Diegolima.org: Vivendo Livre - Latest Comments

Re: Iptables Load Balancing in a Nutshell

atux atux — Tue, 04 Aug 2015 04:24:12 -0000

Dear Diego. Really nice tutorial. How can we fix problems with sip calls and https sessions? we need to have loadbalance/failover per session and not per packet. how do we alter this config?

Re: Intercepting network traffic (almost) invisibly

Tersy Daisy — Mon, 22 Dec 2014 14:32:09 -0000

Um, Am @ work and decided to check-out some hacking tuts

Although I can't try the tutorial @ work unless i get home ...
I must say from the outlook of things and the explanation of the article ....
I think this is a pretty nice and awesome tutorial.

You Rock!!!!!!!!!!!

Re: Iptables Load Balancing in a Nutshell

Ravi Trivedi — Tue, 26 Aug 2014 05:02:54 -0000

we have done load balancing on two different links in exactly same way. However, we have observed an issue when particularly a SYN packet is lost or dropped in the network ( ISP1 ). In that case the user will retry sending it and our router ( load balance ) would send it to other link ( ISP2 ) according to iptables rule considering SYN as NEW connection state. However, the masquarade target still uses source IP as the IP address of ISP1. So 2nd time packet goes on ISP2 but with the source IP of ISP1. our ISP2 appears to be dropping these packets.

Has anyone observed this issue, can anyone suggest the solution ?

Re: OpenLDAP: Migrando de slapd.conf para cn=config

Arripio Arripia — Thu, 17 Jul 2014 13:38:13 -0000

Ao tentar baixar o arquivo de exemplo:
The requested URL /wordpress/wp-content/uploads/2010/10/slapd.conf was not found on this server.

Att,
Fábio Lima
Arripio

Re: Balanceamento de Links Fácil com IPTables

William — Thu, 28 Nov 2013 05:33:52 -0000

os parâmetros "–state", "–mode", "–probability" e "–set-mark" devem ser digitados com dois traços
quando se tenta copiar e colar da internet, esses dois traços se tornam 1 traço mais largo, portanto digite ao invés de copiar

Re: Balanceamento de Links Fácil com IPTables

José Rodrigues Filho — Wed, 27 Nov 2013 11:43:17 -0000

No ubuntu 10.04 não rolou o comando

iptables -t mangle -A PREROUTING -m state –state new -m statistic –mode random –probability 0,5 -j MARK –set-mark 1

alguma dica ?

Re: Zabbix Agent for DD-WRT-based Devices

Juanca — Tue, 10 Sep 2013 20:45:32 -0000

Thank you very much for your work. I have just installed zabbix agent in my Tomato router, and it seems to work great.
It would be fantastic if you could port zabbix-server too.

Very good job!!

Re: Ingressando uma máquina Ubuntu Linux em um Domínio Windows AD

krosnell — Wed, 10 Apr 2013 15:53:41 -0000

boa tarde Diego, fiz todos os passos de seu tutorial. Deu tudo certe, porem quando tento me logar da a msg que a senha está errada. Você tem noção do que pode ser??

Re: Script para tocar musicas com o PC Speaker

Miqueias — Tue, 09 Oct 2012 20:13:25 -0000

link quebrado

Re: Balanceamento de Links Fácil com IPTables

William — Wed, 29 Aug 2012 10:11:14 -0000

Realmente muito bom o artigo. Gostaria de saber se essa solução traz também um failover, caso negativo, saberia como implementar o loadbalance+failover?

Re: OpenLDAP: Trabalhando com o cn=config

Robinson A Barbosa — Tue, 17 Jul 2012 20:51:17 -0000

Diego,

Obrigado compartilhar seu conhecimento

Robinson

Re: Iptables Load Balancing in a Nutshell

rsriram — Mon, 09 Jul 2012 20:02:42 -0000

what is the best way to prevent https packets from getting load-balanced? ie., create sticky sesssions(for a particular WAN/iptable) for https traffic only?

thanks

Re: OpenLDAP: Migrando de slapd.conf para cn=config

Paulo — Thu, 21 Jun 2012 08:43:36 -0000

Olá Diego, no final do seu tutorial nós geramos a configuração no diretório /etc/ldap/slapd.d porém depois movemos ele para o /tmp? É isso mesmo? Não ficou muito claro... Quando deixamos o SLAPD_CONF= vazio, ele busca os ldifs do cn=config no /etc/ldap/sladp.d ou no /tmp? Abraços!

Re: OpenLDAP: Trabalhando com o cn=config

Willthebill — Tue, 15 May 2012 19:23:26 -0000

A configuração funcionou, mas eu não consigo autenticar com cn=admin,cn=config. Peguei o seu arquivo slapd.conf de exemplo e alterei. No entanto, mantive a parte onde tem cn=admin, cn=config. Essa parte precisa ser alterada para alguma configuração específica?

Re: OpenLDAP: Trabalhando com o cn=config

Lima — Mon, 30 Apr 2012 13:12:11 -0000

Muito bom!
Diego, como fazer para o samba autenticar no kerberos com ldap?

Re: Iptables Load Balancing in a Nutshell

Lorenzo — Sat, 10 Mar 2012 10:45:52 -0000

What an Excellent article!
I've been looking for it for ages. VERY well explained. Congrats!

Re: Iptables Load Balancing in a Nutshell

Alvaro — Wed, 28 Dec 2011 12:28:52 -0000

Hi Diego,

I am trying to use this solution as for a server that is load balancing the connections for a internal LAN. I have three interfaces (one for the internal LAN and the others for the ISPs). What I can get from your solution is how to NAT the internal LAN... Thanks in advance

Regards, Álvaro

Re: Ingressando uma máquina Ubuntu Linux em um Domínio Windows AD

Julio — Tue, 13 Dec 2011 18:49:38 -0000

Prezado Diego,

Estou tentando ingressar um máquina freebsd em um domínio com Windows Server 2008.
Não tenho acesso para instalar o likewise-open, pois é um servidor gerenciado por terceiro, mas ao executar o comando abaixo sempre retorna o mesmo erro.

#net ads join -U administrator -S dc01.empresa.com
#Enter administrator's password:
#Failed to join domain: failed to lookup DC info for domain 'EMPRESA.COM' over rpc: Access denied

Já desativei o firewall local do Windows Server, mas o erro continua.
Segundo a empresa que cuida da máquina freebsd está tudo ok e que o problema é no servidor de AD.
Mas não estou conseguindo identificar o que está bloqueado este processo.
Poderia me dar alguma dica por gentileza?

Obrigado,
Julio.

Re: OpenLDAP: Migrando de slapd.conf para cn=config

Diego Lima — Sat, 05 Nov 2011 23:19:02 -0000

A maioria das informações foi escrita com base na documentação oficial do OpenLDAP 2.4, disponível em www.openldap.org/doc/admin24

Re: OpenLDAP: Migrando de slapd.conf para cn=config

MD — Fri, 04 Nov 2011 21:00:09 -0000

Informacoes maravilhosas aqui! ha um hyperlink da fonte eu posso ir para buscar mais informacoes?

Re: OpenLDAP: Trabalhando com o cn=config

Márcio Pessoa — Fri, 04 Nov 2011 16:40:15 -0000

Parabéns Diego!
Seu artigo é excelente, muito detalhado, pratico e didático.

Re: Linux Personal Firewall Project

abirvalg — Tue, 18 Oct 2011 21:44:34 -0000

Hello Diego,
It's been 3 years now since you started your personal firewall project.
I created my own personal firewall which informs a user whenever an app tries to make a connection
https://sourceforge.net/pro...
I would like to hear if you are interested to join forces.
Cheers.

Re: OpenLDAP: Migrando de slapd.conf para cn=config

Alfeu Kboing — Sun, 16 Oct 2011 00:19:36 -0000

Eu estava pensando neste topico na semana passada. Vendo este artigo vou pesquisar mais sobre

Re: Iptables Load Balancing in a Nutshell

Diego Lima — Wed, 05 Oct 2011 14:29:30 -0000

Hello Max,

If both sides are public IP addresses and you have your routing correctly set up then yes, you can skip the SNAT. It is there to assure that packets will go out with the correct public address and you'll get responses from servers in the way you expect to receive. However keep in mind that this will depend a lot on how your links are set up regarding routing (packets that go out on one link must be able to make their way back - always).

Re: Iptables Load Balancing in a Nutshell

Max He — Wed, 05 Oct 2011 04:09:47 -0000

Thanks. This is a truely wonderful article for iptable based LLB.
However I have two questions:

1. Can I skip SNAT part if both sides are public ip address? If I did, will I have any issues?

# iptables -t nat -A POSTROUTING -o $LINK1_WAN_INTERFACE -j SNAT –to $LINK1_WAN_IP
# iptables -t nat -A POSTROUTING -o $LINK2_WAN_INTERFACE -j SNAT –to $LINK2_WAN_IP

2. Have anyone tested out performance? How high throughput can this iptable-based LLB achieve?