Redirect local ports with firewalld
·645 words·4 mins
Redirecting local ports with iptables directly isn’t too difficult,
but can we use firewalld to get the same result? 🧱
Networking
2024
2023
Add a VLAN on a Mikrotik router
·1024 words·5 mins
Segment your home network easily with a VLAN on a Mikrotik router. 🖥️
2022
Monitor a UPS with a Mikrotik router via SNMP
·703 words·4 mins
Mikrotik routers and switches serve as efficient network devices, but they know other tricks, too. Monitor your UPS with a Mikrotik device and query it via SNMP. 🔌
Build a Tailscale exit node with firewalld
·788 words·4 mins
Tailscale exit nodes allow you to route your traffic through nearly any system in your tailnet. Learn how to build an exit node using firewalld. 🕳️
PXE boot netboot.xyz on a Mikrotik router
·746 words·4 mins
Get systems online quickly or rescue a broken system by PXE booting from netboot.xyz using a Mikrotik router. 🛠
2021
Secure Tailscale networks with firewalld
·645 words·4 mins
Tailscale provides a handy private network mesh across multiple devices but it needs security just like any other network. 🕵
Set network interface speed with systemd-networkd
·621 words·3 mins
Sometimes network interface autonegotiation doesn’t work as well as it should. Luckily, you can fix it with systemd-networkd. 🔧
DHCPv6 prefix delegation with systemd-networkd
·841 words·4 mins
Use the new DHCPv6 prefix delegation features in systemd-networkd to make IPv6 subnetting easy! 🎉
2019
Get a /56 from Spectrum using wide-dhcpv6
·101 words·1 min
After writing my last post on my IPv6 woes with my Pixel 3, some readers asked how I’m handling IPv6 on my router lately.
Pixel 3 Wi-Fi drops constantly
·1283 words·7 mins
We have two Google Pixel phones in our house: a Pixel 2 and a Pixel 3.
Allow a port range with firewalld
·286 words·2 mins
Managing iptables gets a lot easier with firewalld.
2017
Ensuring keepalived starts after the network is ready
·310 words·2 mins
After a recent OpenStack-Ansible (OSA) deployment on CentOS, I found that keepalived was not starting properly at boot time:
OpenStack-Ansible networking on CentOS 7 with systemd-networkd
·568 words·3 mins
Although OpenStack-Ansible doesn’t fully support CentOS 7 yet, the support is almost ready.
systemd-networkd on Ubuntu 16.04 LTS (Xenial)
·529 words·3 mins
My OpenStack cloud depends on Ubuntu, and the latest release of OpenStack-Ansible (what I use to deploy OpenStack) requires Ubuntu 16.
2016
Talk Recap: Holistic Security for OpenStack Clouds
·541 words·3 mins
Thanks to everyone who attended my talk at the OpenStack Summit in Barcelona!
OpenStack instances come online with multiple network ports attached
·1128 words·6 mins
I ran into an interesting problem recently in my production OpenStack deployment that runs the Mitaka release.
Setting up a telnet handler for OpenStack Zuul CI jobs in GNOME 3
·522 words·3 mins
The OpenStack Zuul system has gone through some big changes recently, and one of those changes is around how you monitor a running CI job.
Troubleshooting OpenStack network connectivity
·1140 words·6 mins
NOTE: This post is a work in progress.
802.1x with NetworkManager using nmcli
·263 words·2 mins
Authenticating to a wired or wireless network using 802.
Lessons learned: Five years of colocation
·1958 words·10 mins
Back in 2011, I decided to try out a new method for hosting my websites and other applications: colocation.
Enable IPv6 privacy in NetworkManager
·480 words·3 mins
On most IPv6-enabled networks, network addresses are distributed via stateless address autoconfiguration (SLAAC).
Automated Let’s Encrypt DNS challenges with Rackspace Cloud DNS
·693 words·4 mins
Let’s Encrypt has taken the world by storm by providing free SSL certificates that can be renewed via automated methods.
Tinkering with systemd’s predictable network names
·549 words·3 mins
I’ve talked about predictable network names (and seemingly unpredictable ones) on the blog before, but some readers asked me how they could alter the network naming to fit a particular situation.
2015
systemd-networkd and macvlan interfaces
·562 words·3 mins
I spent some time working with macvlan interfaces on KVM hypervisors last weekend.
GRE tunnels with systemd-networkd
·868 words·5 mins
Switching to systemd-networkd for managing your networking interfaces makes things quite a bit simpler over standard networking scripts or NetworkManager.
First thoughts: Linux on the Supermicro 5028D-TN4T
·786 words·4 mins
I’ve recently moved over to Rackspace’s OpenStack Private Cloud team and the role is full of some great challenges.
Build a network router and firewall with Fedora 22 and systemd-networkd
·926 words·5 mins
This post originally appeared on the Fedora Magazine blog.
Understanding systemd’s predictable network device names
·1310 words·7 mins
I talked a bit about systemd’s network device name in my earlier post about systemd-networkd and bonding and I received some questions about how systemd rolls through the possible names of network devices to choose the final name.
Using systemd-networkd with bonding on Rackspace’s OnMetal servers
·1538 words·8 mins
I’ve written about systemd-networkd in the past and how easy it can be to set up new network devices and tunnels.
Research Paper: Securing Linux Containers
·456 words·3 mins
It seems like there’s a new way to run containers every week.
Aruba access points, EAP, and wpa_supplicant 2.4 bugs
·187 words·1 min
I stumbled upon a strange bug at work one day and found I couldn’t connect to our wireless access points any longer.
cups.service start operation timed out in Fedora 22
·157 words·1 min
Applications on my Fedora 22 system kept stalling when I attempted to print.
Adventures with GRE and IPSec on Mikrotik routers
·1696 words·8 mins
I recently picked up a RB850GX2 from my favorite Mikrotik retailer, r0c-n0c.
HOWTO: Mikrotik OpenVPN server
·1074 words·6 mins
Mikrotik firewalls have been good to me over the years and they work well for multiple purposes. Creating an OpenVPN server on the device can allow you to connect into your local network when you’re on the road or protect your traffic when you’re using untrusted networks.
Although Miktrotik’s implementation isn’t terribly robust (TCP only, client cert auth is wonky), it works quite well for most users. I’ll walk you through the process from importing certificates through testing it out with a client.
2014
HOWTO: Time Warner Cable and IPv6
·1158 words·6 mins
2013
Information security nuggets from DevOps Weekly #150
·279 words·2 mins
Keeping an eye out for the DevOps Weekly email is something I’ve enjoyed since it started at the end of 2010.
Keeping bwm-ng 0.6 functional on Fedora 19
·232 words·2 mins
If you run bwm-ng and you’ve run a yum upgrade lately on Fedora 19, you have probably seen this:
Moving from OS X to Linux: Day One
·1418 words·7 mins
The thought of using Linux as a manager in a highly Windows- and Mac-centric corporate environment isn’t something to be taken lightly.
Changing your ssh server’s port from the default: Is it worth it?
·544 words·3 mins
Changing my ssh port from the default port (22) has been one of my standard processes for quite some time when I build new servers or virtual machines.
2012
One week with Android
·873 words·5 mins
After getting Android-envy at LinuxCon, I decided to push myself out of my comfort zone and ditch my iPhone 4 for a Samsung Galaxy S III.
Building vpnc with openssl support via MacPorts on Mac OS X
·196 words·1 min
If you install vpnc via MacPorts on OS X, you’ll find that you have no openssl support after it’s built:
Great guide for using traceroute and understanding its results
·237 words·2 mins
Anyone who has been a system administrator for even a short length of time has probably used traceroute at least once.
Performance and redundancy boost for icanhazip.com
·132 words·1 min
It’s been a few years since I started a little project to operate a service to return your IPv4 and IPv6 address.
Using OpenSSL’s s_client command with web servers using Server Name Indication (SNI)
·396 words·2 mins
One of the handiest tools in the OpenSSL toolbox is s_client.
The Kerberos-hater’s guide to installing Kerberos
·1619 words·8 mins
As promised in my earlier post entitled Kerberos for haters, I’ve assembled the simplest possible guide to get Kerberos up an running on two CentOS 5 servers.
Kerberos for haters
·686 words·4 mins
I’ll be the first one to admit that Kerberos drives me a little insane.
2011
Getting back to using eth0 in Fedora 15
·287 words·2 mins
Fedora 15 was released with some updates to allow for consistent network device names.
Measure traffic flows with Mikrotik’s RouterOS and ntop on Fedora 15
·352 words·2 mins
It’s no secret that I’m a big fan of the RouterBoard network devices paired with Mikrotik’s RouterOS.
Handy networking cheat sheets from Packet Life
·59 words·1 min
If you find yourself forgetting bits and pieces about network topics, Packet Life’s cheat sheets should be a handy resource for you.
Strategies for detecting a compromised Linux server
·741 words·4 mins
There are few things which will rattle systems administrators more than a compromised server.