Life, as it were…

Author: clamasters

  • pfsense in the Enterprise

    I know I haven’t been updating my blog like I usually do, but to my defense, I have been pretty busy. Lately it seems even though I would like to go home on time, I don’t or can’t because of another pressing issue or a deadline at work. Additionally, I have added a few projects to my todo list. One of which includes building a fully functional, failover capable firewall solution that can handle more traffic than I personally can provide content for. The solution I am speaking of is pfSense. I have mentioned the BSD based firewall solution before but that was only my home firewall. The CD-ROM based version of the distribution works perfectly on even some of the oldest (I’m using that term loosly) hardware and still provides enough throughput for the biggest Cable download speeds you can buy.

    At work, as a project, I am (with one of my colleagues) building two firewalls that act as one just like an active/passive failover cluster. Currently I am running release 1.2 RC3 that was released just a few days ago. So far the solution has been stellar to say the least. The developers and the community behind pfSense are really awesome, the capabilities that the “FREE” firewall solution has in it’s back pocket beat the crap out of a Cisco PIX 515 or ASA 5510. Sure, you can do most all of the things that pfSense does with a PIX or ASA from Cisco but It’ll cost you extra. Now with the Snort Package available from pfSense as well as Squid and a BGP package, pfSense is starting to grow some muscles. I will say that Cisco has the VPN department OWNED but hopefully the features that they offer will be developed for OpenVPN in the near future. Now on to the build.

    Here is a simplified diagram of the design that I have built successfully:

    pfSense network diagram

    The design is a no brainer, managed switches inside and outside, two firewalls with a CARP sync connection between and 3 VLAN’s internal to the network that are in noway, shape or form able to talk to each other, unless of course, someone does a little VLAN hopping. I’m not going to worry about that at this point however.

    The true beauty behind using pfSense for this solution is the simplicity of the installation and configuration to get it up to a production level. Once you figure out how the different facets of NAT can help you achieve your goal, the configuration is very straight forward. If you want your entire segment to send out traffic as a single IP (NAT Overload) you put it in the Outbound NAT table, if you want to provide services on specific ports, you add them to the Port Forward Table, and if you want your single IP address on the inside to have it’s own dedicated outside IP, add it to the 1:1 NAT Table. Very simple stuff. When you add things to the Port Forward NAT table, it has the ability to auto add a firewall entry for you as well, I usually let it do this and then adjust it’s configuration accordingly.

    The CARP (sync mechanism) for pfSense is quite easy to configure as well. Their is a very nice tutorial on http://www.pfsense.com that shows you how to accomplish this. Basically on the primary firewall, you put in the IP of the other firewall, tell it what interface to sync through and what to sync, and voila, you are done.

    I’ve barely started putting services behind the firewall but will be pushing the project live here very soon. I will keep you posted on how it performs, the battles that I had to fight to get things to work and offer any guidance that I may have that would benefit you. Thanks for reading.

  • Windows / Linux Software Equivalents

    Windows is definitely the big player in the game still, however Linux usage is gaining some steam. This post is going to concentrate on what programs you can use to make the switch to Linux. This process is not going to be entirely pain free if you are an avid user of all things computer related, however, if you are just a basic office user/worker or only need to check your email and play a few basic online games, Linux might be for you. There are literally thousands of choices for most applications out there so I’m only going to name the ones that I like or use and also only ones that work on Ubuntu. If you have any additions, please let me know.

    Windows vs. Linux (Ubuntu)

    Internet Browsing
    W – Internet Explorer
    U – Firefox

    Email Clients
    W – Outlook, Outlook Express
    U – Thunderbird, Evolution

    Chat Clients
    W – MSN, Yahoo, Google Talk, AIM, mIRC
    U- Gaim / Pigdin, xChat, BitchX

    Com Port Communications
    W – Hyperterminal
    U – MiniCom

    FTP Client
    W – Filezilla FTP Client
    U – Filezilla FTP Client

    Remote Access Servers
    W – Terminal Server, RealVNC, TightVNC, WinVNC
    U – FreeNX, RealVNC, TightVNC

    P2P Filesharing
    W – Limewire, Bearshare, Bittorrent
    U – Limewire, Azureus

    VoIP Clients
    W – Skype, X-Lite
    U – Skype, Linphone, Twinkle

    Drawing / Photo Editing
    W – Paint.net, Photoshop, MSPaint
    U – GIMP
    3D Annimation / Rendering
    W – 3D Studio MAX, Blender
    U – Blender, Maya

    DVD Players
    W – Windows Media Player, PowerDVD
    U – MPlayer, Kaffine, VLC

    MP3 / Music Players
    W – Winamp, iTunes
    U – RhymeBox, K3b

    Office Productivity
    W – Microsoft Office
    U – OpenOffice.org

    Network / Relation Mapping
    W – Microsoft Visio
    U – Dia

    Accounting / Financial
    W – Quicken, Microsoft Money
    U – GnuCash

    Desktop Publishing
    W – Microsoft Publisher, Quark
    U – Scribus

    PDF Editing
    W – Adobe Acrobat Professional
    U – PDFEdit, pdftk

    Imaging
    W – Norton Ghost
    U – G4u, dd

    Partition Resizing
    W – Norton Partition Magic
    U – GParted

    Backup Software
    W – Symantec Backup Exec
    U – BackupPC, Amanda

    Web Servers
    W – Microsoft IIS
    U – Apache

    File Servers
    W – Microsoft File Services
    U – Samba

    Email Servers
    W – Microsoft Exchange
    U – Postfix, Sendmail

    AntiVirus Software
    W – Symantec AV, Mcafee
    U – ClamAV, AVG

    For more of these “like” software lists, please visit what I believe to be the most complete list on the internet, Table of Equivalents.

  • Send an email with telnet

    This little piece of info has been beaten to death on the Internet, posted hundreds of times on hundreds of websites. The only reason that I am posting it here is to help me remember it after I haven’t done it in quite a while. (The filing cabinet theory)

    Telnet to the mail server of your choice (note the 25 at the end)

    telnet mail.domain.com 25

    Say hello to the receiving mail server with HELO

    helo sender.com

    Tell the receiving mail server who is sending the email

    mail from: [email protected]

    Tell the receiving mail server whom you are emailing

    rcpt to: [email protected]

    Send any message you wish

    data

    hello spamuser1, i know where you live.

    End with a single . (period) on a line

    .

    All done. The receiving mail server should tell you that the message has been queued for delivery.

    The whole message track should look like this

    telnet mail.domain.com 25
    helo
    mail from:
    rcpt to:
    data
    hello spamuser1, i know where you live.
    .

    I would say on average, I use this technique for testing mail servers 3 times a week now. Seem’s pretty high, but it sure beats logging into a webmail server and sending mail, then looking for the message to process through the logs for verification. Just telnet, and verify in 10 seconds or less. Have fun, happy telnetting.

  • Free Software – Clone Different Sized Drives

    There are definitely some commercial alternatives to this process, however, like I’ve said before, I’m cheap. If, I were to purchase software to do this, I would get a copy of Symantec Ghost, Partition Magic, or HD Clone Professional edition. But for this post, we are going to discuss how to do this process for free. I’m not going to go into much detail, however, if you have any questions, please feel free to contact me or post a comment.

    • Download the Ultimate Boot CD (Free)
    • Burn the ISO to CD using ImgBurn (Free)
    • Install 2nd HD in computer that you wish to clone
    • Boot that computer from the CD that you burned
    • Choose “File System Utilities” from the OS Menu
    • Choose HDClone (Free Edition)
      • Walk Through the Questions it asks you on screen. Very basic.

    Note: After the clone of the smaller to larger drive is complete, remove the smaller drive from the system, install the larger drive as you would normally do, and boot again off of the Ultimate Boot CD

    • Boot from the CD again
    • Find partition tools in the menu and choose “Partition Resizer”
      • Answer the questions on there just as you did before. Very basic. The last part will be simi graphical; just use the page up button to max out the partition size that you wish to use.

    When this process is finished, remove the CD from the CD Rom tray and reboot into your newly cloned and repartitioned system. Everything should function as nothing has changed; however I recommend defragmenting and running CHKDSK on the drive right away to avoid any potential disasters. The process is very simple, clean and cost you zero dollars to do. Very nice in my book.

  • Environmental Technology

    My father subscribes to Inc. magazine which is one of my favorites. I don’t get a subscription because my dad gives them to me when he’s done and I’m cheap. I think you already knew that from my previous posts of “free” tech, but just in case you didn’t know….I am cheap. This in it’s own way is an environmentally friendly gesture. Less paper prints, or I would like to think so anyways, though, I’m sure they have a set number of prints they must roll out, I just don’t participate in the disposal of those prints, and tree killing. 🙂 I’m not a tree hugger, but I hate printing things out when I don’t have to. The same goes for technical things, if I can get it on the computer, I will. It’s searchable, highlightable, and saveable. SHSable.

    OK, back to the original subject. Approximately 14,000 blogs have agreed today to post something about the environment. This could include how to’s for making your own Eco friendly detergents, cleaners, or batteries. It could include how to make a solar grid work for your home, install a wind generator, or even explain the benefits of geothermal heat. The reason I mentioned Inc. magazine was it’s never ending ability to always put an Eco friendly spin on technology, include articles about businesses and entrepreneurs who are Eco friendly and they look good doing it. Just go to the website, http://www.inc.com and see for yourself.

    Here are a few of my favorite Eco friendly videos. It really makes you wonder what they will come out with next.

    Water::..

    Solar::..

    Wind::..

    Earth::..

    Captain Planet::..

  • Google Apps Expanded

    Today I received a PDF from one of my subscription sites that talked about Google Apps in the enterprise. Though, I don’t know the full ramifications for switching a large company over to this suite of tools, I do think it would reap the same benefits as the small business just in a larger scale. I wanted to clarify that Google Apps does have a 1 for 1 with Microsoft and the open source community.

    Google App’s Comparison

    I’m interested in what Google will come up with next. I will do my best to keep you all informed on the new features, changes, and additions that Google will add to the mix.

  • Google Apps – Colaboration Revolution

    Google Apps is one of the topics you here about every now and then. Open up a tech magazine and you see it in there somewhere, read your favorite blog, which most likely has Google AdSense on it to help generate revenue has Google Apps as an add and honestly; I don’t think this product suite has gotten the attention from the tech community that it deserves. Let’s just take Google out of this one for a minute. Picture that you are a small business owner, have a failing email server, are running on an old version of Microsoft Office that has a really annoying error every time you try to save, you have rigorous practices to attempt to backup all of your data including your email and documents and then comes a shiny new product suite that fit’s your bill quite nicely. The ability to offload all of my email server problems to Google which by the way syncs your email across multiple servers for redundancy (you don’t see that in any mom and pop shops), your Office Suite can be replaced by Goggle Doc’s and spreadsheets which is actually three applications, a word process or much like Microsoft Word or Open Office.org Writer, a spreadsheet application like Microsoft Excel or Open Office’s calc; and a presentation software which is a replacement for Microsoft PowerPoint or Open Office’s Impress. Did I mention that this is all free? You get 2Gb of online email storage; an office suite; collaboration software (Chat / Multi User Google Docs), a standards based calendering system which you can import and export to and from other applications, a free web editor (though not very intuitive), and the best part of all, it’s free. One limit however is, I do have to say that the bigger screen the better on these app’s though. Because you do your document work inside a web browser; the bookmarks; buttons; and URL bar are kind of just taking up extra space which reduces the space in which you view the document.

    There are 3 different versions of Google Apps available. Standard, premium, and Education. The first one, standard, is the one that I use. It is limited to 2Gb of email storage space, does not have some API’s that you canLink write against for single sign on; authentication and other policy and management goo. It also lacks a little bit of support that the other two get. But it is free. The premium edition has 25Gb of storage space and cost’s $50 per user per year. Which, is actually pretty cheap if you ask me. Other than that, the premier and education versions are the same. Some institutions actually have upwards of 65,000 users on Google App’s. I’m just in awe of that.

    Links:

    Another feature that I forgot to mention is the tie in for Blackberry and Trio Smart Phone support. Through a mobile application that needs to be installed on either the Blackberry or Trio phones, you can easily connect to, read and write emails, check your calendar, and chat with users on Google Talk. For just web capable phones, there’s the Google Apps mobile page which is http://m.google.com/a . From there, you can check your email, write a quick one, chat and view your calendar. I hope you all take a few minutes to look at the video’s that I have mentioned above that explain all the cool stuff that Google Apps offeres, and possibly try it out on a domain of your own. It is amazingly easy to setup and maintain. If you are too lazy to click on the links above, here is the short and sweet version of the Google App’s presentation.

  • Easy Windows Profile Migration

    Tonight I was at a client site working on an Server 2003 / Exchange 2007 Deployment for a client which required us to disjoin computers from the old domain and add them to the new domain. Well, the trick to a successful deployment of any product is ease of use, for the IT guy’s and the end user. The end user is ultimately affected by what we do so we try to minimize the changes that are actually made to their experience. For the IT guy’s, how can me make this easy, simple, and yet functional. When it comes to profile migration, there are a few tools out there that will do it for you, some cost money, some don’t. For me, those are too complicated to learn and master. Secondly we have the profile copy utilities like xcopy and robocopy which I honestly still use quite often, they work and work well in my opinion, however, the third option is the best and easiest to do. A simple registry hack to change the GUID that you are logged on with as the user, to point to a different profile path. Here are the steps to execute such a plan.

    • Change the local administrator password
    • Disjoin the system from the old domain
    • Use the set command to determine what profile path the user is currently using
    • Reboot the system
    • Login as the local administrator
    • Join the system to the new domain
    • Reboot the system
    • Login as the user on the new domain
    • Logoff and logon as the domain administrator
    • Open regedit and modify ProfileImagePath within “[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionProfileList]”
    • Change the permissions on that profile path within explorer, give the user full control and propagate to the child directories and file.
    • Reboot (Last Time)
    • Login with the user on the domain and you should have the “old” working profile with the new domain user account.

    This process took two fairly skilled individuals about 5 hours to complete on 18 systems and that included doing the first “test” machine and troubleshooting any problems that might have come up (missing mapped network drives, incorrect shortcut paths, etc.). Hope this helps you along the way as it did me when I learned it. If you have any suggestions, options, better methods, please let me know. I’m all ears.

  • Everyday Free Tools – Tech Stuff

    Each and every day I use a set of tools, mostly free or open source ones that help me get through the day. I though I would list of a few of them for you so that you can give them a shot as well.

    Home Computer

    I have a Panasonic Toughbook laptop running Ubuntu 7.04 that I really haven’t modified too awful much because I like the look and feel of the OS as it is. Here’s a list of things that I use everyday or every so often to accomplish a task without spending any money.

    Operating SystemUbuntu 7.04 – Stable, clean, easy to install, based on GNOME and very well supported by the community. I would say that the forums for Ubuntu are better than most and for some reason, the users of Ubuntu are much nicer than that of Red Hat and others.

    BloggingBlogger.com attached to my Gmail account (I do my own hosting)

    Firewall pfSense – I mentioned this a few post’s ago. I absolutely love this firewall.

    Document ManagementGoogle Doc’s and Spreadsheets – This one is really neat, you can upload your Microsoft Office Word and Excel files as well as OpenOffice equivalent documents up to Google, edit them, and even save off as PDF documents if need be.

    MusicPandora.com – This site has been around for a little while now, It allows you to basically make your own radio station, and it dynamically learns what music you want to listen to. A side spawn of this project is Squeezebox which allows you to turn your music library into a radio station with streaming music.

    Chat – Gaim – It’s easy to use, installed by default on Ubuntu, and supports multiple accounts. On Linux and Windows you can use Pidgin and for Mac OS X you can use Adium.

    VoIPTwinkle – So far this is the best SIP capable client for Linux I have found. You can installed it through apt-get or Synaptic on Ubuntu or download it here. On Windows and Mac OS X I use X-Lite from CounterPath. I would say X-Lite is the best of the two but the Linux version sucks in my opinion.

    PBXtrixbox – I just started using this because I’m trying to get my company or rather the company I work for into a new market so that we can make some more money as a company which personally helps me through profit sharing. Though, if I didn’t get that last bit, I would still peruse doing phone VoIP systems because I think they are interesting. I have it installed on an old PIII 500 with 256Mb of ram and it suits the needs of my wife an I just fine. A larger scale deployment would need a better server though.

    EmailGmail and Evolution – I just started using Evolution about a month ago because Outlook Web Access on Microsoft Exchange 2003 sucks when viewed from Firefox. Damn Microsoft. 🙂 Kidding. Evolution seemed to be a logical choice for me because well, it was already installed on my computer and quite frankly I needed a way to check my mail. Sounds like a match made in heaven. Gmail, as you all probably know, is free and has cool features like web sharable calendars, documents and photos. You will probably see a trend here for me liking everything Google.

    I think that’s enough for now. I’ll make a part 2 to this one pretty soon with quite a few more added programs and services that I use everyday for free. Compute free or die.

  • hackthissite.org Addiction

    Hackers Movie ImageMy brother in law was over this weekend, and bored as any teenager gets but he stumbled across a pretty neat site. Some of you have probably seen this before but for those of you who haven’t I would suggest you get yourself a comfortable place on the couch with your laptop and begin your “hacking” tutorial. The beginner portion of the hacks are very rudimentary, however, the “Basic” 5-10 stumped me pretty well as I really don’t understand Java Script, HTML or PHP for the most part. It’s starts off on level one with a basic “hidden” password that is in clear text in the source of the page. They get harder as you get going but I think I got the bug. I stayed up till 3 a.m. last night getting to “Basic” 10. Like I said, I was struggling quite a bit with the Java injection, PHP command execution and server side code execution. Interesting stuff. The site also has realistic, application, programming, logic, extbasic and Java Script missions. If I keep working on these I’ll do a few more posts on the subject of hacking, and how some of these basic methods of the art can be done. Give it a look at http://www.hackthissite.org Until then, happy hacking.