Install ufw firewall on Ubuntu…

ubuntu logo

I updated my 10.04 LTS servers recently to 12.04 LTS. One of the issues I have is that when I upgraded my iptables script failed. I decided that I would, try and fix my iptables, but iptables changed so much from 10.04 to 12.04. After many days of screwing around, I gave up and looked at alternatives to get my firewall working again. I found ubuntu had a product called Ubuntu Firewall. To get ufw and working, is not a hard task. Howto is shown below.

You need to enable ufw

Now if you want to allow ssh port open, so you can make a remote connection to the server.

To see the the current status and list of what ports are open

If your like me and running the server also as you gateway, you may only want to block the interface to the outside world and open all ports on the internal interface.

This does not do any nat traversal/masquerading. I will blog about this later.

Replacing a disk in a Software Raid Array…

logo-linux01A disk recently died on my software raid array, and replacing the disk was a simple procedure. You will get some notification via your systems email regarding that a disk has failed. Usually you can periodically check the mdstat file and see if any disks have failed. You can check the mdstat file below.

The output should be similar to below.

You can see from up above that one of the disks has died. Going by the sequence of disks in the /proc/mdstat file. I can make out that /dev/sdg1 has failed ( I have gone a bit ahead on the sequence). I now need to remove /dev/sdg1 from the array. You do not need to stop the array to remove the disk. The command below to remove the disk is

Unless you have hot swappable disks, you need to shut down the system to swap the old disk out and replace it with a new disk. Once the system is rebooted. You can type the command to add the new disk the existing array.

This will take some while for the disk to resync with the existing array. To monitor the progress of the array, you just type in the following command.

You can ctrl-c to get out of this anytime. It wil update every ten seconds.

Reset Network Drivers to eth0…

Recently I came across a issue, where a added a dual network card to my ubuntu server and instead of taking over the eth0 and continuing down the line in sequence. Ubuntu decided to just continue the sequence of eth1 and eth2. So it got me wondering why does it not take over the eth0, since the old network card is not there. It seems the culprit is the udev rules and the network cache which remembers the mac address of the previous card and leaves that eth0. So no other ethernet card can be eth0, till you delete the network cache and udev regenerates the device with the new network card. To resolve this issue you just need to delete the fie below and reboot.

# rm -f /etc/udev/rules.d/70-persistent-net.rules

Install Squid in 600 seconds…

Currently I have a few firewall issues and while I am trying to resolve those issues. I decided I still needed to surf the internet. Till I can resolve my firewall issues, my option was to either surf with my mobile 3g unit, do my internet surfing only at work, or none at all. My other option was to install squid, as a bandaid issue.

The steps to get squid working is shown below.

# apt-add install squid3

We need to edit the squid configuration, before we can start the application.

# cd /etc/squid3
# cp squid.conf squid.conf.orig
# vi squid.conf

We now modify the squid configuration file, and modify, add the following into the squid.conf

acl our_networks src 192.168.0.0/24
acl localnet src 127.0.0.1/255.255.255.255
http_access allow our_networks
http_access allow localnet

An optional extra is if you want to modify the cache of squid the line that needs to be modified is

cache_dir ufs /var/spool/squid3 7000 16 256

The only part you may wish to modify is the 7000 which denotes the amount of megabytes. You can increase or decrease the size of your cache, depending on your needs.
Before you start squid you need to create the cache, with the following command.

# squid -z

You now can start squid with the command

# /etc/init.d/squid restart