Blog of Alexander Mamchenkov … mammoth cave …

Being a big fan of pfSense firewall I have it deployed wherever I had chance to put it. Recently I was updating an installation of 1.2.3 to 2.0 in one of the offices so that I can get proper NAT reflection and many other nice things added in 2.0, I also remembered that I have another installation in one of the places I maintain, so I thought to check if I can update that place as well.

While the update from 1.2.3 to 2.0 is pretty easy: just uninstall all plugins, do automatic update through web interface and then reinstall all the plugins back (all configuration remains and all works well, at least for me), the version of pfSense in old office I had was 1.0b2 (dated 2006 or somewhere there). The 1.0b2 does not support automatic updates against current pfSense auto update servers, so I had to do it through manual upload of firmware files.

Getting around pfSense mirrors I found few firmware files that I can try to do incremental update, since I didn’t want to go strait from 1.0b2 to 2.0 (too big step).

Finally I decided on the following path: 1.0b2 – 1.0.1 – 1.2 – 1.2.3 – 2.0. Until 1.2.3 I had to upload firmware files as autoupdate was not in place. Each reboot after upgrade I was waiting for my firewall to come up, I had some doubts that all when fine, but each time everything went fine. After putting 1.2.3 I could do automatic update, which also went pretty fine. Finally I reinstalled all the plugins (only few like squid, squidguard, lightsquid reporting and ntop).

The thing that surprised me during the upgrade is that I did a step from 1.0b2 (year 2006) to 2.0 (2011) through web interface, while seating at home on my WiFi with SSH tunnel to one of the servers in the office and port forwarding to access firewall’s web interface. In most of the cases, the SSH connection was running across reboots of firewall and I didn’t need to reconnect at all, nor I had to relogin to web GUI. The whole upgrade took me around 2 hours (since I had to download firmware files on my laptop and then upload them to firewall using my browser)

Impressive! Very good job by all who are involved in pfSense! Now I am even more convinced that pfSense is a number one solution for all my firewall needs!

Had an interesting case with DNS wildcard records: if you have a wildcard (*) A record – it works pretty fine, but if you specify a CNAME record to point to non-existing A record (which would normally be satisfied by wildcard A record) it won’t work, at least in the case I had. So as an example if you have:

Zone file for domain1
* IN A 111.111.111.111

Zone file for domain2:
host1 IN CNAME host1.domain1.

Then any query for host1.domain1 will resolve with no problems, but when you will try to resolve the host1.domain2 – it will fail. For this case you need to explicitly specify the host1.domain1. as follows:

Zone file for domain1
host1 IN A 111.111.111.111
* IN A 111.111.111.111

Interesting case, just to remember for the next time…

Just noticed that Delete button in Nautilus of GNOME3 does not delete a file. Either Shift+Delete should be used to delete file completely or Ctrl+Delete for normal removal to Trash.

If you use Nautilus a lot and would like to get normal (old-style) behaviour, check out these post: http://www.khattam.info/howto-enable-delete-key-in-nautilus-3-fedora-15-2011-06-01.html

Basically you need to enable accels key editing in Gnome with gsettings (or gconf-editor), then reassign a button you wish and then disable change of accels key back (unless you want to have it permanently on, which I don’t advice, otherwise you might mess a bit by accident),

Just a short note on Perl strict refs. I had to dynamically load a module and call a function in perl while using strict mode. Originally tried this way:

my $module_name = "Blah";
eval("require $module_name;");

if ($@) {
  die "Failed to load module: $@\n";
} else {
  my $func_name = $module_name . "::do_something";
  &$func_name("some args");
}

But got a warning that I am not allowed to do this while in strict refs. To fix this, had to change the last block to

  my $func_name = $module_name . "::do_something";
  my $func_ref = \&$func_name;
  &$func_ref("some args");

And all went fine. One other alternative was to use the next setup:

  my $func_name = $module_name . "::do_something";
  { no strict refs; &$func_name("some args"); }

Which would cancel strict refs in a short scope. But I didn’t like it :)

Too many upgrades and other changes happen recently. First of all – new WordPress with new look and all those nice things. I am completely happy about it. Being system administrator for a while, I bet wordpress is the easiest thing to upgrade, compared to all the rest.

Android 2.2… As I have purchased Samsung Galaxy 3 (i5800 or Apollo), I was checking around and found out that I can upgrade to newer version of android, which was supposed to be faster, better and so on. Fighting for a day or so I did managed to upgrade the phone. One thing that I got weird – I had to use Windows PC with Odin tool to do the upgrade of a Linux based phone. I am not sure if there is a way to do it somehow simplier and from Linux PC, but that was the only proper way I found out. On the other hard – it really was a nice thing. My phone became much faster (can see that with no bench-marking) as well as some apps got much better (especially contacts. No I can use native contact application and like it more that GO Contacts, that I used while running Android 2.1).

Google+, oh that’s a nice thingy… I like pretty much. Being a big fan of Google products at one hard and a user of all those social network sites, I find Google+ to be very fast, clear and handy. One thing that I regret yet is a limited amount of people there and invite-based friendships that have some limits, but I bet this is a matter of time and I do believe that Google+ will find it’s way out there.

There are few other changes here and there, but I won’t mention them due to many reasons for each of them. Generally I like what’s going on and while I believe things will shape around, I am really glad to see all those changes.