IN2 Gateway Implementation Design

Base Class

A custom linux distribution is used as the base class for the IN2 appliance.

Class Volumes

IN2 has one read-only class volume: the boot volume. The size of boot volume is 32Mb. It contains:

• Linux kernel 2.6.18.8-xenU
• glibc-2.5-12.2
• Netfilter and IPTables for routing and NAT
• Latest version of AppLogic APK
• Busybox 1.13.4
• OpenSSH 5.2p1 binaries (sshd, scp and others)
• Set of userland binaries and required libraries from CentOS 5 distribution
• Appliance control scripts

Files resided in memory (ram drive)

IN2 has a ram drive that has a size of 2Mb to store files that need be changed in boot-time or run-time and to store the logs.

Symbolic links to ram drive

• /root/.ssh
• /var/run
• /var/lib/dhclient
• /etc/hosts
• /var/empty
• /var/lock
• /var/log
• /etc/sysconfig
• /etc/resolv.conf
• /var/spool

Packages for IN2

Binaries from following software was compiled manually

• busybox-1.13.4
• openssh-5.2p1

Files used in appliance were extracted from the following standard packages (from the official mirror):

• bash-3.1-16.1
• coreutils-5.97-12.1.el5
• curl-7.15.5-2.1.el5_3.5
• dhclient-3.0.5-7.el5
• e2fsprogs-libs-1.39-8.el5
• glibc-2.5-12.2
• grep-2.5.1-54.2.el5
• initscripts-8.45.14.EL-1.el5.centos.1
• iproute-2.6.18-4.el5
• iptables-1.3.5-1.2.1
• iptables-ipv6-1.3.5-1.2.1
• iputils-20020927-43.el5
• krb5-libs-1.5-23
• libidn-0.6.5-1.1
• libtermcap-2.0.8-46.1
• mingetty-1.07-5.2.2
• module-init-tools-3.3-0.pre3.1.16.el5
• openssl-0.9.8b-8.3.el5
• pcre-6.6-1.1
• perl-5.8.8-10
• procps-3.2.7-8.1.el5
• strace-4.5.15-1.el5
• SysVinit-2.86-14
• tcpdump-3.9.4-11.el5
• wget-1.10.2-7.el5
• zlib-1.2.3-3

Contents of the release directory for IN2:

Exported appliance image:

• IN2-1.0.4-1.tar

Automated build script: use this to automatically build IN2 appliance

• IN2-build-1.0.4-1.tar.bz2

Appliance sources:

• IN2-src-1.0.4-1.tar.bz2

Sources:

• busybox-1.13.4.tar.bz2
• openssh-5.2p1.tar.gz

Source rpms:

• bash-3.1-16.1.src.rpm
• coreutils-5.97-12.1.el5.src.rpm
• curl-7.15.5-2.1.el5_3.5.src.rpm
• dhcp-3.0.5-7.el5.src.rpm
• e2fsprogs-1.39-8.el5.src.rpm
• grep-2.5.1-54.2.el5.src.rpm
• initscripts-8.45.14.EL-1.el5.centos.1.src.rpm
• iproute-2.6.18-4.el5.src.rpm
• iptables-1.3.5-1.2.1.src.rpm
• iputils-20020927-43.el5.src.rpm
• krb5-1.5-23.src.rpm
• libidn-0.6.5-1.1.src.rpm
• libtermcap-2.0.8-46.1.src.rpm
• mingetty-1.07-5.2.2.src.rpm
• module-init-tools-3.3-0.pre3.1.16.el5.src.rpm
• openssl-0.9.8b-8.3.el5.src.rpm
• pcre-6.6-1.1.src.rpm
• perl-5.8.8-10.src.rpm
• procps-3.2.7-8.1.el5.src.rpm
• strace-4.5.15-1.el5.src.rpm
• SysVinit-2.86-14.src.rpm
• tcpdump-3.9.4-11.el5.src.rpm
• wget-1.10.2-7.el5.src.rpm
• zlib-1.2.3-3.src.rpm

Tests:

• in-test-1.0.4-1.tar.bz2 - test scripts

Appliance Implementation Details

Theory of operation

IN is an input gateway that provides a firewalled entry point for network traffic into an application. IN uses iptables to perform packets NAT and firewall functions. All disallowed traffic (traffic that isn't configured in appliance boundary) will be dropped by iptables.

Configuration

The configuration for IN is performed at startup time by the appliance.sh init script. It takes properties defined in appliance boundary and uses them to setup iptables rules by invoking iptables.sh script.

Logging

The IN2 appliance supports local and remote logging. The local log file resides in the usual place /var/log/messages which is located on the ram drive. This log file is automatically rotated after a size of 100K, and a maximum of 4 old versions of /var/log/messages are stored.
All local log files will be lost after appliance stop or restart.
If the log terminal of IN2 appliance is connected then the appliance will both store logs locally and send log messages via the log terminal to a remote syslog server. The syslog protocol is described in RFC 3164

Appliance scripts

The IN2 appliance contains the following files in the /appliance folder on its boot volume. These files are used to implement the appliance:

-- Main.AndriyMayevskyy - 27 Jul 2009