22 Feb

I Hear You Now

openvpn01

And now…well…wish I knew.  OpenVPN has a GUI addon of which I would have been aware, had I only read all of the documentation for Endian.  I think I almost have it.  I think I need to create a new server certificate and actually use the “Download Certificate” button rather than cutting-and-pasting.

20 Feb

Astronomy 161 and Endian Update

Please please please, do your brain a favor and listen to the Astonomy 161 lectures by Richard Pogge (Ohio State).

saturn_icon

Astronomy 161 – An Introduction to Solar System Astronomy

gal_icon

Astronomy 162 – Introduction to Stars, Galaxies, & the Universe

Great stuff!

In other news, Endian remains the bomb-diggity.  Three minor-ish criticisms:

  1. The out-going firewall interface needs the ability to create rulesets with a range of ports, rather then just by one at a time.  This was somewhat mitigated by the discovery that I can acually put an FQDN into a rule…Stupid Microsoft Streaming Media Services (SM SMS).
  2. Ident, port 113 is enabled, but closed, by default.  What?  So, I’m in stealth on all the well-known ports…except 113?  I mean, come on! Let me open it up if I need it.
  3. Why, oh, why does it reply to ICMP (ping) on the external interface!?!??!  What in the world!? Oh, and how do you turn it off?  What?  No one knows??!?!?  Give me a break, here, guys. 🙂

I need to do some more testing with OpenVPN to see if I hate it as badly as I think I do…

These are relatively minor complaints.  As far as a firewall goes, and a proxy, it’s running REALLY well.  50-billion or so times more secure than my little Belkin.

Point three above though, is the most troubling.  I’ll probably have to do some M4D ipchains hax0ring to fix it.

07 Feb

TANK! Endian Update 3

Well, adding another 128MB of RAM really…uh…lowered the used swap space.

SWAPON!  (for all you slackware guys out there)

Anyway, I’m going to see how well the DynDNS agent works.  If that part is successful, I’ll enable the VPN services and test it. 

So far, I’m pretty impressed.

03 Feb

Endian Issues and Fixes

Ok, really quick:

The proxy service wouldn’t start.  Which was really irritating, as that is what seems to drive the anti-virus and content filtering.  So, I went searching.  On the mail lists, I found this:

Roger Grant wrote:
>
> I had the same problem, it looks like squid is failling if the blue
> interface is not defined.
> Here is the output from squid (on a vanilla install with 3 interface
> red,green,orange)
>
> FATAL: Bungled squid.conf line 74: http_access deny EFW_src_orange
> EFW_dst_blue
>
> I resolved this by enabling “Allow Access from ORANGE to BLUE:” in the
> “Nework based access control” of the proxy configuration page.
>
>
> Impetus wrote:
>>
>> hello comunity, happy new year……
>> i am running endian 2.1 now, with no problems exept i am unable to start
>> the proxy.
>> i ticked proxy on green and transparent proxy on green, then all acsess
>> to the net is blocked.
>> allso on status – Services Web proxy is stopped (brown). i restarted the
>> systen several times, no
>> difference….
>>
>> any ideas? please help
>>
>> regards urs

And sure enough, ticking the checkbox started the proxy service right up.  I’m thankful for the GUI, but abstracting control can sometimes cause these little issues.  Oh well.

Now I can comment better on sizing.  A PIII level machines seems to work fine, however, I only put in 128MB of RAM (for some reason).  I am using tons of swap space according to the system stats and 99% of physical memory.  In other words, I need to at least double the RAM.  The problem is that PC100 is old enough that it’s hard to find.  But I think I have a source.

So far, Endian seems to be running great.