Posts tagged linux
I have two windows servers that shouldn’t talk to each other. How do I make sure they don’t?
Right, why not use some firewall? well, because I can’t just install any software on these servers, company regulations, and windows’ built-in firewall suck big time (only inbound, have to configure ALL exceptions).
On Linux this is quite a trivial IPTables command. Run the following on server#1:
iptables -I INPUT -s server#2 -j DROP iptables -I OUTPUT -d server#2 -j DROP
Unfortunately there’s nothing like IPTables built into windows.
Driving inspired from the IPTables concept of routing the packets to the trashcan (“
-j drop“), I realized that much same could be implemented on windows by twicking the OS routing table causing it to deliver packets for server#2 to no where.
Here’s my hand tailored, freeware, no software required, windows firewall that sends packets to a vacation in /dev/null:
route ADD 126.96.36.199 MASK 255.255.255.255 188.8.131.52
Server#1 IP is 184.108.40.206
Server#2 IP is 220.127.116.11
18.104.22.168 isn’t assigned to anyone – our /dev/null for the occasion.
If you add the route instruction only to server#1, but not to server#2, then server#2 can still send IP packets to server#1, while this breaks TCP completely, server#2 could still send UDP datagrams to server#1.
Make sure the servers are configured with static IP, otherwise your solution would break over time. In order to make the route persistent across server reboots, add the -p flag.
I just read through most of O’Reilly’s Linux Server Hacks book.
I expected another dull Linux how-to book, which goes over the man/info of the most obvious commands, but instead I found an interesting, original, advanced hardcore book, full of Linux goodies to brag about in front of my colleagues.
Some note worthy items:
- A thought effective usage of SSH, especially as a secure channel for moving bits around the network, between a pair of processes each running on its own host.
- How to reset your root password, without a rescue disk, using the LILO boot loader.
- I didn’t knew about ext2/3 chattr and lsattr before reading the book…
- Periodical rsync runs could save a lot wasted scp time.
- (#44) burning a CD over the network using a pipe – cool
- (#50) setting up a VPN using IPIP tunneling
- (#57) lsof – hey, I’ve been using it for years.
- (#63) loved to learn that the send_arp utility can help me to revoke all of the subnet’s machine (and router?) IP->mac mapping. Handy when setting up a two bits IP fail-over system.
- (#68) ssh-agent – now I know what it is – very useful in the hands of an all mighty admin ruling over hundreds of minions machines.
- (#73) loved the one-liners perl scriptlets.
To conclude, a must have in your bathroom library.