I kinda want this shirt, or at least I think its funny. Yea I am a geek.
via neatoshop.com
Archive for the ‘Technical’ Category
pfSense Firewall
Over the past few months my company has been testing out a different firewall products to protect us from all you h4x0rs out there. Our old Watchguard Firebox is no longer supported so we needed to look elsewhere. We started by looking at a couple of commercial products and despite having a $5000 budget for a new firewall we decided to give pfSense a try. pfSense is a open-source customized FreeBSD installation that is designed from the ground up to be a solid, secure firewall.
Last night I found myself at work late so I decided that after two months of testing it was time to move the pfSense installation onto a production server. I re-purposed an older 1U Pentium 4 4GB of RAM server that was a decomissioned FreeNAS box. Now I releze that this is overkill but it was the only rack mountable server that I had available.
The server has two internal gigabit NICs and 2 dual port NICs for a total of six network interfaces and we are using all but one. Currently we have LAN, WAN, VPN, Training Network, and finally the Guest Wireless all hanging off this box. We are running the Captive portal on the Guest Wireless and currently I am testing the OpenVPN that is built into pfSense to replace our old MS PPTP VPN.
pfSense has a package repository that is contains community created packages. We have installed the Arping, Cron, and Snort. After running the Snort package for a few weeks on the test server (but in production) I determined that China is a pain in the ass due to constant hacking attacks to our FTP server so I found the package Country Block which allow for you to drop packets coming from specific countries. Lucky we are not an international company so I was able to block China, Korea, Russia, and a few others. (Sorry if you are from those countries but a few bad apples ruin it for everyone.)
All and all this is an excellent firewall product that I would recommend for any SMB. They have an excellent community to help you if you have any issues and if your company is worried about relying on strangers they also have commercial support. I have barely descriped a tenth of the features that this awesome product contains so head over to their website for more indepth information. www.pfSense.com
How To: Install KDE 4.5 beta on kubuntu 10.04
Open up a terminal session and type the following:
sudo apt-add-repository ppa:kubuntu-ppa/beta sudo apt-get update sudo apt-get dist-upgrade
Remember this is KDE 4.5 BETA. Do NOT do this on a production system.
Windows TCP max limit for concurrent TCP socket connections
While trying to diagnose a network/application issues with my companies application and the client’s network we got on the topic of possible running out of out TCP sockets on either the client workstation or the server. While I didnt have any concrete facts as to whether this was a possible issue I turned to my trusty friend, google.com. Very quickly I can across an article the goes into great detail about this exact topic and I felt that it was to good to not let everyone else know about it also.
To keep the TCP/IP stack from taking all resources on the computer, there are different parameters that control how many connections it can handle. If running applications that are constantly opening and closing connections (P2P), or are providing a service which many tries to connect to at the same time (Web-server like IIS), then one can improve the performance of these applications by changing the restriction limits.
The author also goes in to great detail about how to configure Windows networking for maximum performance.
The Linux Boot Process
When a system is first booted, or is reset, the processor executes code at a well-known location. In a personal computer (PC), this location is in the basic input/output system (BIOS), which is stored in flash memory on the motherboard. The central processing unit (CPU) in an embedded system invokes the reset vector to start a program at a known address in flash/ROM. In either case, the result is the same. Because PCs offer so much flexibility, the BIOS must determine which devices are candidates for boot. We’ll look at this in more detail later.
When a boot device is found, the first-stage boot loader is loaded into RAM and executed. This boot loader is less than 512 bytes in length (a single sector), and its job is to load the second-stage boot loader.
When the second-stage boot loader is in RAM and executing, a splash screen is commonly displayed, and Linux and an optional initial RAM disk (temporary root file system) are loaded into memory. When the images are loaded, the second-stage boot loader passes control to the kernel image and the kernel is decompressed and initialized. At this stage, the second-stage boot loader checks the system hardware, enumerates the attached hardware devices, mounts the root device, and then loads the necessary kernel modules. When complete, the first user-space program (
init) starts, and high-level system initialization is performed.
That is a quick overview of the Linux boot process. Dive in to greater detail here.