Version 3
Education
Cisco PIX 501 Quick Setup
I inherited a Cisco Pix 501 firewall recently and have to say I’m not near as educated on Cisco equipment yet as I feel I should be. After a good amount of searching along the way I started getting the hang of things. I had worked in Cisco’s Pix Device Manager (PDM) and found it to be more of a pain trying to navigate than to setup through command line. So, for this tutorial I will focus only on the CLI for setup of the device.
Here is how I was able to get things setup. Note that this is just a basic setup using the CLI with the following:
WAN: DHCP
LAN: Enable NAT, and enable DHCP
After configuration the firewall will be accessible at 192.168.3.1 (and netmask 255.255.255.0) and DHCP leases available will be 192.168.3.50 – 192.168.3.80. You can change these accordingly while going through the commands.
First of all, you need to connect to the device using your Cisco console cable which is an RJ45 to DB9. Connect the RJ45 end to the 501, and the DB9 end to a machine with the connector. In my case this was a Linux machine running Ubuntu. If you are on a Windows machine you can simply use HyperTerminal to connect. I issued the following commands to get connected to the 501:
Sudo apt-get install cu cu -l /dev/ttyS0 -s 9600
ttyS0 was what worked for me, but yours may need to be changed to ttyS1, etc. depending on your setup.
Once things are connected I issued the following commands:
First press no to the guided install (if you plan to follow the tutorial below).
enable
You will be prompted here for a password. The Enter key is the default password.
config t
This will allow access to the configuration menu. Press “?” to find all commands available.
username USER password ***** privilege 15 enable password ****** passwd ******
Replace USER with the username you wish to create. This allows you to create an administrator account for the system.
interface ethernet0 auto interface ethernet1 100full ip address outside dhcp
Make sure your WAN connection is live when issuing the command above. It will try to assign a DHCP address when it’s issued.
ip address inside 192.168.3.1 255.255.255.0 show ip address
The above command just shows the current setup. I used it to double check I entered everything properly.
ip address outside dhcp setroute nat (inside) 1 192.168.3.1 255.255.255.0 global (outside) 1 interface telnet 192.168.3.50
This was an optional command. This allowed telnet access to the client at 192.168.3.50. This was added so I didn’t need the console cable connected after the initial setup, and could merely telnet in from the client as needed.
no banner exec no banner login no banner motd
The banner commands are also optional. I wanted to cut out any extra information at logins. You can leave these, or change them as you desire.
hostname YOURHOST
Replace YOURHOST with the hostname you wish to give the 501.
domain local dhcpd address 192.168.3.50-192.168.3.80 inside dhcpd dns 4.2.2.1 4.2.2.2
These were test DNS servers I used during setup. I believe they are Level3’s, and they are rather stable. You can change to your local ISP’s DNS servers or others as desired.
dhcpd lease 3600 dhcpd ping_timeout 750 dhcpd enable inside
The above command assigns the 501 as the DHCP server for the inside interface (LAN). If you wish to use a different DHCP server or don’t care to enable DHCP, simply disregard this command.
access-list ping_acl permit icmp any any access-group ping_acl in interface outside
These two commands are added to allow ping requests. Ping is disabled by default on the 501 and annoyed me when trying to run diagnostics. These are optional.
wr mem
This finalizes your setup by writing all changes to memory.
These are the commands I found to work for me – and don’t have this in production. I don’t claim for this method of setup to be secure for your environment and highly recommend you study up on the device more before placing it in a production environment. If anyone has some modifications or additions to this guide please feel free to contact me. Hopefully this tutorial can serve as a first step in becoming familiar with setup for the Pix 501, thanks for reading.
Source Image: cisco.com
Twitter Weather Forecasts Using Linux
Twitter’s feature to allow updates from terminal allows for a lot of creative ways to use twitter. I used some already written scripts and commands and put it all together to receive weather forecasts for my area at 9am every day on my phone. Example of SMS message sent to my phone “Forecast for: DES MOINES, IA Today Mainly clear and frigid – Low 10“ Here is how I did it:
First I used a written shell script and made output modifications so length would be under Twitter’s length limitations. The modified script is listed below:
Note: I take no credit for the original script. It was available online, and I modified it based on my needs. Dave Taylor is the original author, and offers a book full of shell scripts I recommend checking out! Page Here
#!/bin/sh # weather - report weather forecast, including lat/long, for zip # Dave Taylor - found at http://www.intuitive.com/wicked/showscript.cgi?063-weather.sh # Edited for twitter use by MadHatter (maddhat.com) llurl="http://www.census.gov/cgi-bin/gazetteer?city=&state=&zip=" wxurl="http://wwwa.accuweather.com" wxurl="$wxurl/adcbin/public/local_index_print.asp?zipcode=" if [ "$1" = "-a" ] ; then size=999; shift else size=5 fi if [ $# -eq 0 ] ; then echo "Usage: $0 [-a] zipcode" >&2 exit 1 fi if [ $size -eq 5 ] ; then echo "" # get some information on the zipcode from the Census Bureau lynx -source "${llurl}$1" | \ sed -n '/^<li><strong>/,/^Location:/p' | \ sed 's/<[^>]*>//g;s/^ //g' fi # the weather forecast itself at accuweather.com lynx -source "${wxurl}$1" | \ sed -n '/Start - Forecast Cell/,/End - Forecast Cell/p' | \ sed 's/<[^>]*>//g;s/^ [ ]*//g' | \ sed 's/10-Day AccuWeather.com//' | \ sed 's/Today/Today:/' | \ uniq | \ head -$size exit 0
Save this as weather.sh in your home folder. Then open a text editor and create “tw.sh” saved to your home directory with the following contents:
Note: You need to replace the USER:PASSWORD with the username and password for the secondary twitter account.
#!/bin/sh #tw.sh curl -u USER:PASSWORD -d status="$*" http://twitter.com/statuses/update.xml
For this script to run correctly curl must be installed. For ubuntu the command is “sudo apt-get install curl”
Now we have the necessary scripts created. To receive updates you will need to create a second twitter account of which to send updates. Make sure you follow this new account with your primary twitter account and turn on device updates if you are looking for update to your mobile device.
All that is left to get things up and running is to add the crontab entry. I added to my sudo crontab by the following “sudo crontab -e” and adding the following entry:
Note: This will run at 9am every day. You can edit yours however you’d like. For testing it may be a good idea to start with “* * * * *” to run every minute to ensure updates are working as planned. Replace “user” with your user name, as well as ZIPCODE with the zip code of the area you would like weather forecasts for.
0 9 * * * /home/user/tw.sh $(/home/user/weather.sh ZIPCODE)
Save the crontab entry. Check that it was added by typing “sudo crontab -l”. That’s all there is to it.
Some useful links for help and customization:
Testing Network Performance Using Iperf
Just a quick post on a great tool for testing network performance. Iperf is a very slim tool that will measure TCP/UDP bandwidth performance. It is an available ubuntu package “iperf ” and also has Windows/OSX binaries available. I found a working mirror here. What makes Iperf a good test versus a simple SMB/CIFS transfer for bandwidth performance is that it works in memory versus being limited by hard drive and CPU limitations.
Now a quick guide to get things up and running. The guide will be for two Ubuntu machines, testing network performance between the two.
1.Install – Type the following in terminal “sudo apt-get install iperf ” for both machines
2.Server Setup – Decide upon a server machine and a client. On the server type the following in terminal “iperf -s ”. This will place iperf in server mode, and it will listen for incoming connections.
3.Client Setup - On the client machine you have a lot of options to play around with regarding how you want to connect to the server. You can explore what each of these are by typing “iperf –-help ”. The following is a simple test between the server (192.168.2.104), and the client (192.168.2.103).
4.Testing - Type “iperf 192.168.2.104 -i 2” (replacing the IP here with the test server IP and then enter key to start testing. This will connect to the server running on 192.168.2.104 and have an interval of 2 seconds. There will then be 6 tests completed. This should give you all of the information you need regarding your connection speed between the two machines.
This should be enough to get you started using iperf. Check out the man page here if you have any usage questions.