The Screaming Viking

Man, I don’t know what is going on but I’m using more than twice the power at the farmstead than I did in Fargo. I’m not just looking at the dollar amount here…which the farmstead is actually slightly cheaper than fargo…I’m looking at the kwH’s used. I’m not sure what exactly is causing the problem. I reduced my freezers from 4 down to 3…maybe that will help in the long run, but it didn’t help that much on the last bill. I can’t remember right off hand when I did that though so it might have been 1/2 way through the billing cycle. Other than that…I’m at a loss. I heated with electric in Fargo, so I would have thought at the very least it would be the same. The only thing I can think of is the water heater, the drier or the fridge in the meat house. I’m going to unplug the fridge tomorrow…maybe it’s running constantly or something. I turned it way down and in the time I’ve spent down there I can’t think of hearing it run.

I’m also going to talk to the electric company and see if they can help me identify what is sucking all the power. I’m not sure if that’s a service they offer…but I sure hope so!

Dead at 56

“When I was 17, I read a quote that went something like: “If you live each day as if it was your last, someday you’ll most certainly be right.” It made an impression on me, and since then, for the past 33 years, I have looked in the mirror every morning and asked myself: “If today were the last day of my life, would I want to do what I am about to do today?” And whenever the answer has been “No” for too many days in a row, I know I need to change something.

“Remembering that I’ll be dead soon is the most important tool I’ve ever encountered to help me make the big choices in life. Because almost everything — all external expectations, all pride, all fear of embarrassment or failure — these things just fall away in the face of death, leaving only what is truly important. Remembering that you are going to die is the best way I know to avoid the trap of thinking you have something to lose. You are already naked. There is no reason not to follow your heart.” [Stanford commencement speech, June 2005]

Man, it has been a challenge getting the smoothwall working the way I wanted it to out in the sticks.  One of the initial problems I had was that ancient box I was using.  It was good enough for awhile, but it was starting to go to hell on me.  It was throwing disk errors sometimes, wouldn’t connect sometimes…one of the ports was going bad…it was just not a good situation.  I replaced that with a newer one, and that was working alright…but I wasn’t getting quite what I expected out of the QoS.

QoS for smoothwall worked decently in town..it never really did what I thought it should though.  What it actually does do on the smoothwall box is cut down the % of the overall bandwidth you have for each service.  If I set p2p on “low” it will give it 50% max of my total connection, “slow” looks to be about 25%.  This allows you to prioritize some traffic, but it isn’t exactly what I want.  When the connection is sitting idle, I’d like whatever is using pipe to use all it can…when the connection is used by something with more higher a priority it gets the majority of the pipe and the lower stuff gets cut back.  I did increase my headroom to 10%, this seems to have helped some but it still doesn’t do what I want.  I’ve done some reading about this and apparently to get QoS working any better on smoothwall is quite a challenge.  Some guys who know way more than I do about networking have hacked away at it and had some measure of success.  One of these guys has his own customized version of smoothwall…so I thought I’d give that a go.

Just like any admin, before I whacked the box I decided to make a backup *.iso of the machine.  I’d done this several times before on the old box and even restored it a couple of times without issue.  For this build I had the image I’d created right after I set it up completely and now this new one I created about a week later.  I burnt them both to disk and proceeded to load the new modified version smoothwall.  On the new hardware I’m using things load really fast…I was done going through the process in probably 15min (the old box would take an hour or so).  Fired it up, looked at the QoS tab…nadda, exactly the same.  The screen shots I was seeing something different.  I thought maybe it just worked better so I configured my port rules and gave it a go…nope exact same thing.

There is a module that smoothwall uses to detect the p2p traffic.  That isn’t work out well on mine.  Fine, no biggie, I hard coded the ports I use into the settings file, nope…still doesn’t throttle it properly.  I could live with the QoS the way it’s setup in smoothwall, but it would be really handy if it detected the ports properly.  This is something new after I moved.  The old box I had would connect to cable one via dhcp, when I brought it up to the farm the only change was to have it connect via PPPoE.  This caused a problem with the port forwarding rules as they are not in effect after a reboot.  For some reason I need to disable/enable them after the smoothwall connects.  I posted a question in a message board about this and the useful response was that the Red (external) IP needs to be established before port forwarding rules can take effect.  I assume this isn’t happening and things get borked.  I’m wondering if this is also happening with the QoS…but then why wouldn’t it work after I enable/disable it…like the port forwarding rules do.  It seems like it identifies all the other ports correctly…but not the p2p ports.  Even if I put those ports on a different heading (gaming for example) it doesn’t filter them properly.  I don’t get it.

I also had a problem installing this modded version that was going to make it impossible for me to use anyhow.  While it was loaded it failed to create the swap as well as subsequent partitions.  I dropped into the shell and commented out creating these partitions just to see if it was worth my time to monkey with getting it to actually install properly.  I did get it installed…but as I mentioned above things didn’t work anyhow.  There was also quite a few disk errors because of my hack…no biggie but if I was going to run this reliably obviously that had to be fixed.  The problem appeared to be that it didn’t drop the sda2 partition into /dev…I’m not sure why and didn’t feel like messing with it anymore.  I popped my restore disk in, rebooted…”can’t detect hard drive”…ta hell?  Reboot, same…power down, restart…same.  Pop in the disk for the modded install, finds the disk fine…but still doesn’t install properly.  I have no reason to expect there might be problems with my hd, but maybe there was.  I have moved recently, maybe things go banged around too much.  It was late so I didn’t feel like screwing with it.  The wife relies on the connect for work, so I do have a backup linksys router that will handle the network for us.  Even if I just used the linksys router and not a Linux firewall…I’d still have two of them.  If one goes to hell or something she needs to be back up quickly.  I don’t expect anything would, be I’ve got a couple of them so it’s not like I’m buying extra hardware.  My need for redundancy stops at the extra equipment I already have…

I downloaded a new smoothwall iso at the school and installed it the following weekend…everything installed fine and it’s up and running like I expected it to be.  It has the problems I outlined initially, but once they were identified it was fairly simple (albeit a little bit of a hassle) to work through.  I set up my smoothwall with Red (external) Green (trusted internal) and Orange (DMZ) interfaces.  The idea is to run the internal network off the Green interface and the wife’s work machine off the Orange.  I have some mods installed on the smoothwall for nicety enhancements, adzap, dansguardian, clamav…etc.  Anything on the orange connection should bypass these mods and just have a straight connection to the interwebs.  Also, this segregates her from my network.  Not that I’m worried about her machine, but if something from my network happened to get on her machine or she attached to my network storage without thinking about it I’d rather she didn’t get in trouble.  On thing I did find out though is that it doesn’t seem like she completely bypassed all of adzap.  I’m not sure exactly why this is…although, after thinking about it while I’m typing this it is possible that chrome had the page in question (a recipe site) cached and wasn’t trying to reload the images.  (the wife goes to this recipe site and some of the images wouldn’t load.  Found out a while ago that adzap was whacking them.  I fixed it, but after the reload I had to “refix” it)  When we went to si.com or the inforum, the ads loaded….so I should have looked in to this a little better, but it was late and I wanted it to just work for now.  I would have had to add that PASS rule for adzap as she might look at the site from an internal machine anyhow.

Why all this hassle?  Well, like I’ve said before…a linux firewall is about all that will handle all the connections I create…and because tinkering with things is what has given me the knowledge to get the jobs as I’ve gone though life.  Just today I called up smoothwall corporate to ask for pricing on their content filter app and hardware for the school.  I wouldn’t have known about these guys if I hadn’t used their open source software at home.  While I might have been able to find -something- that would have worked, the base knowledge I built on my own with content filtering can’t be a bad thing.

This weekend I decided to build myself a new firewall.  The obvious question is, “why would you need a firewall at all?”.  I released about a year ago that I was going to need something a little better than a consumer class router to handle my home networking needs.  It’s not that I do anything all that fancy or need more functionality, the little router was not able to handle all the connections I was creating via torrents.  It would last for maybe a couple of days then services would slowly die.  The dhcp server might crash, the wireless might go down, then blamo it would hard lock.  I’d have to reset the power and everything would be fine for a couple of days again..rinse repeat.  I decided to build a smoothwall on free hardware just to see if it’s something I would use.  Fast forward a year and as it turns out the smoothwall is something that was kind of handy to have.  The machine I have it on though it starting to show it’s age in a bad way.  It may or may not boot up completely after a power outage.  One of the NIC’s is starting to get finicky about the connection..the hard drive sounds like it’s on it’s last legs…it’s time for a new one.  On top of all that, it would be nice to have something a little bit faster.  I decided to repurpose my old desktop for the new firewall box.  This machine has a 2.2ghz athlon with 2gig of RAM and an 80ish gig SATA hd.  That should be enough horse power to run a firewall pretty smoothly.  I ordered a couple more NICs so I could configure things the way I wanted…and I was off and running.

There isn’t much to say about the install, smoothwall goes on really easy.  The only “tricky” part about it is knowing what NIC it’s talking about when it asks you what to use for the various interfaces.  I configured it and rebooted..good to go.  The difference between this machine and the old one is nothing short of incredible.  It responds so much faster, it runs quieter…it’s just an all around better box.  I mentioned in the last paragraph that I ordered 3 NICs.  I set one up as the “RED” (external) interface, one as the “GREEN” (internal) interface, and the last as the “ORANGE” (DMZ) interface.  What having the orange interface allows me to do is put a machine on that NIC and keep it segregated from my internal network as well as have it unaffected by the various mods I put on the firewall (content filter, adzapper…etc).  I’m going to connect the wife’s work machine into this NIC.  It isn’t going to increase her speed or anything like that, but it will allow me to say that any problems she is having are not caused by the firewall.  Of course that won’t stop her from asking me about every issue as soon as it comes up…

I dig on being able to create as many connections as possible and this firewall still handling them without a hiccup…and I take for granted all the ad’s the adzapper actually does take care of for me.  The content filter isn’t something I’d really need per se…but it keeps the wife happy that the kid isn’t seeing something we don’t want her too.  The 2nd install of smoothwall went much better than the first time I did it…I can’t imagine what the difference might be….