autofwd 0.6-2
Today I've also released a new package of autofwd. It's still the same version, I've only fixed some packaging bugs. You can get it here...
Ow, and you like a new packaged version of libparanoid to go with that? Sure, I've backported that as well (hmz... as far as you can call it a backport...). It's in the same dir as the autofwd package.
Have Fun!
HAProxy 1.5-dev7 snapshot 20120124
Today I've packaged snapshot 1.5-dev7-ss-20120124 of HAProxy for Debian Squeeze (amd64 only). I've been running the 1.5-dev version for quite some time but hit some bugs which are fixed in this version.
It is available at http://www.roedie.nl/downloads/haproxy/20120124/
autofwd
While implementing IPv6 in my company network I also started looking for a replacement for fail2ban. Fail2ban is a tool which monitors log files looking for anomalies. When someone tries to brute force your sshd, fail2ban will notice and block the offender using iptables or whatever firewall you use.
Fail2ban has served me well the last couple of years, but it doesn't support IPv6 and the last release was on 7-9-2009 which is almost 2 years ago. This didn't give me the idea the IPv6 support would ever be implemented. But then again, I can be wrong...
I gave a stab at writing my own implementation which would support IPv6 and started looking on freshmeat looking for similar scripts to see how they worked. Then I found a small Perl script called autofwd written by Arthur Corliss. I downloaded it to see how if there was any usable code in there but quickly found out that it actually was the tool I was looking for. It's portable, so you can use any kind of firewall with it. I myself use shorewall and it took me only a couple of minutes to plug that in.
If you're looking for a flexible/portable fail2ban replacement I certainly recommend looking at autofwd. It doesn't have a homepage but you can get it here. I've created a Debian package which is available here.
Debian/Ubuntu not resolving domains with the .local tld
For some time I've been wondering why none of my Debian/Ubuntu workstations would resolve something like 'proxy.mycompany.local'. Simpy resolving 'proxy' would work.
I already knew that .local is not a correct tld, but since it was recomended by Microsoft to use this when installing Active Directory we used it. I never had any problems with it because most of the time I just use ip addresses when I need to access a server.
Now I installed a proxy server and a new mail relay server so I started using them as proxy.mycompany.local and relay.mycompany.local. The I found out that none of my Debian or Ubuntu workstations would resolve those addresses. At first I blamed the Microsoft DNS server for this. That's the easiest and most logical thing to do ;-). But Windows XP/Vista clients did resolve those addresses. Strange huh?
Then I started wireshark on my client. I did a query for proxy.mycompany.local and then there was.... an MDNS request instead of a normal DNS request?!?
This quickly gave me the conclusion that it was something avahi related because this does all the zeroconf stuff with Debian/Ubuntu. Avahi seems to be configured to pick up any request ending in .local and make MDNS requests for it. This must be a problem for more people because there must be loads of Microsoft networks out there ending in .local. I won't say this is a fault from the avahi guys because it's also completely wrong to use .local as tld.
My current solution is to just simply disable Avahi on my workstations. On Ubuntu I just do 'System -> Administration -> Services' and disable 'Multicast DNS Service Discovery' there. With Debian I just disable the startup of Avahi in /etc/default/avahi-daemon by settting 'AVAHI_DAEMON_START=0'.
VLAN with Debian (Part 2)
There's another way to create vlan interfaces with Debian/Ubuntu. It's even shorter than the previous example. Just add the following to /etc/network/interfaces:
auto eth0.10 iface eth0.10 inet static addres 10.0.0.2 netmask 255.255.255.0 gateway 10.0.0.1
Just make sure you dit 'apt-get install vlan' or something like that.