Potpourri
OpenVPN:
http://www.movement3.com/docs/openVPN.html
Installing Gentoo Linux:
http://www.movement3.com/docs/install_gentoo.html
—
A small script to have ZoneEdit’s DNS service work with a cisco box
Crontab entry:
30 */2 * * * cd /home/username/scripts/zoneedit/; ./zoneedit_update.pl > /dev/null 2>&1
hero ~ # cat /home/username/scripts/zoneedit/zoneedit_update.pl
#!/usr/bin/perl
$username = “username”;
$password = “password”;
$ip = `snmpwalk 10.10.1.1 -v1 -c snmp-string 1.3.6.1.4.1.9.2.4.1.1.1 | grep -i DHCP | awk ‘ {print \$1}’ | cut -c 37-55`;
$ip =~ s/\n//;
$test = `python zoneclient.py -a $ip $username $password domain.com,sub.domain.com,www3.domain.com`;
—
A small note: I recently was using a 2912 switch and every time I woke my laptop up from sleep, it timed out while connecting back to the network. I would have to wait about 30 seconds for it to work again. The fix was to set the ports to portfast.
DansGuardian
DansGuardian does a really nice job of blocking domains or even content (text) on a webpage. Also check out:
http://www.censornet.com/
workstation
|
————————————-
| Linux Server, running two services
| DansGuardian port 8000
| Squid port 8080
————————————–
|
Router
Updated access-list, the other one didn’t account for https
access-list 112 permit tcp host 10.10.1.2 any eq 80
access-list 112 permit tcp host 10.10.1.2 any eq 443
access-list 112 deny tcp any any eq 80 log-input
access-list 112 deny tcp any any eq 443 log-input
access-list 112 permit ip any any
Basic config
# the port that DansGuardian listens to.
filterport = 8000
# the ip of the proxy (default is the loopback – i.e. this server)
proxyip = 10.10.1.2
# the port DansGuardian connects to proxy on
proxyport = 8080
# accessdeniedaddress is the address of your web server to which the cgi
# dansguardian reporting script was copied
# Do NOT change from the default if you are not using the cgi.
#
accessdeniedaddress = ‘http://10.10.1.2/cgi-bin/dansguardian.pl’
bannedsitelist = ‘/etc/dansguardian/bannedsitelist’
SPAN
Switched port analyzer inspects traffic generated by VLANs or specificed source ports. Local to the switch.
Remote SPAN, the network admin can be anywhere on the Layer 2 network.