melfneerg.com
- 'cos life is like that
[Blog]
[Pictures]
[Links]
[About]
About the Author
Tudor Davies
Tudor is a techie turned manager who fights like mad to keep his tech skills honed and relevant. Everything from web hosting, networking, *nix and the like. Constantly developing and co-ordinating with others to make the web a better (and easier to use) place.
Thursday, 20th Jan 2011
Posted @ 15:58
Having read huge numbers of articles both on the web and in print, managed firewalls myself and managed firewall techies, these are my golden rules for network security:
- Change passwords
- Keep up to date
- Secure your wireless
- Physical Security
- Network visibility
- Strong Passwords
- Security Management Tool
- Deploy anti-virus
- Maintain seperation
- Test, test and test again
Also, my 6 step guide to firewall maintenance:
- Check your final rule
- Restrict access
- Implement Change Management
- Implement change detection and notification
- Document your config
- Review and remove unused rules
I will expand these over the coming weeks.
I am also working on a site that hopefully will become a bit of a business sideline. Website monitoring but a bit more. Not a "can I ping it?" but more of a "can I ping it, is the web server giving me proper page, is it the correct response or a 404, etc" service. The plan is to offer a website you can leave running which will update every 5 minutes or so, or it can send email alerts to an address if there is an alert.
Am thinking about a tiered pricing structure that includes a free basic option.
There is a small amount of competition out there but I have a couple of ideas up my sleeve that should make me stand out from the rest :) What I do need though, is a developer, so we can put a remotely managed startup together. And thats just one of my ideas!
[ no comments : Add ]
Monday, 17th Jan 2011
Posted @ 10:18
As I will be heading to FrightFest 2011 in August, I have been calculating the travel costs, as I am being more frugal as I get older :)
Its a 270 mile round trip which I reckon will cost me (at todays diesel prices) around £55
or
I can book advance train tickets - 2x singles (but it would mean I have to take an extra day off work - maybe even a 1/2 day if I work it out right and ramp up my hours) - for £21
Simples!
[ no comments : Add ]
Thursday, 6th Jan 2011
Posted @ 14:12
During the day, another SFF machine was delivered - a Dell GX 60. Sporting a Celeron 2.4Ghz CPU, 256Mb RAM and a 20Gb hard disk this is ideal for a budget HTPC and will be replacing the SX260 currently in the lounge (connected to my 37" Hanspree). The SX260 will be going to the bedroom (connected to the 32" Hanspree).
All I need then is to get into the attic, drill some holes and run some cables - ethernet, coax (for an aerial) and power. Sorted!
In other news, my PSU tester widget arrived and I finally got round to testing one of my servers that had died - and it was the PSU that was dead. Fortunately, I had another 1U PSU that I had never used (from another forgotten project) and that worked like a charm. That means I now have 2 identical workhorse PCs for the studio (1U short depth boxes). All I need now is 2 more soundcards and a handful of silent 40mm fans...
[ no comments : Add ]
Wednesday, 22nd Dec 2010
Posted @ 08:33
3 updates in one day - all in the same morning!
In a previous update I was bemoaning the lack of speed from my FreeNAS setup and how the only solution to my issue looked to be increasing my processing power.
So I found a motherboard on ebay with a very similar layout to the SuperMicro 370SSR (dual LAN side-by-side, etc) along with a CPU, cooler and RAM
So I now have the following all for around £20:
Tyan Tomcat i845GV
Pentium 4 2.8Ghz (SL6PF)
512Mb DDR PC2700 RAM
Akasa 1U S478 Cooler
After Xmas I shall upgrade the NAS with this new setup and then re-test!
[ no comments : Add ]
Wednesday, 22nd Dec 2010
Posted @ 08:12
- IIS 6 certificate and no private key? | Fots
- After receiving a certificate from my SSL provider, I noticed I couldnt import the certificate in IIS. A bit strange, because I still had a pending request.
- Tutorials, demos and projects in Ajax (XMLHTTPRequest) Programming
- Complete resource for Ajax programming and web development including tutorials, demos, code snippets and projects on Ajax applications, XML, REST and web services. By Phil Ballard, author of SAMS Teach Yourself Ajax in Ten Minutes
- Pound, SSL, and real Certificates « Something witty, part deux
- Animated Collapsible Panel in HTML
- Step-by-step design of an animated collapsible HTML panel, that you can use on your web site.
- HTML Email Newsletter Toolbox – Tutorials, Templates and Inspiration - Speckyboy Design Magazine
- Whatever your personal feelings are about HTML emails, they do work effectively as a communications and marketing tool. And worst of all, you cant ignore them
- Twitter from the command line in Python using OAuth | jmiller inc. blog
- Twitter OAuth Example « Nothing of Value
- Launchlist - Your one stop website checklist!
- Launchlist - Your one stop checklist.
- 40 Useful jQuery Techniques and Tutorials for Great User Interface
- Super Micro Computer, Inc. - Products | Motherboards | Pentium® III Boards | 370SSR
- Tyan GS12
- How to configure the PIX / ASA packet capture feature
- configure the PIX / ASA packet capture feature
- MAC_Find: Vendor/Ethernet/Bluetooth MAC Address Lookup and Search
- Adding a secondary IP address on a Cisco ASA Ethernet interface | MDLog:/sysadmin
- pfSense | Hacom
- pfSense compact flash images. These are for Hacoms hardware. The ad0 images can be used on the master primary IDE on a PC.
- Installation on Nokia IP530
- Installation on Nokia IP530
- Firewall - Services - SecureWorks
- SecureWorks offers services addressing SIEM, Log managment, Firewall protection, Intrusion detection and prevention, HIPS, NIPS, IDS/IPS protection, and other professional services ranging from penetration testing to experian/equifax certification
- Network Security Services & Management
- Trusted around the world, Telstra’s security solutions offer impregnable protection 24/7, 365 days a year
- Lab topology for your ccna, ccnp, ccie certification or just playing around | Learning On Demand
- Learning anything from anywhere
- Howto: Setup a Mac Mini as a BGP Router « Fubra
- PIX - Static NAT | Cisco - PIX | Firewalls
- Static NAT
- - The Worlds First Free Cisco Lab - Firewall.cx
- Welcome to Firewall.cx. The Worlds First Free Cisco Lab
- Data centre design and management - Data centre solutions - Keysource
- Over 6000 businesses trust Keysource to design and build data centres and computer rooms that perform 24-7. Keysource also manage energy efficiency of data centers, giving solutions to reduce energy consumption.
- EPI | Data Centre Design & Build
- EPI offer a complete range of data centre services from conceptual design to completed data centre. For over 20 years we have been designing and building computer rooms and data centres of an exceptional high standard for some of the world’s largest companies.
- ITconstruct | Data Centre Design & Build Specialists
- We can deliver the following as stand-alone service packages or as component parts of a full data centre build strategy: UPS; DC & AC power systesms; standby generators; air conditioning and humidification systems; Smoke Detection and Fire Suppression Systems; Leak Detection Systems; Raised Access Flooring; Suspended Ceilings; Transformers and HV Power Systems; Access Control and Security Systems; Racking Systems; Data Cabling and Infrastructure; Power Management; Building Management Systems (BMS); Environmental Monitoring Systems
- Data centre design build. Computer & server room design build
- ITE Projects design, build & maintain computer room, data centre & server room. Computer room air conditioning & cooling design & build
- Control room design & build: security, layout, furniture, lighting
- At Comms Room Services we design and build control rooms that support the tasks and needs of your staff, enabling them to work efficiently and safely.
- Calomel.org :: Open Source Research and Reference
- nixCraft: Linux Tips, Hacks, Tutorials, And Ideas In Blog Format
- Linux blog by Vivek - Includes news, help, tutorials, programming, tips and how-to guides for Linux, UNIX, and BSD.
- [ubuntu] Working iMac G3 8.04 with multimedia and iplayer - Page 2 - Ubuntu Forums
- Page 2-[ubuntu] Working iMac G3 8.04 with multimedia and iplayer Apple Users
- Boot Multiple ISO from USB (MultiBoot USB) | USB Pen Drive Linux
- Create your own MX backup server. - Untangle Forums
- I needed a MX backup server so that i can move my exchange server. I came up with this: Download and install Ubuntu server 9.04. (Virtual or hardware)
- All commands | commandlinefu.com
- A repository for the most elegant and useful UNIX commands. Great commands can be shared, discussed and voted on to provide a comprehensive resource for working from the command-line
- The LiveCD List
- The Top 1000 « 1000 Awesome Things
- ISO27k infosec management standards
- Informational site dedicated to the ISO/IEC 27000-series (ISO27k) standards for information security management systems
- 1dl.us :: Your all-in-one tool site.
- Zeduga.com - the largest free trance torrent site
- ServerSupermarket.net - Dedicated Servers & Colocation from ServerSupermarket
- Dedicated Servers and Server Colocation from ServerSupermarket.net. Home of the UKs cheapest server solutions. Top brand hardware at rock bottom prices.
- Colocation Services | Rapidswitch
- Colocation is popular with clients who want full control over the hardware and software they use, without the expense of maintaining a connected building 24/7.
- How-To configure a Backup MX Server with RHEL
- BBspot - Which Programming Language Are You?
- Data Collocation Tiers: What They Mean and What You Need
- When a data colocation company talks about "tiers", they are referring to the different levels of reliability they can offer for your server maintenance and storage. This grading system ranges from Tier I to Tier IV, with IV being the topmost reliability in power, cooling and availability. Prices can rise...
- Colocation features :: Advantagecom Networks
- The SLOG – SimonLong/Blog
- How to clone virtual machines in VMware ESXi
- Tutorial explaining how to clone virtual machines in VMware ESXi bare-metal hypervisor
- Foundry Server Iron Server Load Balancer (SLB) | eth0.us - Server admin info for cPanel, plesk, ensim and linux!
- Configuring a ServerIron
- My First (CentOS) VPS - step 1 - How to configure the darn thing to prevent you from locking yourself out | www.SurfsYou.com
- PTR Training Courses Schedule & Pricing
- Training Courses from PTR Associates, Wokingham, Berkshire, UK
- How To Configure A Backup Mx | ctkn.net
- VPS | xenEurope
- MEMSET :: Dedicated Hosting - Managed Servers - IT Hosting - Clusters
- Voted Best UK Web Host two years running. Flexible, scalable dedicated servers and managed server hosting solutions for business and enterprise.
- VPS Cloud Hosting - Next generation VPS | UK 2
- VPS cloud hosting with over 100 vps templates and cloud hosting applications.
- Damn::VPS aka Thrust::VPS - Shopping Cart
- VPS Cloud Hosting | Virtual Private Servers Hosting | Virtual Machines | Windows & Linux Xen | XenServer
- vps247 is a revolutionary new cloud hosting service providing access to on-demand storage, processing and bandwidth. Our infinitely scalable VPS infrastructure provides a stable platform on which to build your web applications. Choose the resources you need with our configuration tool below, to see just how cost effective the service can be.
- VPS | Virtual Dedicated Server Hosting | Rapidswitch
- RapidSwitch’s virtual servers and virtual server hosting service allow you to enjoy the flexibility of a dedicated server, without the associated extra cost.
- Swvps.com - Virtual Private Servers - OpenVZ, Parallels OpenVZ VPS, USA and UK
- SwVPS offer one of the most cost effective Virtual Private Server solutions available on the internet. All packages include a web based stop/start/restart utility for your VPS or Dedicated server.
- WizzVPS
- Richard Jerrido » Blog Archive » Transparent Bridging and QoS with OpenBSD 4.1
- Marmota Technica: Building a load balancer with open source software
- HAproxy - Quick and Dirty HTTP Load balancing Tutorial on Redhat/Centos - Web Hosting Talk
- HAproxy - Quick and Dirty HTTP Load balancing Tutorial on Redhat/Centos Hosting Security and Technology Tutorials
- Setup Linux loadbalancer with Piranha and LVS on CentOS 5.4 « Kezhongs Weblog
- Looking for open-source load-balancer software to run on Linux
- For a limited-budget project, i want to set up a load-balancer to distribute traffic among several web servers and communication servers. Can anyone recommend any open-source software that I can run o
- Inlab Software GmbH - BalanceNG: Download Page
- BalanceNG is a modern IPv6 capable software load balancer running on Linux and Solaris operating systems.
- Zen Load Balancer. Project of Sofintel SL http://www.sofintel.net
- PIX/ASA: Monitor and Troubleshoot Performance Issues - Cisco Systems
- This document describes PIX/ASA commands that you can use to monitor and troubleshoot the performance of a Cisco PIX 500 Series/ASA 5500 Security Appliance.
- Squid 3 Transparent Proxy
- WAND Network Research Group: Visualisation
- Updating And Managing The OpenBSD Ports Collection
- Using the Ports Collection
- linux.xvx.cz - Petr’s blog about Linux - Part 2
- Sharon tools
- Real-time, web-based, Generate configuration files for switches
- Redstation UK - Colocation: Full Rack Colocation
- Redstation Rackcentre full rack colocation price list.
- Configuring a Cisco 827 Router With IP Unnumbered E0, DHCP, PPPoA, and PPP-PAP - Cisco Systems
- This document provides a sample configuration that shows a Cisco 827 Digital Subscriber Line (DSL) Router connecting to a Cisco 6130 Digital Subscriber Line Access Multiplexer (DSLAM) and terminating on a Cisco 6400 Universal Access Concentrator (UAC). The Cisco 827 has been configured as a Dynamic Host Configuration Protocol (DHCP) server with PPP over ATM (PPPoA).
[ no comments : Add ]
Wednesday, 22nd Dec 2010
Posted @ 07:38
Reproduced from here just in case Cisco ever decide to move their pages around again!
This is the config needed to configure a Cisco DSL router (827/837, etc)in bridge mode, so that the assigned IP address (or subnet) are passed to the internal interface...
!
version 12.1
service timestamps debug datetime msec
service timestamps datetime msec
!
hostname R1
!
ip subnet-zero
!
ip dhcp excluded-address x.x.x.y
!--- the DHCP pool will not lease this address; its used by interface E0
!
ip dhcp pool
network x.x.x.x z.z.z.z
!--- you need to adjust this for your range of addresses
default-router x.x.x.y
!--- default gateway will be assigned to local devices
!
interface Ethernet0
ip address x.x.x.y z.z.z.z
no ip directed-broadcast
no ip mroute-cache
!
interface ATM0
no ip address
no ip directed-broadcast
no ip mroute-cache
no atm ilmi-keepalive
pvc 1/150
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
hold-queue 224 in
!
interface Dialer0
ip unnumbered Ethernet0
no ip directed-broadcast
encapsulation ppp
dialer pool 1
dialer-group 1
ppp pap sent-username password
!
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer0
no ip http server
!
dialer-list 1 protocol ip permit
!
end
[ no comments : Add ]
Thursday, 16th Dec 2010
Posted @ 10:46
So after playing around with the NAS and doing some NFS tuning, I can present its performance stats:
Write - 14.7MB/s
Read - 20.7MB/s
The PCI bus should give me 133MB/s throughput and the GigE card should give me 125MB/s (theoretically as with all the framing and packet overheads it wont ever be that high)
All the drives are on UDMA/100 controllers, so should be capable of 100MB/s throughput (burst) and the drives all have an average sustained data rate of 78MB/s. So the best I could get out of the whole scenario is 78MB/s
So why am I not getting 78MB/s across the network?
The limiting factor here is most certainly the processing power of the MaxAttach 4300. When doing the transfers, the CPU hits and stays at 100%. A faster processor would most certainly reap better throughput.
However, the max CPU that motherboard can take is a P3-1Ghz which by my calculation would give me a max read of 23.4MB/s and Im not sure that the hassle factor would be worth it.
Moving to a P4 2.4Ghz might be though as that should be able to satisfy a GigE link...
[ no comments : Add ]
Wednesday, 15th Dec 2010
Posted @ 10:39
So now the NAS is up and running, the next step is to connect to the NFS shares and do a backup!
My boxen are all running CentOS so I edited my /etc/hosts and added:
nas.xxxx.com 10.0.0.1
I then edited my /etc/fstab and added the following so that they would mount at boot:
nas.xxxx.com:/mnt/disk0 /mnt/disk0 nfs rw,hard,intr 0 0
nas.xxxx.com:/mnt/disk1 /mnt/disk1 nfs rw,hard,intr 0 0
Sorted. Next step - backup. The following single command backups my entire file structure to a tar.gz on the NFS share:
tar -zcvpf /mnt/disk0/$HOSTNAME-full-backup-`date '+%d-%B-%Y'`.tar.gz --directory / --exclude=mnt --exclude=proc .
So NAS box online, NFS sharing and backup all in one day (probably took about an hour in total). Now that I know it all works the way I want it to, I can start looking at doing something "similar" for the company :)
[ no comments : Add ]
Wednesday, 15th Dec 2010
Posted @ 09:07
I have an ancient Maxtor MaxAttach 4300 NAS box. Details about it can be seen here
It has a Pentium III 866Mhz and 384Mb RAM installed and also has an Intel GigE card installed in the PCI slot.
Before I could use it I upgraded the BIOS to the standard one, as the
supplied Maxtor one kept rebooting due to watchdog timeouts.
It came with no hard disks but now sports:
Primary Master: 200Gb
Primary Slave: 200Gb
Secondary Master: 500Gb
Secondary Slave: 500Gb
FreeNAS installed successfully and has NFS shares configured as:
/mnt/disk0 - 186Gb
/mnt/disk1 - 1.1Tb (JBOD RAID)
Did some iperf testing and saw an average of over 400mbps/s - essentially limited by the CPU of the NAS box (a P3-866 just cant fill up a GigE link!)
I think I shall swap out one of the 200Gbs for another 500Gb and change to a RAID0 stripe giving me a 1.5Tb drive shared amongst the three servers in my farm.
Imight backup one of the machines to the NAS, install ESXi onto it and run the original image from the NFS share - sweet :)
[ no comments : Add ]
Monday, 13th Dec 2010
Posted @ 14:55
So I have had Gigabit capable servers for some time but have never been able to afford a decent Gigabit switch. Right now, I run a Cisco 3524XL switch (10/100) but moving to that level of Gigabit switch is expensive - even on the 2ndhand market.
Anyway, I saw that Amazon were selling the unmanaged, basic-as-it-can-be TP-Link TL-5G1005D for £13 or so. 5 ports of GigE speed and has 9K jumbo frame support.
So I jumped onto each of my servers and configured (CentOS) their secondary network interfaces onto a new network (10.0.0.x/24), added the line MTU 9000 to the ifcfg-ethx in /etc/sysconfig/network-scripts, plugged the switch in and did an ifup ethx on each of them.
Everything came up and they could all ping each other. So I fired up iperf on one of them (using -B 10.0.0.x to bind it to the new interface) and then tested from the others. The result:
922 Mbits/sec
Sweet! I then did multiple tests at once and averaged about 1500 Mbits/sec across the switch. Still plenty fast enough for what I need it for, as I doubt they will ever be doing sustained transfers at the same time.
Next up, rebuilding my MaxAttach 4300 with 1.4Tb of storage with FreeNAS and then sharing it using NFS to the 3 servers :)
[ no comments : Add ]
layout and initial css based on the
Qtractor page