Firewall Builder: Convert Linux Iptables Configuration to OpenBSD and PF

Posted on in Categories Iptables, Linux, OpenBSD, Security last updated March 25, 2010

Lets see how much effort it is going to take to convert this configuration to entirely different firewall platform – PF on OpenBSD. There are different ways to do this. I could make a copy of each member firewall (linux-test-1 and linux-test-2), set platform and host OS in the copy to PF and OpenBSD and then create new cluster object. This would be a sensible way because it preserves old objects which helps to roll back in case something does not work out. However, to make the explanation shorter, I am going to make the changes in place by modifying existing objects.

XEN Virtualization Set The MTU For xenbr0 Interface

Posted on in Categories CentOS, Debian Linux, fedora linux, Gentoo Linux, High performance computing, kernel, Linux, Linux Virtualization, Networking, RedHat/Fedora Linux, xen last updated December 31, 2008

I’ve already written about setting the MTU (Maximum Transmission Unit) under Linux including Jumbo frames (FreeBSD specific MTU information is here).

With this quick tip you can increase MTU size to get a better networking performance.

List of open source cluster management systems

Posted on in Categories Beyond nixCraft last updated March 27, 2008

M. Shuaib Khan has published a list of open-source cluster management systems.

Personally, I had used openMosix and Red Hat Cluster software (which is also based upon open source software funded by Red Hat).

From the article: In computing world, the term “cluster” refers to a group of independent computers combined through software and networking, which is often used to run highly compute-intensive jobs. With a cluster, you can build a high-speed supercomputer out of hundreds or even thousands of relatively low-speed systems. Cluster management software offers an easy-to-use interface for managing clusters, and automates the process of queuing jobs, matching the requirements of a job and the resources available to the cluster, and migrating jobs across the cluster:

=> openMosix
=> Kerrighed
=> OpenSSI
=> Gluster

Read this article it offers feature, cons and pros of each solution.

Iptables allow CIPE connection request

Posted on in Categories Iptables, Linux, Networking, Security, Troubleshooting last updated January 9, 2008

From my mail bag:

How do I accept CIPE connection requests coming from the outside?

CIPE stands for Crypto IP Encapsulation (see howto Establishing a CIPE Connection) . It is used to configure an IP tunneling device. For example, CIPE can be used to grant access from the outside world into a Virtual Private Network (VPN). All you need to find out CIPE number, once you got the number (device name) append following two IPTABLE rules (add rule to your iptables script) to script:

Iptables rules:

Add the following rules to your iptables script or configuration file:

iptables -A INPUT -p udp -i cipcb0 -j ACCEPT
iptables -A OUTPUT -p udp -o cipcb0 -j ACCEPT

CIPE use its own virtual device. It is use to transmit UDP packets so the above rule allows the cipcb0 interface to incoming request (no need to use eth0).

Replace cipcb0 with your actual device name.