Morroni Blog

I noticed a couple of new plugins that are available for wordpress to provide an optimized theme for iPhone viewers. The specific plugin that I am using is called WPTouch. It has more features than I need and was a piece of cake to install. We are recommending that our Wordpress clients start using it.  Check out this blog from an iPhone to see what I am talking about.

We’ve stopped buying small consumer grade proprietary routers for our business clients. We recently had a client that needed a VPN but only had Dynamic DNS. We did this once with a Dlink router but found the setup to be laborious and slow. The web interface was painful to use and refreshes took too long. With Vyatta, we have one single configuration file. We were able to build a configuration file that could provide: DDNS, a DHCP Server, a Firewall, and a VPN. Everything is right there in one single file. The solution is simple, elegant and easy to maintain. Now we just backup the single config file and we can easily recover from any disasters. Here is the config file we have been using for clients.
interfaces {
ethernet eth0 {
address dhcp
duplex auto
hw-id 00:0c:29:21:da:48
speed auto
}
ethernet eth1 {
address 192.168.1.1/24
duplex auto
hw-id 00:0c:29:21:da:52
speed auto
}
ethernet eth2 {
duplex auto
hw-id 00:0c:29:21:da:5c
speed auto
}
loopback lo {
}
}
service {
dhcp-server {
disabled false
shared-network-name OCInternal {
authoritative disable
subnet 192.168.1.0/24 {
default-router 192.168.1.1
dns-server 192.168.1.1
lease 86400
start 192.168.1.100 {
stop 192.168.1.200
}
}
}
}
dns {
dynamic {
interface eth0 {
service dyndns {
host-name XX.XXXXX.COM
login XXXX
password XXXX
}
}
}
}
nat {
rule 1 {
description "Main outbound"
outbound-interface eth0
source {
address 192.168.1.0/24
}
type masquerade
}
}
ssh {
allow-root false
port 22
protocol-version v2
}
}
system {
gateway-address 192.168.2.1
host-name vyatta
login {
user root {
authentication {
encrypted-password XXXXX
}
level admin
}
user vyatta {
authentication {
encrypted-password XXXXX
}
level admin
}
}
name-server XX.XX.XX.XX
ntp-server 69.59.150.135
package {
auto-sync 1
repository community {
components main
distribution stable
password ""
url http://packages.vyatta.com/vyatta
username ""
}
}
time-zone GMT
}
vpn {
pptp {
remote-access {
authentication {
local-users {
username XXXXX {
password XXXXX
}
}
mode local
}
client-ip-pool {
start 192.168.1.30
stop 192.168.1.80
}
outside-address 0.0.0.0
}
}
}


I just can’t say enough about how great of a routing platform Vyatta is.  There has not been anything that I have tried to do that Vyatta was not capable of doing.  Not only is it capable but it is easy to understand and the documentation/community is awesome.  I recently decided to put a firewall up between us and the other business using our internet connection.  Here are the firewall rules I used:
firewall {
name Lan2Lan {
description "Block Internal LAN Interaction"
rule 10 {
action reject
description "Block 10.1.2.x to 192.168.2.x"
destination {
address 192.168.2.0/24
}
log disable
protocol all
source {
address 10.1.2.0/24
}
}
rule 20 {
action reject
description "Block 192.168.2.x to 10.1.2.x"
destination {
address 10.1.2.0/24
}
log disable
protocol all
source {
address 192.168.2.0/24
}
}
rule 30 {
action accept
description "Allow All Traffic Not Previously Blocked"
destination {
address 0.0.0.0/0
}
log disable
protocol all
source {
address 0.0.0.0/0
}
}
}
}


The next step is to add the rule to the interface
ethernet eth1 {
address 192.168.2.1/24
firewall {
in {
name Lan2Lan
}
}
hw-id 00:1b:21:07:f3:27
}


The other cool trick that I did was I setup the Vyatta DHCP server to serve out the TFTP server address for our VOIP phone system. Now our office phones are plug and play based on MAC address. Here is the relevant configuration section.:
shared-network-name XXXXXX {
authoritative disable
subnet 10.1.2.0/24 {
default-router 10.1.2.1
dns-server 10.1.2.1
start 10.1.2.100 {
stop 10.1.2.200
}
tftp-server-name 10.1.2.88
}
}
}