Language:
switch to room list switch to menu My folders
Go to page: 1 2 [3] 4 5 6 7 ... Last
[#] Thu Sep 18 2014 07:05:22 EDT from fleeb

[Reply] [ReplyQuoted] [Headers] [Print]


After a full week of hellish delivery nonsense with FedEx, I finally received my new hardware firewall from pfSense.

It has no fans, but it doesn't get very hot (just a tad warm, but cooler than some of the switches I've had). When it starts, after establishing a WAN connection, it plays a little tune, which I didn't quite expect.

I've used the pfSense software before. This thing has tons of bells and whistles that should help me manage anything I might want to manage in my network.

It has three NICs... one labelled 'WAN', another labelled 'LAN', and one more labelled 'OPT'. I think for most home offices, this is perfect; the WAN obviously connects nicely with the cable modem (or DSL, or whatever), the LAN for the home computers that we use for browsing the internet or playing games or whatever, and I could use OPT for servers that I'd like to run from home.

Not that it matters how you actually set things up; the firewall treats each of these equally, allowing tremendous flexibility in how you set up your environment.
But they do have some preliminary things set up that makes using the ports in this fashion more convenient.

I haven't researched it yet, but it's my understanding this thing can allow you to set up another set of IP addresses isolated from the usual set of IP addresses that allow certain machines to communicate with each other in a different network, yet the same ethernet segment. Depending on how fancy I get with it, I might set up servers in OPT, and configure another set of addresses for communicating with those servers such that only specific machines have access to them for maintenance purposes, just as added security.

Or whatever. I've always kind of found this sort of thing nifty, but I haven't had anything powerful enough to really play around.

[#] Sat Sep 20 2014 02:00:56 EDT from ax25

[Reply] [ReplyQuoted] [Headers] [Print]

pFsense is pretty cool stuff.  I have a few in place and it has (for the most part) done what I wanted.  There were rough edges that burned you for a bit in the earlier releases that seem to have been smoothed out in the later ones.  You can do some complicated plumbing with those little boxes.



[#] Sat Sep 20 2014 10:33:31 EDT from fleeb

[Reply] [ReplyQuoted] [Headers] [Print]


I'm dipping in it now.

It has already addressed one of the little problems that annoyed me... something related to occasional failed DNS queries from my original router.

Those queries are FAST. Very nice.

I have some new problems (my fault), but I figure eventually I'll figure out how to resolve those. I divided my home into two networks because I didn't have the logistics for the single network at the moment. Now, because my printer is in another subnet, even though I can access that subnet, my computer doesn't seem to want to work with it.

I want to replace all my switches anyway. They are all old 100T switches, and I think 1000T seems to be normal these days.

[#] Mon Sep 22 2014 01:19:53 EDT from ax25

[Reply] [ReplyQuoted] [Headers] [Print]

fleeb, your home network sounds a bit more complicated than mine.  Let us know what you find out, as I might learn something.



[#] Mon Sep 22 2014 08:30:17 EDT from fleeb

[Reply] [ReplyQuoted] [Headers] [Print]


A few things...

1. The fucking cable modem that Comcast gave me doesn't do IPv6. So, if I want to play with IPv6 in the general Internet, I need to replace this modem.
I want Comcast to do it... and since I'm a business customer, I can simply cite a business need for it. Which is actually fairly true; I want to test IPv6 for professional reasons.

2. It turns out, I can communicate with the printer just fine on the other subnet. In fact, I can communicate with all the machines on the other subnet without issue... pfSense is doing its job quite nicely, without having to do much with the firewall. I had mistaken the lack of pings to one of the computers on the other side as a sign that the packets were not making it there, when in fact, they were, but Microsoft doesn't respond to pings outside of its current subnet. When I pinged the printer directly, I got responses.
So, getting the printer to work is more a matter of figuring out how to deal with the damned drivers for the printer than networking... and the way to solve that is to put the machine to communicate with the printer on the other subnet, configure the printer, then return to my normal subnet. I haven't done this yet, but I know it'll work.

3. I'm going to hold off on changing my switches. I want to let my money build up for a little bit before I buy some gigabit switches. This will give me a chance to research the kind of switches I want, etc.

My home network isn't really that complicated, but it probably will be as I experiment with features. I only really have the following:

1. Two regularly-used computers that do the heaviest networking.
2. Wireless router for cell phones and laptops (visiting or personal).
3. Chromecast device on my television set, which communicates wirelessly.
4. A tablet that can act as a full-fledged Microsoft OS 8.1 computer (for developing closed-captioning stuff).
5. Raspberry Pi for playing/research
6. Two old laptops, one of which I think I'm giving away to Melvin's aunt.
7. Two cell phones, one decommissioned but used occasionally for two-phase password crap that I haven't shifted to the other cell phone, and the other I use as an actual cell-phone.
8. An Android tablet

Several of these devices work wirelessly, and I suspect I want to ensure all the wireless stuff works over an alternative set of IP addresses rather than the current set, just to keep them separated from the other machines.
That might be my first goal, to try and segregate wireless from wired (apparently, my wireless router is more of a wireless bridge than router).

[#] Wed Sep 24 2014 07:07:29 EDT from IGnatius T Foobar

[Reply] [ReplyQuoted] [Headers] [Print]

If you've got a real firewall on your network, turn off the stupid Windows Firewall. It's only going to give you THE PAIN.

[#] Wed Sep 24 2014 08:30:24 EDT from fleeb

[Reply] [ReplyQuoted] [Headers] [Print]


The fact that I have Windows machines in my network gives me The Pain.

[#] Wed Sep 24 2014 14:16:23 EDT from vince-q <vince-q@ns1.netk2ne.net>

[Reply] [ReplyQuoted] [Headers] [Print]

Sep 24 2014 5:30am from fleeb @uncnsrd (Uncensored)

The fact that I have Windows machines in my network gives me The Pain.




As well it should!

[#] Mon Sep 29 2014 09:55:28 EDT from IGnatius T Foobar

[Reply] [ReplyQuoted] [Headers] [Print]

The fact that I have Windows machines in my network gives me The Pain.


That's just the blunt force trauma from Ballmer throwing a chair at you.

[#] Mon Sep 29 2014 10:29:21 EDT from fleeb

[Reply] [ReplyQuoted] [Headers] [Print]


It's a little known fact that Ballmer visits random homes and throws chairs at people while they use Windows.

[#] Tue Sep 30 2014 00:29:08 EDT from ax25

[Reply] [ReplyQuoted] [Headers] [Print]

If you are un-lucky enough to know someone that runs RT, it is sad to watch.  They get those cartoon safes dropped on them.



[#] Fri Oct 10 2014 19:28:38 EDT from IGnatius T Foobar

[Reply] [ReplyQuoted] [Headers] [Print]

What's sad to watch is that they won't let RT or Surface die.



[#] Sun Oct 12 2014 22:42:20 EDT from ax25

[Reply] [ReplyQuoted] [Headers] [Print]

I just commented about this with a friend that is doing some testing with tablets (android and i-whatevers) for a wide roll-out of tablets, and the Surface and RT had not even been considered.

 



[#] Sun Oct 26 2014 09:47:37 EDT from IGnatius T Foobar

[Reply] [ReplyQuoted] [Headers] [Print]


I'm a nerd and I like it!

Ever since we moved into the new house I've had trouble with wifi. I can't really move the main router, and I didn't like having to run two of them.
So I bought a commercial grade access point, a Cisco Aironet AP1242 on eBay for $50.

These things sell for pretty cheap because they're usually found "in the wild" with a dependency on Cisco's wireless controller hardware. But if you know where to get the right firmware, and have the skills to reload it, they can be turned into really good quality standalone access points.

Now I've got mine placed on a wall at the bottom of a stairway right in the center of the house. The cable from it is completely concealed, as it runs through the wall into the closet of my son's ground floor bedroom (yes I could have probably just put the AP *in* the closet, but I'm a nerd and I want my Cisco on display) and I even got a midspan PoE injector back in the equipment rack to power it.

The wifi radio in the router has now been shut off, the second router has been decommissioned, the whole house now has good coverage, and I am a happy nerd.

[#] Sun Oct 26 2014 15:23:42 EDT from vince-q <vince-q@ns1.netk2ne.net>

[Reply] [ReplyQuoted] [Headers] [Print]

You could have done the same thing with a home-built 5 Ghz discone antenna, a small coax jumper, a receive pre-amp and a 5w transmit amplifier and... oh, forgot, you don't have that ham license... <evil grin>

--K2NE

[#] Mon Oct 27 2014 16:52:18 EDT from IGnatius T Foobar

[Reply] [ReplyQuoted] [Headers] [Print]

I could, but then I'd have a 5 GHz discone antenna, a small coax jumper, a receive pre-amp and a 5w transmit amplifier sitting in my stairway.  I don't think the license would be the limiting factor.



[#] Tue Oct 28 2014 02:22:38 EDT from vince-q <vince-q@ns1.netk2ne.net>

[Reply] [ReplyQuoted] [Headers] [Print]

Oct 27 2014 1:52pm from IGnatius T Foobar @uncnsrd (Uncensored)
I could, but then I'd have a 5 GHz discone antenna, a small coax
jumper, a receive pre-amp and a 5w transmit amplifier sitting in my
stairway.  I don't think the license would be the limiting factor.


The point was that it would no longer have to be in your stairway...
--K2NE

[#] Tue Oct 28 2014 11:25:46 EDT from IGnatius T Foobar

[Reply] [ReplyQuoted] [Headers] [Print]

But I *like* having a commercial grade access point in my stairway. It's a nerd trophy sort of thing. The fact that the wiring is concealed inside the walls is a handyman pride sort of thing.

If I ever decide to take up ham radio, it'll be on its own terms and for its own purposes.

[#] Tue Oct 28 2014 12:47:33 EDT from vince-q <vince-q@ns1.netk2ne.net>

[Reply] [ReplyQuoted] [Headers] [Print]


If I ever decide to take up ham radio, it'll be on its own terms and

for its own purposes.


If there is even the slightest bit of "prepper" in you, the time to "take up ham radio" is now.

There is a rapidly growing "movement" toward the establishment of a mesh network using commercially available ethernet routers that also do WiFi - on the shared band (WiFi and ham radio - I believe it is 5Ghz) where WiFi channels 6 and up actually lie inside the (primary service) amateur radio allocation.

There's ham-hacked firmware for the routers that qualify.
You can run up to the legal amateur radio limit in power output from the transmitter (1,000 watts).
You can build and use any antenna system your brain can conjure.

You are no longer limited to "what is legal" under WiFi or WiLAN rules.

And just about, if not all, linux distros have the AX.25/ham stuff either already built in, or easily installed via apt-get. (or your distro's equivalent).

And since your 'uncensored' Citadel is - for all intent and purposes - completely void of commercial content (meaning: nobody is buying or selling as a business; used stuff is ham-legal), you could even have your BBS accessable via ham packet radio.

Now, is THAT enough reason?!?! <very evil grin>

--K2NE

[#] Tue Oct 28 2014 12:59:05 EDT from LoanShark

[Reply] [ReplyQuoted] [Headers] [Print]


Interesting. Sort of the problem, though, is tricking your laptop, iPad etc out so that it has enough transmit power to talk BACK to your tricked-out base station from any distance... eh?

Go to page: 1 2 [3] 4 5 6 7 ... Last