ascorbic
-
Posts
129 -
Joined
-
Last visited
-
Days Won
1
Posts posted by ascorbic
-
-
You want to treat it like it's on a DMZ?
Almost. I am going to forward a few ports to that machine but I am also going to open up RDP. I do not want the external RRP users to be able to access my local network. I have little doubt they will try so I want a basic level of security to protect against it.
-
Honestly a deny all access list for it would probably work better, but I don't think DD-WRT has that type of functionality. Another way would be to use the deny feature using the Access Restrictions. But for adding for an IP table, the command would look something like this:
iptables -I FORWARD -d IP ADDRESS -j DROP
Or if you wanted it to generate a log to see if someones really trying to get into it, use:
iptables -I FORWARD -d IP ADDRESS -j logdrop
Thanks for the reply. It looks like the access restriction features of dd-wrt only can deny outgoing (internet) traffic. I want to only allow internet traffic and deny all local traffic.
How does this iptables rules allow internet access but deny local intranet traffic?
-
I have a virtual machine on my network which I do not want to be able to access the local network. My router runs dd-wrt. The virtual machine is running within esxi. I looked into vlans, but that seems like it would segment the entire virtual server. I only want one specific virtual machine to be segmented so that it can only access the internet.
I am thinking that adding an IPTables rule to drop all local traffic from that ip/mac address would be the best solution, but I am more than open to other suggestions. I am not worried about ip/mac address spoofing.
Do you have any other suggestion? If not what would the IPTables rule look like?
Thanks!
-
I've seen a couple different ones of these now, all based on the sheeva plug, but with various different tools and systems. There is even a black one, thats not a sheeva plug, but looks like an ordinary black power adapter, that contains a video camera with SD card for recon. Spy Associates has it for sale: http:/www.spyassociates.com/motion-activated-spy-ac-adaptor-hidden-color-camera-and-video-recorder-p-3955.html
That one is just a video recorder though, no SSH access.
-
So someone thought it would be a good idea to take a Sheeva Plug, add 3G and preload it with all sorts of goodness. I like.
-
Get your degree and get a relevant job while in school. When you graduate you will have a degree and experience, that will put you above everyone else graduating at the same time as you. Both are needed.
-
I am not crazy about apple products for various reasons, I'd sell it and but one of the upcoming tegra based tablets.
-
Ok few things, your network is only has fast as its slowest link. So with that in mind if you want to run say a gigabit network but your old router is only say 100mps fast, it will slow down the rest of the network. Yes you can set your router into bridged mode and have it for extra ports on the network but you will need to tweak a couple of settings on it.
This isn't entirely correct. If you want to phrase it that way you would need to say "your network is only has fast as its slowest link on the path from source to destination"
You can have a mixed mixed speeds. Anything which is on the gigabit network will be able to take advantage of the gigabit speed, but will only be limited if they are accessing something on a slower lan. And anything on the slower lan will be limited to that speed, even if they are accessing something on the gigbit network.,
-
Patience.
Computers never seem to be fast enough or good enough for me. My work machine is a dual socket, quad core xeon and compiling still takes too long. I need some SSDs.
-
Episode 7x18
in Hak5
On the episode Darren said that he set the bios to power on when a power source is connected. How exactly did he get into the bios the first time without having a power button available? I remember him mentioning crossing some wires, but I'm not sure exactly what he did.Look on your motherboard. Find the two pins that you will plug the power button into. It will usually be in a grouping of a dozen or so pins. Cross those two and your machine will boot. Or even rip a power button out of an old case and just plug that in.
What type of motherboard do you have? We can cross reference the manual online and point out the exact pins.
-
I had a .co.uk domain that had one month left, and godaddy wouldn't let me transfer it to another registrar. I didn't see there being any point in ringing them up or emailing them, as the whole purpose of an account control panel is so the customer has control over everything. Obviously not in my case.
In the end I cancelled the domain through Nominet (for UK domains) and got it again from gandi.net, where I used a free voucher.
I am very happy with discountasp.net.
Dreamhost was my second choice but discountasp.net had the price advantage.
-
I have a spectacular idea for a new social networking website. One like it does not yet exist. What should I do with such an idea?
Step 1. Come up with spectacular idea.
Step 2. ???
Step 3. Proft!
The only thing I can think of for step two would be to take the spectacular idea and make it a spectacular functioning website.
-
Thanks for your fast replies guys!
I really like those products you have suggested, but I'm afraid, they're a bit out of my price range...
I believe my MB does have an extra PCI-E slot that could be utilized for an e-SATA controller...
As far as HDDs go, all I have at the moment are a bunch of 500GB drives and replacing 14 drives that are already installed in my box would be extremely expensive...
I did get another idea though... I have another box (bigger than my current one) which is used for my ESXi server. I was trying to set it up for my FreeNAS, but there were some issues with the SAS controller I am using. Is it possible to plug in a bunch of drives into that box and link them to my NAS box w/out using FreeNAS VM? I have had some issues with a raid controller when using it as pass thru to access drives directly from the VM.
Thanks again.
dimaj
So you have 7 tb over 14 drives. If you replaced everything with larger 2tb drives you would only need four drives (ten less, that is huge! think of the power savings) Once you max out the physical space in your machine you'd be at 28tb. I would set myself up to go down that path, that is four times your current capacity. You don't even need to buy four drives off the bat, but that will depend on your current configuration. If you can replace one 500gb drive wih one 2tb drive that would be 1.5tb's extra capacity.
But, if a $100 eSata hub is out of your price range, how are you going to afford the extra disks to expand your capacity? If you are near filling up your current 7tb capacity and you are just going to reuse some old drives you are going to max that space out and be in this same situation in a very short while.
Don't go with some hokey solution, it will just be a pain in the ass down the line. Let your NAS be your storage provider without wacky dependencies.
-
Hey guys!
I have a FreeNAS box at home that is filled with hard drives and I'm running out of space. Unfortunately my case doesn't have any more space to add new hard drives, so I was hoping to get some sort of an external rack with an eSATA connector. On top of that, I was wondering if it is possible to use a single eSATA connector to recognize that this device has x number of hard drives that I could use independently (i.e. if I have a 4-bay rack, I would like to have 2 of those 4 HDDs to be on Raid 0, etc).
Thanks for your help.
dimaj
You can use an eSata Hub or better yet an IcyDock.
But if I was in your situation I would max out the existing machine with 2tb drives. The reason I prefer this approach is because when you connect multiple drives to your system via one eSata port you are limiting the bandwidth of all the external drives down to that one eSata connection.
How many drives do you have now and what is the capacity of each?
-
www.mini-box.com and www.logicsupply.com offer a ton of tiny hardware that should fit your bill. Just pick and play, or choose a prebuilt system http://www.logicsupply.com/categories/firewall_systems
Pretty much everything on those sites will work.
-
I know it has been a few weeks since I last updated this thread, but someone recommended that I check out ClearOS. I have only been testing it today, but I am really impressed so far. Resource usage is pretty low (not the lowest I have seen but it is on par with what I saw with Smoothwall). It has a ton of extra features that so far appear to work (have not tested _all_ of them yet but better luck so far then others). It also has really nice reporting tools and a easy to follow interface.
After only a few hours with it, I am about 99% certain that I won't be going back to messing with ebox. There are a few things that I have to answer first before I make the final dive, claim it to 'be all that', and knock out Untangle to make ClearOS my primary firewall but I am really close to it.
Anyway, just throwing that out there as it wasn't mentioned before in the other posts.
Thanks for the info. I looked into Clark Connect but didn't get too far. Apparently ClarkConnect is dead and has moved onto or has just been renamed to ClearOS. I think Clark Connect was commercial so I didn't look too deeply into ClearOS. I think I ended up searching for the community edition and got discouraged.
It turns out there is no community edition because it is 100% free now. So I thought what the hell lets give this another try. For some strange reason I can't boot their ISOs on an ESXi instance. I verified the MD5 hashes and I have tried booting with other isos. Other ISOs work fine. When I try theirs I get an Operating System cannot be found error.
I see they offer a VMware image, but you usually need to do some conversion to get them working with ESXi.
-
What speeds can you get with x4 10rpm hdd, set up in raid 5 in FreeNas?
I don't know about FreeNAS specifically but with my home setup running openfiler I have noticed the limiting factor is my desktop, it isn't quick enough to feed openfiler but I usually get around 60mb/sec transfer rates.
-
Someone just told me that your internet does not affect local network transfers.
?
This is correct.
-
Thanks for the replies, I was hoping for a real NAS, not just something on top of Windows.
-
It's not September yet, so it hasn't been over a year yet. ;)
Hmm, according to http://www.smoothwall.org/get/ as of this post the last update is "SmoothWall Express 3.0 SP1 Released - 8th January 2009"
-
What can you do to increase the transfer speeds and reduce the overhead? Raid, gigabit, a better os I guess.
The easiest are probably:
Raid on the NAS box with SCSI or 10k rpm drives
Gigabit every where using Intel NICs (no realtek)
Jumbo Frames enabled on the router/switch
-
Could i put a "gigabyte" thing in my box, to make it go faster?
This cracked me up a little.
In a word, No.
Your box could have a 10 gigbyte "thing" and it would still probably perform the same. Your entire network needs to be gigbit if you want to see faster speeds. That means the FreeNAS box as well as your buffalo router.
But gigabit alone will not guarentee faster transfer speeds. There are lots of small factors all over that affect network performance.
-
I have been testing with a 1 GB movie.
Where can i print off my current settings? Do i need to type them out?
What are the speeds of your hard drives on both the client machine and FreeNAS machine.
I am not sure about printing out FreeNAS settings, I used it probably a year ago now.
-
100 mbps, thats what's in the box, and its a buffulo router?
Is that what your asking?
btw what is the average NAS speed?
Close enough I suppose.
Average NAS speed will vary widely depending on hardware, files being transfered and a bunch of other things.
Here is what you need to understand though, 100 mbps is megaBITS which is 12.5 megabytes. When you say 10 plus I am guessing you want 10 megabytes/sec, that will never happen with your current set up. TCP overhead alone can lop off almost 30% of your connection speed which would bring your theoretical max down to 8.75 megabytes/sec.
I'd guess 2-3 megabytes/sec is probably the max you'd see. Try transfering a good sized 5 gig file for a test. Lots of small files will take longer than one big file.
What are your FreeNAS settings?
Iptables Basics - Drop Packets To Local Network
in Questions
Posted
Ahh interesting... Yes all the machines are on the same subnet. The problem with the VLAN, at least that it seems to me, is that it will filter out the entire virtual server. There is only one physical ethernet cable connected to the physical machine, but there are a few virtual machines.
I feel like this has to be possible. When you buy a virtual server from godaddy, you cannot access local traffic. I am basically trying to mimic the same setup.