Monday, July 14, 2008

Iptables: DNAT

DNAT stands for Destination NAT. It is a type of NAT. The other one is SNAT which stands for Source NAT. What's the difference I hear you ask. Good question! :) DNAT changes destination of relevant packets. SNAT changes the source of relevant packets. Last week, my boss asked me to open an internal system in order to be accessed publicly.

Let's say my internal system server's IP is 192.168.2.123 and the system is a web-based system (port 80). It is behind a firewall which has a public IP say 111.222.333.444. To access the internal system from internet, the firewall IP should be used as a gateway to reach the internal system server.

Internet ----> Firewall ----> Internal system

I want to make any packets destined to port 3256 on firewall should be NAT'ed to internal system server on port 80. So the DNAT in firewall is:

iptables -t nat -I PREROUTING -s ! 192.168.2.0/24 -p tcp --dport 3256 -j DNAT --to 192.168.2.123:80

There you go. All packets destined to firewall on port 3256 will be redirected to internal system server on port 80. There are other ways to achieve this using other tools like xinetd but I leave that one for exercise for readers. :)

Tuesday, July 8, 2008

Linux : Before Munich, it was Extremadura

I remembered 3 years ago I read a Linux magazine about Munich. The government were going to convert all Windows PCs to Linux. Then I just came across an old news about how one of the poorest region in Spain migrated their all pcs using by civil servants duirng a weekend.

We changed the desktop systems from Windows to Linux during the weekend, when the civil servants came back next Monday morning they found Linux running on their desktop machines.

The public government of the Spanish region of Extremadura has now a long tradition of promoting and using free software. Extremadura is a region located in the South-West of Spain, in the center of a triangle formed by the cities of Madrid, Seville and Lisbon.

More from the news:

Another essential component of the network are the end user terminals. These were made from PCs running a localized version of Linux called Linex (compound word from LINux and EXtremadura) which they tailored to their specific needs and changing the name of the programs to more accessible ones to the people in Extremadura. For example, the Gimp image processing program was renamed to Zurbar�n, a famous Spanish painter. Besides building one of the best known Linux distributions, Linex, they have achieved the amazing goal of having one PC for every two students in their schools. Yes, you read it correctly, one PC per two students.

In total they now have some 80000 desktop PCs running Linux. Of them, 66000 are in schools and education centers and the rest, 14000, are in other public administration buildings. Although not 100% of all Extremadura's public administration departments have been switched to Linux desktops, this numbers certainly indicate that they are in the right path to reaching this goal.


Hmm. I think this proves that Linux can be used in government sector without problem. Certain issues need to be addressed first especially pertaining to proprietary softwares used. This issue mostly can be solved. The expert of migration will take of it. :)

Do you have any story about Linux in government at your place? Do write in.

More related news:
Munich goes Open Source
Full steam ahead for Linux in Munich
Debian wins Munich Linux deal

Renew letsencrypt ssl certificate for zimbra 8.8.15

 Letsencrypt certs usually consists of these files: 1. cert.pem 2. chain.pem 3. fullchain.pem 4. privkey.pem I am not going to discuss about...