if your working with Ubuntu in lab or test env, you may want to disable firewall…. two simple commands;
sudo ufw disable sudo apt-get remove ufw Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages will be REMOVED:
0 upgraded, 0 newly installed, 1 to remove and 3 not upgraded.
After this operation, 838 kB disk space will be freed.
Do you want to continue? [Y/n] Y
(Reading database ... 64052 files and directories currently installed.)
Removing ufw (0.35-0ubuntu2) ...
Skip stopping firewall: ufw (not enabled)
Processing triggers for man-db (2.7.5-1) ... Just built a pfsense router on a pc engine to replace my aging 7390 fritzbox…. Very very awesome and fast!
Perfect for UFB (ultra fast broadband) here in New Zealand – FTTH has arrived :)
I’m currently running these services on it (2 x 1GHZ cpu, 4GB RAM, 16GB msata SSD);
dhcpd – DHCP server miniupnpd – UPnP server ntpd – NTP server squid – Transparent Proxy & Reverse Proxy snort – IDS (Intrusion Detection System) / IPS (Intrusion Prevention System) ssd – SSH server unbound – DNS Server ipsec – IPsec VPN (site to site VPN) openvpn – Open VPN (client VPN) Check these links for some great advise… https://mateh.id.au/2014/09/build-awesome-apu-based-pfsense-router/ http://www.smallnetbuilder.com/other/security/security-howto/31406-build-your-own-ids-firewall-with-pfsense http://homeservershow.com/building-your-own-super-router-with-pfsense-and-untangle.html
Grab hardware here –
http://www.pcengines.ch/apu.htm Posted in Home PC, Linux, Networking | Tagged 7390, apu, dhcp, dns, firewall, fritz, IDS, IPS, pfsense, resolver, router, snort, squid | You may find you install a SSL cert, but certain browsers show the connection as unsafe (i.e. mobile browser has issues but desktop browsers are happy)
This generally points to not having the cert chain correct. You can check your cert chain at sites like –
Download your Intermediate and Primary Certificates. Open a text editor (such as notepad) and paste the entire body of each certificate into one text file in the following order: The Private Key – your_domain_name.key The Primary Certificate – your_domain_name.crt The Intermediate Certificate – gd_bundle_g2_g1.crt The Root Certificate – TrustedRoot.crt
Make sure to include the beginning and end tags on each certificate. The result should look like this:
—–BEGIN RSA PRIVATE KEY—–
(Your Private Key: your_domain_name.key) —–END RSA PRIVATE KEY—– —–BEGIN CERTIFICATE—– (Your Primary SSL certificate: your_domain_name.crt) —–END CERTIFICATE—– —–BEGIN CERTIFICATE—– (Your Intermediate certificate: DigiCertCA.crt) —–END CERTIFICATE—– —–BEGIN CERTIFICATE—– (Your Root certificate: TrustedRoot.crt) —–END CERTIFICATE—–
Save the combined file as
your_domain_name.pem. The .pem file is now ready to use.
I had the above issue after a squid upgrade and after changing from http_port 3128 transparent to http_port 3128 intercept.
Add “http_port 8080” line to squid.config to avoid this message, if you are not already using that port.
The changes in security require that a separate port be setup for forwarding proxy requests
i only have vdsl at home and host my website via it… the following graphs shows when nginx started serving faster than the vdsl connection could handle (which is about 9Mbits)
ngnix with cache enabled, gzip enabled and set to 6
ngnix with cache enabled, gzip enabled and set to 9 (maximum)
ngnix with cache disabled, gzip enabled and set to 9 (maximum)