Showing My Geek

UserOnline

ogwatermelon, 5 Guests,

Archives

Print This Post Print This Post

Ubuntu 16.04.1 NIC problems/changes

ubuntu

  I upgraded one of my servers last night to Ubuntu Server 16.04.1 and it went smooth as I would expect it to.  Until I rebooted and my network monitors started saying it couldn’t contact the server.  I thought it was normal I just rebooted from the upgrade.  So after looking through configs to see that everything was still there, about 10 minutes, the monitor was still critical.  So I ran ifconfig and only got the loopback.  I opened the interfaces file and everything was as I had configured it.  This machine is a virtual so I started checking the config and it was fine as well.  So to make a long story short Ubuntu renamed the NIC to ens160 and would not activate the NIC.  I checked the udev rules and there was nothing in the 70-persistant-net.. file and after messing around for about 30 minutes I turned to my friend Google to find solutions.  So the best solution I found and it worked right away was to modify an entry in the GRUB.conf file.  Here is the commands to run.

To see if the NIC is still there run ifconfig -a

Then in /etc/default/grub edit the following line and add the text in red:

GRUB_CMDLINE_LINUX=net.ifnames=0 biosdevname=0

and as root run:

update-grub

Reboot you system and your NICs should be back to eth0,eth1,etc..  You do need to make sure the OS still sees the NIC before editing the GRUB config file.  I did reinstall drivers before I started down this path.

However if you are using dhcp you may never really notice that this has happened.  I use static and wanted them to be back to eth0.  I did a fresh install for a web server I am working on and this time it named it ens33.  I had no problem because it pulled it’s first IP from DHCP and everything worked fine.  I noticed when I started changing the NIC config.  So mostly this is something to look out for when you are doing an upgrade and the network just stops working.  I liked not having to change my interfaces file so this turns out to be good information.  So good luck and feel free to leave questions.

Print This Post Print This Post

Perl Ping Monitor Script

PerlLinux

 

I was busy writing different scripts for image installation when I had the idea to create a script would query the network and make a web page for viewing. This script is a ping monitor, it currently doesn’t use any other protocols. I wrote this to allow me to see systems that were up without having to VPN into the network to see what Nagios was saying. I had never wrote anything in Perl before and wanted to give it a try. Today with Google and other online resources there is no reason that almost everyone can write a script, program, or some kind of code with no experience in that language. It is also dependant on whether you understand the basics of programs and how they should flow. So once you look at my script you will see some of my inexperience with Perl in the way some of the code is system calls verses a all Perl syntax.

Anyhow back to my script.  The script was written on a Linux system and I have had it running for a good 3 months on a VM just pinging away.  It can currently only do one sub-net but if I don’t get bored with it I may expand it.  It is started with a shell script but doesn’t have to be.  I did this so I could add a start/stop entry into the log file that it creates.  So if you don’t care for it you can start it without the shell script.

The script has a few text based menus that I put in to allow a person to select certain things like what subnet, where to write the index.html file, and how many machines to put in a row on the web page.  I have alway done these little menus to help people use the script without really understanding what it is doing.

Once the script has started you have to leave the terminal open or send it to the background with Linux commands.  I have thought of a ways to make it go to the background once it starts but have not been motivated enough to change it.  The script will will do a full scan of the network every 5 to 10 minutes depending on what you enter for check times.  Meaning that is will ping everything at the time you specify but will do a full network rescan 5 or 10 minutes to catch systems that have just come online and to keep systems that have went offline on the webpage.  So lets go through the flow of the script.

You will have to untar the file and keep the folders that are in there. I am planing to have the script itself do the folder creation just have not gotten to it yet.  So with the files in place the script will run out of the folder you untar’d it to.  You will start the script in a bash terminal using  ./start.sh or perl ./PATH/NetMon.pl.  Now I will run you through the menus.  The first one on the left is the menus you end the sub-net.  You will simple enter the first 3 octets.  The next menus will be the location if the web page.  It defaults to the web folder inside the installation directory but can be changed.  This is so you can send it to a share or a web servers directory for others to look at.  Last will be the number of icons in a row on the web page.  This was put into place to help with systems with different resolution and to keep symmetry in the look.  Once these configs are done the script will begin pinging the sub-net.term

The web page is created by the script by simply writing text to a file.  The file is then has a symlink to the index.html at the location put into the location menu.  The web page will refresh every 15 seconds to allow for timely information update even if the script only checks systems every 10 minutes.

Webpage

As you can tell I made this page.  I just copied syntax to create more icons for the pic.  The most systems I have monitored with this was around 70.  Just because I don’t have a ton of systems on my network.  So I understand that it doesn’t have features of programs like nagios, but this is a script that can run in a terminal.  Plus the most network bandwidth I have seen this use is 35 Kbps and that was when it was scanning.

I am currently adding the ability to scan more than one sub-net and I want it to be able to notify someone if you are not watching the screen.  I have also considered changing the initial discovery to use ARP but the Perl plugin for that feature isn’t being developed anymore and I have nothing but problems with it.  I also want the script to move to the back ground once it hit a certain point in the script.  But you can run it with the nohup command and you can close the terminal and it stays running.

Finally I have been working on the script creating the directories that it needs once you run it the first time.  Then it will just check anytime it is restarted.  This is just something that I play with theses days to see how well I can get this to work.  It may not be useful for large networks but it is something simple that can be run as a process on a Linux machine that can publish the web page to a web server to monitor systems from anywhere.  I will add the files for download so anyone can download if they want.

Print This Post Print This Post

Protect your network with IPFire

ipfire_brix

Through out my attempts to build implement a firewall I went through quite a few different possibilities.  So what will I do purchase of a commercial firewall appliance, a higher end router with extended firewall features, or building my own on a computer?  After a great deal of research and debate I decided to build my own firewall using one of the open source Linux distros.  So I tested several Pfsense, Endian, IPCop, Smoothwall, and IPFire.  I primarily did this with virtual machines to start with and then would progress on to hardware and testing.

In my testing I came across an IPFire image for a Raspberry Pi.  Me being an R Pi enthusiast I decided to test it out.  I know the R Pi only has a 10/100 and only has on NIC but was willing to give it a try.  Believe it or not I installed the image and used a USB Gigabite NIC for the internal network interface.  I ran this for about 2 months and it worked well.  The only thing I couldn’t run was Snort because it made my R Pi lockup.  Then my ISP was going to increase the speed of my WAN connection so the R Pi just didn’t have enough horse power to handle the 300Mbps speeds.  It would only allow 30Mbps through.  So I had to get new hardware to make this work.  I am all about saving electricity so I was not willing to run a full desktop, and I didn’t want to dedicate one of my laptops to this.  Finally at one of my favorite computer store I found a Gigabyte Brix micro computer in the clearance bin.  I thought this would be worth a shot for the new firewall hardware.  I know the store part if this is long so I will get into the build now.

The Brix doesn’t come with a hard drive and I found that the SATA connector inside the machine will not spin a standard hard drive.  So you will need an SSD plus you will want the improved speed to keep the bandwidth loss to a minimum.  Here is the specs of the device I picked up.

  • Features 22nm Intel® Celeron N2807 to deliver to the most intuitive and integrated operating systems in the world
  • Supports 2.5” thickness 7.0/9.5mm Hard Drives (1 x 3Gbps SATA2)
  • Ultra compact PC design – 0.69L(56.1x 107.6 x 114.4mm)
  • 1x SO-DIMM DDR3L 1.35V Slots (1333 MHz)
  • Preinstall IEEE 802.11 b/g/n Wi-Fi / Bluetooth 4.0 Mini-PCIe card
  • Supports dual displays via a VGA and a HDMI port
  • Gigabit LAN
  • Audio jack (Headphone/MIC)
  • VESA mounting bracket (75 x 75mm + 100 x 100mm)
  • Supports Fan less design

So this device needs a hard drive,a memory stick, and a USB NIC to make it work for a firewall.  I had all of these parts laying around so it was nothing for me but should be remembered if you are going to do something similar.  I already had experience with IPFire and I liked it so I used the same OS for this firewall build.  Here are the requirements for IPFire.

  • Intel Pentium I (i586)
  • 512MB RAM and
  • 2GB hard drive space
  • 2 NICs

So I installed an 60G SSD and 4 Gigs of memory into my micro PC to do my testing.    I also needed and external CDROM drive to install the OS.  IPFire’s current version at the time I am writing this is 2.17 update 93.  Installation is pretty straight forward and you can get all the help you need from their wiki at http://wiki.ipfire.org/en/start .

Once the OS is installed it will finish with a setup script that It has you picj which adapter are for the Red and Green side of the network.  I chose the USB NIC to be the Red interface because if it failed I would still have internal network.  The USB is also on a USB 3 interface so I have more than enough speed for the WAN connection.  I know that it is better to have a machine with 2 internal NICs but that would increase my expense from around $200 to closer to 3 or 4 hundred dollars.  Here is what the install script looks like.

install_network_selection1installer_netcard_address02

If you have a the need for additional interfaces such as a DMZ or WiFi interface, IPFire does support this as well.

Red WAN External network, Connected to the Internet (typically a connection to your ISP)
Green LAN Internal/Private network, connected locally
Orange DMZ The DeMilitarized Zone, an unprotected/Server network accessible from the internet
Blue WLAN Wireless Network, A separate network for wireless clients

You can re-run this setup at anytime if you want to make NIC changes by typing setup in a terminal on the firewall itself.  Once you are up and running you can log in to the web interface by typing https://<green NIC IP>:444 .  Here you can access all of the additional settings and information that the firewall has.  I like the reports that it has and the fact that you can expand the function of the firewall if you want. The interface has themes as well but I use the default on.  More specifics on the interface and setup can be found her http://wiki.ipfire.org/en/configuration/start .  Below are pics of the web interface.

interface1ipfire.localdomain-iptables-Mozilla-Firefox_005

 

The only additions I made was activating SNORT and using the Guardian script to make it more of an IPS not an IDS.  I also install the email addon to have the firewall email me reports and when it blocks or unblocks things.  All I did was add a statement into the scripts that would make it email me when it was executed.  So I get a lot ofemails from the firewall but I like it that way.  You install addons using pakfire.  The list is quite extensive and can be found at the at http://wiki.ipfire.org/en/addons/start .

Guardian is a perl script that goes through the SNORT logs and the blocks IPs that have 5 violations.  It blocks them for 24 hours.  This is where setting up the SNORT rules becomes important.  If you don’t you may find yourself locked out of you own firewall or blocking good traffic as well as unwanted traffic.   You need to realize that all addons require processor time and may cause some loss of bandwidth going through the firewall.  My WAN connection from the modem is 329Mbps.  Going through the firewall with SNORT running I get 242Mbps.  My Brix micro PC is idle 96% of the time so I am not coming even close to maxing out this system.  But hardware and addons need to be thought through to insure you get as much bandwidth as possible.  If I disable SNORT my bandwidth increase to around 260Mbps.

You will also have to setup you firewall access as well.  IPFire uses iptables as the firewall and can be a little tricky to setup if you are not  use to setting up firewall rules.  This can be done with the web interface and a guide to do this can be found at http://wiki.ipfire.org/en/configuration/firewall/rules/start .  I had to do some trial and error to get everything setup correctly, but once it was setup it functioned perfectly.

I know I have been pointing to a lot of web pages for setup info but if I put it all in here this would be about 50 pages long.  I ran this for a few months and am happy with the performance and love the reports that it produces.  It will give you a roll up report of all activity the previous day but it can be a little cumbersome to read through.  But you can go to each of the individual reports in a GUI format and look at activity for any day that the firewall has been running.  Some of the reports are shown below.

configuration_logs_firewall-ip_summary_1

configuration_logs_firewall-ip_summary_2

configuration_logs_firewall-ip_details_1

These are default image I got from the internet not my network but this is what it looks like for the firewall traffic (bottom) and IPs that have connected to the firewall (above).  I truly wanted a firewall so I could get these type of report of network activity on my network.  So this may not be the path that most people want to take but I tried a few commercial router/firewalls that were in my price range and found them to be crap.  The would cause a large bandwidth drop and the firewall was not as configurable.  Plus the logs were all text and you would have to read through them and try to figure out what they were doing.

My cheep hardware setup was pretty simple to put together and works very well.  I like IPFires interface and there forums have a great deal of good information in them.  So if you are looking for a firewall without all of the crazy costs that come with commercial ones.  This may be a good option for you.  It does require some knowledge of Linux but not to expert or even intermediate level.  You can run this from the web interface and never really need to access it through a terminal.  So give it a shot and let me know if I can help in your testing.

 

 

Page 1 of 4812345...102030...Last »