Comments for www.gobien.be http://ares.gobien.be:8080 About computer technology Sun, 29 Jan 2012 19:01:24 +0000 hourly 1 http://wordpress.org/?v= Comment on Netscreen policy based routing cross virtual router by Stan Gobien http://ares.gobien.be:8080/2010/04/netscreen-pbr-cross-virtual-router/comment-page-1/#comment-364 Stan Gobien Sun, 29 Jan 2012 19:01:24 +0000 http://ares.gobien.be:8080/?p=89#comment-364 Just an update on this. The client is by now running on an SSG140 with ScreenOS 6 and there I found an option on the trust-vr virtual router to change the preference value of PPOE and DHCP connected interfaces. In my example this now results in all interfaces being put in Untrust and the statically assigned interfaces has the highest preference. You can still use PBR policies to force some traffic the way you want and you even have automatic failover if an interface goes down (completely down, i.e. disconnected). On ScreenOS 5 there is a problem with VIPS on multiple Untrust interfaces. Just an update on this.
The client is by now running on an SSG140 with ScreenOS 6 and there I found an option on the trust-vr virtual router to change the preference value of PPOE and DHCP connected interfaces.

In my example this now results in all interfaces being put in Untrust and the statically assigned interfaces has the highest preference. You can still use PBR policies to force some traffic the way you want and you even have automatic failover if an interface goes down (completely down, i.e. disconnected). On ScreenOS 5 there is a problem with VIPS on multiple Untrust interfaces.

]]> Comment on Call of Duty Modern Warfare 3 port forwarding (NAT type Open) by Stan Gobien http://ares.gobien.be:8080/2011/11/call-of-duty-modern-warfare-3-port-forwarding-nat-type-open/comment-page-1/#comment-352 Stan Gobien Thu, 01 Dec 2011 20:03:50 +0000 http://ares.gobien.be:8080/?p=213#comment-352 I have exactly these ports forwarded and have since NAT type Open (was Strict before). Make sure your windows firewall is disabled as well for testing purposes. If that changes things than you can add rules in the windows firewall for the ports above. I have the windows firewall just disabled as I trust my home network and NAT blocks any access to the PC from the Internet except for the ports you forward. But never do a full DMZ to a windows PC! I have exactly these ports forwarded and have since NAT type Open (was Strict before).

Make sure your windows firewall is disabled as well for testing purposes. If that changes things than you can add rules in the windows firewall for the ports above.

I have the windows firewall just disabled as I trust my home network and NAT blocks any access to the PC from the Internet except for the ports you forward. But never do a full DMZ to a windows PC!

]]> Comment on Call of Duty Modern Warfare 3 port forwarding (NAT type Open) by well http://ares.gobien.be:8080/2011/11/call-of-duty-modern-warfare-3-port-forwarding-nat-type-open/comment-page-1/#comment-351 well Thu, 01 Dec 2011 14:03:37 +0000 http://ares.gobien.be:8080/?p=213#comment-351 Using this --> NAT : Moderate Using this –> NAT : Moderate

]]> Comment on ARES The Linux Home Server by Stan Gobien http://ares.gobien.be:8080/2007/03/ares-the-linux-home-server/comment-page-1/#comment-75 Stan Gobien Sun, 09 Jan 2011 10:37:17 +0000 #comment-75 This information is not up to date. This information is not up to date.

]]> Comment on Installed ESXi 4 (with FTP & SSH enabled) & migrated VM’s from workstation by Stan Gobien http://ares.gobien.be:8080/2009/11/esxi-4-with-ftp-ssh-migration/comment-page-1/#comment-74 Stan Gobien Sun, 09 Jan 2011 10:34:47 +0000 http://ares.gobien.be:8080/?p=66#comment-74 ESXi 4.1 has the ability to enable remote SSH from the VSpehere Client. Out of the box. ESXi 4.1 has the ability to enable remote SSH from the VSpehere Client. Out of the box.

]]> Comment on GhettoVCB ESX(i) VM’s backup: E-mail logfile by Stan Gobien http://ares.gobien.be:8080/2009/12/ghettovcb-esxi-backup-e-mail-logfile/comment-page-1/#comment-73 Stan Gobien Sat, 08 Jan 2011 10:08:29 +0000 http://ares.gobien.be:8080/?p=73#comment-73 The latest version of GhettoVCB can e-mail the logfile by itself. As long as you use ESX(i) >= 4.1. The latest version of GhettoVCB can e-mail the logfile by itself. As long as you use ESX(i) >= 4.1.

]]> Comment on Ares server statistics by Stan Gobien http://ares.gobien.be:8080/ares-server-statistics/comment-page-1/#comment-62 Stan Gobien Thu, 02 Dec 2010 21:56:10 +0000 http://ares.gobien.be:8080/?page_id=79#comment-62 And munin is excellent for graphing it all up automatically. And munin is excellent for graphing it all up automatically.

]]> Comment on Netscreen policy based routing cross virtual router by Stan Gobien http://ares.gobien.be:8080/2010/04/netscreen-pbr-cross-virtual-router/comment-page-1/#comment-10 Stan Gobien Mon, 31 May 2010 17:16:07 +0000 http://ares.gobien.be:8080/?p=89#comment-10 Hi yasser, Luckily for me the ADSL PPoE was static. Sometimes even with dynamic PPoE connections the gateway always stays the same. If that's the case for you, then you can follow my example. If not, then you have a problem. 1) You could put the interface back in trust-vr and find some way to make your statically set gateway a higher priority. I didn't found out how to to do it, and someone on the juniper forum said you just can't. But you never know. 2) If the above fails (likely) then the only option i see is to buy a cheap router or put your ADSL modem in router mode (if it can do that). Next you can choose, either give your router a LAN IP inside your current LAN-Trust subnet. In your PBR on trust-vr you then just set next-hop lan-ip-new-router. Or create a new private subnet and connect that statically to your ISP2-vr and ISP2 zone set interface. Follow my example above to route traffic out trough the chosen interface. On both these approaches the router will do NAT and you do not need to do it on the Netscreen for this traffic. In the last approach you will need policies allowing traffic from trust to ISP2, but this last approach will also allow bandwidth shaping, while intra-zone (Trust-Trust) traffic won't. Another note is that the last approach makes sure users never put the router-lan-ip as std. gateway instead of the Netscreen. Hope this helps ! Regards Stan Hi yasser,
Luckily for me the ADSL PPoE was static.
Sometimes even with dynamic PPoE connections the gateway always stays the same. If that’s the case for you, then you can follow my example.

If not, then you have a problem.
1) You could put the interface back in trust-vr and find some way to make your statically set gateway a higher priority. I didn’t found out how to to do it, and someone on the juniper forum said you just can’t. But you never know.

2) If the above fails (likely) then the only option i see is to buy a cheap router or put your ADSL modem in router mode (if it can do that). Next you can choose, either give your router a LAN IP inside your current LAN-Trust subnet. In your PBR on trust-vr you then just set next-hop lan-ip-new-router.
Or create a new private subnet and connect that statically to your ISP2-vr and ISP2 zone set interface. Follow my example above to route traffic out trough the chosen interface.

On both these approaches the router will do NAT and you do not need to do it on the Netscreen for this traffic. In the last approach you will need policies allowing traffic from trust to ISP2, but this last approach will also allow bandwidth shaping, while intra-zone (Trust-Trust) traffic won’t. Another note is that the last approach makes sure users never put the router-lan-ip as std. gateway instead of the Netscreen.

Hope this helps !
Regards Stan

]]> Comment on Netscreen policy based routing cross virtual router by Yasser http://ares.gobien.be:8080/2010/04/netscreen-pbr-cross-virtual-router/comment-page-1/#comment-9 Yasser Mon, 31 May 2010 11:53:52 +0000 http://ares.gobien.be:8080/?p=89#comment-9 Hi Stan, Thanks for this explanation, i have almost the same situation, but my problem is that the second ISP link is an ADSL PPoE which means you got the IP address from the ISP automatically, in that case i won't be able to define the IP address of the gateway as i don't know it and it is been changed every time you reset the line, do you have any idea how can i follow the same steps you added but use the Interface as a gate way instead of the IP?!! Thanks. Best Regards, Yasser Hi Stan,

Thanks for this explanation, i have almost the same situation, but my problem is that the second ISP link is an ADSL PPoE which means you got the IP address from the ISP automatically, in that case i won’t be able to define the IP address of the gateway as i don’t know it and it is been changed every time you reset the line, do you have any idea how can i follow the same steps you added but use the Interface as a gate way instead of the IP?!!
Thanks.
Best Regards,
Yasser

]]> Comment on Ares server statistics by Lerenka http://ares.gobien.be:8080/ares-server-statistics/comment-page-1/#comment-8 Lerenka Mon, 19 Apr 2010 06:28:25 +0000 http://ares.gobien.be:8080/?page_id=79#comment-8 RRDtool is definitely the best monitoring tool ever RRDtool is definitely the best monitoring tool ever

]]>