Server Configuration
De
Networking
shorewall
We installed both shorewall and webmin. We have the following rules:
- loc -> all : ACCEPT
- fw -> all : ACCEPT
- net -> all : DROP
- ssh to firewall : ACCEPT
- webmin to firewall from university network : ACCEPT
- afp -> fw : ACCEPT
IPv6
# This file describes the network interfaces available on your system # and how to activate them. For more information, see interfaces(5). # The loopback network interface auto lo iface lo inet loopback
# The primary network interface auto eth0 iface eth0 inet static address 130.79.91.34 netmask 255.255.254.0 network 130.79.90.0 broadcast 130.79.91.255 gateway 130.79.91.254 # dns-* options are implemented by the resolvconf package, if installed dns-nameservers 130.79.200.1 dns-search u-strasbg.fr # Private network (i.e. testbed) auto eth1 iface eth1 inet static address 10.0.0.1 netmask 255.255.255.0 network 10.0.0.0 broadcast 10.0.0.255
The testbed may use an IPv6 connection.
We configured radvd (/etc/radvd.conf
):
interface eth1 { AdvSendAdvert on; prefix 2001:660:4701:1001::/64 { AdvOnLink on; AdvAutonomous on; }; };
NITOS / OMF
[NITOS was deployed at the university of Thessaly (Greece). The group has the same objective: experimenting the wireless Internet.
NITOS is based on the COntrol and Management Framework (OMF), developed actively by Orbit, NICTA and NITlab.
They provide an abstraction to control a networking testbed.
(old) Monolitic Proprietary testbed
The first version of exprima consisted in a home-made testbed. We use a combination of NFS / PXE / DHCP/ TFTP to re-install automatically the nodes. IN particular, custom scripts on the voyage nodes permitted to maintain up-to-date images on the server.
This version is now obsolete.
OMF deployment
I just point to the excellent tutorial for OMF 5.4: http://omf.mytestbed.net/projects/omf/wiki/Installation_Guide_54.
Personal Notes OMF installation/configuration
xmpp - openfire
To insert a new server certificate
http://www.igniterealtime.org/builds/openfire/docs/latest/documentation/ssl-guide.html
change the default keystore password:
keytool -storepasswd -keystore keystore
(default: changeit).
And then, modify it in the admin console: add the property xmpp.socket.ssl.keypass
in the system properties.
Converts the cer file into a pkcs12:
openssl pkcs12 -export -in exprima.cer -inkey exprima.key -out exprima.p12 -name exprima -CAfile CNRS2.crt -caname root
import in the certs for java/openfire:
keytool -importkeystore -destkeystore keystore -srckeystore /home/theoleyre/exprima.p12 -srcstoretype PKCS12 -alias exprima
test:
keytool -list -keystore keystore
to remove a key:
keytool -delete -alias XXX