Allow public access to web applications deployed within a private network

Scenario:
You have a web application currently deployed within a private network. You would like your friends to test the application over the Internet.

Solution:
One option is to set up a public server with the configuration similar to the one on the private network. However, this approach is tedious and costly especially if for testing purposes only.
An alternative is to use the proxying capabilities of Apache, in particular reverse proxying.

Requirements:

• Ubuntu Server 14.04 LTS with a public IP address and a private IP address (which is connected to the private network where the web application is running)

Steps:

1. Install and enable the required apache modules.
1. sudo apt-get install apache2 libapache2-mod-proxy-html
2. sudo a2enmod proxy_html
2. Edit the /etc/apache2/sites-enabled/000-default. Add the following inside the VirtualHost directive, reflecting your own settings.
1. ProxyPass "/myapp" "http://private_ip_hosting_the_app"
2. ProxyPassReverse "/myapp" "http://private_ip_hosting_the_app"
3. Restart Apache.
1. sudo service apache2 restart
4. Visit http://public_ip_of_server/myapp to test

Final Notes:
You can add as many web applications as you want. Here is an example.

Read More

Beeswarm Honeypot

Honeypots enable network security personnels to detect malicious activities in a network by tricking attackers that certain valid network services (such are web and ftp) are running on a server. In reality, however, honeypots simply log/analyze connection attempts initiated by an attacker.

Beeswarm is one of the many available open source honeypot software. It as a web frontend to allow for easier configuration. I made a minimal setup for our department just to check if some individuals/malwares are doing something interesting on our network. I will add updates on this post later.

Setup Notes:
On Ubuntu 14.04 server, use the following line to install the pyDes dependency. The one on the guide fails.
$ pip install http://twhiteman.netfirms.com/pyDES/pyDes-2.0.1.zip

Read More

Using the Python OpenStack API to access P2C

OpenStack has a Python API that can be used to develop services around it. In this post I describe how to use it for P2C.

1. After starting an Ubuntu 14.04 instance in P2C, log in to the instance using its floating IP. First create/edit /etc/apt/apt.conf.d/43proxy.

Acquire::http::Proxy "http://10.0.3.201:3142";

Run the following commands to install dependencies.

• sudo apt-get install build-essential autoconf libtool pkg-config python-dev
• wget https://bootstrap.pypa.io/get-pip.py
• python get-pip.py
• sudo pip install python-keystoneclient
• sudo pip install python-glanceclient
• sudo pip install python-novaclient

2. Edit /etc/hosts to add an entry for the frontend node:

10.0.3.101  cinterlabs-frontend

3. Create an rc file(guest-openrc.sh) file containing the following information(Don't forget to replace the values with your own credentials):

  export OS_TENANT_ID=028d55fc448046c6832db6527da13bf9
  export OS_TENANT_NAME=guest
  export OS_USERNAME=guest
  export OS_PASSWORD=guest_password
  export OS_AUTH_URL=http://cinterlabs-frontend:35357/v2.0

4. Create credentials.py containing the following:

#!/usr/bin/env python
import os

def get_keystone_creds():
    d = {}
    d['username'] = os.environ['OS_USERNAME']
    d['password'] = os.environ['OS_PASSWORD']
    d['auth_url'] = os.environ['OS_AUTH_URL']
    d['tenant_name'] = os.environ['OS_TENANT_NAME']
    return d

def get_nova_creds():
    d = {}
    d['username'] = os.environ['OS_USERNAME']
    d['api_key'] = os.environ['OS_PASSWORD']
    d['auth_url'] = os.environ['OS_AUTH_URL']
    d['project_id'] = os.environ['OS_TENANT_NAME']
    return d

5. Create list-instances.py containing the following:

#!/usr/bin/env python

from novaclient import client as novaclient
from credentials import get_nova_creds
creds = get_nova_creds()
nova = novaclient.Client("2", **creds)
print nova.servers.list()

6. Test the code by executing the commands below. You should see a list of instances.

• source guest-openrc.sh
• chmod 755 list-instances.py
• ./list-instances.py

7. Sample code to start an instance using the Python API. Save as start-instance.py

#!/usr/bin/env python
import os
import time
from novaclient import client as novaclient
from credentials import get_nova_creds

creds = get_nova_creds()
nova = novaclient.Client("2",**creds)
image = nova.images.find(name="Ubuntu-14.04-server-amd64")
flavor = nova.flavors.find(name="p2c.1_512_5_1_1")
instance = nova.servers.create(name="frompython", image=image, flavor=flavor, key_name="jachermocilla-p2c")

# Poll until the status is no longer 'BUILD'
status = instance.status
while status == 'BUILD':
    time.sleep(5)
    # Retrieve the instance again so the status field updates
    instance = nova.servers.get(instance.id)
    status = instance.status
print "status: %s" % status

To test:

• source guest-openrc.sh
• chmod 755 start-instance.py
• ./start-instance.py

References:

• http://www.ibm.com/developerworks/cloud/library/cl-openstack-pythonapis/
• http://docs.openstack.org/developer/python-novaclient/

Read More

A word cloud from the abstracts of my publications

 
Resources: 

• http://skipperkongen.dk/2011/09/07/creating-a-word-cloud-from-pdf-documents/ 
• http://jachermocilla.org/publications

Read More

APAN 41 Manila - Fellowship Summary Report

First of all I would like to thank APAN, especially the Fellowship Committee headed by Dr. Basuki Suhardiman, for awarding me a fellowship. I doubt that I will be able to attend such a meeting without a fellowship.

(Some Photos)

The main reason why I want to attend an APAN meeting is of course because I am very interested in the topics that will be discussed in the technical sessions, as well as the opportunity to network.  The workshops on cloud computing, network engineering, network research testbeds, and other co-located events are very much related to my research area and I learned a lot from attending them. I have a few blog entries that summarize some of the talks I attended.

The main realization that I came up with in this meeting is to never underestimate the value of COLLABORATION. The advances in research and education networks cannot be achieved without collaboration. I am amazed that majority of the presentations end with a slide having the logos of collaborating institutions and partners!

Unlike academic meetings that I frequent, the APAN meeting has a relatively informal and light atmosphere. Everyone seems to be at ease with each other and the senior members are very kind, accommodating, and generous. 

Attending this meeting also made me realize that my country, Philippines, is behind in terms of network infrastructure and capacity compared to its neighbors. I think improving this is just not a priority of the government as of the moment. It is great that DOST-ASTI is participating in this kind of activities that puts Philippines on the map. I also hope to be able to contribute, perhaps submit a research paper or join a working group to organize some workshops during the technical sessions. Interestingly, APAN publishes proceedings.

Since the APAN 41 Meeting is an international event, I also learned to appreciate the culture of people from other countries, particularly the other fellows. Talking to them gave me new perspectives in looking at things, not just on technical matters but also on other aspects of life. 

I believe that the APAN Fellowship was able to achieve its objectives and I hope that APAN will continue to support this program. I highly encourage others, especially the young ones, to participate and contribute to future APAN meetings.

MARAMING SALAMAT PO.

Read More

APAN 41 Manila - Day 4

27 January 2016

Today I attended the Network Engineering Workshop. The abstracts and slides of the talks are here. This workshop is by far the most organized which started and finished on time.

Majority of the talks described their home institution's current network infrastructure as well as their future plans. They are slowly moving to 100Gbps connections( the term is Long Fat Networks or LFNs) from 10Gbps.

There were also some presentations on protocol modifications (TCP in particular) in order to support 10/100 Gbps transfer over long distances across the Pacific Ocean.

Read More