Oct 232015

I was trying to set up a fail2ban jail for wordpress inside a FreeBSD jail, but I just couldn’t get the rules to match.  The fail2ban instance was running on the host machine, checking a log inside the jail.  Turns out the time zone in the jail was incorrect, and fail2ban was not matching log entries because the time was different.

You may need to restart processes after this – I restarted both syslogd and Apache in the jail.

Sep 262012

If you are running a transparent HTTP proxy on your network, you may have trouble with running Internet Recovery and Apple Hardware Test on Macs that support it.  You’ll see a “-4403D” or “-4403F” error.  For some reason, Apple’s servers return a 403 when they see the “via” header that many proxy servers send.  Here’s the configuration I used in Squid to turn off that header.  I also disabled the “forwarded-for” header – essentially, this makes it impossible for servers to determine that the request is coming through a proxy server:

Nov 062011

By default, Squid sends HTTP headers on every request that can give away information about your internal network. Here’s an example of these headers:

That’s three pieces of information you may not want to give away: The host name of your proxy server, the version of Squid it’s running, and the IP address of the system that’s making the request via the proxy.

Fortunately, it’s simple (and does not apparently violate any standards) to make these headers more anonymous – just use these configuration directives in your squid.conf:

That will change the headers to look more like this:

Sep 072011

If you have a switch, access point or other piece of network hardware that supports 802.1q VLAN tagging, and you’d like to your FreeBSD system to recognize them, it’s a pretty straight-forward configuration.  I’ll use examples from my network to illustrate.  My goal in this case, which I may write about in a separate post, was to create two segmented wifi networks – one for my main network and one for guests to connect to.  I wanted the guest network to have access to the internet, but not to any of my other systems on the network.

Continue reading »

Mar 012009

I previously discussed configuring JungleDisk on FreeBSD.  It’s not quite the easiest to install since FreeBSD isn’t officially supported.  To take that a step further, I’m now going to show what I do to back up my FreeBSD box at home.

Update, November 2009: I am no longer using JungleDisk to back up my FreeBSD box.  Jungledisk recently released version 3.0 of their software which does not include a command-line Linux version in the standard desktop edition.  I was advised to stick with the old version if I want to continue backing up.  Instead, I chose to change over to Duplicity.  I will write a post on Duplicity in the near future.

There are a couple of steps to this process.  First, we must perform the backup itself.  I’m using dump(8) for this purpose – this program is built right into FreeBSD – it’s purpose in the original UNIX was to dump a file system to a tape drive, but we’re going to use it to dump the filesystem to a file.  The second step is to have JungleDisk back the files up to S3.

Standard disclaimer:  This is not at all supported by JungleDisk and if you choose to try this, you’re doing so at your own risk.  This works fine for me, but your mileage may vary.  I am not in any way responsible for any costs this may incur to you, or any damage this may cause.

Continue reading »