Experimenting with pfSense

I've been working today on replacing a client's Snapgear SG580, a Linux-based firewall appliance which is no longer supported, and is no longer coping with the load being placed on it.  We've been casually searching for an appropriate successor...

My essential Ubuntu applications

A few times recently i've had to think about the essential applications i use on my desktop.  The latest was Anthony Burke's tweet, but the recent churn in the Linux desktop world and my unhappiness with Unity means that i need to be prepared for...

Debian versions infographic

Debian Project News recently linked to a helpful infographic of Debian versions. It doesn't include anything about backports, volatile/updates, or contrib, main, and non-free, but it's a great resource nonetheless. The main point i would disagree...

Initial thoughts on the HP A5500-EI switch

Background I first came across HP's A5500 switches when i started looking at configuring VRRP and distributed trunking to provide routing redundancy for the core of a client's campus network using two ProCurve 5400 switches. I found that i could...

Sun's NTP documentation

It seems in the merging of Oracle.com and Sun.com, Sun's blueprints site has disappeared from view.  A lot of it was very specific to Sun hardware & software, but it had much general applicability as well.  One of the treasures in their...

NAT is evil, but not bad

2011-09-20: Edited to add section about IPv6 options; minor cleanup; references added. This is kind of a follow-on from my post about the subnet addressing design differences between IPv4 and IPv6. Recently, Tom Hollingsworth started a little...

Bizarre error message with Novell Certificate Server

It must be the week for stupid error messages.  I just tried to create a private SSL certificate for one of our server VMs from our Novell eDirectory iManager server.  The CSR was created by OpenSSL on the command line on the Ubuntu server, and i...

A strange rrdtool error; Linux conntrack documentation

Last week i made some fairly significant changes on a client's production firewall/routing cluster during our maintenance window.  The next morning there were reports of file server drives not connecting correctly and inaccessible web sites. ...

Pondering subnet allocations

Edit, 2011-05-03: To all those poor souls who have been directed here by Google in their search for best practices on IPv4 and/or IPv6 subnet allocations (or worse, the HP A5500's NAT capabilities), please accept my sincere apologies.  This page...