Sunday, January 08, 2006
Firewalls, Luma & Kids
Yesterday I was upgrading the Fortress network. Before I traveled to the co-location I decided to get the new server ready to go. Kolab had _just_ released a new version of the server, so I decided to do a clean install that morning with the latest version. I left the configuration, and Horde installation as was already done. The box was ready to go. On my way to the fortress ranch.
The actual installation went fairly smooth. The box came up no problems. I configured all of the virtual interfaces with ease. The servers were all running and operating properly. I thought we would have no issues. Then we came to the point in time when we needed to actually set up the network routing, and firewalling. Routing comes very simple in guidedog. Just click a couple of options and bingo ... you have working NAT. We discovered a not so nice bug in the user interface. When you are entering new port forwarding rules, and you type the port number directly into the spin boxes, the value is not held by the program. It's there on screen O.K., but we started having routing problems with errors like "forwarding to port 0 fails". Upon closer (and slower) inspection while entering information, I noticed the rules displayed were not updated when you manually enter a value. The value is updated when you use the spin box arrows for increasing and decreasing the port value. So as a work around you can just enter the port number, click up and down quickly, and then all is good. That's way easier than clicking up 3389 times to forward MS Terminal Services.
[time passes ...]
Wow ... I've been so busy I forgot all about this draft. I guess I should finish it off.
I want to pump up an open source project I stumbled upon from a recommendation off the kolab-users mail list. It is an LDAP editor called luma. It can be found here : http://luma.sf.net. Since I had been doing so much work with LDAP inside Kolab, and writing up a bunch of kolab utility scripts to dump the LDAP data, and restore. I checked it out.
I was way impressed. The app is so simple, yet so powerful. You have an interface to add your servers you want to connect to. Just have your bind dn handy and whatnot. The main interface you can flip between an address book, object browser, admin utilities (for creating passwords and such), schema browser, search functions. You have all of your LDAP data right at your fingertips. This has come in so handy. I can not even count the number of times I have used it in the last few weeks.
Trying to debug LDAP replication in Kolab, and with Horde prefs stored in LDAP. Buggy user interfaces for deleting users. It's nice to have a super fast and simple way to see what the LDAP server thinks is going on. Not to mention the easy ability to modify or remove data. It is a fantastic tool, and I highly recommend trying it out.
On a slightly funny note, when I was at Gregg's doing the install, I ended up staying for diner. His wife Kerry had made a stirfry. I'm not a big shellfish eater. But the stirfry was very good, I just avoided the shrimp. Actually his children referred to the shrimp as "mushrooms". Just a few more mushrooms. I got a real kick out of his daughter ... just a few more mushrooms. I watched as mom looked rather unimpressed as her baby was taking all of the shrimp and skipping the veggies. Just one more? take one ... O.K. just one more mom? I got a charge out of it. Just one more mushroom. Kids make me laugh sometimes. ¶ 8:40:00 AM
The actual installation went fairly smooth. The box came up no problems. I configured all of the virtual interfaces with ease. The servers were all running and operating properly. I thought we would have no issues. Then we came to the point in time when we needed to actually set up the network routing, and firewalling. Routing comes very simple in guidedog. Just click a couple of options and bingo ... you have working NAT. We discovered a not so nice bug in the user interface. When you are entering new port forwarding rules, and you type the port number directly into the spin boxes, the value is not held by the program. It's there on screen O.K., but we started having routing problems with errors like "forwarding to port 0 fails". Upon closer (and slower) inspection while entering information, I noticed the rules displayed were not updated when you manually enter a value. The value is updated when you use the spin box arrows for increasing and decreasing the port value. So as a work around you can just enter the port number, click up and down quickly, and then all is good. That's way easier than clicking up 3389 times to forward MS Terminal Services.
[time passes ...]
Wow ... I've been so busy I forgot all about this draft. I guess I should finish it off.
I want to pump up an open source project I stumbled upon from a recommendation off the kolab-users mail list. It is an LDAP editor called luma. It can be found here : http://luma.sf.net. Since I had been doing so much work with LDAP inside Kolab, and writing up a bunch of kolab utility scripts to dump the LDAP data, and restore. I checked it out.
I was way impressed. The app is so simple, yet so powerful. You have an interface to add your servers you want to connect to. Just have your bind dn handy and whatnot. The main interface you can flip between an address book, object browser, admin utilities (for creating passwords and such), schema browser, search functions. You have all of your LDAP data right at your fingertips. This has come in so handy. I can not even count the number of times I have used it in the last few weeks.
Trying to debug LDAP replication in Kolab, and with Horde prefs stored in LDAP. Buggy user interfaces for deleting users. It's nice to have a super fast and simple way to see what the LDAP server thinks is going on. Not to mention the easy ability to modify or remove data. It is a fantastic tool, and I highly recommend trying it out.
On a slightly funny note, when I was at Gregg's doing the install, I ended up staying for diner. His wife Kerry had made a stirfry. I'm not a big shellfish eater. But the stirfry was very good, I just avoided the shrimp. Actually his children referred to the shrimp as "mushrooms". Just a few more mushrooms. I got a real kick out of his daughter ... just a few more mushrooms. I watched as mom looked rather unimpressed as her baby was taking all of the shrimp and skipping the veggies. Just one more? take one ... O.K. just one more mom? I got a charge out of it. Just one more mushroom. Kids make me laugh sometimes. ¶ 8:40:00 AM
