Tutorial: Using VMWare ESXi and PFsense as a network firewall/router
August 31, 2015
vSphere In most networks, you will have dedicated hardware to function as your “edge” (firewall/router). This is typically for the best, but there are always cases where you can’t put out that dedicated hardware. Sometimes it’s for cost reasons and sometimes it’s for complexity. In my particular case, I was installing an ESXi server in a datacenter and only had 2 amps of power to work with, of which my server took up ~1.8amps at peak load. So cost came into play and we simply couldn’t afford to put in dedicated hardware that could push enough bits. In such cases, it is possible the setup ESXi on the network edge, in a reasonably secure fashion, with PFSense acting as a firewall.
Project “Falcon” – The DIY Router (server?) Experiment
April 14, 2015
As previously mentioned, I work in a “Cloud company” which typically means we claim we’re a “serverless” office. However sometimes I need a server-like machine to make a point. For this particular project we needed a machine that was, for all intents and purposes, a server… except I wanted to build it myself. It wasn’t so much to save money, but so I could customize the machine to get exactly what I wanted out of it (and because it was a fun diversion). The result of that was known as “Project Falcon”.
Happy Wi-Fi Day!
August 2, 2011
Today is August 2nd, 2011 or 8/02/11. Written another way… 802.11 which you might recognize as the wireless standard, e.g. 802.11a/b/g/n. As someone who uses wireless at home, work, and while traveling, I am happy to offer a day of celebration to the wireless standard which has been so helpful to me, both personally and professionally. Go forth and rejoice in our sea of non-ionizing radiation!
Weekend Server Overhaul
June 20, 2011
In early 2010 I signed up and migrated to Linode.com for my server needs. At that point in time, the latest version of Ubuntu that was offered was 9.10; the only useful colo location was Dallas; and IPv6 was unheard of (well, not exactly unheard of, but having a server with IPv6 was). We’ve had several new versions of Ubuntu since then, a plethora of new Colos have opened up, and IPv6 is available — so this weekend I did some major overhauling.
Goodbye AT&T, Hello Sonic.net
May 10, 2011
The alternate title for this post is “Internet usage caps can kiss my ass” because that’s what prompted this post, but first a little backstory. Many people have had issues with big teleco (and specifically AT&T) provided internet and would assume that I loathe them for the same reasons, but I do not. I’ve had AT&T DSL since I got my first place in Nevada in 2003. I’ve moved a number of times since then, but I have always had AT&T DSL after each move. Partially because I loathe cable’s shared approach (and usage capping) and partially because I’ve never had a problem with AT&T. Hell, the one time I had trouble recently, that required a tech to come out… he was EARLY. So why the change in heart? Usage caps.
Setting up PowerDNS Server with PowerDNS Recursor
September 10, 2010
I needed an open source DNS solution at work recently, preferably anything but Bind, and it was suggested I use PowerDNS. I had no experience with it, but I was told it was a good product and fairly easy to setup. On top of the DNS Server itself, I need a local DNS caching agent. At this point I had found PowerDNS’s recursor component, along with information that they could be setup side by side, so I figured I’d give it a shot.
Samba and LDAP DO NOT MIX
August 18, 2010
Recently I was tasked with helping a company implement a centralized authentication system, and they wanted to go all open source. This isn’t unreasonable in my book, though it is a little unusual. Of course the words “Open Source Authentication” directly translates to LDAP, the only question is which LDAP software you’re going to use. There are a number of options including OpenLDAP (slapd), Fedora Directory Server (389), OpenDS, Apache Directory Server, and a handful of smaller projects. On top of the LDAP directory they wanted me to add a number of services including email and file sharing. This is the story of how Samba sucks…
Erase the configuration on Cisco 2600/3600 Routers
August 5, 2010
A bit back I decided that I should investigate following the Cisco Certification path. The lower levels aren’t hard, but all things considered, you really need to have a “test lab” of equipment to play with. So a few weeks ago I was offered a pair of old Cisco 2600 series routers on the cheap, and decided to pick them up. Around that time I also acquired myself a number other old Cisco devices including some PIX, switches, and a 3600 series router. The problem is, they all had passwords and I didn’t know any of them. Turns out it is super easy to reset routers in the 2600, 2800, 3600, and 3800 series back to the factory default.