Archive for category Linux

pfSense : a software alternative to your old router/firewall

Posted by mailletf in Linux, Technology on January 13, 2009

My old D-Link router, like pretty much every other router I’ve ever owned, wasn’t very reliable in some way and so I was looking for open-source alternative firmwares like Tomato to flash it with. With the clear lack of effort put into the official firmwares, I thought it couldn’t hurt to try. Unfortunately, my router wasn’t supported by any third party firmware.

During my search, I however stumbled upon pfSense, a Free-BSD based router/firewall distro. It’s small (<100mb), runs on a 100MHz PC and includes all the features you would get on a very expensive commercial router (Firewall, NAT, VPN server, usage graphs, dynamic DNS support, per-ip bandwidth usage, QoS, etc).

Throughput on WAN interface

I already had a dedicated fileserver so I installed pfSense as a VM on it using VMWare (I could also have done it with VirtualBox, a free alternative to VMWare). All you need are two NICs. I now only use my old router as a wireless access point because pfSense naturally has a DHCP server. I could even completely let go of my D-Link router if I added a wireless NIC in my server.

If you have an old PC lying around or one that could be a host to a pfSense VM, all you might need is an extra NIC to get an enterprise-grade router that will cooperate a lot more than any cheap 50$ D-Link/Linksys/Netgear/etc router.

, , ,

No Comments

Grub error 21 with Ubuntu

Posted by mailletf in Linux on October 12, 2008

Following another of my unfortunate episodes with Microsoft’s bug-free software, I decided to install Ubuntu on my home PC. After the installation on a new hard disk, I ran into a boot problem : Grub would print out error 21 and refuse to display the boot selection menu.

After doing some reading, I found that error 21 meant that Grub couldn’t find it’s config files, that are located in /boot/grub/ of my Ubuntu partition. As remmelts points out, to fix this you can usually do the following :

1. Pop in the Live CD, boot from it until you reach the desktop.
2. Open a terminal window or switch to a tty.
3. Type “grub”
4. Type “root (hd0,3)”, or whatever your harddisk + boot partition numbers are (my /boot is at /dev/sdd, which translates to hd0,3 for grub).
5. Type “setup (hd0)”, ot whatever your harddisk nr is.
6. Quit grub by typing “quit”.
7. Reboot.

I also found that running the command find /boot/grub/stage1 within the Grub shell would give you the disk and partition that should be used with the root command (in my case hd3,0). However, even by doing this, I would still get the error 21.

At this point I was suspecting that my two SATA controllers used in conjunction with a IDE hard drive where I had installed Ubuntu might be causing this funny business to happen.

I kept looking and found The Super Grub Disk, which basically gives CD or USB key bootable images with Grub installed on it. Their Grub installation has many useful tools. With it, I was able to run the find command in a Grub shell that was running outside of an OS. The result would actually be what the Grub bootloader on my machine is seeing when giving me the error 21. And tadamm : the find gave me hd2,0 instead of the hd3,0 I was getting from Ubuntu.

So by modifying /boot/grub/menu.lst and putting in the corrected hd2,0 values, I was able to boot in Ubuntu.

My system is running on an Asus A8V Deluxe board which has two SATA-Raid controllers : a VIA and a Promise. Something with my system-specific configuration seemed to modify the hard drives’ assignements after the OS booted. It might be that my sda and sdb drives are used with the Promise controller and setup as a raid 0 array; meaning that the OS should really see it as one drive, which could maybe explain that at boot time they are presented as one and thus all the other devices are bumped down one level.

, ,

No Comments

Disabling recursive queries on DNS servers

Posted by mailletf in Linux, cPanel on February 29, 2008

By default, cpanel doesn’t disable recursive queries on your DNS server. This can, I believe, open the door to possible attacks.

To be on the safe side, just edit the /etc/named.conf file and add the following lines, where ip1, ip2, etc, are replaced with the actual IPs of your server :

// added : http://forums.cpanel.net/showpost.php?p=217540&amp;postcount=27
acl "trusted" {
	ip1;
	ip2;
	127.0.0.1;
};
 
options {
	// following from http://forums.cpanel.net/showpost.php?p=217540&amp;postcount=27
	version "not currently available";
	allow-recursion { trusted; };
	allow-notify { trusted; };
	allow-transfer { trusted; };
};

, ,

No Comments