The following example balances outgoi…

Posted in Activities on December 11, 2009 by ndok

PF: Load Balancing

The following example balances outgoing traffic across two Internet
connections:

lan_net = “192.168.0.0/24″
int_if  = “dc0″
ext_if1 = “fxp0″
ext_if2 = “fxp1″
ext_gw1 = “68.146.224.1″
ext_gw2 = “142.59.76.1″

pass in on $int_if route-to
   { ($ext_if1 $ext_gw1), ($ext_if2 $ext_gw2) } round-robin
   from $lan_net to any keep state

The route-to option is used on traffic coming in on the
internal interface to specify the outgoing network interfaces
that traffic will be balanced across along with their respective
gateways. Note that the route-to option must be present on
each filter rule that traffic is to be balanced for. Return
packets will be routed back to the same external interface that they
exited (this is done by the ISPs) and will be routed back to the
internal network normally.

To ensure that packets with a source address belonging to
$ext_if1 are always routed to $ext_gw1 (and similarly
for $ext_if2 and $ext_gw2), the following two lines
should be included in the ruleset:

pass out on $ext_if1 route-to ($ext_if2 $ext_gw2) from $ext_if2
   to any
pass out on $ext_if2 route-to ($ext_if1 $ext_gw1) from $ext_if1
   to any

Finally, NAT can also be used on each outgoing interface:

nat on $ext_if1 from $lan_net to any -> ($ext_if1)
nat on $ext_if2 from $lan_net to any -> ($ext_if2)

A complete example that load balances outgoing traffic might look
something like this:

lan_net = “192.168.0.0/24″
int_if = “dc0″
ext_if1 = “fxp0″
ext_if2 = “fxp1″
ext_gw1 = “68.146.224.1″
ext_gw2 = “142.59.76.1″

# nat outgoing connections on each internet interface
nat on $ext_if1 from $lan_net to any -> ($ext_if1)
nat on $ext_if2 from $lan_net to any -> ($ext_if2)

# default deny
block in from any to any
block out from any to any

# pass all outgoing packets on internal interface
pass out on $int_if from any to $lan_net
# pass in quick any packets destined for the gateway itself
pass in quick on $int_if from $lan_net to $int_if
# load balance outgoing tcp traffic from internal network.
pass in on $int_if route-to
{ ($ext_if1 $ext_gw1), ($ext_if2 $ext_gw2) } round-robin
proto tcp from $lan_net to any flags S/SA modulate state
# load balance outgoing udp and icmp traffic from internal network
pass in on $int_if route-to
{ ($ext_if1 $ext_gw1), ($ext_if2 $ext_gw2) } round-robin
proto { udp, icmp } from $lan_net to any keep state

# general “pass out” rules for external interfaces
pass out on $ext_if1 proto tcp from any to any flags S/SA modulate state
pass out on $ext_if1 proto { udp, icmp } from any to any keep state
pass out on $ext_if2 proto tcp from any to any flags S/SA modulate state
pass out on $ext_if2 proto { udp, icmp } from any to any keep state

# route packets from any IPs on $ext_if1 to $ext_gw1 and the same for
# $ext_if2 and $ext_gw2
pass out on $ext_if1 route-to ($ext_if2 $ext_gw2) from $ext_if2 to any
pass out on $ext_if2 route-to ($ext_if1 $ext_gw1) from $ext_if1 to any

Leave A Comment »

How to Repair Corrupted rc.conf file

Posted in FreeBSD with tags on July 3, 2009 by ndok
 

Procedure on how to solve FreeBSD boot up problem with the error message:

Loading configuration files.
/etc/rc.conf:51 Syntax error: Unterminated quoted string
Enter full pathname of Shell or RETURN for /bin/sh:

This error is normally encountered if there is a misplaced or missing double quote in the configuration file of the FreeBSD installation.
Sample invalid rc.conf file:

usbd_enable="YES
dbus_enable="YES"
compat5x_enable="YES"

Note that there is a missing double quote in the example above. This error may also be triggered by a misplaced or unnecessary double quote in the configuration file.
To fix this problem:

1. (Optional) Reboot your FreeBSD and select the login option:
4. Boot FreeBSD in single user mode This can by done by pressing the number 4 upon boot up.

2. Press ENTER after the error message:
Loading configuration files.
/etc/rc.conf:51 Syntax error: Unterminated quoted string Enter full pathname of Shell or RETURN for /bin/sh:
3. Type mount -a -t ufs then press enter.
The argument following the -t is used to indicate the file system type. The type ufs is the default. The -t option can be used to indicate that the actions should only be taken on file systems of the specified type.

- or -

Type mount -a then press enter.
This will mount all the file systems described in fstab.
3. Open the configuration file by typing:
/usr/bin/ee /etc/rc.conf
You may also use your preferred editor like vi, pico, etc. by replacing ee. (/usr/bin/vi /etc/rc.conf, /usr/bin/pico /etc/rc.conf)
4. Modify rc.conf and ensure that there is no missing or misplaced characters.
5. Press ESC to exit editor.
6. Save changes.
7. Reboot by using the command:
shutdown -r now

From : http://cyberjotter.blogspot.com/2008/01/how-to-repair-corrupted-rcconf-file.html

Leave A Comment »

mpt0: QUEUE FULL EVENT: Bus 0×00 Target 0×08 Depth 128

Posted in FreeBSD with tags on July 3, 2009 by ndok

 

proxy# dmesg |grep mpt
mpt0: <LSILogic SAS/SATA Adapter> port 0×4000-0×40ff mem 0xd8610000-0xd8613fff,0xd8600000-0xd860ffff irq 25 at device 3.0 on pci5
mpt0: [ITHREAD]
mpt0: MPI Version=1.5.13.0
mpt0: Capabilities: ( RAID-0 RAID-1E RAID-1 )
mpt0: 0 Active Volumes (2 Max)
mpt0: 0 Hidden Drive Members (10 Max)
da0 at mpt0 bus 0 target 8 lun 0
da1 at mpt0 bus 0 target 9 lun 0

Scenario: Performed a clean install of FreeBSD 7.1-STABLE with a SAS RAID controller, which completed without errors. After rebooting and beginning to install packages, I started seeing the following error: mpt0: QUEUE FULL EVENT: Bus 0×00 Target 0×08 Depth 128.

Solution: Searching online indicated that the problem was with support for Tagged Command Queuing in the mpt driver. The output of camcontrol was:

proxy# camcontrol tags da0 -v
(pass0:mpt0:0:8:0): dev_openings  255
(pass0:mpt0:0:8:0): dev_active    0
(pass0:mpt0:0:8:0): devq_openings 255
(pass0:mpt0:0:8:0): devq_queued   0
(pass0:mpt0:0:8:0): held          0
(pass0:mpt0:0:8:0): mintags       2
(pass0:mpt0:0:8:0): maxtags       255

proxy# camcontrol tags da1 -v
(pass1:mpt0:0:9:0): dev_openings  255
(pass1:mpt0:0:9:0): dev_active    0
(pass1:mpt0:0:9:0): devq_openings 255
(pass1:mpt0:0:9:0): devq_queued   0
(pass1:mpt0:0:9:0): held          0
(pass1:mpt0:0:9:0): mintags       2
(pass1:mpt0:0:9:0): maxtags       255

I then entered:

proxy# camcontrol tags da0 -N 119
(pass0:mpt0:0:8:0): tagged openings now 119
(pass0:mpt0:0:8:0): device openings: 119

proxy# camcontrol tags da1 -N 119
(pass1:mpt0:0:9:0): tagged openings now 119
(pass1:mpt0:0:9:0): device openings: 119

This second command limited the size of the queue to 119, preventing the error I had seen before. To ensure that this problem wouldn’t come up in the future, I added the following line to /etc/rc.local

# Set the devq_openings to 119 to prevent problems with SAS controller

camcontrol tags da0 -N 119

camcontrol tags da1 -N 119

Doing this runs the command at every boot, preventing the problem from creeping up in the future.

From : http://www.shaddihasan.com/blog/2009/02/23/dell-poweredge-t300-sas-raid-and-freebsd/

Leave A Comment »

Lighttpd Traffic Shaping: Throttle Connections Per Single IP (Rate Limit)

Posted in Activities on June 22, 2009 by ndok

 

If you do not control or throttle end users, your server may run out of resources. Spammers, abuser and badly written bots can eat up all your bandwidth. A webserver must keep an eye on connections and limit connections per second. This is serving 101. The default is no limit. Lighttpd can limit the throughput for each single connection (per IP) or for all connections. You also need to a use firewall to limit connections per second. In this article I will cover firewall and lighttpd web server settings to throttle end users. The firewall settings can be applied to other web servers such as Apache / Nginx and IIS server behind PF / netfilter based firewall.

Read more: Lighttpd Traffic Shaping: Throttle Connections Per Single IP (Rate Limit)

Free White Papers Novell: Open Enterprise Server vs. Windows Server "Upgrade or Migrate" Business Case – Your proposal to migrate to a new server has been approved. But wait, which server environment do you select?

Copyright © nixCraft. All Rights Reserved.

Leave A Comment »

Test Post dari Windows Live Writer

Posted in Activities on April 24, 2009 by ndok

Test aja yah…. :)

Leave A Comment »

From ZDNet Australia: Security measures: Linux vs BSD

Posted in FreeBSD on October 10, 2008 by ndok

Sebuah comotan dari ZDnet Australia dan cukup menarik untuk dibaca, agar lebih mengerti keberadaanya
“From ZDNet Australia: Security measures: Linux vs BSD”

Security measures: Linux vs BSD

I hear a lot of discussion about how superior Linux is to Microsoft’s operating systems. Certainly, there are many more attacks targeting Windows and IIS platforms.

A good case can also be made that Linux is inherently more stable and secure than Microsoft products, either because it’s based on a better core of code or because it’s open source, and many individuals have a stake in monitoring and making repairs.
Monggo di woco…

1 Comment »

Upgrade pfsense dari FreeBSD 6.2 ke FreeBSD 6.3

Posted in FreeBSD with tags on October 9, 2008 by ndok

Bagi rekan yang Pfsense nya masih FreeBSD 6.2 dan ada masalah dengan squid nya bisa di upgrade dengan FreeBSD 6.3
Ini hasil iseng berkunjung ke forum pfsense, dapet link

berikut sepenggal kutipan dari comment di forum tsb

NEED TEST
Looks like the throughput issue may have resolved itself in the FreeBSD 6.3 build of pfSense 1.2_RELEASE. I have had success with the new build, please let us know if you see improvements as well.
http://cvs.pfsense.org/~sullrich/testing_images/6/FreeBSD_RELENG_6_3/pfSense_RELENG_1_2/

Interesting…we only have 3MBit of bandwidth and don’t see ANY difference between squid or direct.

ini link nya

2 Comments »

You might ask why squid on pfsense is so slow?

Posted in FreeBSD with tags , , on October 9, 2008 by ndok

Bagi yang pake Pfsense dan package squid nya di aktifin … pasti lemot dehh…. selidik punya selidik ternyata pfsense tersebut dikususkan pada class router, bukannya untuk server dengan beban tinggi sperti high load proxy server.

Monggo dibaca selengkapnya

4 Comments »

Selamat Hari Raya Idul Fitri 1429H

Posted in Lain - Lain on October 2, 2008 by ndok

تقبل الله مناومنكم صيمنا وصيمكم من الآعيدين والفائزين

Rinenggo sumunaring suryo wayah ratri.

Cinondro resik ing wadoyo.

Sugeng mangayu bagyo IDUL FITRI.

Mugi2 kito sdoyo tansah winengku ing karahayon

Leave A Comment »

Nampilin YM Status pada WordPress Kalian

Posted in Internet with tags , , on June 3, 2008 by ndok

Mau nampilin status Yahoo ! Messenger di WordPress ??

Caranya mudah dan cepat….:

buka http://wordpressmu.wordpress.com 

1. Trus masuk ke bagian admin
2. Pilih menu Desain > widget > Text (klik tambah) > Edit
3. Lalu paste kan code ini :

 

Baca Sepuasnya Deh…!!

1 Comment »

Next Entries »