Archive for April, 2007

Howto: Debian route-map (part 1)

Saturday, April 14th, 2007

Route by source Interface IP rule

In this howtos series we will show  how do we implement policy based routing under Debian (or any other Linux), the howtos divided into different parts, each part will provide a howto of a specific feature.

The old ip tools replaced by the iproute2 tool, many many features became availble such as interface management, PBR, source-route, route tables aggregation, QOS and more.

Under Debian the installation is very easy, there is a package called iproute which you can install easily:

apt-get install iproute

Don’t worry, it won’t replace your current ip/route tools but just work simultaneously to the current route/interface/ip tables.

Now you can use the iproute2 ip tools, to show your current route table just type: ip route list

The default route table is numbered as 254, in iproute2 we can create many route tables and assign them accordingly, to see all route tables type:

ip route list table all

If we want to route a connection that came to our specific IP address back to predefined specific gateway, we need to use ip rules and seperate route table that triggered by an ip rule, this is how we get it done:

ip route add default via GATEWAY table 113

ip rule add from LOCAL_IP table 113

GATEWAY – New gateway address to which we want to route classified traffic.

LOCAL_IP - An inbound connection to this IP address will be routed back via the GATEWAY.

That’s all, the table number is just a tag.

Examples of useful usage:

  • A rule that says if there is a connection to our real IP, route it back via our real gateway otherwise all will be default routed via the VPN gateway. In that way we still can connect to our real IP and manage the server.
  • Split Tunnel VPN connection: create rule that will route all far side networks via the vpn gateway, all other traffic will be routed via the default gateway.

Posted in Tips | 1 Comment »

Debian 4.0 (etch) i386 netinstall ISO

Wednesday, April 11th, 2007

Debian CD mirror is updated, the latest image is 4.0 r1 (etch)

Now you can download the Debian 4.0 (etch) i386 netinstall and the full CD & DVD versions as well.

Debian 4.0_r0 is not availble anymore, please download 4.0_r1

Tags:
Posted in News | 1 Comment »

Etch 4.0 Archive releases

Tuesday, April 10th, 2007

Current Releases

Four Debian releases are available on the main site:

Debian 4.0r0 was released Saturday, April 8th, 2007.
Installation and upgrading instructions, More information
Debian 3.1r6 was released Saturday, April 7th, 2007.
Installation and upgrading instructions, More information
The current tested development snapshot is named lenny.
Packages which have been tested in unstable and passed automated tests propagate to this release.
More information
The current development snapshot is named sid.
Untested candidate packages for future releases.
More information

Posted in News | No Comments »

Debian GNU/Linux 4.0 (etch) released

Sunday, April 8th, 2007

The Debian Project is pleased to announce the official release of Debian GNU/Linux version 4.0, codenamed etch, after 21 months of constant development. Debian GNU/Linux is a free operating system which supports a total of eleven processor architectures and includes the KDE, GNOME and Xfce desktop environments. It also features cryptographic software and compatibility with the FHS v2.3 and software developed for version 3.1 of the LSB.

Using a now fully integrated installation process, Debian GNU/Linux 4.0 comes with out-of-the-box support for encrypted partitions. This release introduces a newly developed graphical frontend to the installation system supporting scripts using composed characters and complex languages; the installation system for Debian GNU/Linux has now been translated to 58 languages.

Also beginning with Debian GNU/Linux 4.0, the package management system has been improved regarding security and efficiency. Secure APT allows the verification of the integrity of packages downloaded from a mirror. Updated package indices won’t be downloaded in their entirety, but instead patched with smaller files containing only differences from earlier versions.

Debian GNU/Linux runs on computers ranging from palmtops and handheld systems to supercomputers, and on nearly everything in between. A total of eleven architectures are supported including: Sun SPARC (sparc), HP Alpha (alpha), Motorola/IBM PowerPC (powerpc), Intel IA-32 (i386) and IA-64 (ia64), HP PA-RISC (hppa), MIPS (mips, mipsel), ARM (arm), IBM S/390 (s390) and – newly introduced with Debian GNU/Linux 4.0 – AMD64 and Intel EM64T (amd64).

Debian GNU/Linux can be installed from various installation media such as DVDs, CDs, USB sticks and floppies, or from the network. GNOME is the default desktop environment and is contained on the first CD. The K Desktop Environment (KDE) and the Xfce desktop can be installed through two new alternative CD images. Also newly available with Debian GNU/Linux 4.0 are multi-arch CDs and DVDs supporting installation of multiple architectures from a single disc.

This release includes a number of updated software packages, such as the K Desktop Environment 3.5.5a (KDE), an updated version of the GNOME desktop environment 2.14, the Xfce 4.4 desktop environment, the GNUstep desktop 5.2, X.Org 7.1, OpenOffice.org 2.0.4a, GIMP 2.2.13, Iceweasel (an unbranded version of Mozilla Firefox 2.0.0.3), Icedove (an unbranded version of Mozilla Thunderbird 1.5), Iceape (an unbranded version of Mozilla Seamonkey 1.0.8), PostgreSQL 8.1.8, MySQL 5.0.32, GNU Compiler Collection 4.1.1, Linux kernel version 2.6.18, Apache 2.2.3, Samba 3.0.24, Python 2.4.4 and 2.5, Perl 5.8.8, PHP 4.4.4 and 5.2.0, Asterisk 1.2.13, and more than 18,000 other ready to use software packages.

Upgrades to Debian GNU/Linux 4.0 from the previous release, Debian GNU/Linux 3.1 codenamed sarge, are automatically handled by the aptitude package management tool for most configurations, and to a certain degree also by the apt-get package management tool. As always, Debian GNU/Linux systems can be upgraded quite painlessly, in place, without any forced downtime, but it is strongly recommended to read the release notes for possible issues.

Posted in News | No Comments »

Howto: Debian bandwidth monitor via CLI

Thursday, April 5th, 2007

Very useful tool for Linux systems which allows one monitor the interface statistics, TCP port connections & bandwidth usage – ‘iptraf’:

(apt-cache search iptraf)

iptraf – Interactive Colorful IP LAN Monitor

Debian has a package of iptraf, the installation is easy:

apt-get install iptraf

I will demonstrate you how to monitor your outgoing bandwidth on your machine,

To run iptraf type the ./iptraf command in the shell,

 

 Select "Detailed interface statistics" from the menu:

Choose your interface to monitor (In our example eth0):

 Wait about 5secs (iptraf needs it for synchronization):

The current outgoing bandwidth usage is circled in red.

Posted in Tips | 1 Comment »

Debian SOCKS4 server install

Sunday, April 1st, 2007

To install a SOCKS4 server on Debian you may apt-get the SOCKS4 server package (apt-get install socks4-server):

socks4-server – SOCKS4 server for proxying IP-based services over a firewall

After the installation you need to edit your inetd configration by typing:

update-inetd –add "socks stream tcp nowait nobody /usr/sbin/sockd"

It will edit the /etc/inetd.conf configuration and reload the daemon.

Now just edit the /etc/sockd.conf access list file for authorized connections, example:

permit 192.168.0.2 255.255.255.255

deny  ALL  0.0.0.0  .my.domain  0.0.0.0

Posted in Tips | No Comments »