linux

All posts tagged linux

I’ve whipped up a script to backup Edgemax/Vyatta routers and push it to a RCS system, download a copy here

Prerequesites

sshpass (Sourceforge page)
bzr here (or something else like CVS/Git)

Usage

./edgemax-backup.sh <userid> <passwd> <router IP address> <filename>

Notes

Whilst it’s not a great idea to embed SSH passwords in scripts, you could use SSH keys with a bit of jiggery pokery of the script, it’s upto you, personally I only allow access to ssh from the my trusted management platforms and even the above user SSH userid could be restricted to only allow “show configuration”

* Big thanks to [email protected] for allowing me access to his test box for final testing.

#dayjob

Some days you just need to do a bit of packet mangling and you don’t want to
write loads of DNAT/SNAT statements, so why not just use the NETMAP target

Take this example (The IP addresses have been changed to protect the innocent)


iptables -t nat -A PREROUTING -d 192.168.55.0/24 -j NETMAP --to 195.44.12.0/24
iptables -t nat -A POSTROUTING -d 195.44.12.0/24 -j NETMAP --to 192.168.55.0/24

It allows you to translate entire networks on a 1:1 mapping basis, so 192.168.55.1
maps to 195.44.12.1 and 192.168.55.2 maps to 195.44.12.2 and so on and so on.

Simples

(Oh and the Postrouting line is for the SNAT on the way back btw)

Whilst doing some other work for #dayjob,  I came across this little outfit based out in Israel doing free Class 1 SSL certificates for a year.

Ok I thought what’s the catch (other than it’s about as trustworthy as a man claiming to be secure , but can’t demonstrate it), it seems there isn’t much of a catch :

  1. The T’s & C’s state it has to be for “non-commercial” activity.
  2. It’s only Class 1, funny enough they do Class 2 and EV certs as well – for a cost naturally.
  3. It’s only for a year, but you can just keep renewing it every year.
  4. Errr and that’s about it really.

All in all, it’s worth signing up and using it for test certs and things like that, I tend to use it for test certs for Loadbalancers/Offload SSL box’s, saves explaining to people why you need to purchase certs for a development environment, anyway it’s worth a punt — https://www.startssl.com/