Debian mirror through HTTP proxy

Ever wanted to put together a Linux Debian mirror in an intranet with no direct access to Internet? The classical solution is, of course, rsync but what do you do when you can't access the source directly and your only way out is a HTTP proxy? The solution is debmirror. To install it: apt-get install debmirror.

First make sure that you exported your proxy server:

export http_proxy=http://proxy.localnet:port

Then set up a script that runs periodically (daily, for example):

debmirror -a i386 -m -h ftp.de.debian.org -e http -d stable -d testing -d unstable --root /debian --getcontents --progress -v /mirror/debian

This is pulling the stable, testing and unstable from ftp.de.debian.org - of course you should choose whatever mirror is closer to you. If you're having problems with the PGP signatures you can add --ignore-release-gpg.

You can log the operation by adding:

1> /log/mirror-debian-repository.out.log 2> /log/mirror-debian-repository.err.log
 

Cisco-centric Open Source Exchange Community - COSI

http://cosi-nms.sourceforge.net/

I stumbled across this site many times but since I'm posting on this blog since last week I thought I should mention it now.

The site is a community that develops open source software for managing Cisco equipment. It collects links to many Cisco-related open source projects. This is a very useful resource as "real" tools come with a high price and actually you can't buy many of them.

I use myself VMPS-SRV, a web interface for managing VMPS. This tool (well, slightly modified) can be used in conjunction with an open-source VMPS server (which actually isn't listed in this site :). Maybe this will make the subject of another article, in spite of the fact that the current trend is to use 802.1x. However, if anyone is still interested in using VMPS please let me know - add a comment. In some environments maybe it's still the good choice.
 

Time-based ACL on ASA firewall

I had a request to limit the bandwidth of some hosts in a LAN only on the business hours. Not knowing that time-based ACLs are supported I decided to do that without the time component on the local ASA 5510 firewall located at the border of the network. After doing that something caught my eye browsing trough the ASDM:



The "Time ranges" object. This has a very flexible definition: it has 2 layers; the first layer defines the start time and the end time (for example: the time range of the second layer will begin on 03.03.2008, 2100 hours and end on 05.03.2008, 0800 hours); the second second layer is weekly-based - eighter select the days of the week with a hourly interval or select a weekly interval when this range will be active.

For example, if you want to define the range of working hours (9:00 to 17:00) you can do it like this:

time-range working_hours
periodic weekdays 9:00 to 17:00

Now back to the starting case, limiting some hosts during business hours:

  • define the time range - done above;
  • define a ACL with the IPs of the hosts, for example:
access-list limit extended permit ip host 10.0.0.1 any time-range working_hours
access-list limit extended permit ip any host 10.0.0.1 time-range working_hours

  • make a class-map:
class-map class
match access-list limit

  • write a policy-map for policing at 2Mbps (in this example):
policy-map outside-policy
class class
police input 2000000 16000
police output 2000000 16000
service-policy outside-policy interface outside

Or you can do it with ASDM :D
 

Follow by Email

Sponsored Links

Labels