iStat on Solaris 10

After experimenting with Solaris 10 for a bit, I thought I'd get iStat on there so I can see it's activity on my iPhone. After getting down and dirty with Solaris for a bit, I definitely learned some things. Since iStat needed libxml2, I grabbed that from Sun Freeware and installed it fine. Next thing was to, of course, install the iStat client. When I ran ./configure it was complaining about not being able to create a C++ executable. And with gcc already installed, libraries were the issue. /usr/bin/crle -c /var/ld/ld.config -l /lib:/usr/lib:/usr/local/lib:/usr/local/ssl/lib did the trick.

Solaris has a steep learning curve, as compared to Linux. I've always fancied nano as my text editor, but Solaris didn't have nano so I had to make do with vi (of which I'm quite better at than before). Tab completion and using the up or down arrow key to repeat the last command isn't there either. I've learned that I have to gunzip then tar xvf a tar.gz file (bunzip2 works for .tar.bz2).  Also, I found this great for some tricks on Solaris (alebeit it's Solaris 9).

Networking was a bit difficult to start, I had to get the driver from here.Although, I'm still having problems with the module not loading on boot. All in all, I find that Solaris definitely improved on my command line skills. It's like Linux, but without the fun.

PPTP server on pfSense

 One of the servers that are at my disposal has a very low CPU usage percentage (if that makes sense). On my way to set up a PPTP VPN server on the box, I realized my router running pfSense could do it out of the box. In this short tutorial, I'll show you how to get a PPTP VPN working so that you can connect to it anywhere.

Head under VPN -> PPTP

Next, click on the Enable PPTP server radio button. For the Server address put in your WAN (public) IP. For the Remote address range, put in a local IP of which the range will start at. Near the end of the page, check Require 128-bit encryption.

Click save and click on the Users tab. Add a user, in this example, test and a password. You can enter an IP of which the user will be assigned but it's not neccesary.

And that's it! You now have a working PPTP server.

Now, I tried to connect with my iPhone 3G over Wifi. Worked fine. Over 3G? Nope. Did some Googling, it seems like you have to pay an additional $10 for a VPN option (I'm on Rogers) since Rogers gives you a LAN IP (such as 10.x.x.x) and firewalls the GRE protocol (of which is needed for a PPTP VPN to work).

It looks like the only way to get around this is to buy the $10 package, browse over to unlockit.co.nz on your iPhone, change your APN settings and voila.

 

Any comments are appreciated :)

 

Adding another LAN NIC in pfSense

 

I recently swapped out my router (a PIII) running Smoothwall with pfSense. I'll say that I'm glad I switched. Anyway, what I found is that Smoothwall wouldn't let me add another LAN interface, making it a real router.

So, once you get pfSense installed, go to Interfaces->(assign) 

Assuming you already configured both your LAN and WAN interfaces, it should be clear which interface to choose for the extra port.

Then go Interfaces-><interface name> in my case, OPT1. Enable the interface, change the Type to Static (static worked for me), change Bridge with to LAN and Gateway to your gateway address (ie, 192.168.0.1)

Apparently, I can't read and didn't read the small print at the bottom. I forgot to add the proper firewall rules to make it work. Go to Firewall->Rules, click on the new interface tab and configure appropriately. To make it exactly the same as your LAN, change the source to <interface name> Subnet.

This is a somewhat short tutorial. If you're using pfSense, you're probably already know what you're doing. Now I can eliminate the switch I was using and go directly to the router.

 

Some nice SYN flood attacks

 For the last week or so, my server(s) externally have been slow as hell. Now, me being not so investigative didn't check my routers logs. Well, let's just say someone was DDoS'ing me. Oh no, not the web servers. Just the tracker (Torrentino's tracker). Not someone, but a crapload of IP's. Still, making it virtually impossible to access the webserver. So naturally, me being a dumbass didn't have iptables configured....at all. Long story short, fixed it up with some iptables rules and blocking the offending IP's. The router is reporting that it's dropping the [bad!] packets, but I'm not so sure on that.

 

I'm that much of a dumbass. Mentioned in my previous previous post, I [might?] be receiving two new servers. One of which, come to think of it, would make a nice Smoothwall firewall making me sleep easier. It's 13:56 as I write this; I haven't slept in 27 hours. Picked up some cable ties err cable wraping thingies and organized everything so atleast it's clean to some extent.

 

 

Ugh, I need sleep. In about 2-2.8 hours, I made a cool little script. Reminds me of Last.fm in a way. In short, it keeps you updated on your favourite artists/bands albums. For example, you could subscribe to Frozen Ghost's RSS feed, and every time a new album would be released it would update. I'm sure there is already a site like this; maybe not. I'm open to suggestions. I ended up naming it 'doobleg' :P I'll show it to everyone when I'm ready ;)

 

So, in the most part, I took care of the DDoS attempt, but site seems a tad slow. I'll work on it wiwum (when I wake up next (should be wiwun, but wiwum sounds better)).

How to: Turn a wireless router into an access point

When I purchased my Linksys BEFSX41 I had two spare wireless routers a D-Link WBR-1310 and a WBR-2310 respectively. What to do? Turn them into wireless AP's (access points) of course! Increase your wireless coverage, look cool!

 

First thing's first, set up DHCP on your main router. For me it's the BEFSX41. Set your DHCP range, for example 192.168.0.150-199 giving you some room for wireless devices.


Now login to your router (most likely 192.168.x.1) which is converting to an AP, the WBR-1310/2310 for me. Turn DHCP off and set the router IP to below or above the DHCP range. So for example, 192.168.0.149, 192.168.0.200 etc.

Once you have configured your AP, plug the ethernet cable into one of the LAN ports, not the WAN port. See below.


Check the LAN connection then check the AP wireless connection.


This method can work with more access points as well (in my case, two AP's).

What now? Well, if you have two [802.11b/g] AP's set them to non-overlapping channels. Change them to either channels 1, 6 or 11. For more info see here.

 

Comments, ideas and so forth are appreciated :)

New router

A new router wasn't really necessary, but I thought I'd get one anyway. I ended up purchasing a Linksys BEFSX41. Pretty cool router, it includes a firewall and VPN end point. What I thought was (for some reason) that the router would act as a VPN server. That's not the case. I'd need to run a server in my LAN for it to be accessible WAN wide.

 

Since you could do a round robin setup with a DNS server, could you not do the same but with a web server?

 

I have two spare wireless routers, which are now AP's around the  house.

 

Comments or aaaanything at all are appreciated.