The OS Quest Trail Log #69: Irish Cheer Edition

Leprechaun with a beerWinter was so mild it was hard to notice the recent arrival of spring. But the Saint Patrick’s Day celebration served as a spring early warning. February was a slow month on the quest so there wasn’t a Trail Log last month, but things picked up a bit in March. The biggest change (well, arguably) was the new iPad. But I figure you’re as tired of hearing about it as I am so I’ll save that update until the end.

A Little Less iTunes

I recently looked at Instacast and Downcast as podcast apps for my iPhone and iPad. Both were good enough to get me off iTunes for podcasts. A long overdue event. Both are still on my iPhone and iPad although I’m going with Downcast as my first choice.

I also switched over to iCloud for my iDevice backups instead of my Mac. I’d stuck to Mac for backups for two reasons: security and time machine. I’d been saved once by being able to go back to an older iPad backup saved by Time Machine. But when I got my new iPad I rebuilt it from scratch, no restore. That rebuild took longer than the restore, but not by much and not for the important stuff. As for security, I recently realized I could exclude some app data which alleviated my security concerns. And not backing up that data isn’t a problem since that particular data exists elsewhere and syncs to the iPhone.

All that’s left for iTunes is my music management. These days that means I won’t use it very much. Synology has an iTunes services for music and video management. I haven’t used it yet and third party apps that emulate iTunes don’t appeal to me since I figure it’s only a matter of time before an Apple change breaks something, Plus, music management is the only thing I still do with iTunes.

Software Upgrades

Synology Disk Station Manager 4 left beta and saw a production release. I was already running the beta so the upgrade was a non-event. I didn’t notice a difference in the relatively small subset of features I use.

CrashPlan saw a minor upgrade. It’s been set it and forget it on my Windows Home Server 2011 so again,  no noticeable change for ne,

Picasa (on Windows) had another upgrade or two the last couple months, They usually go quickly without a hitch. But the latest one caused me problems. Picasa wouldn’t start after the upgrade so I had to uninstall and reinstall. It saved the setting (database) so everything was fine after the installation.

There was the typical stream of software upgrades but other than Picasa they were all uneventful.

Home Cloud

I had an email asking me if I had found a way to route my internal network based on target URL rather than just the port. (Layer 7 routing or deep packet inspection). I haven’t found anything suitable for a home (meaning free or low cost). This has made me go down a different path. I’ve been finishing up testing IPSec VPN into my home. This gives me the connectivity I need for myself as if I was local. And it’s secure.

That doesn’t work for public or family access that I want to keep simple. But that access is pretty simple and really only one web device (port 80/443) so there’s really no concern. Synology has some ability to target different Synology NAS’s from outside my home network so I’ve started looking at that.

iPad

OK, now for the iPad mention. The more I’ve used my iPad the more I’ve liked the screen. Since the text is sharper it’s been easier to read. I still prefer an e-ink Kindle for longer reader sessions when it’s just text. But the iPad is clearly the best LCD screen I’ve used for reading.

I guess this year’s internet kerfuffle for the iPad was the heat issue. As I mentioned in my initial review:

The iPad 2 never got warm for me. The new iPad has gotten warm enough to notice. It’s not hot, but there was a temperature increase while watching video and after extended use. Never happened on the iPad 2.

Compared the the iPad  2 which never seemed to get above room temperature the new iPad got warm, but never too warm to touch or anywhere near hat I would call hot. Maybe some sort of event trifecta would cause more problems or maybe there’s some bad iPads out there. But from my experience it’s a non-issue. I can’t remember the last time I had a laptop that wasn’t hotter.

The OS Quest Trail Log #66: Slow Month Edition

Image of a giy coming out of a computer screenIt was another slow month on the quest as real life tended to intrude and some best laid plans went bad.

Home Cloud

I had been working on setting up remote access to multiple servers through pfSense and thought I had things worked out. I’d even posted the introductory article. Then two things happened. First, a IP address change for my cable modem didn’t make it’s way to updating DNS. My previous testing had been to force an address change which required restarting the modem and changing its spoofed mac address. So in other words, a hardware reset and configuration change. This time the routing ip address change was detected, but failed to make it’s way to the DNS records. So I made some config changes but will have to wait until Comcast changes my IP again so I can see if it helps.

The second item was a comment by Jared that turned on a light bulb. He mentioned about using layer 7 for the routing which is something pfSense can’t do. But, I also have Untangle and had used it as a router in the past. The light bulb went off because Untangle works on Layer 7 so should be able to route based upon the destination address. So I’ll be looking at switching back the Untangle again if it can doe this without having to do port mapping which will greatly simplify things.

This is one of those times I wished I had built the router on a VM and could just fire up different virtual machines for testing. But the MicroServers are the next best thing since I can just swap out hard drives for my testing purposed and not lose the old configuration.

Further complicating things was the death of my version 1 Windows Home Server. It wasn’t unexpected and in fact the server had been replaced, just not stripped for parts. The problem presents as a bad hard drive but if history repeats itself it will be another bad sata port on the motherboard. Not worth fixing so it’s time to yank the drives and reuse them. I’ll build another WHS V1 as a virtual machine for my testing purposes.

CrashPlan Backup Status

CrashPlan ran into it’s first hiccups this month. There was a day long network outage back on Nov 14th. In my case CrashPlan said it couldn’t connect long after they posted the issue was resolved. I went in and manually told it to connect and it immediately started backing up again.

I had a second issue where at exactly 1AM (my time) the backup stopped and CrashPlan wouldn’t connect. But this time I could connect to my account over the web so it wasn’t the same type of problem as before. A quick search of the CrashPlan website revealed and old technote on this problem with the solution being to restart the CrashPlan server or the entire PC. I opted for a server reboot and that did resolve the problem.

Since those outages I’ve also noticed that the top upload speed I see is generally slower. In the past I would frequently see it nearing it’s 2 Mbps upload ceiling (that I configured) where as now it hovers around 1 Mbps.  There could be any of a dozen other things affecting this speed but I do see speeds greater than 2 Mbps up when I test other transfers (like a file to my web server).

I haven’t soured on CrashPlan. It’s a low cost service $42/yr (after a discount) for unlimited backup. Test restores worked fine after these outages so it does appear this was a network problem and not a problem affecting data.

As for what’s backed up I’ve been hindered more by Comcast’s data caps than CrashPlan’s capacity. I’ve backed up 178.4 GB consisting of 231,297 files. At this point I’m trying to decide what else I want to back up, There’s no point in backing up my movies as they are so large it could take me years to back them up and stay below my cap. And if I ever had to restore them doing so online would also take years and I probably wouldn’t want to pay to have the hard drives shipped. Any sort of backup to a friends computer would have the same data cap issue so while that’s a nice feature the CrashPlan online solution seems more reliable, despite recent problems.

Holiday Tech Deals

I pretty much avoided any Black Friday/Cyber Monday deals. I didn’t see much that I wanted or see anything I knew was a good deal (as opposed to the merchant just promoting it as a good deal) and I could use. The one exception was a NewEgg deal for the HP MicroServer. At $250 it was a good deal and while I don’t need a sixth for my collection it was tempting. By the time I talked myself into taking a look at it they were sold out.

I did buy some discounted iTunes gift cards from Apple and Best Buy. I use them instead of a credit card both for safety and as a way to budget my expenses in an environment where it’s much too easy to buy things.

I do suspect we’ll see additional deals between now and Christmas so I’ll keep checking. Anyone see a good deal they’d recommend?

Domain Price Increases

If you own any domains be aware that the registry fee Verisign charges for .com domains will go up 51 cents (5%) and .net domains will go up 46 cents (10%) on January 15th. The increase is not retroactive so you can extend your registration at the current prices before that time. Whether your registrar increases their prices and by how much is up to them and can vary. I’m sure some will bump their prices by the percentage rather than the actual increase. You can register .com and .net domains for up to 10 years into the future and I’ve done that for this domain along with a couple others I know I’ll want to keep.

The Month Ahead

With the December holidays things are likely to be busy in the non-tech parts of life but I do have some vacation days during December which may make up for that lost time. I’ll be giving Untangle another try as a router to see if it can better handle the remote access. Beyond that we’ll see what pops up and catches my attention.

 

Home Cloud: Part 1 – Planning the Home Cloud

[Update: As mentioned in Trail Log #66 I’ve rethought this project and will be looking at alternatives.]

In the Home Cloud introduction I set out my goals and a broad outline of my plan. Now it’s time to get into the details. First I’ll plan out the servers that will be part of the home cloud and lay the groundwork.

I’ll be using the domain run.co  for my home cloud. This domain is already registered but still unused. It’s first use will be these servers.

I’ll be setting up three servers:

Server

IP

Server Port

WAN Port

OS

OSQWHS01

192.168.1.101

80

8081

WHS v1

OSQWHS01

192.168.1.101

443

4431

OSQWHS02

192.168.1.104

80

80

WHS 2011

OSQWHS02

192.168.1.104

443

443

OSQTBS01

192.168.1.105

80

8082

WHS 2011

OSQTBS01

192.168.1.105

443

4432

The server port is what port is used on the physical server. Port 80 is the default for the web and port 443 is the default for https access which is used to secure the connection.

The WAN port is the port that will be monitored on the pfSense WAN connection. Traffic that comes in on the listed WAN port will be forwarded to the corresponding port on the server. So for OSQWHS01 any traffic to the WAN on port 8081 will be forward to port 80 on the server. Any WAN port can be used provided it’s not used for anything else.

As I mentioned in the introduction, if I’m in the office I can only get to my servers through the standard web ports due to the proxy server in my office. I’ll be using the server OSQWHS02 for that access.

A nice short article this time. As the home cloud grows I’ll add updates here. But for now we’ll start with Windows Home Servers. The three servers gives me a nice assortment to test. I’ll start configuring pfSense next.

pfSense + 1 Public IP = Home Cloud

Home Cloud Graphic
[Update: As mentioned in Trail Log #66 I’ve rethought this project and will be looking at alternatives.]

Now that I’ve ben running pfSense for a problem-free month it’s time to start using it for more than cool charts and graphs. My first goal is to be able to make multiple servers available from the internet. I’ve got Windows Home Server v1 and Windows Home Server 2011 servers running and ready to go. Once those are going I’ll want to add my development web server to the mix so I can do development and testing from outside the home. I’ve spent some time testing various options and I’ve settled on a solution that I think will work. At least all the individual pieces work, time to see if they fit together.

The main obstacle for me is that I have one public IP which needs to address the various internal servers. Those internal servers run the same services on the same ports. The nature of NAT port forwarding is all traffic coming into the WAN connection for a port gets forwarded to the same computer. I can’t parse port 80 (http/web) traffic and make a decision where it needs to go. This is the major obstacle. Another minor issue is that my public IP is dynamic and can change whenever Comcast wants to change it. (Although when I want it to change it’s surprisingly hard to do).

Another requirement is that I use my own domain, and not just a subdomain of some DDNS provider.

One problem I have, with no real solution, is that my home servers may not be accessible from sites behind a proxy server or firewall. Such as the office I work in for my day job. The proxy server will only pass ports 80 and 443 out of the office. So what I’ll end up doing is picking my main server and set it up to be accessed using port 80 and 443 as normal. The other servers won’t be accessible from my office. (A home VPN connection will be a future project.)

I’ll get into the specific configuration details in later articles but I’ve decided on the following approach:

  1. I’ll be using DNS-O-Matic to handle the dynamic DNS updates. This is a free service from the OpenDNS people, although an account is required.
  2. My DNS provider is DNS Made Easy. I’ve used them for a few years and they’re reasonably priced and reliable. They do support Dynamic DNS updates so I’ll use them.
  3. I’ll use pfSense of course. Rather than change the ports my servers use I’ll map a unique incoming port to the standard port used by the appropriate server. For example, traffic coming in to my WAN on port 8081 will go to port 80 on my Server 1. Incoming traffic on port 8082 will go to port 80 on my server 2. So I’ll have to remember what port redirects to which server but there’s no configuration changes needed on the server. I’ll be using pfSense 2 but pfSense 1.3 may work too as it seems to have all the features I use.

The basic steps I’ll be taking are:

  1. Map out what services I want to use, what port I want to use to access them externally, and what server and port they run on in my house.
  2. Setup pfSense so it can find the servers and add some aliases so I don’t get confused or have to remember IP addresses.
  3. Configure dynamic DNS so my DNS provider learns about the new IP address when I get it from my ISP.
  4. Add port forwarding and firewall rules to handle the port forwarding mapped out in step 1.
  5. Test and fix my mistakes.

I had wanted to handle this from within pfSense but my DNS provider (DNS Made Easy) isn’t directly supported and the RFC 2136 method won’t work either. I’m not willing to use a different DNS service. I did find references to add code to pfSense in order to add DNS Made Easy support. I decided against this to avoid forgetting about it and overwriting the code in a pfSense update. I also didn’t want to worry about a change breaking the code. While a third party service is one more thing that can break, it seemed the least problematic.

I also looked at changing the ports used by Windows Home Server. While I did find some write-ups on how to do this for version 1 there were caveats. WHS 2011 seemed to be more problematic and changing ports would break other features, My own brief test to change the port on WHS 2011 was a failure. Keeping the default ports on the servers and remapping them with pfSense seems to be a clean solution. I will need to remember to include the port in the URL, but other than that it’s pretty basic and worked in my testing, There might be some features that won’t be accessible but I haven’t found them yet.

Since I have only one public IP address and I’m using the port to map to the correct server I don’t really need to set each server up in DNS. I could use one name and then pick the server via the port, But I’ll use names anyway as it will make changes easier and help me keep things straight. It will also make life easier if I get more public IPs.

Finally, I’ll be testing using my cell network so as to access the servers externally. Testing from within the home isn’t useful and adds its own set of problems. I won’t be breaking access from within my house, but it won’t be a good way to test external access. pfSense has some security settings that kick in if it detects a private IP address as the source on the WAN port.

Now it’s time to start putting it together. I’ll use this post as a central repository with links to my other articles and resources on this topic so you can check back here to see everything on the topic I’ll call “Home Cloud”. I’ll be starting off by setting up two Windows Home Servers, a version 1 server and an 2011 server.

The place to start is with my pfSense 2.0 installation back in early October.