Now that pfSense is connecting through your home LAN and serving addresses to the ‘Teenage Subnet’, we need to do some further tweaking to make sure we can keep our semi-hostile network safe as well as keeping an eye on our network traffic usage and what our users are accessing.
So, with another major collection of user credentials being uncovered (and reported in the mainstream media), there is a slight increase in interest in people, their data, and the credentials they use.
It’s anyone’s guess as to how long this breach will remain in the news cycle, so I thought I’d throw out an article quickly as New Zealand is currently in the throws of pre-election posturing and I imagine some political hopeful will say something controversial and the media will swing away to cover that within the next day.
For those who may not yet have caught up with the news (or those reading this in the future and wondering which massive credential theft I’m referring to), this is the uncovering of the work done by ‘Cyber Vor’ who managed to snare around 1.2 billion (yes, with a B) unique user credentials.
Initial Configuration (via Web Browser)
In the previous article, we set up (at least) two network interfaces. The first, facing the Internet (the WAN) and the second facing the internal network (the LAN).
In our instance, our WAN interface will simply pass traffic onto our existing internal network, where it is subject to existing rules and management, while the LAN interface will become the first node of our new ‘Teenage Subnet’ through which our older boys (and possibly their friends) will access the network resources (including access to the Internet).
So, anyway, we have a machine happily whirring away running pfSense and two interfaces configured, the WAN and the LAN. Now we need to connect up and get things configured.
So, now we have teenagers, I’ve realised a need to create a little more separation within our home network. The intent of this is to give them a segment of the network where they can connect their wireless devices, use the internet and allow their friends to also connect their devices when they visit.
With freedom comes responsibility, so we also want to be able to enforce limits on the hours of use, conserve bandwidth, and attempt to protect them from malware and viruses.
Future enhancements may include traffic reporting, content filtering – but for now we want to get them off the core network, and onto their own segment.
So, I decided to give running a linux distro *solely* from a USB 3.0 flash drive… the install itself was fairly simple and painless, the pain only started on the reboot.
The drive failed, and I was dropped to the rather unfriendly >initfs prompt.
I tried a few things, from fixing the failed superblocks
dumpe2fs /dev/sdc1 | grep superblock
fsck -b [ALTERNATE SUPERBLOCK # e.g. 32768] /dev/sdc1
…to trying to repair the file system
sudo fsck -fp /dev/sdc1
hdparm -r0 /dev/sdc
At which point I was 2 beers into the problem and getting a little… impatient. The last link however gave me two other possibilities:
- The drive itself may be faulty (it’s apparently somewhat common for poor soldering to cause this ‘read-only’ condition)
- Run a utility from the drive manufacturer to low-level format the drive and start again (waay too easy, and a WINDOWS based until – it would be like admitting defeat!)
I considered adding a third beer to the problem solving mix, then decided that it’d just be easier to go with option 2… a quick search later and I was on the Apacer support site and 337kb away from solving the problem.
My best mate dropped over on the weekend and left me an ancient Sony Vaio that he’d acquired for his 7-year-old daughter.
After shooting the breeze over the beer, we got to talking about his daughters computer use. Essentially he (and she) just wanted “something she can use and have for her own” – he’d already been supplied with a Live CD of Doudou Linux which she’d been booting from, yet due to the failing hard drive in the near fossilized Vaio, the machine was taking far too long to start-up – by which time her attention span was exceeded.
This video gave me pause for thought…
It’s a well produced, visually engaging excerpt from an address to graduates in 2005 by novelist David Foster Wallace. Sadly, this man took his own life in 2008 after struggling with depression for many years.
Watch this. Listen to the message. See if you can use it in your life.
Hat Tip to my former colleague Curtis – thank you for sharing.
Today I was discussing the recent work by the New Zealand Police in bring a number of people up on charges for their part in an international pedophile ring. While I’ll save you from the details (you can do your own reading using this article as a starting point), some of the alleged offenses are pretty horrific. Suffice it to say, the conversation quickly turned to how soul-destroying it must be for the OCEANZ team and organisations such as ECPAT. Continue reading
The very excellent MMO “Path of Exile” by Kiwi game developer Grinding Gear Games has managed to raise US$2.5 million (yes that’s million, little finger to the corner of your mouth Dr Evil styles…) through crowd-sourcing future development funds from the online gaming community.
This is not the first success they’ve had with funding via the web but, as an indicator – the climbing value of funding is testament to the belief their community has in the work they are doing with the game.
A personal HUGE congratulations goes out from my keyboard to the Grinding Gear team, it’s awesome to see New Zealand companies doing so well on the world stage without resorting to filling paddocks with cows.
For gadget geeks like myself, there’s always been an opportunity to mix technology with what we do when AFK (away from keyboard).
My first heart monitor watch *had* to be imported because no one in this country was selling the IR receiver (connecting through a DB9 (serial) cable no less.. for the more normal, serial cables were “how things were done” before the simplicity of USB arrived). Continue reading