pfSense – NAT reflection

Didn’t sleep at all last night, didn’t help when Jamie decided not to go to bed until around 5AM and the dog was busy throwing up. Then the phone went, it was mother, ignored. Got up and spent the bulk of the very horrible day working, well testing the mobile game, I think that’s the last day on that now, back on Android tomorrow I think.

In between testing on iPod I was installing the new pfSense box. Pain in the ass part one. So the pfSense box has no drives, all it has is a compact flash card. So to install pfSense on to it is quite a challenge. So I installed Ubuntu desktop edition to a USB stick, using Ubuntu desktop edition, which is full of bugs as far as writing out an image is concerned. You select the image name in the file selector and then it ignores you and uses whatever it can find. Anyway after getting the bootable image the next thing to do is copy an uncompressed CF image of pfSense to the stick as well. Also copy over GAG boot loader as it doesn’t suffer the PXE boot problem to do with wake on LAN (look back a few months in the blog). So when you have your image, now plug stick into pfSense box and boot it, allow about ten minutes for it to boot. Struggle to find a bash shell, open it and then block copy over the pfSense image over to the CF card using linux DD command. Once that’s done, install GAG and run the install on the CF card, it will moan about GRUB needing installing but it’s already there. Remove stick and reboot. Hopefully you will get the GAG startup screen, add the pfSense partician to the loader and set the timeout to this partician. Once that’s done let the bloody thing boot. Hopefully all will be okay and you can assign the first couple of NIC’s to WAN and LAN. Once that’s done, take your old pfSense config XML file and do a search and replace for all the interfaces and replace all the bge0/re0 stuff with the correct interface assignments. Then restore that file over to the new pfSense box and reboot. Hopefully all will come up and be working, well it was for me….except one thing, there’s always the one bloody thing….

I couldn’t connect to my server on the DMZ from the LAN side, no matter what I did, it just wasn’t happening. It’s all to do with NAT reflection, basically if you try and connect to the web server from inside the LAN it has to send out a request from the LAN IP, via the gateway, out of the WAN interface, then back in the WAN interface, through NAT and then to the server, it then has to make the whole trip back. The only way I could get it to work was to use port forwarding for each of the ports on both server IP’s and then only worked if I used the proxy to do reflection, which basically runs a deamon to ram the packet request back down the same port it came from. This worked, but I wasn’t happy about it.

So went to the gym. Came back after thinking about it, a lot. So I added a firewall rule to log packets from the netbook, just to see where they were going. With the port forwarding and proxy reflection nothing showed up in the firewall log. So I disabled the port forward and I could see the request then going out to the WAN IP address and promptly getting lost in the either. So I enabled normal reflection on the 1:1 NAT, then on the log I could see the WAN IP being translated to the internal LAN IP….and getting lost somewhere in the internal LAN. So had to think about it…there was some guff in the advanced settings about reflection only working if the rules could determine the source interface on rule loading. So then, when the request is generated LAN side it then translates it to the LAN IP from the WAN IP via the NAT 1:1 translation, it then sends it via the gateway, which is the load balancing gateway, so it could potentially send it via either WAN1 or WAN2, then it really is going to have a bit of an issue trying to work out well the hell to reflect it to. So I added a rule to the LAN which was to send all packets destined for the internal LAN IP’s of the server via the default gateway. Bingo. That worked a treat, and thinking about it, it’s the correct solution. So now when a request is set from an internal LAN IP to a WAN IP on the server, it takes the source IP, looks at the destination as that’s a 1:! NAT mapping it translates it from the WAN IP to the internal LAN IP, it then sends that via the default gateway, which then goes through the default WAN (I’m not sure it actually ever gets that far as it really doesn’t need to), goes to sever, server then replies back via the default gateway and gets translated back to the correct IP. Job done. Hours of fun, for which I didn’t have hours for.

Mother sent an email, apparently her curtain rail has fallen down. Sorry, but during the week I have 24 hours in a day, excluding the ones I’m asleep for I still have 37 hours of stuff to cram in. Your curtain poll is not high on my to do list. I still have a load of home checks to do as well. The dog didn’t even get a walk today, as the only breaks I had it was absolutely pissing down. We did have a play with her ball though when I came back from the gym. But she’s off to doggy day care tomorrow, so that’ll make up for it. She’s actually been very good considering, I don’t think she was overly keen on venturing out anyway.

My drain cleaning attachment has turned up for my pressure washer.

Right, well hopefully that’s the last about pfSense now. Incidentally it uses around 17 watts considering the old box was around 85, so that’s a hell of a power saving. Also it’s performance appears to be very good, I was getting some pretty good speed tests results. Right, I’m now finished for the day, it’s twenty to one and I need to be up at 6 to take the dog to paw stretchers. Fun fun.

pfSense – the revenge

So started of this morning with one more tweak to the mobile game, not sure if it’s been submitted to Apple or not yet. Anyway, spent the rest of the day play testing it. No real significant issues that I could see. Thoroughly enjoyed playing it as well.

Decided to try this fasting diet thing, as the only change I had to make to my existing diet to get under the 600 calories was to remove the sausage roll from my salad and the two slices of bread from my lunchtime sandwich, and that was it.

Walked the dog, we did the wet route today as it wasn’t particularly nice.

Went to the gym and did combat. Came back and started to do battle with the new pfSense box. New box is built, this is this nice Jetway board with quad lan. The version of pfSense already on the flash card is the release version and that doesn’t appear to support the new network nics. So I’m now trying to get a version of the nano pfsense on to the flash card. This is turning out to be somewhat problematic. I don’t actually have a machine with a compact flash card interface on it, except for one linux box with one mounted as a sata drive and another one on the new Jetway board. So I’m now trying to install it off a USB flash drive. The good news is the new version does seem to support the NIC’s, the bad news is it won’t actually mount as a file system. So what I’ve done now is install a bootable version of Ubuntu on to the flash drive, I’ll then copy over the cf image to it and then try and write that to the flash card. I still then have to update the boot block as it will no doubt have the old issue with being unable to boot properly from the wake on lan. So lots of fun things to play with ahead.

Wine tasting and drain cleaning, don’t get the two confused

Ok so yesterday started off with the usual process of getting up late. The proceeded to do just about everything backwards. Had lunch then took the dog for a walk. Then did the shopping, on the way back went to John Lewis and bought a posh cheese board.

We went out this evening to Lisa & Andy’s with my sister and Shaun. Shaun has just passed his driving test. Anyway, we were going for a wine tasting which I bought on a Groupon months and months ago. So little fat man turned up with two very large luggage type cases full of wine. I got given a bottle of red for the booking (which wasn’t bad as the whole thing only cost £19). He asked us all what sort of wine we drank then we proceeded to sample 13 bottles, it was all very educational and we all got merrily pissed. At the end of it I ordered for hundred quids worth, which I’m sure pleased little fat man no end, as he then left all the sample bottles for us to kill off, including a rather nice New Zealand white at 20 quid a bottle that I was rather partial to. Shaun drove home, I think he drove fine, I really can’t remember.

Now this morning as usual after a fairly heavy session I was up like a shot at 6AM. Couldn’t really get back to sleep so watched the X-Factor at 7:30 then pottered around a bit doing various dull things. I then ventured out into the garden where I spent the next three hours chopping the bits of tree that I felled last week into the wheelie bin. Then I decided it was time to check the drains again as the kitchen sink is running slow. Shoved a hose pipe up from the outside towards the kitchen, gummed up with shit (literally), so spent the next three hours jetting raw sewage all other the place, I still haven’t got it completely unblocked but it’s certainly running better than it was. I’ve poured a load of drain cleaner down it, but I imagine it’s going to need another pretty serious session. That’s Jamie and his bloody fried food.

Mother turned up (she was invited) when I was covered in shit (again literally). I washed off then presented her with various different coffees. I wasn’t overly in a social mood at this point, so she didn’t hang around long. But did delivery fruit cake.

Then did the accounts and paid everyone. Trying to work out how I’ve knocked up three grand on my credit card this month and then decided it was because I keep buying stuff. So then sat down and bought some more, mainly Jamie’s Christmas presents. Got a few more to get but at least I made a start.

I need to order all the heating electrics next week and get a start on that, or the fitting date will be round before I know it. Anyway now its wine and bath time, then the US Grand Prix I think.

Give a toddler a bone and that’s child cruelty, give a dog a bone and she thinks it’s Christmas.

Busy day today with trying to finish off the mobile game. Fixed various problems in routing tables. Also had a lot of other minor stuff to fix and found a couple of crash issues. Only just finishing up now, so will keep this brief. There was actually a post on our internal work forum to do with depression and coping day to day, so I thought I’d add to it with my thoughts. I’ve removed some of the names, but it’s pretty much verbatim.

I know you’ve already taken my advice and got a dog X and I hope that it’s brought you and your family some happiness. Here are a few other tit-bits for managing day to day (just my opinions).

1) Get a dog. Dogs are great. But if you are considering one then please go to an animal shelter rather than a breeder or puppy farm. There are loads of really lovely dogs looking for a new home, and like marrying an ugly woman they will always remain grateful. If you need a change of scenery take the dog for a walk, if you want a quick break throw a ball round for a bit, when you’re done, dog will curl up and go to sleep. They are energy efficient and cheap to run (A* energy rating), I have a self cleaning model, she goes to sleep muddy and wakes up clean (unlike my self cleaning oven, which I’ve never once seen attempt this feat). You no longer require a doorbell. There is no need to remove crumbs off the kitchen floor. Unlike children they do not require clothes, education, their own room or a mobile phone. Give a toddler a bone and that’s child cruelty, give a dog a bone and she thinks it’s Christmas.

2) Get a good wine supplier. I recommend NakedWines.com (I always have vouchers available). Whether it’s red or white, independent vineyards always come out on top.

3) Get a cheap wine supplier. I recommend TescoWines. When you’ve had a bottle of the above and really appreciated the fine taste, you can then move on to the Isla Negra as you no longer care.

4) Get a good coffee machine and good coffee (I recommend talking to X about this). Fine wine is good, but at 10AM when you have a dozen walk grids to hand edit then reaching for a bottle of Chardonnay is not the answer, getting a large mug of fine arabica is though.

5) Get a gym membership and use it. Being stuck behind a desk all day isn’t good for you. Get some good exercise. If a treadmill is not your thing then try a class. I do ‘Body Combat’, it’s great fun.

6) Steer clear of anything like ‘living life to the full’, been there, done it, it’s shit. I don’t want to know about how to eat an elephant (Answer, One chunk at a time). I find self help books and courses do not work for me at all, others may have had success though.

7) If you require it and a lot of people do at one time or another, choose your medication carefully. Citalopram, Sertraline and Fluoxetine, all good (Citalopram made me sweat a lot). You get amazing dreams. Steer well clear of Amitriptyline, your head will be on a different planet to your body and you’ll spend all day poking your mouse wondering why it doesn’t squeak. To get off antidepressants see 1.

8) Avoid fad diets. You’ll stick to it for a couple of weeks then you’ll see a cream cake in a shop window and that’ll be the end of it. Just eat sensibly and do a bit of exercise now and then. I’m currently addicted to cheese.

9) Life’s too short, so get somebody else to do the stuff you don’t want to do. DIY is great if you enjoy it, but if you haven’t got round to painting the bathroom in 3 years, it really is time to get someone else in.

10) Get a cleaner. (See 9.)

11) Get a pool boy. (Even if you don’t have a pool, this may only be applicable to me though.)

12) Avoid render.

Skyfall

Didn’t start at the crack of dawn, mainly as I don’t do that shit anyway and I didn’t finish until 3AM. And then when I finally got to bed, Jamie was as horny as hell and demanded his version of kinky sex, well it would be rude to not oblige.

So today was mainly about tidying up, finishing off and testing. So that’s exactly what I did. Last minute bug fixing and testing.

Took the dog out for a walk and for once it was a pleasure. I think she did actually learn something yesterday at doggy day care.

New motherboard for pfSense box has arrived. It’s still in the box, hopefully look at it the weekend. Went to gym, ran, not very exciting. Ate salad.

Then at ten to ten I went upstairs to Jamie and said ‘lets go then’, to a rather shocked Jamie, who had completely forgotten that I’d got tickets to the new James Bond film – Skyfall. M32 had a junction closed, so we were slightly late, the good point about this was we missed all the ad’s for Gordon’s Gin. We had the posh seats in the ‘Director’s Lounge’, if you are going to the cinema then do it in style. My mother would never have taken me here. The film itself was easily the best Bond I’ve seen in many years, it was pretty much non-stop action all the way through. Really enjoyed it.

So, probably one more day on the mobile game and that will be it.

Doggy Daycare and Cleaners all a big success

Okay, so I woke up at an ungodly hour, one which should have been the end of a good evening, not at the beginning of a good morning. Dog didn’t really know what the hell was going on, she went out for a pee then ran back upstairs to bed. She was then slightly confused when I started to pour her breakfast out. She decided to strike while the iron was hot and came downstairs and ate it. She then dutifully went and had a poo and got rather excited. She got bundled into the car in the dark and driven to “Paw Stretchers”. Where she shot out of the car got attached to a man with a lead and didn’t look back. I drove home and went back to bed.

Today work wise was mainly fixing a few bugs and doing play testing, all went according to plan really. Fixed a few things, tested lots on iPod and PC.

New cleaners arrived, one called Mandy, one called something else. They spent about five minutes unloading their van of various containers of ‘stuff’ and a couple of hoovers. They then proceeded to do cleaning type things for the next three hours, which wasn’t bad when they are only being paid for two and a quarter. They didn’t get round to the dinning room but did everything else. I must admit they actually did a really really good job, I was very impressed. Now they’ve got on top of a few things it, (hopefully) won’t take so long next time. So that’s “Welcome home cleaning”.

By the time they went it was time to pick Sasha up. So sat at Aztec West traffic lights for twenty minutes then arrived at doggy daycare. Sasha was led out by a rather cute looking guy. She had apparently spent three hours running round in a field, followed by various other activities. I was disappointed that I wasn’t given a painting that she had done to stick on the fridge. She’ll be going back next week. She’s been asleep since.

Did a bit more play testing. Due to my foot being bad, no idea, some sort of ankle twist, I gave the gym a miss and had a bath instead. Caught up with a magazine. Ate salad. Sat down. Jamie keeps asking if I’m going to plough his buttocks, well as long as he doesn’t hurt my ankle.

Going from A to B

So started fairly early, well normal time, I just didn’t read BBC news for an hour first. So back on to routing, Al was moaning about a couple other frame rate cases. So did more research on HPA (a variation on A-star) but all involved building graphs and lots or preprocessing which I didn’t really have time to do. So came up with a simple solution which would involve a bit of manual work but would give me good results and importantly not use much memory. What I did was dump out the maps to a text file. Mark walk-able squares with a 0 and non walk-able with an X. Simples. Then manually went through the text files and grouped all the closed off areas, so for instance a closed off bit at the top of the map would be allocated section 1, then the next 2 etc. I had up to 16 areas that could be grouped. All I did then was add additional routing hints. So to go from one area to another you would just do 0:3:2; meaning to go from area 0 to area 3 you needed to go via area 2. All other areas could be disregarded in the A-star search. This reduced my maximum search nodes down to about a sixth of what it was. Total memory requirements…512 bytes. Ok, so manual editing, but it’s only a couple of maps, gives great results and only took about one mug of coffee per map.

Walked the dog. Finished work vaguely on time. Did a home check and went to the gym. Ran, only thirty eight minutes, on a short week this week. Did a home check for a kitten. Sat down and ate salad. Actually watched quite a bit of TV without any distractions.

Sasha is off to doggy day care far too early tomorrow morning. New cleaners starting. Need to order stuff for new pfSense box. New server seems to be running fine. Think I’ll have some fruit cake, may be a glass of wine and an early night.

More routing – It’s over there not there

Got up. That was an event in itself. Spent most of the morning, well the bulk of the day actually doing research into routing and trying to optimise the search of the mobile game. I looked at quite a few different ways of improving it, but most require additional trees and memory. That’s one thing I’m very short on, so ended up just tweaking heuristics. Still got a bit more to tweak and tidy up. Get a good run on it tomorrow I think.

Walked the dog, I think I’ve decided on our new winter route. This is mainly tarmac based due to bad flooding down the nature reserve.

Went to the gym, did Body Combat. Couldn’t really be arsed to do any further running.

Came back, did some more work. Also moved the server to it’s new case that arrived today. It looks very smart and eats about a third the power of the small form factor HP. All working okay. Next is to do something similar to the pfSense box.

Tried to get dog sick out of a carpet, that didn’t work.

Feeling very tired. Thing I’ll try and have an early night.

I’m a lumberjack and I’m okay

Started off this morning pruning a tree. I now have a garden full of said tree and no where to put it until the wheelie bin has been emptied. I reckon it’s a good two loads worth. Asked the neighbour if she minded if I cut one of the uprights out over her side so I could reach it, I got the response “Do want you need to do Tim, the things a pain in the bloody ass.”. I don’t think she minded.

After that we went up to Cribbs and walked round various toy-shops. Didn’t buy anything. One toy shop had a couple of storm troopers outside and a rather fat Jedi. Inside though there were quite a good number of cute male staff, far better quality than Toy’s R’us.

Came back, had lunch (boiled eggs, It’s a Sunday). Then Sarah and Shaun came round. We sat down and had coffee, followed by more coffee and chatted mainly bollocks about boilers, bathrooms, work, ailments, cars (breaking down rather than driving them) and dogs. Mainly as ours was trying to leap up and kill them.

Afterwords I got my new steamer out, steamed things. Tiles mainly. Then decided that wouldn’t it be great to clean the over door glass. The inside of it. Two hours later, half a tub of something I had sat in the back of a cupboard for ten years and said steamer, it’s now actually transparent. It’s something I’ll replace sooner rather than later anyway.

Then I briefly hoovered and played with gadget No.2, the carpet shampooer. This was great fun, the colour of the water when emptying the tank was darker than my soul.

Found the memory card with all my honeymoon photos on, so stuck those on the i-Mac, then finally got round to doing mothers photo album thing. That’s only been pending since June.

Was going to buy some shoes off Groupon, but they have sold out. You can never have enough shoes.

Set up the iPhone5. It’s an iPhone. It does stuff I’ll never use. Siri is quite amusing though, I said, “Tell me about sex with camels”, It did a Google search for ‘Sex with Carols’. Also rather amusingly I asked “Tell me who I am?”, it responded with, “I don’t know who you are, but you can set that info in settings.”. It did correctly tell me though what armadillos taste like, always essential info, when you end up in a Central American Synapsida restaurant and they have run out of Pizza.

Right, bath time. It will be nice next week to not have the entertain plumbers. Well it’s not like I put on a show or anything, I didn’t open the airing cupboard to Chris Tarrent sat on a stool, saying, “Just 15 questions between you and 3 litres of inhibitor.”. I digress.

“How does the dog hold the golf club?”, “I have no idea.”

The morning started off pretty well. Jamie wasn’t wearing any pants which is usually a good sign that some vague action could happen. It did, well for me anyway, I didn’t recipricate. Then he asked what the dog was planning on doing today, I said that she was planning on playing golf as she wanted to get her handicap down. He then asked how she could hold a club. It was far too early and I was still out of coffee so couldn’t be arsed to come up with a witty response, so just said I had no idea. He went off to work, obviously thinking intensly how a dog could play golf without opposable thumbs. However she would have managed it, she would have still played better than me.

I went and did a house check for a kitten, all fine. Then I picked up a sim-card for my iPhone5 and did the shopping. Both rather dull activities, oh, also got some crickets.

Ate lunch, toast and cheese. Then assembled my new Bissel carpet shampooer. It looks very impressive, now need to find somewhere to keep it. Also got one of those steamer things. The new batteries for the doorbell turned up together with some new garden tools. I may take them to the bedroom later.

Walked into town, bought some drain cleaner, walked back again.

Visited mother, which was a good time to catchup on FaceBook. Mind you she has got back into baking again and does make a rather mean fruit cake. I cleaned out her Magnaclense (had to get a boiler reference in their somewhere) and increased the pressure on her boiler.

Came back, did the accounts and bits. Also got this rather nice little bluetooth keyboard iPad case thing, which I’m typing this up on. I’m very impressed works really quite well.

So all done, just going to fry the chicken ready for dinner, which is something I can’t spell so won’t bother as the spell checker doesn’t seem to be working. Then a quick bath I think, may be some wine.

Bought three lots of coffee beans so going to have a few testers. Getting very used to having it black now, makes me stoned.

Lots of fun house/garden work to get on with tomorrow. I think Sarah is popping over as well to test out the new coffee machine.