Thursday, July 31, 2014

Linking a Bypass Code in Umbrella by OpenDNS

Here's a stumper:  you've created a bypass code for a user under Block Page ->Bypass Codes, and as you're admiring your shiny new bypass code entry you note that there is a yellow Hazard symbol in the column under Linked Policies next to n/a.  Furthermore the users bypass code doesn't work - it says that it must be linked to a policy, and there isn't a "link policy" button anywhere to be found.

This situation can be avoided entirely by creating each bypass code by clicking Policies in the left hand pane, selecting the relevant policy in the main pane, then jumping to Step 3. "Select Block Page Settings" and clicking Add Code.  Create and save your new code, share it with the relevant user, and your done.

But say you've gone and created your bypass code by navigating to Block Page Settings in the left hand pane, selecting Bypass Codes underneath it, and clicking "+ Create a New Bypass Code."  Don't worry, you haven't just wasted that time - click Policies in the left hand pane, select the relevant policy in the main pane, then jump to Step 3. "Select Block Page Settings," check the box next to the desired user, and then click Save.

Thursday, July 24, 2014

Assigning a Public IP using AT&T UVerse - Pace Modem

1.  Visit your gateway address using your favorite browser.

2.  Go to Settings -> Firewall

3.  Go to Application Pinholes and DMZ

4.  Select your device and then click Allow All (the last option)

5.  Click Save

This will DMZ the device and allow all traffic to all ports on that device.

Wednesday, July 02, 2014

Scheduling Periodic Bandwidth Checks Between pfSense Routers Using iPerf

I have a customer who, for years, has complained that their point to point connection (over a dedicated Point-to-Point Cable connection referred to as EoC or Ethernet over Cable) slows down every afternoon regardless of the number of users.  Initial investigations revealed nothing of importance.  iPerf tests would show periodic slowdowns but without any consistency as I could only run iPerf at the console, which required me to stand over it and initiate the tests.

What I desired was iPerf tests every 5 minutes during business hours.

To get started install the iPerf packages in both of your pfSense systems.  I am clueless why there are iPerf options in the Webmin, they seem to do nothing, please ignore them and use iPerf from the console.

iperf -c -t 28800 -i 300

SEEMS to work, but it would need to be invoked every morning, and only outputs to the screen. Furthermore it runs the test ALL DAY LONG, not just every 5 minutes.  This would hog up the connection and prevent real work from being done quickly.  What I need is for it to be done periodically then output to a text file that I can check occasionally.  Furthermore, the office is only open 8am-5pm Monday through Friday, so why fill up my file with tests all the rest of the time?  Lastly, iPerf doesn't include dates and times in the report, so I need to add them.  I decided to haul out Crontab and do the following:

1.  Install the iPerf package in both pfSense systems.

2.  Pick a pfSense system to be ny server, log into its administrative console, and run the following command:

iperf -s -D

This runs iPerf as a daemon and allows me to close the session but keep iPerf running.

3.  Create an sh script (mine is using vi containing the following:

/usr/local/bin/iperf -c -t -x CSV

The date line adds the date and time to the output file, and the -x CSV prevents showing info beyond the amount of data transferred and the speed at which it was transferred.

4.  Add a crontab job (crontab -e) for the user admin similar to the following:

00/5 8-17 * * 1-5 /root/ >> iperfreport.txt

5.  Now all you need to do is cat your iperfreport.txt to see reports.

Wed Jul  2 13:25:00 CDT 2014
[ ID] Interval       Transfer     Bandwidth
[  3]  0.0-10.0 sec  6.00 MBytes  5.03 Mbits/sec
Wed Jul  2 13:30:00 CDT 2014
[ ID] Interval       Transfer     Bandwidth
[  3]  0.0-10.1 sec  6.00 MBytes  4.98 Mbits/sec