking SYN+FIN, christmas scans, etc. But did you know that most of those won't help against a default nmap scan? Try it - block all the standard stealth scans, etc using something like the following...
Read more