Braindump

How to control local IP access using IP filtering with Microsoft Server 2003 VPN. Our first remote access policy is nearly finished. However, we also want this policy to limit connections to the Exchange server. For an Exchange server whose IP address is 10.42.42.101, follow these steps: 1. Double-click the Grant members of "RemoteExchangeAccess" policy you just created and click Edit profile to display the Edit Dial-in Profile page. The Authentication and Encryption tabs display the settings that you specified in the wizard. 2. At the Edit Dial-in Profile page that Web Figure 3 shows, click the IP tab. You'll see the Inbound Filters dialog box that Web Figure 4 shows. Select the Permit only the packets listed below radio button and click OK. We'll disable all traffic except for traffic to and from computers in the extranet that correspond to the 10.42.43.* subnet. 3.Click Input Filters, which displays the Edit IP Filter dialog box. Select the Destination network check box and type 10.42.42.101 for the IP address. Because we're limiting traffic to a specific address instead of an entire subnet, type 255.255.255.255 for the subnet mask; otherwise, Windows will reject the filter. The Protocol drop-down list lets you limit traffic to specific IP protocols, such as TCP and UDP, then further limit traffic to specific TCP/UDP port numbers. 4.Click OK. Your policy should now look like the one that Web Figure 4 shows. 5.Click OK to close the Inbound Filters window. 6.Back on the IP tab, click Output Filters, then click New. Select Source Network and enter the same IP address and subnet that you used for the inbound filter. 7.Click OK twice to close the policy. Follow the same procedure for the rest of the remote access policies. For the Telecommuters policy, don't specify any IP filters that will let users access any part of the network. For the BusinessPartners policy, enter 10.42.43.0 as the IP address for both the inbound and outbound filters and 255.255.255.0 as the subnet mask. For the MTGConsultants policy, configure filters to let the consultants access only the Oracle server's IP address.

Posted by Mario at 08:34 AM | Permalink | Comments (3960)

I’ve had time this week to get familiar with our test server environment which is a rather old Dell server running VMWare ESX Server 3.0.1. After creating a new VM and getting a base linux OS configured, I wanted to clone it for later use. I’ve used VMWare Workstation and VMWare Server before and the cloning process there is very simple–just copy. On ESX Server, there are a couple more steps required and then some other steps that are optional, but make life easier in the long run.

Here is the process I followed to perform a clone. It worked well and I was successful in getting my cloned VM running. I didn’t find a process describing exactly what I did, so I thought I’d post it (mostly so I can find it later when I forget what I did). I did find a similar process for a slightly older version and most of this post comes from that process with a few exceptions.

1. Perform a clean OS shutdown of the guest OS running in the VM. Ideally, this will result in the VM being powered off.
2. Login to the ESX Server using SSH as the root user.
3. Use “vdf –h” to determine where the VMFS filesystems are mounted. In our example, this is /vmfs/volumes/AttachedSCSI
4. Locate the current VM image (at /vmfs/volumes/AttachedSCSI/shelob).
5. Run “cp –r /vmfs/volumes/AttachedSCSI/shelob /vmfs/volumes/AttachedSCSI/shelob-clone &“
6. Go do something else for a while to let the copy finish (at least 30 mins)
7. Once the copy is finished, go to the new directory (shelob-clone) and rename all the files to use the new clone name. For example, the string “shelob” will be in the filename for each file. You should rename the file so that “shelob-clone” is in the filename instead of “shelob”.
8. Once you’ve renamed all the files, run “file *” in this directory (shelob-clone).
9. Edit all files (back them up first) that are listed as “ASCII text” or “ASCII English text”. In each of those files, you may find references to the old filenames or directory names. Modify the references appropriately to use the new names.
10. Also edit the shelob-clone.vmx file to remove the following lines:
ethernet0.generatedAddress = "....."
ethernet0.generatedAddressOffset = "....."
uuid.location = "....."
uuid.bios = "....."
11. Add the following line to shelob-clone.vmx:
uuid.action = "keep"
12. Register the new cloned VM with ESX server by running the following command (this should all be on one line):
vmware-cmd -s register /vmfs/volumes/AttachedSCSI/shelob-clone/shelob-clone.vmx
13. Go to the Virtual Infrastructure client and start the new VM. If the guest OS is linux, you should expect kudzu to detect that the old Ethernet controller was removed and a new one has been added. The benefit of this detection is that it will prompt you to add network configuration information. When you’re prompted, you can choose the appropriate IP configuration/address for this new guest VM. Note that you should make sure that your original VM and the new VM have different IP addresses if you intend to have them running at the same time.

Please post suggestions in the comments and I’ll respond and/or update the post.

These steps are going to come in handy as I start playing with the VMs that eventually get posted up at www.OracleVMs.com.

Posted by Mario at 04:44 PM | Permalink