One Bad Pixel
The night time is the right time.

IPSec tunnel from Cisco PIX 6.x to VyOS (or Vyatta, or EdgeMax)

The other day, I wrote this articl about creating IPSec tunnels from ASA55xx to VyOS, and wanted to follow it up with another article explaining how to accomplish the same tunnel from a Cisco PIX running 6.x firmware. The setup is very similar to setting it up with an ASA55xx, but there is a few syntax differences and a few gotchas.
First, on your PIX, you need to make sure you have …Read On


IPSec Tunnel from ASA55xx to VyOS (or Vyatta)

I was recently asked if it was possible to interconnect an ASA5505 and a VyOS router with an IPSec VPN. The answer is absolutely yes. I have setup dozens of IPSec VPNs between these devices and they work very well together. This configuration should *mostly* apply to interconnecting an ASA and a Ubiquiti EdgeMax as well. Without wasting any more time, here is the basic config for …Read On


L2TP/IPSec on a Ubiquiti EdgeMax

As requested by FlakeB on Part 7: IPv6 enabling your Vyatta router (using a TunnelBroker), I wanted to take a few minutes and explain how to configure L2TP/IPSec Remote Access on an EdgeMax router. The process is simple, but there is definitely some little gotchas here …Read On


Migrating from Vyatta to VyOS

If you have been following my articles about Vyatta, you are probably wondering what to do since Brocade has basically killed the community edition of Vyatta. The original vyatta.org website now is defunct, and unfortunately for the community, all the great knowledge that was stored in the vyatta forums has been lost. Never fear, the community that made Vyatta great has stepped up and continued the project, now known as VyOS. The …Read On


Repurposing the Barracuda BSF-300a Spam Firewall

In my lab, I have a Barracuda Spam Firewall, model BSF-300a. I wanted to see how well it could be repurposed, since it is just a 1U rackmount server with Barracuda’s proprietary software on it. Since Barracuda has a very strict policy prohibiting gray-market appliances, once they have reached the end of their time for the original purchaser, they don’t have any usable life left as a spam firewall, but this is a good thing for those of us that are always in search of decent 1U servers for projects. They are plentiful on eBay and quite cheap. While I was installing Ubuntu server 12.04 LTS on it, I found a couple things that I wanted to both share and document in the event I ever need to rebuild it. …Read On


Microsoft MSFT 70-412 Takeaway

Today, I took my Microsoft MSFT 70-412 Certification exam. Not normally one to admit defeat, I was defeated by the new content introduced early in 2014 to update the exam to Microsoft Windows 2012R2. I wanted to share what I took away from the test, and hopefully provide information that others can use to learn from my failure. While Microsoft rules specifically forbid me to discuss actual exam content (questions, answers, etc.), nothing keeps me from helping you get prepared with the correct …Read On


Redirecting OWA HTTP to HTTPS in Exchange 2013

After going through countless different methods of trying to get HTTP to HTTPS redirection working properly in Exchange 2013, I found the following method to work properly every time, without breaking all the other parts of the default website. The best part is, it’s a cookie-cutter operation, and requires no customization from one Exchange server to the next.
…Read On


Updating HE TunnelBroker endpoint for dynamic address on Vyatta

In my earlier article, I explained how to setup a tunnel to Hurricane Electric, but at the time I hadn’t completely figured out how to make it automatically update the tunnel endpoint address if you have a dynamic address. Since then, I have figured it out and wanted to share how to make it work. …Read On


Ubiquiti EdgeMax ERL review

Today I wanted to present some thoughts and initial views on the Ubiquiti EdgeMax EdgeRouter Lite. This little gem is a dandy bit of hardware from our friends over at Ubiquiti Networks, coming in at under $100 USD. Because I am a huge fan of Vyatta, I had to check these out, since they are a fork of Vyatta 6.3 that Ubiquiti has ported to MIPS and added their own features and interface to.
…Read On


Part 7: IPv6 enabling your Vyatta router (using a TunnelBroker)

Following along in my series of Vyatta articles, we left off in with a functional system that is serving our IPv4 network, supplying DHCP, and doing some NAT translation. In this part, we are going to add IPv6 support so that you can start using IPv6 websites without relying on 6to4 or Toredo transition services.

For this setup, we will be using a free account from Hurricane Electric, one of the best tunnel brokers known to man. They will give you a free /64 …Read On


Vyatta Dynamic DNS and NAT translations

In my series of Vyatta articles, I discussed configuring your WAN interface using DHCP in , but did not touch base on how to configure Dynamic DNS or how to setup inbound NAT translations when the WAN address is dynamic.

In this article, I will explain how to get Dynamic DNS operating, as well as how to setup an inbound NAT to your DHCP Assigned address. …Read On


OneBadPixel upgrade

I wanted to let everyone know that OneBadPixel has been upgraded. You can now subscribe to a post when you comment to be notified by email if there is follow-ups to the post. Additionally, there is now sharing buttons in the event that you want to share a post on FB, G+, Twitter, E-Mail, etc.
I hope everyone enjoys the new features.

Jim


Part 6: Vyatta Firewall Groups

If you have been following along with my series of Vyatta articles, you probably have a pretty decent set of firewalls built to support a couple web servers at this point. In Part 4, we setup a bunch of firewall rules, but since we will likely be adding a lot over time, it can become quite a job to manage them all.

In this article, I will be introducing you to firewall groups to make management tasks less of a burden to keep updated. …Read On


Part 5: NAT Translation in Vyatta

Previous: Part 4: Adding Stateful Firewall to Vyatta
Hey guys, welcome back to part 5 in the series. Sorry for the super long delay, I tend to get busy and forget to finish up my personal blog.. Please do comment if you need specifics or just want to remind me to work on it, because I do get your comments forwarded to my mobile phone and it reminds me.

In this article, we are going to setup some NAT translations, both inbound and outbound, for our network. If you read Part 4 (recently, I updated it), you know that we have a DNS server and a WEB server in our lab network. We are going to add some inbound NAT (destination NAT) and outbound NAT (source NAT) to enable our DNS server to serve queries from the Interwebs, and we also want our WEB server to be functional on the Interwebs. …Read On


Part 4: Adding Stateful Firewall to Vyatta

Previous: Part 3: Vyatta Basuc Setup.

If you have been following along with the previous parts, you probably have a functional lab router (or possibly a home network of some type) up and running, but you likely are hoping to add some firewall rules to help protect your network. It is important to note that firewall rules are applied in sequential order until a match is made, at which point the action is applied and further rules are not processed. This is important as the majority of your rule issues are likely to be the result of improper sequencing.

The firewall rules are extremely powerful, however can be a source of frustration if certain care isn’t made to …Read On