if your working with Ubuntu in lab or test env, you may want to disable firewall…. two simple commands;
sudo ufw disable
sudo apt-get remove ufw Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages will be REMOVED:
0 upgraded, 0 newly installed, 1 to remove and 3 not upgraded.
After this operation, 838 kB disk space will be freed.
Do you want to continue? [Y/n] Y
(Reading database ... 64052 files and directories currently installed.)
Removing ufw (0.35-0ubuntu2) ...
Skip stopping firewall: ufw (not enabled)
Processing triggers for man-db (2.7.5-1) ...
Just built a pfsense router on a pc engine to replace my aging 7390 fritzbox…. Very very awesome and fast!
Perfect for UFB (ultra fast broadband) here in New Zealand – FTTH has arrived :)
I’m currently running these services on it (2 x 1GHZ cpu, 4GB RAM, 16GB msata SSD);
dhcpd – DHCP server
miniupnpd – UPnP server
ntpd – NTP server
squid – Transparent Proxy & Reverse Proxy
snort – IDS (Intrusion Detection System) / IPS (Intrusion Prevention System)
ssd – SSH server
unbound – DNS Server
ipsec – IPsec VPN (site to site VPN)
openvpn – Open VPN (client VPN)
Check these links for some great advise…
Grab hardware here –
Posted in Home PC, Linux, Networking |
Tagged 7390, apu, dhcp, dns, firewall, fritz, IDS, IPS, pfsense, resolver, router, snort, squid |
You may find you install a SSL cert, but certain browsers show the connection as unsafe (i.e. mobile browser has issues but desktop browsers are happy)
This generally points to not having the cert chain correct. You can check your cert chain at sites like –
Download your Intermediate and Primary Certificates.
Open a text editor (such as notepad) and paste the entire body of each certificate into one text file in the following order:
The Private Key –
your_domain_name.key The Primary Certificate –
your_domain_name.crt The Intermediate Certificate –
gd_bundle_g2_g1.crt The Root Certificate –
Make sure to include the beginning and end tags on each certificate. The result should look like this:
—–BEGIN RSA PRIVATE KEY—–
(Your Private Key: your_domain_name.key)
—–END RSA PRIVATE KEY—–
(Your Primary SSL certificate: your_domain_name.crt)
(Your Intermediate certificate: DigiCertCA.crt)
(Your Root certificate: TrustedRoot.crt)
Save the combined file as
your_domain_name.pem. The .pem file is now ready to use.
I had the above issue after a squid upgrade and after changing from http_port 3128 transparent to http_port 3128 intercept.
Add “http_port 8080” line to squid.config to avoid this message, if you are not already using that port.
The changes in security require that a separate port be setup for forwarding proxy requests
i only have vdsl at home and host my website via it… the following graphs shows when nginx started serving faster than the vdsl connection could handle (which is about 9Mbits)
ngnix with cache enabled, gzip enabled and set to 6
ngnix with cache enabled, gzip enabled and set to 9 (maximum)
ngnix with cache disabled, gzip enabled and set to 9 (maximum)