Routing for multiple uplinks
The goal of this article is to show an easy way allowing to use two uplinks on a Linux gateway.
As requirement, you need the package "iproute" installed.
The first step is to create the "iproute" tables relative to the two uplinks mentionned above, via "/etc/iproute2/rt_tables":
200 uplink_isp1
201 uplink_isp2
The second one is to perform the network settings. Here is a sample "/etc/network/interfaces" file (Debian) for two ISP:
# ISP1
auto eth0
iface eth0 inet static
address 10.10.1.253
netmask 255.255.255.0post-up ip route add 10.10.1.254/32 dev eth0 src 10.10.1.253 table uplink_isp1
post-up ip route add default via 10.10.1.254 table uplink_isp1
post-up ip rule add from 10.10.1.253 table uplink_isp1post-up ip route del 10.10.1.254/32 dev eth0 src 10.10.1.253 table uplink_isp1
post-up ip route del default via 10.10.1.254 table uplink_isp1
post-down ip rule del from 10.10.1.253 table uplink_isp1# ISP2
auto eth1
iface eth1 inet static
address 10.10.2.253
netmask 255.255.255.0post-up ip route add 10.10.2.254/32 dev eth0 src 10.10.2.253 table uplink_isp2
post-up ip route add default via 10.10.2.254 table uplink_isp2
post-up ip rule add from 10.10.2.253 table uplink_isp2post-up ip route del 10.10.2.254/32 dev eth0 src 10.10.2.253 table uplink_isp2
post-up ip route del default via 10.10.2.254 table uplink_isp2
post-down ip rule del from 10.10.2.253 table uplink_isp2
You can also setup additionnal per-link routes in a such setup.
Dennis Ritchie has gone
I come upon a bad news on thursday through an RSS feed. Dennis MacAlistair Ritchie who was 70 left us on october the 8th. The goal of this article is not to list all his work but only to make a humble tribute to someone who played a conclusive role and who has gone almost silently. RIP.
LVM / XFS volume shrink
Here is a short list of the commands allowing to shrink a XFS LVM volume. The example mentions how to shrink 5Go of the /home mount point.
xfsdump -f home.dump /home
umount /home
lvmreduce -L-5G /dev/mapper/VOL0-home
mkfs.xfs /dev/mapper/VOL0-home
mount /home
xfsrestore -f home.dump /home
Dkim and Postfix
Here is a quick tutorial explaining how to enable DKIM, a technology which allows to authenticate the sender and the integrity of a mail, on a Debian / Postfix environment.
Install dkim-filter:
aptitude install dkim-filter
Generate and export de key:
openssl genrsa -out /etc/ssl/private/dkim_MYDOMAIN_MYTLD.key
openssl rsa -in /etc/ssl/private/dkim_MYDOMAIN_MYTLD.key \
-pubout -outform PEMwriting RSA key
-----BEGIN PUBLIC KEY-----
MYKEY
-----END PUBLIC KEY-----
Setup dkim-filter through /etc/dkim-filter.conf:
Domain MYDOMAIN_MYTLD
KeyFile /etc/ssl/private/dkim_MYDOMAIN_MYTLD.key
Selector mail
And through /etc/default/dkim-filter:
#SOCKET="inet:12345@192.0.2.1" # listen on 192.0.2.1 on port 12345
+ SOCKET=inet:8891@localhost
Restart the service:
/etc/init.d/dkim-filter restart
Add to the DNS zone:
mail._domainkey TXT "k=rsa; t=y; p=MYKEY"
Add to Postfix through /etc/postfix/main.conf:
milter_default_action = accept
milter_protocol = 2
smtpd_milters = inet:localhost:8891
non_smtpd_milters = inet:localhost:8891
Eventually, restart Postfix:
/etc/init.d/postfix restart
As the default mode is sv, you will now sign the outgoing mails and validate the incoming ones.
A few security mechanisms for a laptop
Mike Cardwell has written a very good article about different security mechanisms for a laptop, entitled Protecting a Laptop from Simple and Sophisticated Attacks . Different technologies are mentionned, like swap encrypting, TRESOR, etc.
Another DNS root attack
The DNS root has been exposed to another attack on tuesday june the 28th. Though, no breakdown was noticed on the resolves, and it seems that only a few monitoring systems have spotted it. You can find technical details and related graphs on this article entitled Attaque contre les serveurs DNS de la racine - juin 2011 (in french) from the blog of Stéphane Bortzmeyer.
World IPv6 Day
The World IPv6 Day has come ; organized by ISOC, it's one of the first wide tests preparing the IPv6 deployment.
Even if some big actors were missing, a lot of them were prepared for this event, who will be successful, as it will speed up the technical deployment of the protocol on the platforms which never did the step.
Zaurus SL-C3000
After a few years, I convinced oneself to sell my Sharp Zaurus SL-C3000, it will probably more useful in different hands. For those who don't know this PDA, it is the first platform which were commercialized under Linux. Its manufacturing ended at the end of 2007.
The SL-C3000 has a 416 MHz Intel ARM X-SCALE CPU , a 4 Go embedded microdrive, and the Qtopia environment. On the network part, the device can use a compact-flash wireless adapter e.g. the NL2511CF Mercury, or a USB-to-RJ45 adapter e.g. the Linksys USB200M.
A french community exists, ZaurusFr.
Filer recovery under Ext3
The article entitled Cher journal... (in french) available on the weblog of the CERT-LEXSI shows the different ways to recover filers under Ext2 / Ext3 filesystems. The methods are based on the usage of tools like ext3grep, but you can also use extundelete which also works with Ext4. You can also read HOWTO recover deleted files on an ext3 file system which refers to the same topic.
Mail.log and PHP 5.3
Starting with PHP 5.3, a new setup parameter called mail.info allows to log PHP calls to mail(). This will be a good alternative to approximative sendmail wrappers you could use in the past.
Here is a sample output:
mail() on [/path/file.php:2]: To: root@localhost -- Headers: X-Cust...