Posts Tagged 'Configuration'

December 26, 2011

iptables Tips and Tricks - Port Redirection

One of the most challenging and rewarding aspects of Linux administration is the iptables firewall. To the unenlightened, this can be a confusing black box that breaks your web server and blocks your favorite visitors from viewing your content at the most inconvenient times. This blog is the first in a series aimed at clarifying this otherwise mysterious force at work in your server.

Nothing compares with the frustration of trying to make a program listen on a different port – like if you wanted to configure your mail client to listen on port 2525. Many times, configuring a program the hard way (some would say the "correct" way) using configuration files may not be worth your time and effort ... Especially if the server is running on a control panel that does not natively support this functionality.

Fortunately, iptables offers an elegant solution:

iptables -t nat -A PREROUTING -p tcp --dport 2525 -j REDIRECT --to-ports 25

What this does:

  1. This specifies -t nat to indicate the nat table. Typically rules are added to the "filter" table (if you do not specify another table), and this is where the majority of the traffic is handled. In this case, however, we require the use of the nat table.
  2. This rules appends (-A), which means to add the rule at the bottom of the list.
  3. This rule is added to the PREROUTING chain.
  4. For the tcp protocol (-p tcp)
  5. The destination port (--dport) is 2525 - this is the port that the client is trying to access on your server.
  6. The traffic is jumped (-j) to the REDIRECT action. This is the action that is taken when the rule matches.
  7. The port is redirected to port 25 on the server.

As you can see, by changing the protocol to either tcp or udp or by adjusting the dport number and the to-ports number, you can redirect any port incoming to any listening port on the server. Just remember that the dport is the port the client machine is trying to connect to (the port they configure in the mail client, for example).

But check this out: Say for example you have a website (shocking, I know). You don't have a load balancer or a firewall set up, but you want to split off your email traffic to a second server to reduce strain on your web server. Essentially, you want to take incoming port 25 and redirect it ... to ANOTHER SERVER. With iptables, you can make this work:

iptables -t nat -A PREROUTING -p tcp -d 123.123.123.123 --dport 25 -j DNAT --to-destination 10.10.10.10:25

What this does:

  1. It specifies a destination (-d) IP address. This is not needed, but if you want to limit the email redirection to a single address, this is how you can do it.
  2. It is jumped to DNAT, which stands for destination nat.
  3. The destination and port are specified as arguments on to-destination

As you can see, this forwards all traffic on port 25 to an internal IP address.

Now, say you want to redirect from a different incoming port to a port on another server:

iptables -t nat -A PREROUTING -p tcp --dport 5001 -j DNAT --to-destination 10.10.10.10:25
iptables -t nat -A POSTROUTING -p tcp --dport 25 -j MASQUERADE

In this example, the incoming port is different, so we need to change it back to the standard port on the way back out through the primary server.

If you would like further reading on this topic, I recommend this great tutorial:
http://www.karlrupp.net/en/computer/nat_tutorial

Remember, when you are modifying your running configuration of iptables, you will still need to save your changes in order for it to persist on reboot. Be sure to test your configuration before saving it with "service iptables save" so that you don't lock yourself out.

-Mark

November 28, 2011

Brisket and BYOC

With all of the cooking and eating going on around Thanksgiving, Summer's Truffle Mac and Cheese blog inspired me to think back on any of the "expertise" I can provide for SoftLayer customers in the kitchen. One of the first things my mother taught me to cook was brisket. While it might not be as exotic as 3 Bars Barbeque, it's pretty easy to make. Everyone who tastes it sings its praises and thinks it took forever to prepare, and while it does have to cook in the oven for about four hours, there are only five ingredients, so the "preparation" time is actually only around ten minutes. Since it's not exactly a family secret, I don't think I'll get into any trouble for sharing it:

Easy-To-Make Brisket Ingredients

  • 1 Brisket - I'd recommend having the majority (not all) of the fat trimmed off at the store
  • 2 1/2 Cups of Ketchup - Buy the largest ketchup bottle and plan on using a little more than half
  • 1 1/2 Cups of Water
  • 1 Packet of Onion Soup Mix
  • 1 Can of Tomato Paste (Optional, adds flavor)

Instructions

  1. Pre-heat oven to 300 degrees
  2. Mix all of the non-brisket ingredients and pour them on top of the brisket in a large roaster (one with a lid would be preferable)
  3. Make sure the entire brisket is covered. Pick it up to get your other ingredients underneath.
  4. Pop it into the oven for four hours at 300 degrees.
  5. Take it out, let it cool, and enjoy!

That's the basic, original recipe, but I've found a few ways to make it juicier along the way. One tip is to pull the brisket from the oven after about three and a half hours and slice it against the grain. If you have an electric knife, this is the perfect chance to use it, and if you don't, this could be an excuse to get one. Put the brisket back in the roaster for another half hour, and you'll love the results. Because ovens differ, just make sure it's moist before you take it out to serve.

At this point, you're probably asking yourself what a brisket recipe has to do with SoftLayer. If you've used our Build Your Own Cloud wizard, you might already see the similarity: You can put something together that seems dauntingly time consuming quickly and without breaking a sweat ... And the end result is amazing. There are a few simple steps to making an impressive brisket, and it takes a few clicks to build a customized cloud instance with all the benefits of SoftLayer's global network and support.

Too often, selecting a cloud instance involves more limitations than it does choices, so we wanted to make sure the BYOC service enabled customers the granularity to choose CPU, RAM, and storage configurations on newer, more powerful servers than our competition. Just like my tweak of the original recipe, we want customers to have the ability to tweak their cloud platform to provide the best application performance, cost efficiency, and availability for their specific needs.

If this blog left you hungry, you've got everything you need to make an amazing brisket. If you don't have the ingredients (or the four hours) you need to make one now, you can try the quicker BYOC recipe:

SoftLayer Cloud Ordering Ingredients

  • The device you're using to read this blog.
  • A list of what you want on your cloud instance.

Instructions

  1. Visit SoftLayer's Build Your Own Cloud page.
  2. Select the options you want and submit your order.
  3. Start using your custom cloud instance in less than 20 minutes!

Happy Building! :-)

-Rachel

Categories: 
May 12, 2011

Follow 750 Servers from Truck to DC Rack

What do you call the day after you finish building a new data center server room and cabling the server racks in it? If you're an employee at SoftLayer, you call it Truck Day.

Last week, a few of the folks from marketing were invited to celebrate in the Truck Day festivities for Pod 2 in DAL05 (SR02.DAL05), and I jumped at the opportunity. I don't go anywhere without at least one camera on-hand to document and share what's going on with the SoftLayer community, and Truck Day wasn't an exception ... In fact, I had three different cameras going at all times!

The truck arrived at around 7 a.m. with a few dozen pallets of servers, and about forty employees from all around the company immediately jumped into action. As the pallets moved from the loading dock to the inventory room, people were unboxing servers and piling them on carts. When a cart was full, it was whisked to the data center and unloaded. The data center techs plugged in each of the servers to confirm its configuration and stacked it with matching configurations in designated areas around the data center. By the time one cart got back to the inventory room, another was on its way to the data center, so very little time was lost.

Back in 2007, SamF did a great job of explaining the process, so I won't reinvent the wheel. Instead, I'll let you see the activities as they were captured by the three cameras I toted along:

To give you an idea of how fast all of this was done, each the time lapse cameras set up in the data center and in the inventory room captured images every five seconds. When the video was compiled, the frame rate was set to 20 frames per second, so each second of time lapse video is the equivalent of 100 seconds of work. In a matter of just a few hours, we received, inventoried, racked, cabled and started selling around 750 servers in a brand new data center pod. Competitors: Be afraid. Be very afraid. :)

Pictures from DAL05 Pod 2 Truck Day have been posted on our Flickr Account: http://sftlyr.com/8g

In the past three weeks, we brought three different data center pods online in three different parts of the country: On April 25, it was our first server room in San Jose (SJC01); on May 2, the second server room in DAL05; and on May 10, our second server room in WDC01. As far as I know, we don't have a new pod planned for next month, but given how quickly the operations team has been building data center space, I wouldn't be surprised to get a call asking me to come in a little early to help unload servers in a new data center next week.

-@khazard

Music Credit: The background track in the video is "Your Coat" from SoftLayer's very own Chris Interrante. Keep an eye out for his soon-to-be released EP: OVERDRAFT.

Subscribe to configuration