PXE boot netboot.xyz on a Mikrotik router
·753 words·4 mins
Get systems online quickly or rescue a broken system by PXE booting from netboot.xyz using a Mikrotik router. ðŸ›
- Tags/
networking
2022
2021
Secure Tailscale networks with firewalld
Tailscale provides a handy private network mesh across multiple devices but it needs security just like any other network. 🕵
Set network interface speed with systemd-networkd
·624 words·3 mins
Sometimes network interface autonegotiation doesn’t work as well as it should. Luckily, you can fix it with systemd-networkd. 🔧
DHCPv6 prefix delegation with systemd-networkd
·844 words·4 mins
Use the new DHCPv6 prefix delegation features in systemd-networkd to make IPv6 subnetting easy! 🎉
2019
Get a /56 from Spectrum using wide-dhcpv6
·101 words·1 min
After writing my last post on my IPv6 woes with my Pixel 3, some readers asked how I’m handling IPv6 on my router lately.
Pixel 3 Wi-Fi drops constantly
·1288 words·7 mins
We have two Google Pixel phones in our house: a Pixel 2 and a Pixel 3.
Allow a port range with firewalld
·288 words·2 mins
Managing iptables gets a lot easier with firewalld.
2017
Ensuring keepalived starts after the network is ready
After a recent OpenStack-Ansible (OSA) deployment on CentOS, I found that keepalived was not starting properly at boot time:
OpenStack-Ansible networking on CentOS 7 with systemd-networkd
Although OpenStack-Ansible doesn’t fully support CentOS 7 yet, the support is almost ready.
systemd-networkd on Ubuntu 16.04 LTS (Xenial)
·529 words·3 mins
My OpenStack cloud depends on Ubuntu, and the latest release of OpenStack-Ansible (what I use to deploy OpenStack) requires Ubuntu 16.
2016
Talk Recap: Holistic Security for OpenStack Clouds
·547 words·3 mins
Thanks to everyone who attended my talk at the OpenStack Summit in Barcelona!
HTTP/2 for the blog and icanhazip.com
·101 words·1 min
I’ve recently updated this blog and icanhazip.
OpenStack instances come online with multiple network ports attached
·1133 words·6 mins
I ran into an interesting problem recently in my production OpenStack deployment that runs the Mitaka release.
Setting up a telnet handler for OpenStack Zuul CI jobs in GNOME 3
·525 words·3 mins
The OpenStack Zuul system has gone through some big changes recently, and one of those changes is around how you monitor a running CI job.
What’s Happening in OpenStack-Ansible (WHOA) – July 2016
·922 words·5 mins
This post is the second installment in the series of What’s Happening in OpenStack-Ansible (WHOA) posts that I’m assembling each month.
Join me on Thursday to talk about OpenStack LBaaS and security hardening
·224 words·2 mins
If you want to learn more about load balancers and security hardening in OpenStack clouds, join me on Thursday for the Rackspace Office Hours podcast1!
What’s Happening in OpenStack-Ansible (WHOA) – June 2016
·1301 words·7 mins
The world of OpenStack moves quickly.
Troubleshooting OpenStack network connectivity
·1145 words·6 mins
NOTE: This post is a work in progress.
802.1x with NetworkManager using nmcli
·263 words·2 mins
Authenticating to a wired or wireless network using 802.
Lessons learned: Five years of colocation
·1969 words·10 mins
Back in 2011, I decided to try out a new method for hosting my websites and other applications: colocation.
Enable IPv6 privacy in NetworkManager
·483 words·3 mins
On most IPv6-enabled networks, network addresses are distributed via stateless address autoconfiguration (SLAAC).
Automated Let’s Encrypt DNS challenges with Rackspace Cloud DNS
·695 words·4 mins
Let’s Encrypt has taken the world by storm by providing free SSL certificates that can be renewed via automated methods.
Tinkering with systemd’s predictable network names
·552 words·3 mins
2015
systemd-networkd and macvlan interfaces
·565 words·3 mins
I spent some time working with macvlan interfaces on KVM hypervisors last weekend.
GRE tunnels with systemd-networkd
·874 words·5 mins
Switching to systemd-networkd for managing your networking interfaces makes things quite a bit simpler over standard networking scripts or NetworkManager.
First thoughts: Linux on the Supermicro 5028D-TN4T
·790 words·4 mins
I’ve recently moved over to Rackspace’s OpenStack Private Cloud team and the role is full of some great challenges.
Build a high performance KVM hypervisor on Rackspace’s OnMetal servers
·1032 words·5 mins
I received some good feedback about my post on systemd-networkd and bonded interfaces on Rackspace’s OnMetal servers, and I decided to write about another use case.
Build a network router and firewall with Fedora 22 and systemd-networkd
·934 words·5 mins
This post originally appeared on the Fedora Magazine blog.
Understanding systemd’s predictable network device names
·1319 words·7 mins
I talked a bit about systemd’s network device name in my earlier post about systemd-networkd and bonding and I received some questions about how systemd rolls through the possible names of network devices to choose the final name.
Using systemd-networkd with bonding on Rackspace’s OnMetal servers
·1546 words·8 mins
I’ve written about systemd-networkd in the past and how easy it can be to set up new network devices and tunnels.
Research Paper: Securing Linux Containers
·467 words·3 mins
It seems like there’s a new way to run containers every week.
Aruba access points, EAP, and wpa_supplicant 2.4 bugs
·187 words·1 min
I stumbled upon a strange bug at work one day and found I couldn’t connect to our wireless access points any longer.
cups.service start operation timed out in Fedora 22
·157 words·1 min
Applications on my Fedora 22 system kept stalling when I attempted to print.
Adventures with GRE and IPSec on Mikrotik routers
·1702 words·8 mins
I recently picked up a RB850GX2 from my favorite Mikrotik retailer, r0c-n0c.
HOWTO: Mikrotik OpenVPN server
·1081 words·6 mins
Mikrotik firewalls have been good to me over the years and they work well for multiple purposes. Creating an OpenVPN server on the device can allow you to connect into your local network when you’re on the road or protect your traffic when you’re using untrusted networks.
Although Miktrotik’s implementation isn’t terribly robust (TCP only, client cert auth is wonky), it works quite well for most users. I’ll walk you through the process from importing certificates through testing it out with a client.
2014
HOWTO: Time Warner Cable and IPv6
·1164 words·6 mins
Detect proxies with icanhazproxy
·193 words·1 min
You can already detect proxy servers using icanhazip.
2013
Information security nuggets from DevOps Weekly #150
·279 words·2 mins
Keeping an eye out for the DevOps Weekly email is something I’ve enjoyed since it started at the end of 2010.
Keeping bwm-ng 0.6 functional on Fedora 19
·232 words·2 mins
If you run bwm-ng and you’ve run a yum upgrade lately on Fedora 19, you have probably seen this:
Moving from OS X to Linux: Day One
·1418 words·7 mins
The thought of using Linux as a manager in a highly Windows- and Mac-centric corporate environment isn’t something to be taken lightly.
Changing your ssh server’s port from the default: Is it worth it?
·544 words·3 mins
Changing my ssh port from the default port (22) has been one of my standard processes for quite some time when I build new servers or virtual machines.
New icanhaz features: reverse DNS and traceroutes
·184 words·1 min
After adding some upgrades for icanhazip.
2012
One week with Android
·873 words·5 mins
After getting Android-envy at LinuxCon, I decided to push myself out of my comfort zone and ditch my iPhone 4 for a Samsung Galaxy S III.
Building vpnc with openssl support via MacPorts on Mac OS X
·196 words·1 min
If you install vpnc via MacPorts on OS X, you’ll find that you have no openssl support after it’s built:
Red Hat Summit 2012: Wednesday
Wednesday was action-packed with dramatic keynotes and great sessions.
Great guide for using traceroute and understanding its results
·237 words·2 mins
Anyone who has been a system administrator for even a short length of time has probably used traceroute at least once.
Performance and redundancy boost for icanhazip.com
·132 words·1 min
It’s been a few years since I started a little project to operate a service to return your IPv4 and IPv6 address.
Using OpenSSL’s s_client command with web servers using Server Name Indication (SNI)
·396 words·2 mins
One of the handiest tools in the OpenSSL toolbox is s_client.
The Kerberos-hater’s guide to installing Kerberos
·1619 words·8 mins
As promised in my earlier post entitled Kerberos for haters, I’ve assembled the simplest possible guide to get Kerberos up an running on two CentOS 5 servers.
Kerberos for haters
·686 words·4 mins
I’ll be the first one to admit that Kerberos drives me a little insane.