blog.mbentley.net

with this post, i am going to be keeping things pretty simple. i was recently asked why i didn’t have a favicon setup for my blog and website, i figured now is just as good of a time as any to create one. i just wanted something extremely simple. figured just my initials would work for the time being. now that i figured what i actually wanted, i then had to create it. so i loaded up photoshop and made my 16×16 favicon and went to save it and realized that photoshop (at least the version i have, 7.0) does not have .ico file support. a quick google search led me to the web site of Telegraphics. on the site, they have a plugin that works with photoshop to add .ico support. installation was more than simple (just check out the included readme if you really can’t figure it out). all i had to do was use the ’save as’ function to save it as an .ico file. then i just uploaded my new ‘favicon.ico’ to the root directory of my blog and voila, i now have a favicon.

i have owned an acer travelmate 2420 for about 5-6 years or so and i have noticed, especially more recently, that my cpu temperatures were pretty high. the cpu would idle around 60-65°C. a couple years ago, i started taking the laptop apart to see if there was access to the processor to reapply the thermal paste. turned out that it wasn’t so easy to get to so i simply gave up since i couldn’t find a service manual for it anywhere online. since the temps seemed to keep getting worse, i decided to try to look again.

this time i was able to find the manual (Aspire 3620/TravelMate 2420 Series Service Guide). it took quite a while, but i was able to disassemble the laptop using the service manual as it has pretty decent step by step instructions including screw locations. in order to gain access to the processor, almost the entire laptop must be disassembled and the motherboard removed. from there, i was able to remove the heatpipe from the processor and northbridge, clean them and then apply some new arctic silver 5 thermal paste. another thing i noticed was that there was quite a gathering of dust on the heat sink of the heat pipe which certainly can’t help the temps. cleaning that out with an old toothbrush did the trick.

reassembly of the laptop went much quicker than the disassembly phase. it certainly helped that i used a piece of paper and made note of which screws went to what location. acer is one of those manufacturers that uses multiple screw sizes for anything and everything unlike many dells i have come across where there are typically 2-3 types of screws or so for most things. now that i have gotten the laptop back together, i am seeing temps around 50°C with it on my laptop. this seems to be about a 10-15°C drop in temps and the thermal paste hasn’t had any time to cure.

reapplying thermal paste on an older laptop can definitely help out if you are having overheating issues. i would just make sure you know what you are getting yourself into before trying it yourself as some laptops are much more difficult to take apart than others. most manufacturers publish service manuals that can be found online. you just might have to do a bit of digging to find them.

as many people are aware, many ISPs block traffic on port 25 in order to attempt to prevent spammers from using bot infected hosts on their networks. this can be a problem for people who want to run a mail server from their home connection. yes, i realize that running an email server violates the TOS of most providers but that is a discussion for another day. i personally use my email server as a learning experience but i also use it for my primary personal email.

users of comcast have recently reported that they are no longer able to relay their mail using ’smtp.comcast.net’ over port 25. comcast had previously allowed port 25 traffic to be relayed inside their network when going to ’smtp.comcast.net’. unfortunately they are no longer allowing this which is a major problem for me any anyone who is using comcast’s smtp server as a smtp connector in exchange.

the easiest way to get around this problem is by changing the port in which your exchange server sends and receives email. in my case, i decided to change mine to port 587 which is what comcast is using as the chances of them blocking that port is a bit slimmer than before. in order to change this, i had to modify the port setting in two places (for each smtp server i had running). start by opening Exchange System Manager. from there, go to Administrative Groups > First Administrative Group > Servers > [servername] > Protocols > SMTP > then right click on Default SMTP Virtual Server and choose Properties.

then go to Advanced > Edit > then change the TCP port to the new port (in this case, 587). click OK twice and then click on the Delivery tab > Outbound connections. change TCP port from 25 to the new value. then choose OK twice which will return you to the Exchange System Manager. if you have another exchange server in your organization, you will need to perform the same steps for the other servers. once you have done this, you will need to restart the Default SMTP Virtual Server(s) for the changes to take effect (or a restart would work as well).

i use port forwarding on my router which i have setup to route incoming port 25 traffic to port 587. even though port 25 is blocked, it enables me to connect using the default server port of 25 from inside my network. i also use a no-ip service for incoming smtp redirection which will redirects all of my mail traffic to a high port so it will not be blocked by my ISP. i had to configure the port forwarding on my router to point to port 587 internally instead of port 25 while still listening on the high port number as before. this allows my email to continue to send and receive properly despite having port 25 blocked by my ISP.

continued from part 1

yesterday i received my soekris engineering net4801-60 in the mail. the unit seems to be in good condition and even came with a compactflash card and vpn1411 card which i won’t end up using. i will most likely end up selling the vpn card as i don’t use my smoothwall to create a vpn and the smoothwall os does not have support built into the kernel for a vpn card such as this anyway.

as you can see, it really is just a basic computer. today i received the last parts that i will be needing for this project. they are the hard drive mounting kit and the power supply. i purchased these directly from soekris engineering. in part 1, i prepared the smoothwall install on a 2.5″ 60GB laptop hard drive. the next step is to install the hard drive on the mounting kit inside the unit. the hard drive connects using four mounting screws on the bottom of the drive. the mounting kit is connected to by unscrewing the four screws which secure the net4801 to the case and placing the mounting bracket on top of the board’s mounting holes and reinserting the screws into the mounts.

now that the hard drive is connected and the unit is closed back up, it is time to test the unit. in order to do that, i am going to fire up minicom on my server which is connected via null modem serial cable to the net4801 and listening on com1. if the unit does not show any activity in the minicom windows, you might want to check out the manual from the soekris download page to make sure that you have configured minicom to use the default settings (19200 baud, 8 databits, no parity, 1 stop bit, no flow control). here is the boot screen that you should see upon powering up the unit:

comBIOS ver. 1.31  20070408  Copyright (C) 2000-2007 Soekris Engineering.

net4801

0256 Mbyte Memory                        CPU Geode SC1100 267 Mhz 

Pri Mas  IC25N060ATMR04-0                LBA Xlt 1024-255-63  58605 Mbyte

Slot   Vend Dev  ClassRev Cmd  Stat CL LT HT  Base1    Base2   Int
-------------------------------------------------------------------
0:00:0 1078 0001 06000000 0107 0280 00 00 00 00000000 00000000
0:06:0 100B 0020 02000000 0107 0290 00 3F 00 0000E101 A0000000 10
0:07:0 100B 0020 02000000 0107 0290 00 3F 00 0000E201 A0001000 10
0:08:0 100B 0020 02000000 0107 0290 00 3F 00 0000E301 A0002000 10
0:18:2 100B 0502 01018001 0005 0280 00 00 00 00000000 00000000
0:19:0 0E11 A0F8 0C031008 0117 0280 08 38 00 A0003000 00000000 11

 1 Seconds to automatic boot.   Press Ctrl-P for entering Monitor.

on minicom, the unit shows a ram count and then after a few seconds proceeds to boot. due to the configuration of the kernel smoothwall uses, you can’t see the boot messages (and we didn’t set lilo up to show them even if the kernel supported it). once the unit is ready, it will display a login prompt:

smoothwall
Connected on ttyS0 at 19200 bps
smoothwall login:

from there you need to login using ‘root’ and the password you set up in the initial configuration. once you login, you will need to reconfigure your smoothwall’s network settings. you do this by running the ’setup’ command. on the setup screen, you will want to choose ‘networking’, then ‘network configuration type’. on the next screen, choose “green + orange + red”. you will then want to choose ‘drivers and card assignments’. then choose ‘ok’ to change settings then choose ‘probe’. as it detects the network cards, set them as green, then orange, and red (the order is important). green (internal) is eth0, orange (dmz) is eth1, and red (external) is eth2. make sure the address settings are still correct for your network and your external network is set properly for your ISP.

once that is done, i connect network cables to the net4801 and then reboot the unit. once it reboots, you might want to check to make sure all of your interfaces have ip addresses and have been assigned correctly. if they have not, you will want to re-run setup and check for errors in your configuration. from there, i was able to connect to the web interface and configure my smoothwall. now i am up and running behind my net4801. from looking at my mrtg graphs, i can get an idea of how much less power the net4801 uses. my estimated runtime on battery went from ~30 to ~38 minutes.

and that’s pretty much about it for the setup. if you have any questions, feel free to post them in the comments section.

even though all of my parts have not arrived for my new smoothwall project, i can begin to do some initial setup. first of all, here are all of the items of which i needed to find for the project:

• soekris engineering net4801-60
• soekris engineering 2.5″ hdd mounting kit
• soekris engineering power supply
• 2.5″ ide hard drive
• 10 foot serial null modem cable

since i already have the hard drive, i can do some of the prep work by installing smoothwall. i am using an old laptop to install the os to the hard drive. luckily linux is much less picky than windows about changing hardware after installing. i downloaded and burnt a copy of the latest smoothwall 3.0 sp1. installing smoothwall is about as straight forward as things come. just follow the steps on the screen until you get to the “Network configuration menu”. since we currently do not have the correct network cards in the computer, this part is going to be overwritten later.

just leave the current config as “GREEN (RED is modem/ISDN)”. choose “Drivers and card assignments”. allocate the nic to the green interface. then go to “Address settings” and give the green interface a valid IP address on your subnet. once that is completed, choose done. on the “Section menu” screen, just choose finished as we do not want to set up a modem that we actually won’t be using. then just complete the setup by entering your passwords and reboot.

when your smoothwall boots, go ahead a login using “root” and the password that you provided. we need to make a few configuration changes since the net4801 only uses serial console for video output. first, we need to edit ‘/etc/inittab’. once finished, your inittab should look like this:

id:3:initdefault:

l0:0:wait:/etc/rc.d/rc.halt halt
l6:6:wait:/etc/rc.d/rc.halt reboot

si::sysinit:/etc/rc.d/rc.sysinit

# Trap CTRL-ALT-DELETE
ca::ctrlaltdel:/sbin/shutdown -h now

# Run gettys in standard runlevels
1:2345:respawn:/sbin/agetty 38400 tty1
2:2345:respawn:/sbin/agetty 38400 tty2
3:2345:respawn:/sbin/agetty 38400 tty3
4:2345:respawn:/sbin/agetty 38400 tty4
5:2345:respawn:/sbin/agetty 38400 tty5
6:2345:respawn:/sbin/agetty 38400 tty6
s0:2345:respawn:/sbin/agetty -L -f /etc/issueserial 19200 ttyS0 vt100
~:S:wait:/bin/bash

the line in italics ‘s0:2345:respawn:/sbin/agetty -L -f /etc/issueserial 19200 ttyS0 vt100‘ is what we are adding. this enables the serial console at the baud rate of 19200 (the default for the net4801).

next we need to create an ‘/etc/issueserial’ file:

smoothwall
Connected on \l at \b bps

next, we will want to create an ‘/etc/securetty’ file to allow root to login from the serial console:

ttyS0
tty1
tty2
tty3

in my next article, i am going to continue by talking about how to reconfigure the smoothwall setup to accept the new hardware of the net4801 but i will do so when i actually have the hardware on hand later this week.

continued in part 2

like many people, i like to tinker with all sorts of different technology including multiple operating systems as well as the different roles they can play. one of the best ways that i can do that is by using a virtualization product. i just happen to use vmware server 2.0 on my debian lenny server. vmware is one of the leaders in virtualization (if not the leader).

at home, i have five virtual machines that i rely on heavily for my day-to-day operations. i have two windows server 2008 domain controllers, two windows server 2003 servers running exchange 2003 and one windows server 2008 computer i use for remote desktop and management of services. some of these services can provide a fair load on my server and i was starting to see the impact, especially from my win2k8 vms. it seems that there are a number of optimizations that are not enabled by default in vmware server. i searched far and wide through vmware kb docs as well as blogs and web forums and came up with the following optimizations:

force virtual machines to run in shared memory (in ram)
inside ‘/etc/vmware/config’ lies the default config for vmware. add the following lines at the end:

MemTrimRate = "0"
mainMem.useNamedFile = "FALSE"
sched.mem.pshare.enable = "FALSE"
tmpDirectory="/dev/shm"

this will ensure that virtual machines actually store their virtual memory on /dev/shm. /dev/shm is a location that most linux distributions use for shared memory that is located directly on ram (think of a ramdisk). you will want to make sure that your host makes uses of /dev/shm as seen below:

root@athena:~# df -h
Filesystem            Size  Used Avail Use% Mounted on
/dev/md0               67G  7.3G   56G  12% /
tmpfs                 4.0G     0  4.0G   0% /lib/init/rw
udev                   10M  972K  9.1M  10% /dev
tmpfs                 8.0G  5.1G  3.0G  64% /dev/shm
/dev/md2              917G  665G  207G  77% /media/md2
/dev/md3              917G  556G  315G  64% /media/md3

the text in italics above is what you are looking for. by default, most distros will not allocate that much space for shared memory. however, you can specify the size in the file ‘/etc/default/tmpfs’:

# SHM_SIZE sets the maximum size (in bytes) that the /dev/shm tmpfs can use.
# If this is not set then the size defaults to the value of TMPFS_SIZE
# if that is set; otherwise to the kernel's default.
#
# The size will be rounded down to a multiple of the page size, 4096 bytes.
SHM_SIZE=8G

by default the variable seen above will be blank (ie – ‘SHM_SIZE=’). i set mine to 8GB because i have 8GB of ram in my server. the great thing about using shared memory is that if you happen to actually fill up your system’s ram, it will start using swap space instead of just running out of room.

next, i added a few lines to the file ‘/etc/sysctl.conf’:

vm.swappiness = 0
vm.overcommit_memory = 1
vm.dirty_background_ratio = 5
vm.dirty_ratio = 10
vm.dirty_expire_centisecs = 1000

it is my understanding that these are meant to help prevent vmware from using the swap file unnecessarily.

last but not least, i needed to do a little bit of optimization of my file system. my server uses software raid 1 with an ext3 file system so write performance isn’t amazing but to speed things up, i changed a few of the mount options in my ‘/etc/fstab’:

 /etc/fstab: static file system information.
#
# <file system> <mount point>   <type>          <options>                       <dump>  <pass>
proc            /proc           proc            defaults                        0       0
/dev/md0        /               ext3            errors=remount-ro,relatime      0       1
/dev/md1        none            swap            sw                              0       0
/dev/scd0       /media/cdrom0   udf,iso9660     user,noauto                     0       0
/dev/md2        /media/md2      ext3            defaults,noatime,nodiratime     0       2
/dev/md3        /media/md3      ext3            defaults,noatime,nodiratime     0       2

i added the ‘noatime,nodiratime’ options so that write times are not constantly being recorded causing excessive delays.

these settings seem to make my virtual machines run smoother and boot much faster.

i’ve decided to look more into power efficiency of my computers at home. while my power bill isn’t horrible, it could most definitely be lower. there are only a few computers that i leave running 24/7. one of them is my smoothwall. while i built that computer with power efficiency in mind, i didn’t take things to the extreme that i could have. now i want to build a solution that is closer in power consumption to your typical home router appliance. after doing some research, i found a solution that would not only be power efficient but also cost effective. the solution is the soekris engineering net4801.

this is basically a 586 class pc that runs headless and uses a serial console for access. i thought about buying one directly from the manufacturer but then i saw the prices and they seemed more expensive (new units start at $213.00) than i wanted for such a small project. luckily i was able to find a used unit that i bought on ebay for $96. not only did this cost less than half of the price of a new unit, but it was a *-60 model instead of the *-40 they are selling now (266 mhz proc vs 233 mhz, 256mb of ram vs 128mb).

along with the unit itself, i purchased a 2.5″ hdd mounting kit since i didn’t want to go with a compactflash solution and i already have an extra 2.5″ ide hdd. hopefully i should receive everything sometime next week. i haven’t used any devices that use a serial console since i worked with cisco appliances in college but i ran a trial run of how i would install everything in vmware and it seemed to go easy enough. i’ll do a more detailed breakdown of how to install an os on a unit that is headless and has no optical drive for installation once i have everything on hand.

i never thought this day would come.  i’m actually going to start a blog.  what it is going to be about, i have no clue.  it’ll probably be more random than lady gaga’s clothing but this could be an interesting learning experience.