Part 2: Adding the firewall rules

In part two of this series we’re going to discuss adding firewall rules to the router.  Everyone knows that adding ingress (or incoming) firewall rules is important to securing your network.  However, the same can be said for adding egress rules for traffic leaving your network.  For instance, aside from an email server, no client should ever send traffic to the Internet via TCP port 25.  If you see

Read More

Setting up NAT with CentOS/Red Hat 6

​This will be part 1 in a series of configuring CentOS/Red Hat 6 as a secured firewall. Though I am a huge fan of pfSense (which can be found here pfSense), I wanted to build my own from scratch. So, the first part of this series will consist of setting up PAT (or NAT overload for the Cisco geeks) on Linux. The first step is to configure the network cards. 

Read More

Mounting a USB Device In a Xen Guest

​Mounting a USB device  Attach the USB device to the Dom0 and run ‘dmesg’ to see if the device attached Run ‘fdisk -l’ to see if the drive is partitioned the way you want it For instance: [[email protected] ~]# fdisk -l /dev/sdc Disk /dev/sdc: 1000.2 GB, 1000204886016 bytes 255 heads, 63 sectors/track, 121601 cylinders Units = cylinders of 16065 * 512 = 8225280 bytes Device Boot Start End Blocks Id

Read More

RHEL/CentOS Server Security

As a part of the sys admin’s job, it is important to take a few extra minutes to go through and properly secure a newly installed Linux server. These steps include enabling SELinux on the machine, configuring the firewall, and setting user permissions. There are however additional steps one should take in order to secure their server. One would be to tune and secure kernel parameters, set limits on

Read More

Multiple VLAN’s with Xen Dom0

​A great feature of Linux and Xen is the ability to run DomU’s on multiple networks. To do this we first need to set up the VLAN’s on a switch and then set the port the Dom0 is connected to allow for 802.1q traffic. On a Cisco switch, log into the IOS and change the interface that the server is sitting on and type: switch(config-if) switchport trunk encapsulation dot1q switch(config-if)

Read More