Tiernan's Comms Closet

Geek, Programmer, Photographer, network egineer…

Announcing B2 Uploader and Hubic Testing 2.0

January 15, 2016
0 Comments

I have 2 new side projects to announce on the site today. First has been running for a while (first check-in was December 28th) and it’s called B2Uploader. Its a fairly simple Windows application to upload files to BackBlaze B2. If you are not familiar with BackBlaze, they provide unlimited backup storage for the low price of a fiver a month. They are the guys who design the BackBlaze storage pods (I want one, by the way!) that allow them to provide unlimited storage for the fiver a month (I currently backup over 4Tb to them!), and late last year, they started offing B2 which is a storage platform on their pods, and it has a (somewhat) easy to use API. AND ITS CHEAP! half a cent, up 0.5c, per gig stored per month! That’s crazy cheap!

B2Uploader uses the B2 API to upload files (it could do more, but currently, as the name suggests, its upload only). Its quite simple, and all the code is available. More stuff coming over the next few weeks. some of the usual badges for open source applications are below. if you want to shout at me, shout in the Gitter chatroom and I will reply. You can see the latest builds over on travis-ci, and the latest releases are available on GitHub.

Join the chat at https://Gitter.im/tiernano/b2uploader

Build Status

The second project is still in the planning phase, and it’s an update to an older project I was working on called HubicTesting. The name is very cleverly called, wait for it… HubicTesting 2.0! I have mentioned Hubic before here. Cheap (about a tenner a month) for lots of storage (10TB!) but an odd API.. It uses Swift for storage, but has a weird(ish) API for authentication. Anyway, more details will be on the site once I write it up.

So, anyone needing to upload files to B2, check out B2Uploader. Want to work with stuff on Hubic, check out HubicTesting 2.0. Any questions, drop me a mail or find me on the Gitter channel. Have a good one!

Edge Router, Sophos UTM, DMZ and LAN Networks

September 30, 2015
0 Comments

I have been using an EdgeRouer POE as my main router for most of the network (some of the network still uses PFSense as a router, but thats being removed soon) for the last few weeks, and i am quite happy with it. I also have a second router, a Sophos UTM VM between my first LAN (essentially a DMZ) and my client LAN (there will be more “LANs” over there soon). The Client LAN is NATed between the DMZ and the LAN, which means anything on the LAN i want to access from the DMZ has to be port forwarded… Ideally, not much from the LAN should be accessible though the DMZ, but in my initial setup, stuff like Plex, etc, is…

What i wanted to do was setup a proper firewall between both networks, without the use of NAT… Do do this, i first had to disable th masquerading rules in Sophos:

next, on the EdgeRouter, i added a static route to point at the new network:

And finally, under firewall rules, i allowed what i wanted to allow (in this case, SSH from any DMZ client (not advised) to my Mac Mini).

And that, as they say, is that! So far, so good!

Network and HomeLab V.Next (Part 4)

September 16, 2015
0 Comments

So, after some messing, tweaking, and thinking, I have made some progress with the home lab… or at least broken some stuff… I mentioned previously that i had a Ubiqititi networks EdgeRouter POE in the home lab. Originally, the plan was to use a Virtual PFSense box for my core router… Given the power usage of the current PfSense Box (I have 2 MPower Pro’s watching power in the lab) I am now thinking of moving to just the EdgeRouter for, well, edge routing… below is the usage of the ProLiant for the last 12 hours or so:

for the same period, here is the usage for the Edge Router:

I am also setting up a DMZ for front facing services, and then a LAN for inside facing machines. There will be a firewall (currently thinking Sophos UTM or similar) between the DMZ and the network. Some machines will be able to access the DMZ, and there may be machines allowed into the LAN, but only some things… not even sure if that would be done…

I also need to work out the VLAN side of things. I have currently though of the following VLAN setup:

  • WAN 1 (connected directly to the Cable modem)
  • WAN 2 (again, direct to cable modem)
  • LAN Network
  • DMZ Network
  • VoIP Network
  • IOT (stuff for running the house, like Nest, the MPower devices or the like)
  • Media Network (Plex, Roku, Apple TV, Chrome Cast, etc. Not sure if i need to separate this, but it might be done…)

The current Cisco 3560G switch should do all that, without problems, so no new switch needed… lets see what i can break over the next while…

Windows Server 2012 R2 returning to The GodBoxV2

August 23, 2015
0 Comments

After a few months of running Sabayon Linux on the GodboxV2, i am going back to Windows Server. Back around October of last year, i installed Windows 10 Preview on the GodBoxV2, and, well, there where issues with graphics drivers, etc. Then, some time after, i cant remember off hand when, i moved to Sabayon Linux. Its based on Gentoo but has a lot of the components pre-built. Gentoo is a “Build from scratch” sort of OS. You get a basic kernel and a basic set of components, but you build everything else from scratch… including rebuilding the kernel if you want. Sabayon, on the other hand has all that mostly prebuilt, though you can still use Gentoo’s Portage to build stuff yourself.

Anyway, for the last few months, all was going mostly well… but I miss Windows. And, given i have pretty much always ran a server OS on my main workstations, I am heading back to Server 2012R2. I was tempted by 2016, but its still very early days… Maybe i will run it as a VM for a while, but we will see…

ZFS Home storage pool

August 10, 2015
0 Comments

Over the weekend, my BTRFS pool for my /home directory on Linux failed… Not sure what happened, but it made me
do something i wanted to do for a while: Build a ZFS pool for my home dir.

First things first, the pool consists of 4 2Tb hard drives and 1 128Gb SSD. Its setup in RAIDZ1 (equivilent of RAID 5)
and then the SSD is set for caching.

To create the pool i ran

zpool create home raidz sda sde sdf sdg

then, to add the cache drive

zpool add home cache sdd

the pool (in my case) got mounted to /home, and then i restored my backup to it. to do some tests, i can the
following…

614MB/s write and 5.3GB a second read is nothing to be sniffed at! 🙂

Ubiquiti EdgeRouter PoE in the lab

August 5, 2015
0 Comments

Today, my Ubiquiti EdgeRouter POE arrived in the house. I got it hooked up to both UPC connections (as secondary connections) and all seems to be working grand. Some notes i wanted to put up here:

  • out of the box, the install was quite simple. set my Ethernet connection to a static ip in the 192.168.1.x/24 range,
    using 192.168.1.1 as gateway and dns, and then point at http://192.168.1.1 for admin. login (ubit for both username and
    password) and heay presto. I was asked did i agree to the license, and then im in.
  • by default, NAT is off… i turned it on, and enabled DNS and was able to surf.
  • I also noticed the software was out of date… Oddly, there did not seem to be an option to update automatically, but
    you can manually download the tar and upload it, which i did.
  • so far, so good… not sure yet if i will be using it as my main router, but it may end up being a VoIP router.

Finally, speed test result below:

More Ubiquiti stuff arriving tomorrow… will post more stuff then.

Network and HomeLab V.Next (Part 3)

July 15, 2015
0 Comments

So, this part of my article set will be talking specifically about the router and wireless network. At the moment, my router is way overkill:

  • Old HP Proliant ML110 G5
  • Intel Core2Quad Q6600
  • 8 Gb RAM
  • total of 12 Gigabit network cards (of which 4 are currently used…)
  • 500Gb HDD

I have been playing with some networking in the house and have managed to build some VLANs. The modems are connected both directly to the Router
and to a dedicated switch port for a given VLAN. The plan for the upgrade, which i hope to complete sooner than the rest of the network is as
follows:

  • get the ML110 running ESXi and visualize PFSense. Give it 2gb of RAM and some processor.
  • take some of the network cards out of the box. It does not need 12 ports, but maybe leave the 2 quad ports in there. They should be connected
    to the main switch trunked. 8 may be overkill, but i never do things by half.
  • the PFSEnse VM should be connected to all 3 WAN VlANs (900, 901 and 902) and should also have at least one port to the LAN. There may also be
    other ports for other internal VLANs.

with the spare processor, i can then add other (small) VMs to this machine.

Network and HomeLab V.Next (Part 2)

June 23, 2015
0 Comments

So, in my last post i talked about the requirements for the home lab, and in this post, im going to talk about a few more updates i have made in the last few weeks.

First, the processors: in the first post, i talked about Xeon D or Xeon E3… Well, i missed one… The Xeon E5. I have 2 of these in GodBox 2, and you can get them into a microATX board. There does seem to be some limits with the microatx boards, but hopefully enough searching will find me what i am looking for. Ideally, i want it to take “normal” DDR3/4 memory (not SODIMMs like the ASRock one above) and also take enough of them to run 64 or 128Gb of ram (thinking 8 would do the job!). Also, i would like to have 4 GigE ports onboard and 1 management port. 4 onboard is not a hard requirement: If i can get one with 2 ports, i can always get a 4 port card for the PCI-Express slot… Finally, i would like it to have at least 6 SATA ports and possibly an MSATA port. Thinking Boot off MSATA (Windows Server 2016 Nano Server would be used), 2 SSDs and 4 HDDs. Using Storage Spaces, use the 2 SSDs as “Fast” storage for the pool.

I also think i moved off the idea of 10Gb. I like the idea of it, but given a small 10Gb switch costs upwards of a grand, and the plan is to build a machine for that price, i would prefer a fifth machine and using my existing Cisco 48 port switch and leave 10Gb as a future upgrade.

Also, changed from last time round is machine count. Originally i was saying 3-4 machines… now i am thinking 6-7… 5-6 of them should be Hyper-V boxes and the last one would be a Media Box.

I also think the Synology or SAN requirement is out… Hyper-V can be setup to do replication between hosts, and with a 4Gb link to the LAN, i think i should be OK. Also, if i have the media box separate, i should be ok there too. I will detail the media center in a later post.

So, any suggestions or thoughts on what should and shouldn’t be looked at?

Network and Homelab V.Next (Part 1)

June 14, 2015
0 Comments

So, its that time again… HomeLab upgrade time… Or at least the planning for it. I am in the process of rebuilding my home lab, which involves pull all old servers out of the rack and replacing them with new ones… It also means rewriting the network, possibly upgrading some existing gear and hopefully getting the whole lot done on a budget of some sort…

So, why? Well, biggest reason for all this is currently heat and power usage. We use about 4-6x more electricity than the average house here in Ireland, which means our electricity bill is fairly high. It also means that the lab, which is also my office/bedroom, gets quite warm and uncomfortable during the summer month. There is an Air-Con unit in the room, and, well, that’s costing the most on electricity!

So, what I got is a basic overview of what I want from the homelab and hopefully in the next post, I will have an idea of what it will look like..

  • 3-4 machines running a Hyper Visor (HyperV, VMWare ESXi or other). Leaning more towards Hyper-V purely because its what I got currently and its what we use in our main office.
  • each machine should be connected to at least 2 networks: one for storage and migration, one for “public” to the LAN. There may be more VLANs for other networks, but 2 is a start.
  • ideally, 10Gb connections would be nice, but multiple 1Gb connections would also work.
  • shared storage (iSCSI, SMB3, etc) would also be a nice to have, but may bump up the server count (not actually a problem) but would increase power and cooling costs. An off the shelf box, like a Synology could do the job…
  • Lower power usage and less heat produced is also a major requirement. Most of the boxes I am decommissioning are older Xeon hardware (5000 series upto a 5200 series process and even an older Xeon P4!). The newer Xeon E3 and the even newer Xeon D are a lot more efficient, use less power, produce less heat and are way faster than what I currently have. The E3 can use up to 32Gb of RAM and the Xeon D top out at 128Gb… Me being me would like more than 32Gb RAM… 🙂
  • smaller machines would also be nice. I have been looking at both Xeon D and Xeon E3 Mini-ITX boards and cases for them. I do have a half height Dell Rack, which I host these machines, and ideally, these machines should be rack mountable, but micro ATX cases could work. 2 per shelf would work grand.
  • Onboard IPMI and KVM support is something I want too… I do have a KVMoIP switch in the house, and it works, most of the time, but getting a box that has this embedded into the board would be ideal… A lot of the server boards had it as standard or allowed it to be speced, so that’s all good.
  • I am also thinking of upgrading the router to a similar spec board… Possibly a Xeon E3, or even an i5…. Ideally it should have IPMI and KVMoIP on board and should produce less heat. Biggest issues is getting enough network cards into the box…

These are my requirements at a high level overview. Over time things may change, but lets see how we get on…

PFSense with Multiple Public IPs

May 30, 2015
0 Comments

So, a few weeks back, i got my hands on a Hetzner Dedicated box. It has a quad core Xeon, 32Gb ram, 3x3Tb hdds, RAID controller and KVMoIP. one of the first thing i did was get myself a /29 IP pool (8 total, 6 usable IPs). There where already 3 IPs given to me: 1 for the KVM, one for the box itself, and 1 as the router for the IP block.

So, i need to setup my own router, so i picked PFSense since its what i run in house. I gave it 2 network connections: 1 connected to the main network adapter on the VMWare ESXi box (public) and one to a virtual switch, which is only used by VMs. The public is the WAN link and it gets a static IP from Hetzner, and the virtual switch is then my “LAN” link. This allows me to have standard NATed network connections to any VM i have, but then, what do i do with those IPs?

So, after a lot of digging, i found the answer. So, this should help.

  • Under firewall, click on Virtual IPs.
  • Click the plus. I then selected IP alias, selected the WAN interface and set the IP to my first public IP i wanted to give. in my case, i was given a /29 block, and my first address was 176. This is the network address. I used 177. Likewise, my last address is 183, but that cannot be used either as its a broadcast address. give it a description and then hit OK. Repease for all IPs you want to use. TIP: Give each a meaningful description!
  • Next, click firewall, NAT and 1:1. Click the add button and select your interface as WAN. set the External Subnet IP as the one you want to use and your internal IP as the machine that will have it. Thats all i did on that screen…
  • Then go to Firewall, NAT, outbound… this is where things got complicated. Set the mode to “Manual outbound NAT rule generation (AON – Advanced Outbound NAT)” and click save.
  • Then create a new rule: Interface: WAN, Source, Network, IP of the internal machine and then under translation, under address select the IP you want to give it. If you followed my tip in step 2, you should see the descriptions in here.

After saving everything and reloading the firewall, visiting a page like WhatsMyIP or ICanHazIP should show you your public IP. You can then create firewall rules to allow access. Quick idea would be:

Firewall/Rules, Add, Interface WAN, Destination: Local IP you want to use, and give whatever “normal” rules you would (HTTP, lock down to source address, etc). Click apply and hitting that address using what ever method (SSH, HTTP, etc) should work.

YMMV, but hopefully this helps! Any questions, leave a comment.

  • My Mastodon Instance

    Buy Me A Coffee

  • Recent Posts

  • Archives

    • DevDmBootstrap4 Created by Danny Machal (DevDm.com)