birds like wires


Showing 'network' tagged articles.

Running pfSense on a Mac Pro

I’m a big fan of pfSense. If you’ve not heard of it, it’s an open source firewall that’s got more options that you can shake a stick at, but most importantly, is as solid as a rock and takes about a second to back up.

I’d been running it as a virtual machine on a couple of servers, but with a recent round of hardware changes I found myself with a 2006 vintage Mac Pro with no job to do. True, it’s massively overpowered for the job, but it’s got two good gigabit Intel NICs built-in and would make the VM setup, which I never liked, redundant. Plus, it would otherwise be sat on the floor doing nothing.


It’s trivial; I prepped the Mac with a single 80GB hard drive and zapped the PRAM just to be on the safe side (CMD-ALT-P-R). Then I burned the AMD64 image to a disc, booted the Mac with ALT held down and chose the ‘Windows’ CD. It’s obviously not Windows; that’s just what the Mac is programmed to title boot devices that aren’t OS X.

From there it’s just a case of choosing the installer when prompted and telling it to do a ‘Quick / Easy Install’. Everything from there is handled by pfSense, except for removing the CD (hold down the left mouse button to force a CD eject on reboot). Very easy.

Keep reading...

Command Line Wireless Options in OS X

Managing OS X wireless options was a terrible mystery until I discovered the magical hidden ‘airport’ command. If you do any Mac sysadmin work, I recommend:

sudo ln -s /System/Library/PrivateFrameworks/Apple80211.framework/Versions/A/Resources/airport /usr/sbin/airport

This gives you lovely, straightforward access to the airport command, from which you can turn wifi on and off, configure administrative settings; basically everything you need. However, watch out; there’s been a change in the version currently shipping in Mavericks. My fave command was:

sudo airport en1 prefs RequireAdmin=YES

But this will no longer work. Instead you receive this response:

'Unrecognized prefs option 'RequireAdmin=YES'.

It’s not a problem, because Apple have actually unpacked the RequireAdmin option into it’s three constituent parts; RequireAdminIBSS, RequireAdminNetworkChange and RequireAdminPowerToggle. You can now control each of them individually.

So my favourite command has now become:

sudo airport en1 prefs RequireAdminIBSS=YES RequireAdminNetworkChange=YES RequireAdminPowerToggle=YES

Keep reading...

Dead Simple Dynamic DNS Updater

I’d been messing with ddclient, trying to get things to play nicely with DNS-O-Matic, Tunnelbroker and Hurricane Electric’s own dynamic DNS system. Problem was, although everything was configured correctly it still wouldn’t update my DNS! It worked when I told it to, but when the IP genuinely changed, it all went wrong.

It turns out that when my IP changed, ddclient was indeed trying to update things. However, it was trying to do it over the IPv6 tunnel which, due to the altered IP address, was now broken. And I could find no way in the config to specify that the tunnel should be updated first, over IPv4. Hmm.

So, I sacked off ddclient and went for the world’s simplest dynamic DNS client. A bash script and curl.

Easy Peasy

Most of the dynamic DNS services have a simple HTTP method for updating. Some have HTTPS, so you’re not waving your password around in clear text. Switching to an IPv4-only updating mechanism is as simple as this:

Keep reading...

Tunnelbroker and Dynamic IPs

Change of plan! While the details provided here are accurate and may well be useful if you’re configuring ddclient, I found issues updating my DNS information this way. So I opted for something much simpler, which I’ve written up here.

My shiny new router, which I’m hoping to write a proper article about soon, supports IPv6 tunnelling. IPv6 is going to become increasingly important over the next decade, as we’re running out of IPv4 (the ones that look like addresses to give to all of the devices out there. Internet service providers are going to need to pick up the pace of handing these out, but in the meantime for those that don’t (such as BT) there are tunnelling services.

An IPv6 tunnelling service does basically what it sounds like; shoves your IPv4 traffic through a tunnel so that it pops out of the other end with a valid IPv6 address. You can then access services that only use IPv6… okay, that’s not many right now, but hey – you’re future proof! There are a few different providers out there, but I use Tunnelbroker. If your router supports it, you can configure the entry point to the tunnel from the details Tunnelbroker provide and pow! You’re accessing IPv6 sites.

Keep reading...