• Port forwarding for internal webservers in case of a non-transparent proxy

    Assume that you're running a two interface firewall setup using Shorewall for your institute LAN. Suppose you have an internal webserver that you want to be made visible externally as well. To achieve this, you'd normally do a port forward using DNAT. Although this method gets a FAIL when it comes to security, it's usually the easiest thing to do. The suggested alternative would obviously be to get an extra NIC and setup a DMZ but anyways I'll be talking about a two interface setup here. Now this port forwarding thing works fine but what happens when a host in the internal network tries to access this website through the URL? The request will go out of the network, come back in and the response would follow the reverse route and this will take ridiculously long! There are two workarounds for this. The recommended method would be to configure your internal DNS to respond with the internal IP when a DNS query for the webserver's URL is received. The other method would be to have your gateway masquerade as the internal webserver, which is nothing short of a quick hack and note that this is also rather poor when it comes to security. As per the shorewall website, for a transparent proxy, you'll need to add the following rules.

    Example IP addresses:

    Gateway's external interface (eth0): 210.45.21.55

    Gateway's internal interface (eth1) : 192.168.1.1

    Internal Webserver: 192.168.1.10

    So here come the rules:

    In/etc/shorewall/rules:

    REDIRECT        loc     3128    tcp     www     -       !210.45.21.55

    DNAT              loc     loc:192.168.1.10      tcp     www     -       210.45.21.55

    In/etc/shorewall/masq:

    eth1:192.168.1.10        eth1           192.168.1.1      tcp     www

    In /etc/shorewall/interfaces, make sure you have the 'routeback' option enabled for eth1.

    Now here's the part that you won't find in the shoerwall documentation. In case you're migrating to a non-transparent proxy, add the following rule after the above mentioned DNAT.

    DNAT    $FW     loc:192.168.1.10:80      tcp     80      -       210.45.21.55

  • A sneak peak into HA-Cron

    I can't believe it took me so long to blog about this project of mine, considering the fact that I'm almost done with it's development and I also gave a talk on it at Sun Tech Days 2009. This was originally proposed by the Solaris Cluster team for a workout at FOSS.IN 2008 but wasn't selected, so I thought I'd take it up as my Sun Code For Freedom Contest project. This is one out of two proposals of mine for the contest, the other being HA-Zabbix which I haven't started working on. :P

    Now that I've bored you with the history, I'll move on to telling you all about what HA-Cron is and it's relevance.

    Those of you familiar with what high availability clustering is would have easily guessed by now as to what HA-Cron does. Anyways, one problem with an HA cluster is that when a failover happens, the failed node's cron jobs remain there itself and do not carry over to the new node. This naturally implies that the system administrator will have to manually intervene every time a failover occurs which goes against the whole idea of high availability clustering itself, where the key is to keep the recovery from a failure smooth and automated. So HA-Cron is an agent for Open HA Cluster which keeps Cron highly available.

    Developed over the GDS template, HA-Cron accomplishes it's task by a set of simple procedures which are as follows:

    1) Upon turning an RG (resource group) online on a node, a backup is made of the original root crontab. Next, the cron jobs for that particular RG which are specified by the user in a file are added to the root crontab entry, and a test job is added to ensure that Cron itself is working properly.

    2) Upon stopping an RG on a node, the cron jobs that belong to that RG are removed from the root crontab.

    You can check out the project's homepage here. Please feel free to pool in your suggestions. :)

    Cheers!

  • rm -rf bad_memories

    The title gives you a prelude as to what I've been putting a sincere effort into; to just forget all the let downs I've come across throughout this month. From my failure to get selected for the Google Summer of Code, to missing out on a trip to San Francisco, topped off with the end of a one and a half year long shit festival and a lot lot more, April 2009 is something I'd really like to put behind me. Anyways, I barely scraped through four exams, and I still have two left but all I can think of right now is about making my retreat to Bangalore on the 2nd of May, where I know I can take my well deserved vacation. I'm looking forward to meeting my family and the newest addition to it (my baby nephew Advaith), a trip to Mysore with a few friends of mine and a visit to the Sun IEC so as to catch up with some of the Sun engineers and folks from the CA community.

    Once I get back to Jaipur, I'll be focusing entirely on a single project for the first time in my life as a geek. As of now, I remain entirely drowned in a sea of disappointments when it comes to my capabilities but that's only made me a little more curious as to where my 100% lies.

    So once this mental hibernation of mine ends, I'll be bringing out my reborn self, Lalith-2.0-r0 (release date 13/05/2009). Let's see if I can pull this off for real. :)

  • A recipe for a mental breakdown...

    Here's the complete recipe for a mental breakdown, refined by me over the semester and having culminated into a masterpiece at the end of three and a half months.

    ailmentphotonervousbreak

    Ingredients:

    1. Projects which you'll never complete. : At least 4 nos

    2. OpenGL assignments which you hate for obvious reasons: 1 nos

    3. OS assignments that you like, but don't have time for: 1 nos

    4. Miscellaneous assignments, presentations etc. : 2 nos

    5. Sun Campus Ambassador job in a place like MNIT : 1 nos

    6. College System Administrator job: 1 nos

    7. Burden of applying for the Google Summer of Code: 1 nos

    8. Examinations per month: 6 nos

    9. Attendance shortage in subjects: 3 nos

    10. A social life which involves a lot of maggots : Extra, for taste

    How to prepare your killer Mental Breakdown Delight:

    Begin the semester with a clear mindset of what you're going to do, what projects you'll take up and what activities you'd like to involve yourself in. Now make sure you have too many areas of interests, otherwise, it's a little hard to get the flavour just right. Now pick one project each for every area of interest that you've got, and make sure that none of them have overlapping fields. One such combination that gives you good results is parallel computing, HA Clustering, electronic design automation and game development. Keep it to boil in a normal sized dish and stir until your mental gravy starts to bubble.

    Make sure you have a job like the Sun campus ambassador job wherein you have to conduct workshops on FOSS during your institute's technical fests that are organized by very capable beings. Note that the gravy won't thicken if you have a very good FOSS culture in your institute and there are a lot of dedicated students all set to make it a grand success. There should only be a selected few students running after everything. The lesser the count (apart from you), the better.

    Now in between your projects and your workshops, make sure you try and explore other worlds as well. You could try taking a one week vacation off to attend a conference like Sun Tech Days, have a lot of fun and return only to be shocked at how many classes you missed. Now begins the attendance shortage component of our recipe. Make sure you've missed enough classes so that you don't feel like attending any more. For best results, bunk those classes wherein tests are conducted frequently, so that you avoid attending them as long as you don't know anything.

    The mid terms will be around just to test how spicy your dish is. If you're well prepared with your subjects, the mid terms won't add any extra zing to your mental breakdown dish.

    After this point, you can set the flame to a slightly higher level if the bubbles aren't forming fast enough. Add two weeks of the Google Summer of Code application period wherein you have to make a proposal and submit a patch for the project's code as part of the application process. In order to give the gravy that burning feeling, make sure you have to attend to system administrators from NRCFOSS during this application process and work with them on hardening some of the institute servers. It's recommended that they prefer to work with a distribution of Linux that you're not comfortable with, like Deepofix. Chances are, you'll suck at balancing your time here and hence, it'll improve the dish in every possible way.

    In the meantime, chop a few more pending assignments on a separate plate and keep adding to it while you're preparing the rest of the meal in parallel. This is done, so that by the end of the semester, you'll have way to many assignments left to do and that upon adding the contents of this place to the gravy, your dish will explode in a super nova of burnt out brain cells.

    For those who're extra ambitious as far as tinkering with their own sanity is concerned, you might want to try having a social life wherein everyone (at least most people) around you are complete maggots. You can have them range across all levels from class 1 to class 4, and for best results, you might even want to know a couple of super maggots who're so sly, that you'll be in the dark until the throw phase of the use and throw routine that maggots are known to follow.

    By the end of the semester, your mental breakdown delight should be more than complete. Serve and enjoy!

  • Sun Tech Days 2009: GG

    The whole of last week, I was at Hyderabad and I really can't express in words as to how great it felt to be away from college for a full, solid seven days! Me, Sarguru, Nitin and Lakshminarayan left for Delhi on the evening of the 14th. Our train was from Delhi Nizamuddin station at 7 in the morning. The journey went rather smoothly with me spending most of my time sleeping.

    Day 1:

    On Monday morning, we arrived at Secunderabad station and we were quick to book a room in a nearby lodge for Rs 135 per person per day! :P

    We had a good south Indian meal for brunch and we were all set for our sight seeing spree. The first place we visited was Golconda fort. Inspite of having been in Rajasthan (more specifically speaking, Jaipur) for close to three years, I had not been to a single fort there! So the Golconda trip was quite a first for me as we explored the citadel, the gardens, the prison and so on.

    day_1-0101day_1-043day_1-014

    We then went back to the city to check out the Charminar, which really didn't have anything great about it. Or maybe I just can't appreciate things that are beautiful.

    day_1-060day_1-064day_1-067

    Anyways, we decided to catch a movie at the famous Imax theatre complex, and after a good long walk around the Hussein Sagar lake, we were finally there. McDonald's helped rejuvenate our strength as we mowed down on burgers and mexican wraps and went on to get tickets for the 3-D version of Polar Express. :) We had a good half hour left till the show started, so we decided to fool around with some fun stuff in the complex namely, the Haunted House, the Mirror Maze and the Crazy Hotel. The mirror maze would have been interesting had I not known the 'only-left' algorithm to navigate out of mazes. :)

    day_1-085day_1-099day_1-087

    Watching the Polar Express in 3-D was certainly something else, since you actually felt like you were 'there', with the snow falling around you, the train nearly hitting you and you looking out of windows. We then called it a day, and hit the beds in the luxury of our lodge. :)

    day_1-093

    Day 2:

    Day two was rather boring in comparison to day one. We set out to the Birla Art exhibition first and uhm... saw some paintings, most of which I couldn't comprehend. Modern art is shitty I tell you. I'm sure I can do patterns that are more coherent than those. And not surprisingly, most of the paintings were titled 'Untitled'. Like duh? Ideally, most of them could have been named something like, 'Random-instances-of-paint-strewn-over-a-sheet', or 'When-my-dog-messed-with-my-paint' and so on. Heck, maybe they just aren't creative enough. :D

    What followed in our itinerary was the Salar Jung museum. We had a jolly good time looking at Salar Jung III's pictures and paintings and tagging him 'gay'. Trust me, the pictures did make him look so but I'm sure he was a great chap! The only exhibits that interested us were the arms and weapons collection where all kinds of guns, swords including Indian/Persian simitars and armour were up on display. Once we were done with the museum, we proceeded back to the Birla Planetorium to catch the English Show which took us through a journey through space and explained a lot of interesting components about the mystery we call, the universe.

    Day 3-5: Sun Tech Days 2009:

    This has certainly been the coolest developers' conference I've ever attended! The Hyderabad International Convention Center itself took my breath away with it's magnificence. And the whole idea of giving a talk here was simply exciting! The inaugural ceremony was brilliant, with a 11 year old percussion sensation drumming away to cheers and applauds from us, the mesmerized audience. What followed were demonstrations of some of Sun's technologies which included JavaFX by Chuk Munn Lee and JavaTV by Srinidhi. Then came the moment we've all waited for, the opening key note by James Gosling, the father of Java himself!

    100_3697100_3753100_3706

    After the ceremony, I went over to my stall, where I helped carry out OSUM registrations and conduct demonstrations of OHAC and HA-Cron all day. I interacted with a lot of people from different companies and institutes, discussed code and projects with some and made plans for workshops with a handful. :)

    JB had his Project Kenai stall right next to mine and he took me through the whole project. I really didn't know what Kenai was all about until this so I'm kind of intrigued by the idea behind it. It also has a lot of relevance considering the fact that the world is moving towards an era of cloud computing. I was kind of picturising the whole concept of project management with the social computing paradigm and a bit of cloud computing and it sounded amazing! A couple of hours after that, I met Mayuresh from the OpenSolaris team who asked me the details of my talk which was scheduled on the 19th. Later that day in the evening, I went over to the hall to test my laptop with the projector and it worked like a charm.

    Day three ended with a dinner treat by Ganesh to the entire Sun CA gang and we digged in to Hyderabadi Biriyani and a sweet dish which had a really weird name that I can't remember now.

    100_3770100_3768100_3799

    Day four was just as exciting with me conducting even more demos, meeting even more people and finally giving my talk! Jay Mahadeokar, the CA from SRKNEC, Nagpur gave a talk on Project Canopee which made use of SunSPOTS, his pet technology. :) After that I talked about HA-Cron and the GDS methodology for agent development on OHAC. My talk was well perceived and I managed to create a bit of hype around OHAC itself, as was told to me by some systems engineers from De Shaw, who'd attended my talk. And wow! Did that feel great!

    img_3119img_3120img_3123

    At 3:00 PM, Ganesh N Ram A.K.A GNR, gave the talk on OHAC itself and explained in great detail SMF, FMA, failover and scalable clusters and gave a superb demonstration which was followed by a grand applause from our audience. Both of us together answered a flurry of doubts that were thrown from the audience and I went on to get acquainted with even more people after that. :)

    img_3134img_3118img_3138

    I lazed around for the rest of the day at the stall and continued demonstrating OHAC to all passersby. I'm surprised at all the OHAC evangelism I did! We were again treated to dinner by Ganesh himself. :)

    University day was rather boring as a lot of the talks were being repeated over and over again. Abhishek gave an amazing talk on 'Enterprising Open Source' and with his panache, kept the crowd entertained. In the evening, we CAs stayed back to meet Joe Hartley, Vice President, Global Government, Education & Healthcare, Sun Microsystems and we gave him our feedback about the programme in general. A photo shoot followed after which we all left to catch our trains and so on.

    img_1744

    After quite a sick journey from Hyderabad to Warangal, a six hour wait for the train to Jaipur and a Jaipur-Coimbatore train filled with brats, we finally got back to our good ol' college. Damn.