I needed a small tweak to my EdgeRouter config to let me connect to my bridged VDSL modem. The EdgeRouter is connected to the modem on eth0.
The modem uses 192.168.1.254/24 by default, so the first step is to give eth0 an IP on the same network. Then we need a NAT masquerade rule to NAT traffic for the 192.168.1.0/24 network through eth0.
After applying the changes I can now browse to the admin interface of the modem.
As part of a project to build a home lab for testing, I’m upgrading my home network. My first addition is an Ubiquiti EdgeRouter Lite.
I have the ERL connected to my VDSL modem (bridged) on eth0, and to my Netgear AP on eth1. I will be creating a DHCP LAN on each of eth1 and eth2, and setting up a pppoe interface on eth0 to connect to the Internet. Eth1 will be connected to my existing wireless router, and eth2 will be connected to my XBox.
Fortunately, after upgrading the firmware to version 1.8 almost all of this can be done using the setup wizard. The only remaining settings I need to adjust are to set up a couple of DHCP reservations and port forwarding rules to keep Plex and Transmission working on my server.
Initial impressions are great. The setup took about an hour, including the time it took to hook everything up and to download and install the firmware update. The router has a console management port for when I inevitably wreck the config or lock myself out of the network, SSH admin console, and the web GUI seems to cover almost all day to day tasks.
The final config looks like this.
It took me a while to find this so it seems worth posting here.
Once you have a signed certificate file we need to create a p12 keystore file. In my case the certificate was from Go Daddy and there’s an intermediate certificate (gd_bundle-g2-g1.crt) that needs to be included.
openssl pkcs12 -export -in example.crt \
-inkey example.key \
-out example.p12 \
-name unifi \
-certfile gd_bundle-g2-g1.crt
At the prompt enter the password aircontrolenterprise.
We can then import example.p12 into the Unifi keystore:
sudo keytool -importkeystore \
-deststorepass aircontrolenterprise \
-destkeypass aircontrolenterprise \
-destkeystore /usr/lib/unifi/data/keystore \
-srckeystore example.p12 \
-srcstoretype PKCS12 \
-srcstorepass aircontrolenterprise \
-alias unifi
And restart the controller with service unifi restart.
Unifi WiFi can be configured to use a custom portal for the Guest network. As part of a large rollout of Ubiquiti access points, I built a custom guest portal in Django that would allow us to customise the appearance of the guest authentication page to match the brand of each of our locations.
When an unauthenticated guest connects to a wireless network with the guest policy enabled, http requests are redirected to the custom portal. When the form is submitted, Django validates the password, and then uses the Unifi API to authorize the guest’s MAC address.
Graylog is a free log management platform that can collect log data from a wide range of sources. This post shows how to quickly set up a Graylog server and start monitoring logs from Linux and Windows hosts. For detailed documentation refer to the Greylog Online Documentation.
The quickest way to get started is to download the Graylog OVA Appliance. This is imported into a new VM in your VMware environment.
Once the appliance is up and running, log in to the console with username and password ubuntu. We’re going to update the admin password, email config and timezone:
sudo graylog-ctl set-admin-password <password>
sudo graylog-ctl set-email-config <smtp server> --user=<username> --password=<password>
sudo graylog-ctl set-timezone <zone acronym>
sudo dpkg-reconfigure tzdata
We’ll also assign a static IP by editing /etc/network/interfaces, and then reload the network and Graylog service:
sudo ifdown eth0 && sudo ifup eth0
sudo graylog-ctl reconfigure
Finally, change the password for the ubuntu user on the VM with passwd and log off.
You can now access the server on the IP address we set above and log in with username admin and the password you set earlier. You may want to add a DNS record for the new server at this point.
Before we start sending log data to Graylog, we need to tell it what type of data we’ll be sending. We do this by creating two inputs: a Syslog UDP input for our Linux servers and a GELF UDP input for our Windows servers.
Click on System > Inputs, and select GELF UDP from the input menu. Click Launch new input. Turn on ‘Global input’, and give the input a name. All other settings can be left as their defaults. Repeat these steps to create another input, this time using the Syslog UDP type.
On our linux clients we’ll configure rsyslog to forward log data to Graylog. Save the following config to /etc/rsyslog.d/90-graylog2.conf, replacing syslog.example.com with the IP address or DNS name of the Graylog server:
And restart rsyslog:
sudo service rsyslog restart
On our Windows clients we need to install NX Log Community Edition to export log data.
Once it’s installed, open up C:\Program Files (x86)\nxlog\conf\nxlog.conf and enter the following, replacing syslog.example.com with the IP address or DNS name of the Graylog server:
To apply the new config, reload the nxlog service.
You should now be able to log in to your Graylog server and see log data coming in under the Sources tab.
