DHCP Failover on OpenBSD
I have been running a DHCP server on my home network for eons now, and today I decided I’d move it on to my OpenBSD firewall cluster. It probably really shouldn’t be there but I already run a handful of other internal services there, like DNS, and NTP. Running DHCP on the firewall cluster also means that I can upgrade any machine on my network without losing internet access. Here’s how I got it set up and working.
Running xntpd on my OpenBSD firewall cluster
Now that my firewall cluster is working better, I can add some additional critical services to it. For a long time I have run a time server on a machine on my network so we can have consistant accurate time. I thought I would move this over to my firewall cluster, giving me redundant time servers. The setup was pretty easy.
First, get the xntpd package for OpenBSD from your favorite mirror. OpenNTPD is fine, but the lack of the ntpq command is enough for me to not use it. Once you have xntpd installed, we need to get it set up so it will run when you boot.
Read more
OpenBSD Firewall Cluster
I have been running an OpenBSD firewall cluster on my home network for some time. These two machines use CARP and pfsync to seamlessly fail over interfaces in case of a hardware or software failure. This has been quite convenient, and allows me to upgrade OpenBSD without losing internet connectivity. I only have one available public IP address, so that has to be on the CARP interface, ie each firewall can’t have it’s own public IP address. This meant that the backup machine had no connectivity to the outside world.
Uptime
# uptime 7:02pm up 443 days 3:47, 2 users, load average: 0.01, 0.16, 0.50
Finally I had to reboot to do an OS upgrade. This was a SLES 9 box, 2GB ram, 2 dual core Xeons, 5 72GB SCSI disks. It has 25 users logged on every day, network boots 6 diskless workstations, mail, DNS, samba, and misc other stuff. No leaking memory, no borked filesystems; it just ran.
Pre Google Maps Maps
Google Maps is great. It’s all fancy schmancy, and has it’s own API, and all of that pretty stuff. There are a couple of problems though, you can’t get a super high resolution map, and they don’t work so well if you want to plot tens of thousands of points (things get kinda slow). In short, it works pretty good for country level mapping and smaller, but if you want to map stuff on a global level, you might need something else. I start looking around and find…..
Read more
Locales in Ubuntu/Debian for Universe
There is an old skool multi-relational database call Universe, which is now owned by IBM. They have some proprietary java classes that you can use for database access (their own API, not some standard one) called Universe Objects, or uvobjects. Anyway, I have some java apps deployed in tomcat that use this. With the locale set to a sensible UTF8, uvobjects doesn’t read or write to the database properly, no errors, just broken data…. grrr…. To get it to work in Ubuntu/Debian you must do the following:
Read more
Pandemonium in Piscataway
Imagine your life as a radio play by play guy in a small college town where the football team is 1-12. You love football, and you love your school, but hardly anyone listens to your broadcasts. You don’t care, you love your job.
Tonight your team is 8-0, and ranked 15th in the country, and plays the 3rd ranked team. This is the biggest football game in the 137 years football has been played at your school. You are trying to figure out what you say if your Scarlet Knights win. You know lots and lots of people will be listening.
Sure enough, Rutgers beats Louisville in an instant classic, winning 28-25 on a field goal with 13 seconds left on the clock.
You say, “There’s pandemonium in Piscataway!”.
Classic.
This is why I love college sports.
Tomcat, Apache mod_jk and mod_rewrite
I have some tomcat apps with apache 2 in front of them, using mod_jk. Works great. I decided I wanted to use mod_rewrite (shudder) to make some friendlier URL’s, you know instead of /some/path/command?var=value, have /some/path/command/value. Sounds great. Couldn’t get it to work for anything. Found a howto at the Helma site, which had some good info, but he left out one very important thing.
Say I have a rule like:
RewriteRule ^(.*)/command/(.*)$ $1/command?var=$2 [QSA]
This is a basic rewrite to make friendlier URLS like I wanted. The QSA option allows me to muddle with the query string in my rule. When I use this rule, httpd doesn’t do what I want it to. It rewrites the URL, then prepends the directory on disk that this container (apache VirtualHost or Directory keywords) points to. I want it to get processed by mod_jk instead.
After a few minutes I discovered the “PT” option. So if I change my rule to be:
RewriteRule ^(.*)/command/(.*)$ $1/command?var=$2 [PT,QSA]
the rewritten URL will be passed through to other handlers, like mod_jk.
Happiness. Finally.
Long Live the 486
I have an OpenBSD firewall at home that keeps the gremlins out. It has been running on old 486 100Mhz machine that I have had since 1995. This machine originally had linux on it, and ran diald to connect me to the internet. Those were the good ‘ol days. It worked pretty good, until I had lightning hit near the house, and it fried the USR modem and the serial port (which is on the motherboard). I put it in the closet (I hardly ever throw hardware away), and switched my firewall to a Pentium 90Mhz.
In 2001, I got broadband from Sprint with a line-of-sight wireless technology they tried in Salt Lake City. 256K up, 6Mbit down. Now the firewall didn’t need serial ports, so I pulled out the old 486 and loaded up OpenBSD. It only has 32MB of memory, but it has worked great as a firewall and email gateway. It’s not on a UPS, and the only time it has ever gone down is when the power goes away, about once a year.
The power went out two weeks ago, and the machine refused to come back up. I have a spare machine waiting in the wings for just such an occasion, so I moved the hard drive over to the new box, and was back in business.
I spent a while trying to get the old box working, but the motherboard is finally toast, it won’t even POST. That machine has been great. It ran 24×7 for more than 10 years, while overclocked to 150MHz. Power supply is still the original one from 1995, same with the memory. I did put a new disk in it in 2001, but the rest of the bits are original. They sure don’t build stuff like they used to.
This machine goes into the hardware museum; my collection of antiquated hardware going back to 1990 or so. Someday, I’ll take pictures of all that stuff and post it online.