r9 - 08 Feb 2010 - 10:08:23 - BeckyHYou are here: Wiki >  AppLogic27 Web > CatGatewayOutCid
ALERT! AppLogic 2.7/2.8 Documentation The latest production release is AppLogic 3.0.30

OUT Gateway Implementation Design

Base Class

The LUX5 appliance image is used as the base class for OUT appliance.

Class Volumes

OUT has following volume setup: - boot volume, 100MB size, mounted as "/", writeable, instantiable. - usr volume, 125MB size, mounted as "/usr", read-only, common

The volumes contains a basic Linux installation inherited from base LUX5 appliance and the next additional software:

  • Netfilter and IPTables for routing and NAT

Below is a list of the software packages installed.

Packages for OUT

Installed packages:

  • audit-libs-1.3.1-1.el5.i386.rpm (LGPL)
  • basesystem-8.0-5.1.1.el5.centos.noarch.rpm (public domain)
  • bash-3.1-16.1.i386.rpm (GPL)
  • beecrypt-4.1.2-10.1.1.i386.rpm (LGPL)
  • bzip2-1.0.3-3.i386.rpm (BSD)
  • bzip2-libs-1.0.3-3.i386.rpm (BSD)
  • centos-release-5-0.0.el5.centos.2.i386.rpm (GPL)
  • centos-release-notes-5.0.0-2.i386.rpm (GPL)
  • chkconfig-1.3.30.1-1.i386.rpm (GPL)
  • coreutils-5.97-12.1.el5.i386.rpm (GPL)
  • cpio-2.6-20.i386.rpm (GPL)
  • cracklib-2.8.9-3.1.i386.rpm (Artistic)
  • cracklib-dicts-2.8.9-3.1.i386.rpm (Artistic)
  • crontabs-1.10-8.noarch.rpm (Public Domain)
  • cyrus-sasl-lib-2.1.22-4.i386.rpm (Freely Distributable)
  • db4-4.3.29-9.fc6.i386.rpm (GPL)
  • device-mapper-1.02.13-1.el5.i386.rpm (GPL)
  • dhclient-3.0.5-7.el5.i386.rpm (distributable)
  • diffutils-2.8.1-15.2.2.i386.rpm (GPL)
  • e2fsprogs-1.39-8.el5.i386.rpm (GPL)
  • e2fsprogs-libs-1.39-8.el5.i386.rpm (GPL)
  • ed-0.2-38.2.2.i386.rpm (GPL)
  • elfutils-libelf-0.125-3.el5.i386.rpm (GPL)
  • ethtool-5-1.el5.i386.rpm (GPL)
  • expat-1.95.8-8.2.1.i386.rpm (BSD)
  • file-4.17-8.2.i386.rpm (distributable)
  • filesystem-2.4.0-1.el5.centos.i386.rpm (Public Domain)
  • findutils-4.2.27-4.1.i386.rpm (GPL)
  • gawk-3.1.5-14.el5.i386.rpm (GPL)
  • gdbm-1.8.0-26.2.1.i386.rpm (GPL)
  • glib2-2.12.3-2.fc6.i386.rpm (LGPL)
  • glibc-2.5-12.2.i386.rpm (LGPL)
  • glibc-common-2.5-12.2.i386.rpm (LGPL)
  • gpg-pubkey-e8562897-459f07a4.(none).rpm (pubkey)
  • grep-2.5.1-54.2.el5.i386.rpm (GPL)
  • gzip-1.3.5-9.el5.centos.i386.rpm (GPL)
  • info-4.8-14.el5.i386.rpm (GPL)
  • initscripts-8.45.14.EL-1.el5.centos.1.i386.rpm (GPL)
  • iproute-2.6.18-4.el5.i386.rpm (GNU GPL)
  • iptables-1.3.5-1.2.1.i386.rpm (GPL)
  • iputils-20020927-43.el5.i386.rpm (BSD)
  • krb5-libs-1.5-23.i386.rpm (MIT, freely distributable.)
  • less-394-5.el5.i386.rpm (GPL)
  • libacl-2.2.39-1.1.i386.rpm (LGPL)
  • libattr-2.4.32-1.1.i386.rpm (LGPL)
  • libcap-1.10-26.i386.rpm (BSD-like and LGPL)
  • libevent-1.1a-3.2.1.i386.rpm (BSD)
  • libgcc-4.1.1-52.el5.2.i386.rpm (GPL)
  • libgssapi-0.10-2.i386.rpm (GPL)
  • libhugetlbfs-1.0.1-1.el5.i386.rpm (LGPL)
  • libhugetlbfs-lib-1.0.1-1.el5.i386.rpm (LGPL)
  • libselinux-1.33.4-2.el5.i386.rpm (Public domain (uncopyrighted))
  • libselinux-python-1.33.4-2.el5.i386.rpm (Public domain (uncopyrighted))
  • libsemanage-1.9.1-3.el5.i386.rpm (GPL)
  • libsepol-1.15.2-1.el5.i386.rpm (GPL)
  • libstdc++-4.1.1-52.el5.i386.rpm (GPL)
  • libsysfs-2.0.0-6.i386.rpm (LGPL)
  • libtermcap-2.0.8-46.1.i386.rpm (LGPL)
  • libuser-0.54.7-2.el5.1.i386.rpm (LGPL)
  • libvolume_id-095-14.5.el5.i386.rpm (GPL)
  • logrotate-3.7.4-8.i386.rpm (GPL)
  • m2crypto-0.16-6.el5.1.i386.rpm (BSDish)
  • MAKEDEV-3.23-1.2.i386.rpm (GPL)
  • mcstrans-0.1.10-1.el5.i386.rpm (GPL)
  • mingetty-1.07-5.2.2.i386.rpm (GPL)
  • mktemp-1.5-23.2.2.i386.rpm (BSD)
  • module-init-tools-3.3-0.pre3.1.16.el5.i386.rpm (GPL)
  • ncurses-5.5-24.20060715.i386.rpm (distributable)
  • net-tools-1.60-73.i386.rpm (GPL)
  • newt-0.52.2-9.i386.rpm (LGPL)
  • nfs-utils-1.0.9-24.el5.i386.rpm (GPL)
  • nfs-utils-lib-1.0.8-7.2.z2.i386.rpm (GPL)
  • openldap-2.3.27-5.i386.rpm (OpenLDAP)
  • openssh-4.3p2-16.el5.i386.rpm (BSD)
  • openssh-clients-4.3p2-16.el5.i386.rpm (BSD)
  • openssh-server-4.3p2-16.el5.i386.rpm (BSD)
  • openssl-0.9.8b-8.3.el5.i686.rpm (BSDish)
  • pam-0.99.6.2-3.14.el5.i386.rpm (GPL or BSD)
  • passwd-0.73-1.i386.rpm (BSD)
  • patch-2.5.4-29.2.2.i386.rpm (GPL)
  • pcre-6.6-1.1.i386.rpm (BSD)
  • perl-5.8.8-10.i386.rpm (Artistic or GPL)
  • popt-1.10.2-37.el5.i386.rpm (GPL)
  • portmap-4.0-65.2.2.1.i386.rpm (BSD)
  • procps-3.2.7-8.1.el5.i386.rpm (GPL)
  • psmisc-22.2-5.i386.rpm (BSD/GPL)
  • python-2.4.3-19.el5.i386.rpm (PSF - see LICENSE)
  • python-elementtree-1.2.6-5.i386.rpm (PSF)
  • python-sqlite-1.1.7-1.2.1.i386.rpm (GPL)
  • python-urlgrabber-3.1.0-2.noarch.rpm (LGPL)
  • readline-5.1-1.1.i386.rpm (GPL)
  • rpm-4.4.2-37.el5.i386.rpm (GPL)
  • rpm-libs-4.4.2-37.el5.i386.rpm (GPL)
  • rpm-python-4.4.2-37.el5.i386.rpm (GPL)
  • sed-4.1.5-5.fc6.i386.rpm (GPL)
  • setup-2.5.58-1.el5.noarch.rpm (public domain)
  • shadow-utils-4.0.17-12.el5.i386.rpm (BSD)
  • slang-2.0.6-4.el5.i386.rpm (GPL)
  • sqlite-3.3.6-2.i386.rpm (Public Domain)
  • sysfsutils-2.0.0-6.i386.rpm (GPL)
  • sysklogd-1.4.1-39.2.i386.rpm (GPL)
  • SysVinit-2.86-14.i386.rpm (GPL)
  • tar-1.15.1-23.el5.i386.rpm (GPL)
  • tcpdump-3.9.4-11.el5.i386.rpm (BSD)
  • tcp_wrappers-7.6-40.2.1.i386.rpm (Distributable)
  • termcap-5.5-1.20060701.1.noarch.rpm (Public Domain)
  • tmpwatch-2.9.7-1.1.el5.1.i386.rpm (GPL)
  • tzdata-2006m-2.fc6.noarch.rpm (GPL)
  • udev-095-14.5.el5.i386.rpm (GPL)
  • usermode-1.88-3.el5.i386.rpm (GPL)
  • util-linux-2.13-0.44.el5.i386.rpm (distributable)
  • vim-minimal-7.0.109-3.i386.rpm (freeware)
  • vixie-cron-4.1-66.1.el5.i386.rpm (distributable)
  • wget-1.10.2-7.el5.i386.rpm (GPL)
  • which-2.16-7.i386.rpm (GPL)
  • xen-ukrnl-3.2.2-17.i386.rpm (GPL)
  • xen-umods-3.2.2-17.i386.rpm (GPL)
  • yum-3.0.5-1.el5.centos.2.noarch.rpm (GPL)
  • zlib-1.2.3-3.i386.rpm (BSD)

Contents of the release directory:

Exported appliance image:

  • OUT-2.4.5-1.tar

Automated build script: use this to automatically build OUT appliance

  • OUT-build.2.4.5-1.tar.bz2

Appliance sources:

  • OUT-src-2.4.5-1.tar.bz2

Source rpms:

  • iptables-1.3.5-1.2.1.src.rpm

Tests:

  • out-test-2.4.5-1.tar.bz2 - test scripts

Appliance Implementation Details

Theory of operation

OUT is an output gateway that provides access to a single network host located outside of an application. OUT uses iptables to perform packets NAT and firewall functions. All traffic that is not initiated by application is dropped by iptables. If remote host is defined by hostname OUT will periodically query DNS servers for hosts ip address changes and reconfigure itself to use new address.

Configuration

The configuration for OUT is performed at startup time by the appliance.sh init script. It takes properties defined in appliance boundary and uses them to setup iptables rules by invoking iptables.sh script.

Appliance scripts

The OUT appliance contains the following files in the /appliance folder on its boot volume. These files are used to implement the appliance:

File Type Description
appliance.sh Bash script Appliance main controlling script - invoked when the appliance is booted.
appliance_netsetup.sh Bash script Invoked early from appliance.sh to setup external network.
gethost.pl Perl script Auxiliary script to resolve host name to ip address
getifip.pl Perl script Auxiliary script to find the IP address of interface
iptables-bkrules.sh Bash script Sets the backup iptables rules set. Executed by iptables.sh when the main rules set fails.
iptables-fwrules.sh Bash script Sets the main iptables rules set.
iptables.sh Bash script Configures iptables rules. Invoked from appliance.sh.
dnspoll.pl Perl script Auxiliary script to rum monitorip.sh if the remote_host property isn't numeric ip address
monitorip.sh Bash script Auxiliary script to monitor ip address changes if the remote_host property isn't numeric ip address by periodic DNS server poll
printallip.pl Perl script Auxiliary script to print all the IP addresses resolved from remote_host

-- Main.AndriyMayevskyy - 20 Jan 2010

 
Copyright © CA 2005-2011. All Rights Reserved.
%