• Configuring pfSense to access a bridged modem

    This primarily applies to CenturyLink’s (and BrightSpeed’s) array of modems, including Actiontec, Zyxel, Greenwave, and who knows whatever else they decide to provide. This tutorial may function for non-CenturyLink modems that support bridging or some form of transparent bridging. Most of the leg work for this tutorial takes place on pfSense.

    [Continue Reading]
  • New fone, who dis?

    The Potato For Internet blog has been migrated to a WordPress multisite…. and let’s just say that was a learning experience with nginx. So much so that I’ll be writing up a notable guide on it soon. Old content on the site will be migrated in due time.

    [Continue Reading]
  • All is quiet on the PFI Blog Front…

    College work has ramped up considerably since I last posted to the PFI blog. There have been many days when I question why I am even attending college to attain a BBA+Marketing degree. I am almost coming to the end of my four-ish years of college, and needless to say, it has been a journey. If things go well, I will be graduating with a BBA+Marketing in late 2024. Hopefully, this degree will be worth it. 🙂 Minimal updates have been posted to the PFI blog during this time, and likely will not have additional new posts any time soon. Many articles need updating, and there probably are other sites out there that are much more up-to-date.

    [Continue Reading]
  • MailU.io mail ports and Nginx reverse proxy…

    Nginx documentation says to proxy all IMAP/SMTP and any other email-based protocol while using an auth realm for it. Plot Twist, record player rip: No you don’t. So let’s say you have a reverse proxy set up on your network, let’s use Nginx for this example! Nginx is hosting websites and other web-based services, all that fun port 80 and port 443 reverse vhost proxy stuff. However, you have an email server (MailU) up and running – but you don’t want to open all the mail ports for MailU to the internet… and want to pass it through the Nginx reverse proxy. Well, no problem. Within nginx.conf (or via include to the associated conf file), as its own segment – outside of the events and HTTP brackets, you can easily utilize the

    [Continue Reading]
  • pfSense web control panel and funky Nginx + php-fpm processes

    I had considered making a bug report on pfSense’s website to address this, but decided against it – as it is more or less a nitpick issue rather a bug or suggestion. As a pretense, pfSense ships with Nginx and php-fpm out of the box with some really funky settings. nginx does not utilize the auto feature for max_processes within the nginx.conf [global] directive. The same applies to the php-fpm process.max directive – hard coded and effectively overrides the pm (process manager) inputs. Things here and there are hard-coded at spurious values, and do not respect the max processes directive in the System / Advanced / Admin Access / Max Processes input. Granted, the changes below also further separate from the max processes directive on the web UI! 🙂 So prep your

    [Continue Reading]
  • Logging everything on BIND 9 series

    BIND 9 has decent logging, but it’s not always active and spitting out logs. Here’s a quick run down to get things going with near-verbose/trace level logging… First, here’s the working conditions of my BIND 9 installation… Configuration files are in /etc/bind/ Logging configuration is in /etc/bind/named.conf.log named.conf.log is included to /etc/bind/named.conf All named daemons are running 9.x series across multiple servers. All log files are stashed away at /var/log/named/ At the time of writing, bind9 had issues with initial file creation in /var/log/bind despite the fact it had permissions to do such. You may need to issue the following command on your terminal for initial file creation… Make a new file, name it named.conf.log or something to your liking for the logging clause. This file will include all logging details, and

    [Continue Reading]
  • Setting up apt-cacher-ng… quickly.

    Here at my home lab, I’ve waaaaaay too many Linux machines – most virtualized, and a few physical. With that said, my internet connection is trash – it’s not fast, and when I have all these VM’s pulling updates – sometimes near the same time, things get a bit laggy. pfSense rate limits to an extent, but still end up with pipe saturation. This is where apt-cacher-ng comes in at, here’s what I did to get it working. This is for Debian installs, this may work on other flavors of linux using apt. Use apt to install via apt install apt-cacher-ng … or pull the relevant Debian package from http://ftp.debian.org/debian/pool/main/a/apt-cacher-ng/?C=M;O=D Once installed, edit the acng.conf file; nano /etc/apt-cacher-ng/acng.conf You can be lazy with the configuration below that I am using, or edit

    [Continue Reading]
  • Debian 10.x and ZFS

    Installation woes… let’s fix that. The Debian wiki seems to be a bit out of date on this when it comes to Debian 10, and if you don’t have contrib’s enabled for whatever the reason may be. Edit /etc/apt/sources.list Add in the following two lines at the end… Save and close sources.list Run “apt update“ You should get a notice that ZFS has legality/infringe issues. Slap that OK button and continue. ZFS is now installed and good to go after apt does its thing. Head over to https://wiki.debian.org/ZFS#Creating_the_Pool to read up on pools.

    [Continue Reading]
  • Configuring Config Server & Firewall to deal with BIND9 attacks

    Over the past month, I have taken notice that many of the name servers that I operate have come under DNS Amplification attacks. As I am writing this, I am sitting back, enjoying my server’s firewall auto-block compromised machines. The scary thing is that this is happening on IPv6 and IPv4, all incoming to port 53 on the name servers, but to random IP’s on a preset port. The simplest method is to just block the IP address that is apparently initiating the DNS query. So here’s the goods. By default, CSF does not filter/monitor for these sort of named/bind attacks, as there’s no custom rules in place for it. As to why, I don’t know, but this is what I’ll be addressing… Earlier, I had about 40 to 50 different IP

    [Continue Reading]
  • ValhallaRift.com and its side-projects

    A domain name that I once owned… letting it expire years ago, but got it back summer of 2020. I have two little side projects on this domain… and yes, both revolve around Rift MMORPG. Despite Rift MMORPG’s population being in shambles ten years onward (server stats show no more than 500 people online at any given time in North America as of late 2020), the game still has a nice tight-knit community. I really do wish Gamigo would take the time to revitalize Rift; otherwise, it’s time is coming for it to be set off to the pasture. Anyhow, here’s the two domains… https://events.valhallarift.com https://maps.valhallarift.com Events The events subdomain lists all active zone events on North America and European server cluster. They are broken down into the event name, what server

    [Continue Reading]