pfSense has been a great addition to my home network but I haven’t messed with aliases until recently. Aliases can be great when you have groups of IP addresses or ports that you are going to use throughout pfSense. My use for aliases so far has been for setting up firewall rules.
To get started login to pfSense.
Along the top menu hover over Firewall and click on Aliases.
The first screen you will see is IP aliases. IP aliases allows you to create a group of IP addresses that you can assign by group name instead of specifying each IP address individually. This can be great for specifying a group of servers that need ssh access and then in the firewall rules you can create a rule that allows ssh traffic for the ssh servers group.
The next tab is for setting up Port Aliases. Similar to the IP Aliases you can setup groups but on this tab you are creating groups of ports instead of IP addresses. For example some of the port groups that I created were apple_ports which contains ports that I wanted to allow for iMessage and Facetime. Another group of ports that I setup is web_ports. This group allows ports 80, 443, 53 and 123. Port 80 is for HTTP, port 443 is for HTTPS, port 53 is for DNS and port 123 is for NTP. These port groups can be setup differently depending on what you want to allow and what your goal is for organizing ports.
After all your IP Aliases and Port Aliases are setup then you can start creating firewall rules which I will cover in my next post.
In June I purchased a Cisco SG300-28P switch to replace two 8 port unmanaged switches that I had been using in my home network. These unmanaged switches worked fine but they didn’t offer any advanced features such as LAG or VLANs and the low port count was becoming an issue. I went with the 28P version because it offers Power over Ethernet(POE). This was a feature I was looking for at the time because I had a Ubiquiti wireless AP and a Cisco SIP Phone which could both use the POE functionality. The Cisco phone could be plugged directly into the switch but the Ubiquiti AP needed to have an inline converter because Ubiquiti products use a different voltage.
My first impressions of the switch was that it was easy to install into my server rack and I was able to start moving cables from my old switch to the new switch and everything kept working. If you don’t want to use any of the advanced features it is pretty easy just to plug everything into this switch and it will work. In order to manage the switch and see the control panel you have to find the IP addresses that it picked up from DHCP. For me this just required that I open pfsense and look at the DHCP lease table. Once you have the IP just enter it into your browser and you will see a Cisco login screen displayed. Login with the default credentials and give it a few sounds to load the interface.
The first time looking at the interface it looks a little overwhelming. I started by going through each of the menus on the left side of the screen to see everything that the switch was able to do. Some of the features that the SG300 has over the SG200 is the ability to do inter VLAN switching. This is something I was looking for because I wanted to start experimenting with VLANs.
A few months later and this switch is still running strong. I haven’t had any issues with it and the uptime counter is showing over 100 days. There are very few reasons that you ever need to restart this switch. I am currently using it for iscsi traffic, guest wireless network and regular network traffic. Each of these has its own VLAN to keep everything separate. Recently I have started using SNMP and Nagios to monitor the switch and the amount of traffic that is going through each port of the switch.
After outgrowing the storage space on the Poweredge 2950 I ended up purchasing a Supermicro 24 bay server from eBay. The server came with 8GB of memory, one AMD Opteron quad core 1.8GHz processor and 24 hot swap bays. I had previously been looking at the Norco 24 bay cases but this ended up being a lot more economical option because I could get the entire server with everything included for about the same price as just the Norco case. Once I received the server I started taking inventory of what it all contained, what I still needed and what upgrades to it would be possible in the future.
The motherboard has two processor sockets with two banks of memory, one for each processor. Only one of the process sockets was populated and there was 4x2GB PC2-5300P DDR2 sticks of memory in the first memory bank. In total the server has 16 memory slots which will allow a lot of memory to be added in the future. The motherboard also has a lot of expandability via add on cards. There are 4 PCI-X slots, 2 PCI-e slots and a special connector for an IPMI card. The IPMI card (SIM1U+) was included and it has a wire that goes to a network jack attached to one of the PCI slots on the back of the case. This network jack gives you a dedicated jack for out of band management otherwise you can use the first regular ethernet jack for management if you don’t have the dedicated ethernet port. Out of the four PCI-X slots, three of them are populated with SAT2-MV8 cards which each have 8 sata ports that connect to the 24 hot swap bays in the front of the case. These cards are limited to SATA2 but this shouldn’t be an issue unless you are trying to use ssd drives.
The server has two hot swappable power supplies (Ablecom PWS-902-1R) which are quite loud but work well for adding redundancy to the system. There are also six hot swappable fans besides the PSU fans. These fans are very load even at idle and replacing these will be a high priority before I start using the server for file storage.