Recently my 2008 iMac has been seeming a bit sluggish and the hard drive was showing very slow read and write speeds. The current hard drive was a 2010 1TB Western Digital Black. This drive was showing around 40MB/s read and write speeds so I decided it was time to replace the drive. I ended up finding a good deal on a Sandisk Extreme II 120GB SSD from Newegg.com. I ordered the drive and received it a few days later. I knew going into this upgrade that I wouldn’t get the full speed of the SSD because the 2008 iMac is limited to SATA II but the SSD should be a good upgrade over the spinning drive.
After installing the new SSD I ran the same benchmark test that I ran on the Western Digital Black. The speeds are a lot better and are on par with what I expected with the SATA II limitation. The SSD showed read and write speeds of over 200MB/s and programs open much quicker then they have in the past.
pfSense has been a great addition to my home network but I haven’t messed with aliases until recently. Aliases can be great when you have groups of IP addresses or ports that you are going to use throughout pfSense. My use for aliases so far has been for setting up firewall rules.
To get started login to pfSense.
Along the top menu hover over Firewall and click on Aliases.
The first screen you will see is IP aliases. IP aliases allows you to create a group of IP addresses that you can assign by group name instead of specifying each IP address individually. This can be great for specifying a group of servers that need ssh access and then in the firewall rules you can create a rule that allows ssh traffic for the ssh servers group.
The next tab is for setting up Port Aliases. Similar to the IP Aliases you can setup groups but on this tab you are creating groups of ports instead of IP addresses. For example some of the port groups that I created were apple_ports which contains ports that I wanted to allow for iMessage and Facetime. Another group of ports that I setup is web_ports. This group allows ports 80, 443, 53 and 123. Port 80 is for HTTP, port 443 is for HTTPS, port 53 is for DNS and port 123 is for NTP. These port groups can be setup differently depending on what you want to allow and what your goal is for organizing ports.
After all your IP Aliases and Port Aliases are setup then you can start creating firewall rules which I will cover in my next post.
In June I purchased a Cisco SG300-28P switch to replace two 8 port unmanaged switches that I had been using in my home network. These unmanaged switches worked fine but they didn’t offer any advanced features such as LAG or VLANs and the low port count was becoming an issue. I went with the 28P version because it offers Power over Ethernet(POE). This was a feature I was looking for at the time because I had a Ubiquiti wireless AP and a Cisco SIP Phone which could both use the POE functionality. The Cisco phone could be plugged directly into the switch but the Ubiquiti AP needed to have an inline converter because Ubiquiti products use a different voltage.
My first impressions of the switch was that it was easy to install into my server rack and I was able to start moving cables from my old switch to the new switch and everything kept working. If you don’t want to use any of the advanced features it is pretty easy just to plug everything into this switch and it will work. In order to manage the switch and see the control panel you have to find the IP addresses that it picked up from DHCP. For me this just required that I open pfsense and look at the DHCP lease table. Once you have the IP just enter it into your browser and you will see a Cisco login screen displayed. Login with the default credentials and give it a few sounds to load the interface.
The first time looking at the interface it looks a little overwhelming. I started by going through each of the menus on the left side of the screen to see everything that the switch was able to do. Some of the features that the SG300 has over the SG200 is the ability to do inter VLAN switching. This is something I was looking for because I wanted to start experimenting with VLANs.
A few months later and this switch is still running strong. I haven’t had any issues with it and the uptime counter is showing over 100 days. There are very few reasons that you ever need to restart this switch. I am currently using it for iscsi traffic, guest wireless network and regular network traffic. Each of these has its own VLAN to keep everything separate. Recently I have started using SNMP and Nagios to monitor the switch and the amount of traffic that is going through each port of the switch.