rm-rf.ca

Having some fun tinkering with firewall rules today. I've been lazy and using Firestarter for a few years but it has a couple annoyances I didn't know how to work around and got to writing out my own iptables rules once again. I ended up with the relatively simple script below which does the following:

• Enable NAT for the local network.
• Forward some port traffic straight to internal systems.
• Drop a few bizarre and most likely malicious spoofed source addresses and bad packet flags coming in on the external interface.
• Accept some services locally. (just ssh for now)
• Log and drop everything that isn't explicitly accepted. (traffic logged to /var/log/messages for convenient tail -f'ing)

Anyone know of a reason why a setup like this *wouldn't* work: three physical network interfaces, bridges created for all three but two reserved exclusively for a guest operating system, the host won't even use them. Run cable modem into one, connect the other to uplink on a wireless router, run a cable from there back into the third interface for the host operating system.

Seems to me is should be doable but before I go break the bank on a $15 USB ethernet adapter (only have room for one more NIC on the motherboard) I thought I'd check. :) I guess the big question is around the bridged interfaces, must they have an IP assigned on the host? Hrm.

I've been hearing rumblings of awesomeness about Amazon S3 as a backup service from a couple friends lately. My current system could stand some improvement and I'd love something incremental and easier to do regularly, and with S3 being so highly recommended at only 15c a gig it looks like an ideal storage mechanism.

The next step is locating a tool to encrypt the data and do the actual uploads, I hear great things about Jungledisk but I'm not thrilled about a non-open source solution. The search led me to duplicity, a tool quite similar to rsync that does encrypted incremental backups to many different backends including S3.

export AWS_ACCESS_KEY_ID=X
export AWS_SECRET_ACCESS_KEY=Y

Repost of a blog entry from a few months back, I either accidentally deleted this or Wordpress ate it.

Color me impressed. I’ve developed a healthy skepticism of the Linux on laptops experience over the past few years, something always seems to be wrong, usually flaky suspend or wireless. I’ve had my Aspire One for about a month now and, looking for the most stable and consistent (but still recent) distro experience, I gave Ubuntu 8.10 a shot first. Today I switched it over to the Fedora 10 preview release, which went something like this: