Wiki
Portal
Contact Us
Connect

Sown-gw

From SOWNWiki

Jump to: navigation, search

gw.sown.org.uk is SOWN's Gateway server.

It has a 930Mhz Intel Pentium 3 processor with 128MB0.125 GB
131,072 KB of memory. It has 4x Fast Ethernet PCI network interfaces. It is housed within a 1U Rackmount case located on Level 3 of Building 32 (50°56′11.27″N, 1°23′45.34″WLatitude: 50°56′11.27″N
Longitude: 1°23′45.34″W).

The server has a power consumption of ?W at boot, ?W idle and ?W when turned off.

Contents

Installed Software

The server's operating system is Debian (squeeze) running on Linux Kernel 2.6.26.

The server also has the following software installed on it:

  • iptables 1.3.6.0debian1-3
  • Quagga version 0.99.5-5

Packages

These packages are the result of a diff between a package list from nat and sown-gw (Vanilla install of Debian (Squeeze)).

  • apache2
  • bind9
  • hddtemp
  • libapr1-dev
  • libpcap0.8
  • libxml2
  • mysql-server
  • nagios-nrpe-server
  • nagios-plugins
  • nmap
  • ntpdate
  • quagga
  • rsync
  • snmpd
  • snmp
  • syslog-ng
  • tcpdump
  • vlan

Network

This server is connected to the SOWN VLAN, with the IP addresses:

  • 10.13.0.254
  • 2001:630:d0:f700::254

Its DNS name is:

  • gw.sown.org.uk

Its MAC address is 00:80:C8:B9:8E:3A and is connected to port b32-l3-cat3/GigabitEthernet1/0/? with a yellow network cable.

This server is also connected to an ECS VLAN, with the IP addresses:

  • 152.78.189.84

Its DNS name is:

  • sown-gw.ecs.soton.ac.uk

Its MAC address is 00:80:C8:B9:8E:39 and is connected to port b32-l3-cat3/GigabitEthernet1/0/? with a yellow network cable.


Building Requirements

Rebuild the kernel

  • Layer7 support 
cd /usr/src
apt-get source linux-image-`uname -r`

Download the layer7 patches from SourceForge extract it 

tar -xzf netfilter-layer7-<version>.tar.gz
cp netfilter-layer7/kernel-<version>.patch .
cd linux-<version>
patch -Np1 -i ../kernel-<version>-layer7-<version>.patch

Configure kernel 

make menuconfig
Networking  --->
 Networking options  --->
  Network packet filtering framework (Netfilter)  --->
   Core Netfilter Configuration  --->
    <M> "layer7" match support

Everything else required should automatically have been enabled.

Exit and save all your settings. 

make && make modules_install

Install the kernel 

cp arch/i386/boot/bzImage /boot/linux-`uname -r`-layer7
cd /boot
update-initramfs -k <version> -c
cp initrd.img-<version> initrd.img-linux-`uname -r`-layer7
cd grub

vi menu.lst

insert at the head of the kernel definitions:

title Debian GNU/Linux, kernel <version> with Layer 7 root (hd0,0) kernel /boot/linux-<version>-layer7 root=/dev/sda1 ro quiet initrd /boot/initrd.img-linux-<version>-layer7

Save and Quit and reboot

WARNING: Aptitude will not know about this and may try to overwrite on performing an update

Rebuild iptables

Download the current version of iptables 

cd /usr/src
wget ftp://ftp.netfilter.org/pub/iptables/iptables-<iptables version>.tar.bz2
tar -xjf iptables-1.4.1.1.tar.bz2

Copy the Layer7 extensions to the extensions directory 

cp netfilter-layer7-v2.21/iptables-1.4.1.1-for-kernel-2.6.20forward/libxt_layer7.* iptables-1.4.1.1/extensions/

Compile the new iptables version and install it 

cd iptables-1.4.1.1
./configure --with-ksource=/usr/local/linux-<version>
make
make install
mkdir /etc/l7-protocols

WARNING: Apptitude may attempt to overwrite this module if you run an update NB: At time of writing, the only iptables version that worked (under testing) was 1.4.1.1 (this may change at a later date) NB2: This will write iptables into /usr/local/sbin (rather than the debian default of /sbin) this will not be in your path


Download the protocol definitions from SourceForge.net and extract them into l7-protocols directory

Configuring Network

Configure interfaces with static addresses in /etc/network/interfaces

Edit /etc/init.d/networking and add before: case "$1" in 

echo "0" > /proc/sys/net/ipv6/conf/all/autoconf
echo "0" > /proc/sys/net/ipv6/conf/all/accept_ra
echo "1" > /proc/sys/net/ipv6/conf/all/forwarding
echo "1" > /proc/sys/net/ipv4/ip_forward


Installing Firewall

From the backup, restore /etc/default/firewall4 & /etc/default/firewall6 (to be replaced later)

From the backup, restore /etc/init.d/firewall

Edit /etc/init.d/firewall and replace all paths to iptables and ip6tables with those compiled above (if needed)

update-rc.d firewall defaults

To test /etc/init.d/firewall start and reboot test

Facts about Sown-gwRDF feed
Case 1U Rackmount  +
Coordinates 50°56′11.27″N, 1°23′45.34″W  +info.pngGoogle maps
Cpu 930Mhz Intel Pentium 3  +
Ecsdns sown-gw.ecs.soton.ac.uk  +
Ecsipv4 152.78.189.84  +
Ecsmac 00:80:C8:B9:8E:39  +
Ecsport b32-l3-cat3/GigabitEthernet1/0/?  +
Eth0 4x Fast Ethernet PCI network interfaces  +
Iptables version iptables 1.3.6.0debian1-3  +
Kernel Linux Kernel 2.6.26  +
Location Level 3 of Building 32  +
Memory 0.125 GB (128 MB, 131,072 KB)  +
Operating system Debian (squeeze)  +
Sowndns gw.sown.org.uk  +
Sownipv4 10.13.0.254  +
Sownipv6 2001:630:d0:f700::254  +
Sownmac 00:80:C8:B9:8E:3A  +
Sownport b32-l3-cat3/GigabitEthernet1/0/?  +
Retrieved from "http://www.sown.org.uk/wiki/index.php/Sown-gw"