During testing I really quickly found that the default 2GB RAM are way too less for me. So I decided to buy new memory, but of course not the way too expensive DELL OEM parts, but freaky Kingston RAM.
I knew that it would be hard to find the matching technology, bus speed, latency, module size and whatsoever. But I didn't expect it to be *so* hard.
I bought 8GB Kingston RAM over eBay and frenetically inserted the two modules into the slots, powered on the machine, and waited. Ten, twenty, thirty seconds - nothing happened except for the fan speeding up, down, and up again.
Looking into the hardware guide *again*, I found that there are some debug LEDs on the front, somehow telling me that there is an error with the system memory also known as RAM. Hum. Okay, they must be incompatible with the previously inserted ones. I took the "old" ones out, powered on again. Same issue.
What...
New ones out, old ones back in. Power on. Works. Damn.
I bought the wrong ones :-( More than 100 Euro for nothing but the fan speeding up, down, and up again...
I needed new memory, however. So I asked for a quote at DELL, which made me even unhappier. Still way too expensive... I'd give it another try, I thought. So I put the new RAM onto eBay again, eventually losing some money. (I did, I know in between, lose 15 Euro) I looked into the guide, some forum, the DELL support pages and several other resources and was 99% convinced that I needed 2 pieces of KVR1333D3E9S/2G, and nothing else. I bought them, received them, put them in, powered on, smiled.
"System memory has changed.
6GB system memory available"
Yesssss!
For those of you who have a DELL PowerEdge T110 around July 2010: use Kingston :)
Monday, August 2, 2010
Monday, July 19, 2010
Astaro Security Gateway v7 and ICMP
For monetary reasons I was looking for a free software firewall. Oh, I need to start earlier in time I realize.
OK.
Ahm, so, I bought a nice DELL server for me. Which is now located in the basement, because it's much too warm here upstairs. Anyway - it holds an ESXi server on it with some virtual machines I don't want to talk about now.
And I bought this nifty thing because I want to have a toolbox for the daily mess at work. Something where I can return to in the evening, where everything runs just as I expect it to. No claims of "our environment and topology have become like this over time and we don't have the budget to make it good". No. Just me and my machines.
The title suggests that it's running at least an Astaro firewall. Yeah, it does. And that's what this article is about...
I started on top with "Management". No, liar, I didn't. I started with "Network Security". I always start with making things difficult rather than getting it up and running at first.
So at first, I looked at the rule table which from my memory didn't contain anything. Fine.
Next, the "ICMP" tab made it into my browser.
And well, I thought: "great, this thing is quite comfortable. Let's deny Ping and see what it does." I disabled the two features.
To no avail. Ping still worked. For pinging the security device itself, and also for hosts on the Internet. Hum. Not very secure... Next, there are buttons for globally disabling ICMP. Nice try, I thought.
Yep, that does all the magic. No further echo replies.
Except for an Internet host which was still "alive" and responding. This crappy ?*!?* ! Are you a security device? Needless to tell that tcpdump was already in place to get to know what strange type of ICMP requests my computer needed to send for a firewall to not recognize them. And needless to tell that it looked like this:
21:29:52.724035 IP 192.168.M.N > 194.25.0.68: ICMP echo request, id 53523, seq 16, length 64
21:29:52.751462 IP 194.25.0.68 > 192.168.M.N: ICMP echo reply, id 53523, seq 16, length 64
But now, to get to the point of the article, I needed to disable "Firewall forwards traceroute" to get rid of ICMP echo requests! That's astonishing, right? Took me an hour or so. Have a nice day.
OK.
Ahm, so, I bought a nice DELL server for me. Which is now located in the basement, because it's much too warm here upstairs. Anyway - it holds an ESXi server on it with some virtual machines I don't want to talk about now.
And I bought this nifty thing because I want to have a toolbox for the daily mess at work. Something where I can return to in the evening, where everything runs just as I expect it to. No claims of "our environment and topology have become like this over time and we don't have the budget to make it good". No. Just me and my machines.
The title suggests that it's running at least an Astaro firewall. Yeah, it does. And that's what this article is about...
I started on top with "Management". No, liar, I didn't. I started with "Network Security". I always start with making things difficult rather than getting it up and running at first.
So at first, I looked at the rule table which from my memory didn't contain anything. Fine.
Next, the "ICMP" tab made it into my browser.
And well, I thought: "great, this thing is quite comfortable. Let's deny Ping and see what it does." I disabled the two features.
To no avail. Ping still worked. For pinging the security device itself, and also for hosts on the Internet. Hum. Not very secure... Next, there are buttons for globally disabling ICMP. Nice try, I thought.
Yep, that does all the magic. No further echo replies.
Except for an Internet host which was still "alive" and responding. This crappy ?*!?* ! Are you a security device? Needless to tell that tcpdump was already in place to get to know what strange type of ICMP requests my computer needed to send for a firewall to not recognize them. And needless to tell that it looked like this:
21:29:52.724035 IP 192.168.M.N > 194.25.0.68: ICMP echo request, id 53523, seq 16, length 64
21:29:52.751462 IP 194.25.0.68 > 192.168.M.N: ICMP echo reply, id 53523, seq 16, length 64
Looks like ICMP!
But now, to get to the point of the article, I needed to disable "Firewall forwards traceroute" to get rid of ICMP echo requests! That's astonishing, right? Took me an hour or so. Have a nice day.
Subscribe to:
Posts (Atom)