Categories: "Networking" or "WiFi"

Pages: 1 3 4 5 6 7 8 9 10 11 ... 16

03/31/17

  02:37:00 pm, by The Dreamer   , 1149 words  
Categories: Software, Networking

TP-Link TR-WR1043ND DoS Protection Feature and QUIC

So, discovered a problem with QUIC and my TP-Link TR-WR1043ND router the other day.

I have DoS security enabled on my, which will block hosts for ICMP-flooding, UDP flooding or TCP-SYN flooding. The default is for a 10 second sampling period, and triggers on 50 ICMPs or 500 UDPs or 50 TCP-SYNs....

Well, I fired up Chrome on my Mac (default browser is Safari, but it wouldn't open my HSA's website) And, suddenly, my Mac lost all Internet connectivity. Could still access all my local network devices, and then found that other devices (iPad) on my home network could still reach the outside world. Rebooting the Mac didn't help, nor did rebooting cable modem or router.

So, connected to my router from the Mac, to see if there any mysterious setting change (access controls?) that was getting in the way. When I happened to look at statistics, and it showed that I had hit a max of 563 udp packets during a 10 second window (to have DoS protection, statistics needed to be enabled. Which lead me to the DoS protection feature.

For some reason I had assumed it meant WAN side DoS, though it just says "protect the Router from being attacked by TCP-SYN Flood, UDP Flood and ICMP-Flood" It's from here that I can also control if it should respond to ping's on the WAN side and/or LAN side. I have it allowed for both, since ping is part of my internal Nagios check of it, and I used to have DSLreports pinging to generate latency graphs...

But, I guess it makes sense that it does internal hosts (as well?) To protect against a computer on my home network getting compromised and become a bot. Though that hasn't happened yet, as I have generally kept up with things at home.... (such as need to have antivirus software on my Macs... tried a number of free ones, but eventually purchased ClamXav, which I had used it when it was free to protect my work Macs.

So, what would be a reasonable setting for UDP-Flood protection that won't trigger due to Chrome's / Google's use of QUIC for https....likely due to having not used Chrome in a while, and it needing to update many of my extensions/apps as well as itself and other things. Though I still need to work out sync of bookmarks between my different browsers....

When looking at blocked hosts, found that my MacBookPro was also in the list, wonder when that had happened, as its been sleeping for some time now....plus I can't recall if I've gotten around to installing Chrome on it. Need to find a way to synchronize some/all of my apps between Macs.... The MacBookPro had reached a peak of 654 UDPs.... wonder if there's some way to monitor when it has blocked a host, etc. Didn't report anything in its internal logging, or daily email of logs.

Pages: 1· 2

10/23/14

  09:11:00 pm, by The Dreamer   , 2054 words  
Categories: Stuff, Computer, Networking, Home, Healthcare, Printers

Replacing Batteries in my first PowerSource 400 ... then second and more.

Back on November 25h, 2013: I started writing this post:

According to this blog, I received this PowerSource 400 on January 21st, 2008 - click here

In answer to the question at the end of that post, the answer was yes. There are 5 other PowerSource 400's in service in my home.

Anyways...back on October 28th (my 45th birthday &#59;D ), about an hour after getting into bed there was a power blink....I recall being woken by the PowerSource 400 in the bedroom, but I was still able to breath, so I eventually went back to sleep. I woke in the morning to find that half my network had been down for quite some time, though I didn't see any alerts on the security system control pad.

This being the "network closet" UPS...it was providing backup power for my DSL modem, its associated router, the switch that connects the various rooms in my home together, namely the "living room" and the "back bedroom". Not sure which AP the "side bedroom" was connected to. Though the power outage knocked out my laser printer, which I haven't felt the urge to find out why. Really need to work on finding a more accessible location for it, or work on reversing the entropy in my nuclear room(s)... especially since my other printer is circling the drain, and not sure when I'll get around to getting the new inkjet printer that I've been eyeing.

Restarting the UPS, was when I finally got alerts from my security system. It was a combination of events that happened when I cycled power and events that had been waiting for the return of connectivity. The security system's primary connection is broadband, but it also has a phone line for backup (there's a cellular option, but its been out of stock whenever I've felt the urge to splurge for it....though I kind of have cellular backup anyways....)

It was the return of power that caused it to report loss and recovery of the phone line, along with the queued messages of broadband and power outages, with restores of all... Its built in backup battery had kept it up during the outage (approx 8.5 hours). The phone line from the base station is connected to an ObiHai OBi110. Which has an FXO port to allow selection of analog phone service, or in the event an outage pass through to this. In normal operation the OBi110 is making my Google Voice available to my regular phones, where the OBI110 is configured to use my other Internet gateway. The FXO port is connected to a Cobra PhoneLynx Bluetooth Cell to Home Phone Adapter which is associated with a phone with AT&T prepaid service.

Though I plan to at a later date replace both the OBi110 and PhoneLynx and cellphone with an At&t Wireless Home Phone Base. Which I have sitting, waiting for when I get around to it.

The plan is the OBi110 will move to the living room for use there, though its in associating with the planned inkjet printer replacement.

So, its time to replace the batteries...guess I'll do research on where I can get a pair. Hmmm, it uses the same kind as the pair I had replaced in my SmartUPS 1400 back on October 10th (it went around October 5th, and I ordered them on the 6th). The site provides discounts if you buy multiples. I got 5% off for getting 2, would've gotten 7% off for getting 4, or 8% off for getting 6 (9% for 8 and 10% for 10+).

I hesitate, since I'm waiting to see how the recent problem with BillMeLater goes...so needs to be sometime after Nov 5th to order. Meanwhile a storm comes in on November 3rd, and power is blinking like crazy...and I'm constantly restarting the PowerSource 400. Finally I take it out of service, and everything is just in a regular surge strip. Things remain stable (dbox stayed up straight) until this morning. But, feel that I need to put the PowerSource 400 back into service before my annual Thanksgiving trip.

After much procrastination, and lots of searching. I settle on ordering 4 such batteries from an eBay seller on November 14th. Plan to replace the batteries in my second PowerSource 400 soon, since it was purchased on December 31st, 2008 and provides backup power for my CPAP. (see here).

And finally, this morning, I decided that I've put it off too long and to replace it this morning.

Which was a challenge....

There was supposed to be a page 3, but all I had typed was the page break...so had to figure out how to open it up again. Aside from the 4 corner screws, I remembered that there's a screw behind the sticker in the middle. But, I forgot the rivets in the bottom, and that both parts need to be extracted.

Once opened, I started to disconnect the batteries, and once again threw sparks and added another mark to my screwdriver. Taking a step back, I decided there's an order of operation involved here. The answer is start with the outside connections, and then the inside ones. And, then reverse it. This time I knew the side panels interlock with the batteries to help lock them into place, so made sure the wires were clear, I noted that the neural wire for the front outlet had a kink, I made sure that all the wires were in the channel while buttoning things back up.

Surrounding this, was the challenge of getting it out from behind my headboard, though while I was down there, I found a couple missing packages of mask diffusers, I knew I wasn't using them up that quickly, but couldn't figure out why I kept running out. There was one Xyrem pill bottle, I had one night knocked both down...luckily while the empty (first dose) one went all the way down, the other was just wedged between mattress and headboard in upright position. Since I use bottles longer than a month, I usually go by how grungy the caps get...since I customize the bottles, so I can tell the two apart by touch, which matters when one has a larger dose than the other....and the caps get grunge depending on how many nights I overfill (have always had a problem measuring drinks that way.... :> ) Or how often they get tipped...

There were also as expected a bunch of nasal inhalers of various types...such as ones from: Olbas, Benzedrex, and Vicks.

Pages: 1· 2

02/13/14

  02:24:00 pm, by The Dreamer   , 2255 words  
Categories: Digital Photography, Travel, Networking, WiFi, Chromebook

Travel Router - ZuniDigital ZTRP150

Link: http://www.zunidigital.com/?page_id=222

Some time before I bought one, I had often wished I had a Travel Router during my travels. And, I know I looked at whether it would be possible to use my Linux laptop as such.

But, then on November 25th, 2011, Black Friday....meaning I was at Chicago TARDIS at the time....I had on the spur of the moment ordered the ZuniConnect ZTRP150 WiFi Travel Router with USB Charging by ZuniDigital from NewEgg.com.

As I recall, it then sat around for months until I finally set it up, in preparation for possible use on my next trip....Gallifrey One in 2012.

The turn hotel ethernet into WiFi for all my gadgets was really nice, since most hotels only allow one device per room to register for its free or pay wireless. (though I heard some allow pay per device....) But, my reasoning at the time was the large number of Eye-Fi cards that I have in my collection, which are unable to connect to such WiFi, even when its free and its just an EULA page that needs to be accepted.

Otherwise, I wasn't too WiFi dependent gadget heavy then....I could use 3G on my smartphone, and my Kindles all did 3G or something (either exclusively or later with WiFi...I had started carrying the Kindle Fire, original, on trips....so it was the first that would benefit from a travel router.)

It was November 23, 2012 that I started my journey into the world of Chromebook (I had preordered it, and that's when it shipped....at first I was traveling with both my Linux laptop and the Chromebook, but for some time now...I've been going with just the Chromebook. Which has been challenging, like now I can't add SSIDs to my eye-fi cards on the road. So, I have to hope that I got the right ones pre-added to the cards. Along with some of the ones I know what will work, like the SSID for my MiFi2200 or later tethering off of my HTC One (I got the 5GB tethering plan, because lower tiers weren't eligible for employee discount and I had been looking to upgrade from MiFi....but hadn't found a reasonable pay as I go, but can't be activated because I don't live in an area that's covered by it.

Though I did consider exiting the Smartphone crowd and getting a contract Mobile Hotspot, but there isn't anything in an Android 4.3/4.4+ equivalent to iPod Touch....or WiFi only smart phone ???

Now, I guess I've been lucky with the ZuniConnect, which has two modes, Router or WISP. It has both a WAN and LAN port, so there's lots of different ways it could be used.

Long before this, I already had a RoadWarrior travel Ethernet cable in my carry on....so I wasn't stuck if the room only had a jack. And, the router mode was all I needed. It was pretty much plug it in and go everywhere that I stayed.

That was until my previous trip....the one to visit my brother and parents for Christmas. The hotel I stayed at didn't have Ethernet in the room. I had never looked at WISP, but knew it was something I was going to need to use eventually.

Well, it was a bust, because WISP is largely a different configuration in the router, because I would see ZuniConnect or something as an SSID sometimes, but not be able to connect to it. Not sure I know how to connect Chromebook to WPS, or if its possible. etc. But, in the end found that the only way to configure WISP is through ethernet. And, none of my devices had ethernet ports. (I'd still be screwed if I had a MacBook Air along....)

So, I made a note to investigate alternative Travel Routers and to acquire a USB Ethernet adapter for my Chromebook, etc. I eventually got both as part of a larger order from Amazon.com on Jan 22, 2014. I got a "Plugable" USB Ethernet adapter, because it was specifically listed as an adapter from Chromebook. And, I got a TP-Link TL-WR702N, Which sounded like it also did all I wanted, had been favorably reviewed and I've been pretty happy with the TP-Link TL-WR1043ND router that handles my Cox connection to the world....doesn't do all the stuff I liked doing with DD-WRT (though I could DD-WRT it)...but its been rock solid, and since I've moved to running nginx reverse proxy on a DMZ host, the 16 port forwarding limitation isn't an issue. QoS might start to become a concern though. But, I still primarily do that through DD-WRT on AT&T connection to the world. Some day I think I want to try pfSense....

But, that hotel stay wasn't a problem since they're WiFi access was controlled by a password that is given out at check-in....so I could connect all my devices to the WiFi without problems.

Anyways....these items sat around in their packages, until the night before I was to depart for Gallifrey One 2014.

The USB Ethernet adapter just worked and wasn't a problem (though I haven't registered its MAC with my network, which only does reserved DHCP ... its on my list to create a guest network, which can be helpful for discovering MAC address of devices that don't have them printed anywhere on them. But, it hasn't been an issue with wireless devices, since those failed attempts show up in my radius log. Which probably also shows up in the dhcp log (I suppose I should set those logs to forward to zen, so I can see them and add them to the appropriate files in CFEngine 3 repository....still haven't gotten cf-runagent working though.)

The TP-Link TL-WR702N was another story. Again it looks like it needs to be configured manual for WIFi Bridging through its ethernet port, but the ethernet port being dual mode LAN or WAN, its out of scope for its built-in DHCP (which is also disabled by default...) Also of annoyance was that its SSID was fixed, couldn't tailor it to my convention, but rather its own convention ending with the last 3 octets of its MAC. Where the default password is the last 4 octets. It does allow you to change the password, along with other encryption settings, or go open. It has a dropdown list for channel, which had defaulted to AUTO. But, it won't allow you leave the page until its been changed to be the same channel as the selected WiFi. Seems its a flaw with all WISP, that they attach to BSSID.... I have two APs at home, both with the same SSID, but different BSSID (of course) and different channels. Yet, my bedroom is still in a hole.... :))

Could be interesting in a hotel environment where there's going to to be many different BSSID/Channels, which might change throughout the stay.

But, I ran into a problem. I couldn't not get my Chromebook to connect to the Ethernet port. It didn't do DHCP, but Chromebook has options to set things manually, but Chromebook still wouldn't connect. I suspect there's something Chromebook expects to get answers for to determine that the connection makes sense, and the TP-Link doesn't do it. At first I thought the Chromebook was expecting a fully usable Internet connection....which doesn't make sense, since its able to use captive portals, though often the captive portals only block http/https initially, or provide/leak enough to satisfy my Chromebook.... That was until this Gallifrey One trip....

Full story »

01/19/14

  04:22:00 pm, by The Dreamer   , 2308 words  
Categories: Networking, FreeBSD, Printers

HP Officejet Pro 8600 Plus e-All-in-One Printer - N911g

So, near the end of July, I started investigating (once again) on replacing my HP Photosmart 8450xi (which was now over 8 years old....bought it on June 30th, 2005 - Back from Vacation Tech Buying Spree?...setup on July 9th, 2005 - link

I had started looking some time before this, but was put off for a bit due to my experiences with the Brother DCP-7065DN -- link, since it seemed most of the choices out there were GDI and I'm moving to more and more heavily FreeBSD as my primary operating system.

Especially since it appears that 'box' finally called it quits on December 2nd, before I had started my journey home from Chicago TARDIS that day....and orac is inching close to its end, as the pair of ST2000DL003's which evidently only had 1 year warranties from June/September 2012 started going shortly into the new year. I was trying to use ddrescue to force sector remapping on the first drive, when the other drive has decided to vanish permanently. I had thought it was was DM's that had 1 year and DL's that had 5 years, perhaps I had it backwards....or its a question of when I purchased them, or how they were packaged.

Checking my order history, I purchased one drive on June as a bare drive and later in September as a retail kit. I haven't yet pulled the drives, so I can't look up the serial number for the vanished one, but Seagate's website says the one that is responding is out of warranty. Even if the other drive is still under warranty, not sure I want to deal with getting it exchanged for a refurb to create a solo 2TB drive. Can't think of not wanting raid given what I'll likely use it for. And, not sure I'd buy a different 2TB drive to be its mate (and it won't work with my other 2TB arrays, since its an advanced format 2TB drive...while the lraidz2 pool on zen used legacy format 2TB drives (which limits options of growing it non-destructively.)

Fortunately, I had copied one of the big volumes from it over to zen (along they way it got corrupted, so had been trying to copy it back from zen when the other drive died). And, files of the other volume (my pyTiVo store) should all be in backup, where I don't have space on zen to restore them yet.... I have pyTiVo on zen, but the content under it is different...and larger, so much that it is currently not being backed up. I haven't gotten made much progress on building the second backup server....guess I'll need to look at this sooner than later.

And, now it seems the other 2TB RAID-1 array on orac is dying. I just went ahead and failed the drive that was giving it issues. Not sure what to do with it...suppose I could try ddrescue on it and see what happens. The big volume on it had also been copied over to zen, so guess I'll update my HSTi's to point to zen instead of orac for their content. Another used to be for Time Machine backups, but I had moved that over to zen when I set up the new work laptop to do Time Machine backups on my home network. I was using that space as overflow from pyTiVo. And, another was for backups of various things, which I had stopped adding to as new backups are going to zen now. Its things like regular backups of my websites at dreamhost and 1and1, my router configs, serial console servers, and some other backups. I was also replicating some directories on zen to orac as backup (left over from when zen was a Windows 7 PC....which saved me from losing everything when it scrambled itself.)

But, back to my printer quest.

Full story »

08/04/13

  12:25:00 pm, by The Dreamer   , 633 words  
Categories: Software, Computer, Networking

Apparently my dd-wrt does loopback now

A couple months ago I asked if mosh could be made to work if the mosh-server IP changes when roaming between networks.

Years ago, I used to have routers that did 'loopback', but haven't had ones capable of it for sometime...or so I thought. Though I hadn't really had a major need for it. Except perhaps for mosh.

mosh, MObile SHell, is an ssh replacement that supports roaming and intermittent connectivity. Since I do my IRC using irssi in screen, running all the time on a server at home. This makes staying connected to IRC on my laptop much nicer. I can close my laptop, and later open it and it'll still be connected to my screen session.

The problem was when I came home, I'd be unable to recover the connection correctly and the client goes into an unrecoverable state, so that even if I later use my laptop on an outside network the mosh session won't resume.

But, today I opened my laptop (and I just realized that I didn't do what I had intended to do) and I just minimized the window out the of the way...even though it probably wouldn't recover on Monday at work. But, the dock icon showed that something wanted my attention....probably mosh-client giving up? No. Well, my nick had come up a couple of times yesterday, but it shouldn't have known that....but not really thinking, I switch to the channel. And, it does. I switch around and its working. Wait...it shouldn't be though! :!:

So what changed? I do a tcpdump and see that it is connecting to my WAN IP and getting responses from my WAN IP....'loopback' never worked for me though....

:idea: Perhaps its 'loopback' of port forwards that has never worked....

I had moved irssi from box to dbox a while back. The router has two port forwards set related to this to box, a single port TCP forward and port range UDP forward.

But, because my other router is running stock firmware, it has a limited number of port forwards...so as I was migrating services to cbox (and using nginx to reverse proxy web services on other systems on my home network, where those that use a webserver are using apache, including local services...such as cacti on cbox and nagios on dbox), I decided that I would just make cbox the DMZ host...start running host based firewalls at home, especially on this host (it also uses an IP alias...kind of like how we do hosts behind the BigIP at work &#59;D )

So that means no port forward(s) for my dd-wrt router for WAN to dbox....so I guess the NAT allows 'loopback'ng in this case.

Wonder if the same applies to my other router.

The only problem this causes is that I had plans to replace routers. I actually have a new router to replace the current stock router....though I haven't got anything that really needs to speed upgrade to 802.11ac yet in the room where I using wireless bridging. I also had plans to replace my dd-wrt router, which had started getting unreliable which they seem to do after a while....though it seems to have helped after I deleted old traffic data....

Full story »

05/24/13

  08:20:00 pm, by The Dreamer   , 509 words  
Categories: Home Theatre, WiFi, Storage, Samsung UN50ES6500F, FreeBSD, VirtualBox

I got another HSTi Wireless Media Stick

Link: http://hsti.com/products/wirelessmediastick

I had acquired my first HSTI Wireless Media Stick back on April 24th, 2011 (from a marketplace seller on Amazon.com)...it took some time to arrive and I blogged about it on April 30th, 2011 -- Getting local content to show on my Roku XDS.

Now my Roku has moved to my other HD display (24" 1080p), but that was before my old Samsung HDTV (43" 720p) regenerated into a Samsung Smart 3DTV (50" 1080p).... so I'm back to living room TV being my main viewing device for all content, though TiVo has a box that I could connect to the smaller display to access my TiVo content there....which I may want to get at a later date. The majority of content I watch is from TiVo...one of these days I need to setup my blu-ray player so I can get back into watching DVDs (not sure when I'll have blu-ray discs, but need to get back on my netflix backlog).

But, the other day I had an mp4 file that I needed to play....and I thought I should get someway to do that to my 50" HD display... Had to settle with using the Roku for a bit. And, decided that the plan will be to acquire another HSTi Wireless Media Stick.

After searching around online, eventually found that ordering directly from HSTi was the only option now. So, I ordered another one on May 17th. It arrived yesterday. But, I didn't set it up until I got home from work today. Somehow I had forgotten again that HSTi is in Calgary, Alberta. Not that I'll be going up there in the immediate future....

Anyways, no big surprises...good thing I had solved my USB2.0 and Windows 7 in VirtualBox on FreeBSD problem (got a Silex SX-DS-4000U2). I'm sharing TARDIS from orac to it still, since I don't yet have a replica on zen yet (need to free up space). Though when I moved the HSTi Wireless Media Stick it had forgotten the share, so had to pull up web again and add it back. Interesting that its graphic shows the itself, while the graphic on my older stick is that of the original Wireless Media Stick (it used to be the correct graphic, but after an update it keeps showing the graphic of the older version.) Though this one came from the factory with the latest firmware, so who knows what'll happen when there's an update.

Was interesting using the SmartTV to view it, though wonder if it'll be a problem with it constantly discovering the stick every time I turn it on and presenting dialogs and such. Afterwards I tried the Amazon app to see if that was working yet....it was still saying I needed to update my TV, though this time there was an update....and now that works. Which might make it interesting to decide on what I should do. The only problem with using the SmartTV versus some other viewer....the TV is only 2.1 audio while other routes I can get 5.1, and its a different input on my receiver....

Oh well, back to other projects....

04/18/13

  12:47:00 pm, by The Dreamer   , 1259 words  
Categories: Software, Networking, AT&T DSL, Broadband, CFEngine

Zoom ADSL X3 5760 & Cacti

It was a dark and stormy...late afternoon...yesterday, and....

I had started out almost 7 years ago with a Siemens 4100 DSL Modem, which worked the way I needed it to for my home network. And, wasn't sure how easy it would be to find another like it. I was running it in the cross between router and bridge mode...so that my router could maintain my dyndns info (though it wasn't too long after that I moved that to ddclient on box, which has been more reliable...but I was having ddclient scrape from the router, though the ddclient for the router on my Cox connection wasn't supported so that uses checkip.dyndns.org. So, now both do.

Would probably be too much work to make ddclient go out on the right IP so that ip route will send it to the DSL router, so it can query the DSL modem for what the real external IP is. Though the new cbox/dbox setup would simplify things....but the migration has stalled as I've been working on getting cacti moved from box...and it hasn't been going well. Lots of old templates and such don't work on the new, so I've been reworking what I feel I can't live without....

That includes the graphs of my DSL modem stats....

Anyways....when the Siemens 4100 started dropping the connection a lot (around the 3 year mark) and changing the filter didn't help, I had heard that these things wear out... So, I tracked down a new Siemens 4100 on eBay...and switched to that....and that got things working again.... Then a couple years ago, things go bad consistently....though I could see from my cacti graphs that SNR drops in the evening. Though I wasn't able to get local service to restore/fix things. I tried the AT&T forum on dslreports.com, and they changed me to Interleaved, which helped....

But, I had started shopping around for a new DSL modem.... somewhere in my journey's I acquired a Zoom ADSL X3 5760 Modem. But, since things were working...I put it aside as my spare for when things stop. Seems I've had it so long that its no longer available....got it July 9, 2012 according to Amazon.com

For a while now, it would drop the connection now and then during the week (between its weekly self-reboot)...at first I suspected the router, since its twin had gone away in much the same way several months earlier. Though the router do also have failsafe configured, so if it can't talk (ping) to box or the WAN gateway...it reboots. Though at some point AT&T made their gateways unpingable. So, it was pinging google.

But, on April 6 it got really bad....my IRC connection was resetting practically constantly. Though since I had swapped the router before, and swapped it again. Though maybe now I wonder if its watchdog was too aggressive. Things were usable, but the line drops would be annoying. Also the IP staying the same through drops didn't make me question the DSL modem.

But, then on April 13, things start getting really bad....and I was getting 50+ messages a day from ddclient that my IP changed. It seemed to stablize a bit on Monday....though it was still dropping regular enough that I switched to using Cox for my IRC screen session. Was going to defer to the weekend to make the swap.

Well, yesterday the weather was bad...lots of lightning, rain....and I first display I looked at when I got home said "NO INTERNET". Though it was probably a temporary outage, because it did appear to eventually come back while I was working on unboxing my 'new' DSL modem. And, try to figure out how to set it up without the Windows wizard it provides or the lack of documentation with it...there was a small CD, which didn't really provide much depth....but I found what IP it would be and that it has web interface....it also has a telnet interface and an FTP interface.

Anyways...it turned out to be pretty straight forward getting it working...the hard part was figuring out what the non-default options meant, and whether I would want them.... the main one I turned on was "fullcone NAT". And, I set my router in with a reserved IP and made it DMZ host, so I can keep all my forwards there...plus the Zoom is limited to 16, which isn't enough .... though this may change when I make use of its DMZ feature as well (doing reverse proxy on cbox/dbox to everywhere else on my home network...running firewall on these boxes already, to implement policy based routing.) And, enabling ICMP on the WAN interface (its also possible to enable http, ftp and telnet on the WAN interface as well.)

Getting it working in Cacti again, turned out to be much harder.

Full story »

Pages: 1· 2

04/07/13

  11:29:00 pm, by The Dreamer   , 2462 words  
Categories: Hardware, Software, Computer, Networking, Operating Systems, Ubuntu, FreeBSD, CFEngine

The home servers migration got off to a rough start...

My 10.04LTS servers are nearing the end of the line, but the move to get them upgraded is starting to get close....

At first I was waiting for the 12.04.1LTS update to appear, so that I might try upgrading them to Precise. But, then it struck me that it struck me that it might be time to replace one of the servers with new hardware.

The boxes had been servers for many years now, but in 10.04 they dropped support for 32-bit hardware as servers....which means one of my servers, and the more important one...is nearing EOL.

So, back in August....I came across a Shuttle XS36V open box on newegg.com....so I ordered one, along with an 8GB SODIMM memory set (a pair of 4GB)....the computers support a maximum of 4GB, but in my mind I was thinking that if this worked, I might get another to make a pair.

But, then it sat around as I go on to other projects....I had figured on using one of the 120GB SSDs that I had acquired earlier....

Realized what was strange about these boxes was they had serial ports, so I started thinking about network serial and setting these boxes up headless. Since I had done a server at work for serial with FreeBSD, I got to thinking that I would do the same with this. Plus I was really finding to be much more predictable/stable than Ubuntu....something that's good in a server.

I started revising the plans as I went....ended up deciding that I would have one that is default cable and one that is default dsl, and running the usual core...one would be master DNS, and the other one be the primary slave....just as one would be primary DHCP and the other secondary....both would do freeradius. Both would NTP servers. Both would do mail, though zen is my main mail system. They would have both apache and nginx on them...apache to run local web services....and nginx doing reverse proxy to the other web apps on my home network (kind of important since current cable router is a step back with it only supporting 16 port forwards....though I have a replacement that I'll get to setting up some day...)

Then while I was poking around on newegg.com, spotted that there was another open box Shuttle XS36V....so now I had two boxes. I had picked up once Cyclades ACS1 earlier on ebay, so I got a second....a 'new' one for about the same price. Just needed to find time. Perhaps after FreeBSD 9.1 drops.

Well, it dropped....but I still wasn't ready...now I needed some SSD drives for the machines. So, I used the $30 in RewardZone for the new TV I had gotten in September, and picked up a pair for 128GB SanDisk Extremes. And, then I started setting up the ACS1s....hmmm, wonder if I have any serial cables. Okay, I'll buy some of those first.... I end up ordering from TigerDirect, as they have a better price on RJ45 to DB9 adapters....not that I need them for the actual ACS1 to Shuttle XS36v connection...that's just a 9F to 9F null modem cable.

Pages: 1· 2· 3· 4

02/05/13

  08:10:00 am, by The Dreamer   , 428 words  
Categories: General, Networking

Pinterest supports Internet Censorship

It has been about 20 months since I took the EFF Tor Challenge:

Operate a Tor relay to help Tor users all over the world!

Activists worldwide use Tor to protect their anonymity online and to circumvent Internet censorship. But they all rely on a limited number of user-provided "relays" to protect themselves and communicate with others. Internet users worldwide need your help to make the Tor network stronger and faster, so take the Tor Challenge today!

From this I initially set up two Tor relays....initially one with a limited set of exits and one with no exits (middle relay). For more info see: What is a Tor relay?

But, FreeNode blocks exit relay IPs that could access any of their systems....that includes port 80/http. Instead they run a hidden service that would allow a Tor user to connect to IRC via Tor....and say:

We appreciate your accessing Freenode via the Tor hidden service. If you'd like to help us maintain quality access, please consider providing "middleman" bandwidth to the Tor network. Just set your host up as a Tor server and specify how much bandwidth you want to provide.

I did irssi connecting to the hidden service as an experiment....while waiting for the exit relay block to expire. I continued to run irssi this way for a while, until I got tired of doing so.

Since then, Tor wise, I'm playing around with running an anonymous bridge in AWS.....currently costing under $1 each month on the free tier...for bandwidth overages. I'm wondering what it'll be after my free-tier expires, and what would happen if I were to move to another region. Though I guess its deploy new in another region and remove old, since the images have updated a number of times since my initial deployment that there have already been occasions where my image has had trouble staying current.

And, then recently I got stopped from accessing Pinterest, with "the we've detected a bot!", "because Bots may be resource-intensive and slow down Pinterest for other users."

After some email exchanges, they responded that:

Pinterest blocked access because the IP address originating traffic hosts a public Tor node. If you are knowingly hosting a public Tor node, we cannot ensure continued access if traffic coming through your node is malicious.

But, since its a middle relay, the only traffic originating from my IP address to Pinterest is me. So, they're censoring anybody that supports Tor and its use "as a method for whistleblowers and human rights workers to communicate with journalists"....

Guess, they're a strong supporter of Internet Censorship!

11/25/12

  07:55:00 pm, by The Dreamer   , 1327 words  
Categories: Software, Computer, Networking, Operating Systems, FreeBSD, CFEngine

VLANs & FreeBSD 9.0/Jails

The backstory is that I've been working in a primarily Sun shop, and one of the things we've been doing is running Solaris 10 on large boxes, such as T2000's, T5120's, M4000's and cutting them up with Solaris zones/containers with the global native into a management vlan and tagging appropriate vlans for the zones, and the zones have their own default route specification so all has been great.

ipf on the global so the zones can't tamper with their own firewalls, and on some of the 'zone' servers using:

/usr/sbin/ndd -set /dev/ip ip_restrict_interzone_loopback 1

The zones remain isolated from each other. Or it avoids problems of short circuiting (asymetric routing + wrong IP)....because some of the zones are behind the F5.

For years, we've tossed around the idea of introducing FreeBSD into our datacenter, and finally one of our customers decided that while they really like the containers/zones and ZFS, the cost of replacing their aging Sun server would be better done by replacing it with a FreeBSD server. While they own the hardware, and it resides at their facility...we provide the system administration support. But, this opened the door to having FreeBSD on our work site. I was in the process of replacing my aging Sun Ultra 20 with an Optiplex 990...which originally I was looking at install Ubuntu on, but instead I went with FreeBSD 9.0 (though the effort in getting the Desktop working on it, and recreating my Sun desktop/work environment on it...made me question if that was really the right way to go. But, I got it working.) And, it helps me try some of the things before doing them on the customer's server (which is headless in a closet [well, they have a monitor & keyboard for console access], so all the desktop stuff was for my benefit...it paved the way to me getting a working FreeBSD desktop at home &#59;D .... though I may end up with a different system for my main desktop at home and have the FreeBSD machine go headless with my other FreeBSD servers....unless there's some way to easily share between the two....switching doesn't qualify.)

So, in needing to deploy some new internal services (such as monitoring) and not really wanting to go through the major process of find all the bits and pieces and creating packages under our CM system for Solaris. Its quite the pain building each and every perl module as separate CM packages, instead of having some system that automatically builds and installs (or makes packages) for you...ala ports or CPAN. I've done package install requests that start out as install one package, and end up building 100 or so packages instead.

I had contemplated sneaking Ubuntu in since I run the same monitoring servers on an Ubuntu server at home, but the work to incorporate Ubuntu into our configuration management infrastructure got sidelined by FreeBSD. And, there's no decision on whether Ubuntu will come into play (though the high cost of RedHat licenses to just get patches...for systems that are rarely patched....is making Ubuntu look attractive.)

Anyways things led to me starting work on pxe boot installing Proliant DL380s with FreeBSD 9.0 and creating 'jail' servers to work like our 'zone' servers.

Cloning interfaces to do VLANs was simple ....

Full story »

Pages: 1· 2

1 3 4 5 6 7 8 9 10 11 ... 16

Now instead of subjecting some poor random forum to a long rambling thought, I will try to consolidate those things into this blog where they can be more easily ignored profess to be collected thoughts from my mind.

Latest Poopli Updaters -- http://lkc.me/poop

bloglovin

There are 20 years 1 month 23 hours 48 minutes and 13 seconds until the end of time.
And, it has been 4 years 11 months 27 days 14 hours 14 minutes and 43 seconds since The Doctor saved us all from the end of the World!

Search

December 2017
Mon Tue Wed Thu Fri Sat Sun
 << <   > >>
        1 2 3
4 5 6 7 8 9 10
11 12 13 14 15 16 17
18 19 20 21 22 23 24
25 26 27 28 29 30 31
Google

Linkblog

  XML Feeds

Who's Online?

  • Guest Users: 0
This seal is issued to lawrencechen.net by StopTheHacker Inc.
powered by b2evolution

hosted by
Green Web Hosting! This site hosted by DreamHost.

monitored by
Monitored by eXternalTest
SiteUptime Web Site Monitoring Service
website uptime