Dnsmasq on CENTOS 7

Dnsmasq is a great lightweight server that can provide DHCP, DNS, and TFTP services for a small network.

http://www.thekelleys.org.uk/dnsmasq/doc.html

I didn’t see any Centos 7 specific guides on the internet when I made this, so here is mine.

Dnsmasq will query the file you specify at the end of the config before looking at upstream resolvers (/etc/resolv.conf). Use the same syntax as you would in the host file.

—————————————-
notes

DNSMASQ setup for CENTOS 7

———————————————–

———————————————–
install

//install dnsmasq
#yum install dnsmasq

//turn on the server and make sure it starts on boot
#systemctl start dnsmasq
#systemctl enable dnsmasq

//firewalld configuration
# firewall-cmd –zone=public –add-port=53/tcp
# firewall-cmd –zone=public –add-port=53/udp

# firewall-cmd –permanent –zone=public –add-port=53/tcp
# firewall-cmd –permanent –zone=public –add-port=53/udp

——————————————————–
configuration

//the config file is located at /etc/dnsmasq.conf
//uncomment this line to turn off lookups from the host file
no-hosts
//uncomment and modify this line to add a new file for lookups
addn-hosts=/etc/hosts.dnsmasq

OpenMarmot Bash Script

Here’s a bash script that I am using on my Linux-based “OpenMarmot” switch.

I’m releasing it under APL (Andrew’s Public License) which states: “Use the code however you want. If you work at a cool company in Arizona, you should totally hire me.”  :)

#!/bin/bash

# OpenMarmot Network startup script
# version 1.0
# last edited 09/04/2014

echo “loading OpenMarmot”

# this command makes sure the vlan kernel module is loaded
modprobe 8021q

# logical interfaces

echo “building logical interfaces”
vconfig add eth2 11
vconfig add eth2 63
vconfig add eth2 65

# create bridges
echo “building bridges”
brctl addbr br-vlan11
brctl addbr br-vlan63
brctl addbr br-vlan65

# bring the bridges up
ip link set br-vlan11 up
ip link set br-vlan63 up
ip link set br-vlan65 up

# add interfaces to the bridges
brctl addif br-vlan11 eth2.11
brctl addif br-vlan11 eth1
brctl addif br-vlan11 eth3
brctl addif br-vlan11 eth4
brctl addif br-vlan11 eth5

brctl addif br-vlan63 eth2.63
brctl addif br-vlan65 eth2.65

#enable stp
brctl stp br-vlan11 on
brctl stp br-vlan63 on
brctl stp br-vlan65 on

#bring physical interfaces up
ip link set eth1 up
ip link set eth2 up
ip link set eth3 up
ip link set eth4 up
ip link set eth5 up

# bring the logical interfaces up

ip link set eth2.11 up
ip link set eth2.63 up
ip link set eth2.65 up

echo “setup complete”
echo “welcome to OpenMarmot”

Juniper SRX OSPF Setup

My little Juniper SRX 210H is taking on more and more roles. Over the weekend I worked on building a OSPF network so that all of the routers on my test rack could connect to the internet.

The route export for the default route ended up being pretty simple:

ospf

One thing that tripped me up for awhile is that there is no implicit rule for inter-zone communication. It turns out that if you are trying to pass traffic between two interfaces that are in the same zone then you need a rule to basically “allow all” communication from “zone_A” to “zone_A”. I’m kind of surprised that I haven’t run into this before.

Other than the inter-zone traffic issue, everything else went pretty smoothly. I have a Cisco 1812, a SRX, and a Fortigate chatting away happily.

updates

I haven’t posted on here in a bit because I haven’t really made any real progress on anything. I’ve been working a lot, and I’ve been concentrating on learning C in my free time. Learning C has been distracting me from studying for the CompTIA Linux+, so I will try and get back to studying this weekend if work doesn’t intervene.

I rebuilt my laptop recently and I did not install flash. I’m going to see if I can go without it, and if so I will remove it from my desktop as well. So far I think the biggest challenge is going to be music. All of the online music streaming that I use (pandora, amazon,..) seems to be flash based. Most of the newer youtube videos use HTML5 (?) so that works at least. Flash for Linux is several versions behind other platforms (not a big priority for adobe i guess) and I consider it to be a big security risk.

Proxmox 3.3 has been released. I’m pretty excited about this, mostly because they went to a HTML5 Console. The old one is Java based, and can be kind of a pain to use. I’ll probably get a test server up and running in the next week or so.

There’s been some noise lately about some Linux vulnerabilities that have been discovered (openSSL, bash,..). I wish people would treat their Linux gear like their Windows gear: it needs to be patched on a regular basis, and enterprise hardware should be replaced after a reasonable service life. Linux systems aren’t invulnerable; they needs to be maintained like anything else.

 

 

Studying For Certifications

I’ve started studying for the CompTIA Linux+, and unfortunately I’m not making much progress. I’m kind of stuck on figuring out how I am going to study for it.

My old process that I used for the CCNA was to buy a study guide on Amazon and read through it and take paper notes. This ended up being a big waste of time. Paper notes are really hard to study from. I took paper notes on the entire CCNA book but I didn’t use them once for studying. Instead I created documents for each chapter on my computer. This worked pretty well but I ended up spending a lot of time struggling with the formatting in Calligra and libreOffice (MS Office is one of the few things I miss from my Windows days).

calligra_font[Calligra changes the font style seemingly at random]

The JNCIA was my first attempt to study based off of the published exam objectives. I broke the objectives into two massive documents, and slowly went through them filling out the information for each objective. This worked pretty well because Juniper had published two PDF study guides that followed the objectives pretty much in order. I was still struggling massively with Calligra. Unfortunately LibreOffice had a major bug where it wouldn’t open files from a network share so it was unusable as well.

Now I am working on the CompTIA Linux+ and unfortunately the study guide I have does not follow the exam objectives at all. I don’t want to spend a ton of time reading the book, only to end up with a bunch of useless notes. Instead I am going to make text files with the objectives, and then hunt through the book to fill in the details. That is going to be kind of a slow process, but it seems to be the best way to do it.

If I get another Juniper cert it is going to get even worse. As far as I can tell there  aren’t any study guides for the Juniper exams past the JNCIA. I have no idea how people study for them, other than just relying on work experience and crossing their fingers..

Juniper DHCP

I recently separated my wireless from the rest of my network by directly attaching it to my Juniper SRX210H and putting it in its own zone. That way I can make major network changes while still being able to listen to Pandora :)

The main change that I needed to make was to configure a DHCP server, and allow DHCP and DNS system services in the wireless zone.

The DHCP config is pretty straight forward:

dhcp

Here’s the full list of setup tasks:

  1.  create a wireless vlan
  2. create a L3 interface for the vlan (10.55.2.1)
  3.  add the SRX interface to the vlan
  4. create a new zone for wireless
  5. add the physical interface and the L3 interface to the zone, and allow DHCP and DNS “system-services” through
  6. create a policy to allow traffic from the wireless zone out to the internet
  7.  create a source NAT rule for the new wireless zone
  8. setup the dhcp server
  9. check with the operational command:

> show system services dhcp binding

Circling back to the Linux+ Cert

Let’s take a time machine back to June 12th 2013. I had just completed the CompTIA Security+ Certification exam and had decided that the CompTIA Linux+ was going to be my next challenge. The Linux+ cert seemed like a good choice because I was really interested in Linux, and I needed more Linux stuff for my resume.

studyGuides

Fast forward a little to September 2013. I became aware of an upcoming opening in the network team at work and decided to switch focus from the Linux+ to the CCNA.

In the year between then and now I’ve managed to achieve both the CCNA and the JNCIA, and I got a firm start on a new career as a network tech in the process.

Lately I have been debating whether pursuing higher level vendor-specific networking certifications (CCNP, JNCIS-ENT) is worth the time and money. The network environment I support uses a large variety of vendors, and it is looking likely to get more diverse in the future. One constant is that most of the hardware runs Linux, and my home environment is all Linux.

I think it is time to start studying for the Linux+ cert again.

Learn C the Hard Way

I’ve decided it’s time to learn C.. The hard way!

http://c.learncodethehardway.org/book/

I’ve played around with C++, Python, C#, and Java before, but C is different for me.

A big long term goal of mine is to get more involved in Linux, specifically in kernel or software development. The Linux Kernel is written in C, so learning C is a must.

In contrast to the other languages that I’ve worked with, I am going to try and learn C from the ground up. I’m be in the shell a lot, and I’m planning on using VIM instead of a more traditional IDE.

Learning C and getting more familiar with Linux will be complimentary to some of my other projects (OpenMarmot Switch in particular), but it might take the place of my Java work.

OpenMarmot Switch Hardware v1

OpenMarmot Annoucement Link

For my first build I am sticking with hardware that I already had in stock in order to keep costs to a minimal.

hardwareV1

Here is the parts list:

  • Supermicro CSE-510T-200B Chassis (this is the standard model i use whenever possible because of the dual hotswap bays)
  • Supermicro D525 1.8Ghz Atom motherboard with dual Intel NICs
  • 4 GB of ram (2x 2GB dimms)
  • Quadport Intel NIC
  • Supermicro PCI-E riser card
  • 30 GB Crucial SSD

The Supermicro D525 systems have plenty of horsepower for small projects, and having dual NICs always comes in handy. I see them on ebay (with server chassis) for under $200 sometimes. I’ve used them as Windows domain controllers, PFSense routers, NAS/SAN, consoler servers, etc.. Every lab should have one or two.

 

Announcing OpenMarmot

Along with other big companies like Google and Facebook, Marmotsoft is announcing an in-house designed Linux-based network switch. Unlike other large companies Marmotsoft has also released a very nice logo to go with it:

openMarmot

———–

So I’ve decided that I need a break from studying. It’s time to work on a fun project that will combine Linux and networking. I will also get to build some hardware (yay!!). I will be mostly working off other people’s tutorials for the software part, at least until I get a better grasp of the Linux network stack.

© 2014 Marmotsoft

Theme by Anders NorenUp ↑