?

Log in

No account? Create an account
Eric

iptables

Posted on 2006.05.22 at 12:00
Current Location: 63134
Current Mood: busy
Current Music: Nobuo Uematsu: Final Fantasy VIII, IX, X scores
Tags: , , , , ,
There was an issue at work where documents we were sending out were taking 30 minutes to open at other sites. They told us it was a Microsoft template issue and that we were creating templates with errors - templates which had to authenticate against our servers' .dot file prior to open. Carla told them that was horseshit. So we had this big conference call where I effortlessly opened, but to everyone's chagrin, the document in 4-seconds flat from my mac Notes client under Word for Mac, via VNC. They weren't convinced it was an Office XP vs. Office 2003 compatibility error and wanted us to open a Microsoft trouble ticket. As Carla pointed out, "This is the same way we've been doing it for seven years, so it doesn't sound like our issue." I agreed that the problem fell entirely on the remote site, and was aching to prove it. I told everyone I would perform a promiscuous snoop of my interface and capture the output to determine whether or not the document was trying to authenticate to our servers prior to opening. I'm a genius...or not. Apparently, there is no snoop for OSX. What a retard. A scour of the forums shows that tcpdump ships with OSX. I've used tcpdump infrequently, but never for the same reasons I've used snoop, that I can recall. Ethereal wouldn't launch due to a Gtk error, even after setting DISPLAY=0.0 and on OSX even a super-user cannot snoop in promiscous mode without first setting the interface with the pfconfig command which was nonexistent! Pressing on, I came up with this:

BorgQueen:~/Desktop ehowton$ sudo tcpdump -i en0 -U >> /Volumes/max0r/tcpdump

Which determined that (once ports 22 & 5900 were removed from the equasion) whatever issues remote sites were having from opening Word Documents that originated from this facility, nothing within the document was trying to authenticate back to this office.

I love troubleshooting, this is true - but I also love using my tools to swat away annoying amature suggestions.




With great power comes great responsibility.

That responsibility is now my burden alone to bear.

So I have 5 IP addresses, and I want to assign three of them to three different boxes. I want to be able to run HTTP, HTTPS, SSH, VNC, on all them if I wanted to, and have them connect via DNS entries for each. I want to open gaming ports to my XP box, which will NOT have an externally accessible IP. I don't know how to go about any of this, but with a little persistence, and a lot of time, I'm sure I will arise the victor.

Fun times ahead.

My gallery is on my Solaris box - as well as a backup of most of my scores. The gallery runs over the web & uses MySQL. The box is pretty secure, not running any errant services or open ports. I can't see myself using this box for much of anything else, outside of Solaris-specific tasks. It has mirrored drives, an UltraSPARC-IIi 440MHz RISC chip and 1GB of RAM. I'll want to run http/https & ssh on this one.

My primary workstation is my OSX box, a mac mini OC'd to the gills. Don't know that I will be running HTTP from this box, but want to be able to if I so choose. VNC & ssh at a minimum.

My firewall will be my slackware box. It's a 1.6GHz P4 w/768MB of RAM and two identical drives I don't know how to mirror yet in linux. The kernel wouldn't see the hardward IDE-RAID card they were previously attached to. I want to be able to run ssh and http on this box. As this is my firewall, I don't yet know how that works, one of those things I have to figure out as I go along I suppose.




In other news, somebritinmass has joined us on lj! He was very busy today, so it's unlikely we'll hear from him anytime soon. And I'm sure once he and celtmanx go head-to-head we'll all see the fireworks. Let the games begin!

Comments:


Tomas Gallucci
schpydurx at 2006-05-22 22:30 (UTC) (Link)
Good luck with your quest of figuring out why Micor$hit products aren't working correctly. You may never find the cause.

If I were a sys-admin, I'd offer my insight. Alas, I am not.

Congrats to somebritinmass for finally comming aboard.
ehowton
ehowton at 2006-05-23 01:00 (UTC) (Link)
Thank you for your continued support.
Penguin Puppetmaster
oxy_irony at 2006-05-23 00:15 (UTC) (Link)
With great power comes great responsibility.

Amen.
ehowton
ehowton at 2006-05-23 01:00 (UTC) (Link)
Such a burden.
Penguin Puppetmaster
oxy_irony at 2006-05-23 01:06 (UTC) (Link)
Indeed.
CeltManX, Devlin O' Coileáin
celtmanx at 2006-05-23 05:18 (UTC) (Link)
Yes, I am looking forward to sparing with the redcoat.
ehowton
ehowton at 2006-05-23 08:10 (UTC) (Link)
Wait until you see the whites of his eyes,
(Deleted comment)
ehowton
ehowton at 2006-05-23 13:50 (UTC) (Link)

Re: I hate mic0$h1t

Previous Entry  Next Entry