networking

2022

Monitor a UPS with a Mikrotik router via SNMP

28 October 2022·706 words·4 mins

Mikrotik routers and switches serve as efficient network devices, but they know other tricks, too. Monitor your UPS with a Mikrotik device and query it via SNMP. 🔌

Build a Tailscale exit node with firewalld

27 October 2022·792 words·4 mins

Tailscale exit nodes allow you to route your traffic through nearly any system in your tailnet. Learn how to build an exit node using firewalld. 🕳️

PXE boot netboot.xyz on a Mikrotik router

2 September 2022·749 words·4 mins

Get systems online quickly or rescue a broken system by PXE booting from netboot.xyz using a Mikrotik router. 🛠

2021

Secure Tailscale networks with firewalld

30 October 2021·648 words·4 mins

Tailscale provides a handy private network mesh across multiple devices but it needs security just like any other network. 🕵

Set network interface speed with systemd-networkd

20 August 2021·624 words·3 mins

Sometimes network interface autonegotiation doesn’t work as well as it should. Luckily, you can fix it with systemd-networkd. 🔧

DHCPv6 prefix delegation with systemd-networkd

28 July 2021·844 words·4 mins

Use the new DHCPv6 prefix delegation features in systemd-networkd to make IPv6 subnetting easy! 🎉

2019

Get a /56 from Spectrum using wide-dhcpv6

19 March 2019·101 words·1 min

After writing my last post on my IPv6 woes with my Pixel 3, some readers asked how I’m handling IPv6 on my router lately.

Pixel 3 Wi-Fi drops constantly

17 March 2019·1288 words·7 mins

We have two Google Pixel phones in our house: a Pixel 2 and a Pixel 3.

Allow a port range with firewalld

4 January 2019·288 words·2 mins

Managing iptables gets a lot easier with firewalld.

2017

Ensuring keepalived starts after the network is ready

15 December 2017·312 words·2 mins

After a recent OpenStack-Ansible (OSA) deployment on CentOS, I found that keepalived was not starting properly at boot time:

OpenStack-Ansible networking on CentOS 7 with systemd-networkd

13 April 2017·574 words·3 mins

Although OpenStack-Ansible doesn’t fully support CentOS 7 yet, the support is almost ready.

systemd-networkd on Ubuntu 16.04 LTS (Xenial)

15 January 2017·529 words·3 mins

My OpenStack cloud depends on Ubuntu, and the latest release of OpenStack-Ansible (what I use to deploy OpenStack) requires Ubuntu 16.

2016

Talk Recap: Holistic Security for OpenStack Clouds

31 October 2016·547 words·3 mins

Thanks to everyone who attended my talk at the OpenStack Summit in Barcelona!

HTTP/2 for the blog and icanhazip.com

13 September 2016·101 words·1 min

I’ve recently updated this blog and icanhazip.

OpenStack instances come online with multiple network ports attached

3 August 2016·1133 words·6 mins

I ran into an interesting problem recently in my production OpenStack deployment that runs the Mitaka release.

Setting up a telnet handler for OpenStack Zuul CI jobs in GNOME 3

22 July 2016·525 words·3 mins

The OpenStack Zuul system has gone through some big changes recently, and one of those changes is around how you monitor a running CI job.

What’s Happening in OpenStack-Ansible (WHOA) – July 2016

22 July 2016·922 words·5 mins

This post is the second installment in the series of What’s Happening in OpenStack-Ansible (WHOA) posts that I’m assembling each month.

Join me on Thursday to talk about OpenStack LBaaS and security hardening

19 July 2016·224 words·2 mins

If you want to learn more about load balancers and security hardening in OpenStack clouds, join me on Thursday for the Rackspace Office Hours podcast1!

What’s Happening in OpenStack-Ansible (WHOA) – June 2016

15 June 2016·1301 words·7 mins

The world of OpenStack moves quickly.

Troubleshooting OpenStack network connectivity

17 May 2016·1145 words·6 mins

NOTE: This post is a work in progress.

802.1x with NetworkManager using nmcli

3 May 2016·263 words·2 mins

Authenticating to a wired or wireless network using 802.

Lessons learned: Five years of colocation

22 April 2016·1969 words·10 mins

Back in 2011, I decided to try out a new method for hosting my websites and other applications: colocation.

Enable IPv6 privacy in NetworkManager

17 April 2016·483 words·3 mins

On most IPv6-enabled networks, network addresses are distributed via stateless address autoconfiguration (SLAAC).

Automated Let’s Encrypt DNS challenges with Rackspace Cloud DNS

31 March 2016·695 words·4 mins

Let’s Encrypt has taken the world by storm by providing free SSL certificates that can be renewed via automated methods.

Tinkering with systemd’s predictable network names

20 January 2016·552 words·3 mins

2015

systemd-networkd and macvlan interfaces

26 October 2015·565 words·3 mins

I spent some time working with macvlan interfaces on KVM hypervisors last weekend.

GRE tunnels with systemd-networkd

16 October 2015·874 words·5 mins

Switching to systemd-networkd for managing your networking interfaces makes things quite a bit simpler over standard networking scripts or NetworkManager.

First thoughts: Linux on the Supermicro 5028D-TN4T

28 September 2015·790 words·4 mins

I’ve recently moved over to Rackspace’s OpenStack Private Cloud team and the role is full of some great challenges.

Build a high performance KVM hypervisor on Rackspace’s OnMetal servers

28 August 2015·1032 words·5 mins

I received some good feedback about my post on systemd-networkd and bonded interfaces on Rackspace’s OnMetal servers, and I decided to write about another use case.

Build a network router and firewall with Fedora 22 and systemd-networkd

27 August 2015·934 words·5 mins

This post originally appeared on the Fedora Magazine blog.

Understanding systemd’s predictable network device names

21 August 2015·1319 words·7 mins

I talked a bit about systemd’s network device name in my earlier post about systemd-networkd and bonding and I received some questions about how systemd rolls through the possible names of network devices to choose the final name.

Using systemd-networkd with bonding on Rackspace’s OnMetal servers

21 August 2015·1546 words·8 mins

I’ve written about systemd-networkd in the past and how easy it can be to set up new network devices and tunnels.

Research Paper: Securing Linux Containers

14 August 2015·467 words·3 mins

It seems like there’s a new way to run containers every week.

Aruba access points, EAP, and wpa_supplicant 2.4 bugs

17 July 2015·187 words·1 min

I stumbled upon a strange bug at work one day and found I couldn’t connect to our wireless access points any longer.

cups.service start operation timed out in Fedora 22

9 June 2015·157 words·1 min

Applications on my Fedora 22 system kept stalling when I attempted to print.

Adventures with GRE and IPSec on Mikrotik routers

27 May 2015·1702 words·8 mins

I recently picked up a RB850GX2 from my favorite Mikrotik retailer, r0c-n0c.

HOWTO: Mikrotik OpenVPN server

1 May 2015·1081 words·6 mins

Mikrotik firewalls have been good to me over the years and they work well for multiple purposes. Creating an OpenVPN server on the device can allow you to connect into your local network when you’re on the road or protect your traffic when you’re using untrusted networks.

Although Miktrotik’s implementation isn’t terribly robust (TCP only, client cert auth is wonky), it works quite well for most users. I’ll walk you through the process from importing certificates through testing it out with a client.

2014

HOWTO: Time Warner Cable and IPv6

11 September 2014·1164 words·6 mins

Detect proxies with icanhazproxy

3 April 2014·193 words·1 min

You can already detect proxy servers using icanhazip.

2013

Information security nuggets from DevOps Weekly #150

17 November 2013·279 words·2 mins

Keeping an eye out for the DevOps Weekly email is something I’ve enjoyed since it started at the end of 2010.

Keeping bwm-ng 0.6 functional on Fedora 19

20 September 2013·232 words·2 mins

If you run bwm-ng and you’ve run a yum upgrade lately on Fedora 19, you have probably seen this:

Moving from OS X to Linux: Day One

27 August 2013·1418 words·7 mins

The thought of using Linux as a manager in a highly Windows- and Mac-centric corporate environment isn’t something to be taken lightly.

Changing your ssh server’s port from the default: Is it worth it?

15 May 2013·544 words·3 mins

Changing my ssh port from the default port (22) has been one of my standard processes for quite some time when I build new servers or virtual machines.

New icanhaz features: reverse DNS and traceroutes

17 March 2013·184 words·1 min

After adding some upgrades for icanhazip.

2012

One week with Android

7 September 2012·873 words·5 mins

After getting Android-envy at LinuxCon, I decided to push myself out of my comfort zone and ditch my iPhone 4 for a Samsung Galaxy S III.

Building vpnc with openssl support via MacPorts on Mac OS X

1 August 2012·196 words·1 min

If you install vpnc via MacPorts on OS X, you’ll find that you have no openssl support after it’s built:

Red Hat Summit 2012: Wednesday

28 June 2012·583 words·3 mins

Wednesday was action-packed with dramatic keynotes and great sessions.

Great guide for using traceroute and understanding its results

13 June 2012·237 words·2 mins

Anyone who has been a system administrator for even a short length of time has probably used traceroute at least once.

Performance and redundancy boost for icanhazip.com

18 April 2012·132 words·1 min

It’s been a few years since I started a little project to operate a service to return your IPv4 and IPv6 address.

Using OpenSSL’s s_client command with web servers using Server Name Indication (SNI)

7 February 2012·396 words·2 mins

One of the handiest tools in the OpenSSL toolbox is s_client.

The Kerberos-hater’s guide to installing Kerberos

5 February 2012·1619 words·8 mins

As promised in my earlier post entitled Kerberos for haters, I’ve assembled the simplest possible guide to get Kerberos up an running on two CentOS 5 servers.

Kerberos for haters

3 February 2012·686 words·4 mins

I’ll be the first one to admit that Kerberos drives me a little insane.

2011

Getting back to using eth0 in Fedora 15

25 September 2011·287 words·2 mins

Fedora 15 was released with some updates to allow for consistent network device names.

Measure traffic flows with Mikrotik’s RouterOS and ntop on Fedora 15

5 June 2011·352 words·2 mins

It’s no secret that I’m a big fan of the RouterBoard network devices paired with Mikrotik’s RouterOS.

Handy networking cheat sheets from Packet Life

25 May 2011·59 words·1 min

If you find yourself forgetting bits and pieces about network topics, Packet Life’s cheat sheets should be a handy resource for you.

Strategies for detecting a compromised Linux server

10 March 2011·741 words·4 mins

There are few things which will rattle systems administrators more than a compromised server.

icanhazip.com now supports both IPv4 and IPv6 addresses

15 January 2011·106 words·1 min

If you’re a fan of icanhazip.

2010

Accessing Rackspace Cloud Servers and Slicehost slices privately via OpenVPN

16 November 2010·630 words·3 mins

Diagram: OpenVPN to Rackspace Cloud Servers and Slicehost

A modern implementation and explanation of Linux Virtual Server (LVS)

27 June 2010·813 words·4 mins

Typical configuration for a proxy-type load balancer

A New Year System Administrator Inspiration

4 January 2010·560 words·3 mins

Happy New Year!

2009

Automatically loading iptables rules on Debian/Ubuntu

17 November 2009·127 words·1 min

If you want your iptables rules automatically loaded every time your networking comes up on your Debian or Ubuntu server, you can follow these easy steps.

Get the public-facing IP for any server with icanhazip.com

31 July 2009·71 words·1 min

There are a ton of places on the internet where you can check the public-facing IP for the device you are using.

2008

Plesk Professional Website Editor hangs at login

13 March 2008·177 words·1 min

One of my biggest Plesk gripes is dealing with the Plesk Professional Website Editor.