Solution for unable resolving an A record with an intranet address when using pfSense

If you are having trouble resolving a domain name with an A record as an intranet address when using pfSense, add the following field to the Custom options of your DNS Resolver settings.

private-domain: ""

继续阅读Solution for unable resolving an A record with an intranet address when using pfSense

Routing local traffic to a remote outbound with pfSense Firewall and OpenVPN

The purpose of this article is to realize the local machine X can communicate over local router A running pfSense through the WAN gateway of the remote router B also with pfSense.

The lab environment

Local machine X:
[IP_ADDR]= [Mask]= [GW]=

Local router A:
[IP_ADDR]= [Mask]= [GW]=Router_A_WAN_ADDR

Remote router B:
[IP_ADDR]= [Mask]= [GW]=Router_B_WAN_ADDR

OpenVPN client on router A:
[Mode]=TUN [Interface]=OVPN_A  [IPv4 Tunnel Network]=

OpenVPN server on router B:
[Mode]=TUN [Interface]=OVPN_B [IPv4 Tunnel Network]=

1. Establish an OpenVPN TUN tunnel between router A and B anyway. This is not the focus of this article.

2. Set a allow all rule for OVPN_B on router B


3. Set an Outbound NAT on the firewall of router B

[Src]= (or any area you want)
[Translation addr]=Interface Address

4. Set a rule for routing traffic to OVPN_A on the LAN firewall table of router A

# Route all traffic of local machine X

# Route specific destnation IP traffic
[Dst]= (example)

Result: (Tested on local machine X)
> tracert

Tracing route to over a maximum of 30 hops

1 20 ms 20 ms 20 ms
2 30 ms 30 ms 30 ms

Trace complete.

Use Doxygen to generate documents and diagrams or graphs for your source code

1. apt install required paackages

$ sudo apt update
$ sudo apt install doxygen dia graphviz

2. generate the Doxyfile

$ cd [SOME_PATH]
$ doxygen -g

3. edit the Doxyfile

DIA_PATH = /usr/bin/dia

4. run doxygen

$ doxygen [YOUR_Doxyfile]

5. result examlple

继续阅读Use Doxygen to generate documents and diagrams or graphs for your source code

Note: Setup collectd and collectd-web on Ubuntu/Debian

# apt install collectd

# nano /etc/collectd/collectd.conf

# service collectd start

# apt-get install git
# apt-get install python
# apt-get install librrds-perl libjson-perl libhtml-parser-perl libcgi-session-perl

# cd ~
# git clone
# cd collectd-web
# chmod +x cgi-bin/graphdefs.cgi

# nano

Change listen IP address to

# ./ &

# killall python

Note: Add swap file to ubuntu

Check swap file

# swapon -s

Create swap file

# dd if=/dev/zero of=/swap.img bs=1G count=8

Set swap file right

chmod 600 /swap.img

Check swap file right

# ll /swap.img

Format swap file

# mkswap /swap.img

Activate swap file

# swapon /swap.img

Deactivate swap file

# swapoff /swap.img

Check swap

# swapon -s
# free -h

Auto mount swap fs

# echo "/swap.img none swap sw 0 0" >> /etc/fstab

Note: How to reverse proxy a Minecraft server with Nginx

Check your kernel version >= 4.9

uname -a

Enable BBR

sysctl -w net.core.default_qdisc=fq
sysctl -w net.ipv4.tcp_congestion_control=bbr
sysctl -w net.ipv4.tcp_notsent_lowat=16384
sysctl -p

Add stream config to /etc/nginx/nginx.conf

stream {
include /etc/nginx/tcp.d/*.conf;

Create a new config for Minecraft server

server {
listen [PORT];


Test Nginx config

nginx -t

Reload Nginx

nginx -s reload

Optional: Add DNS SRV record

Name     _minecraft._tcp.[YOUR_MINECRAFT_SERVER].tld
Priority [0-65535]
Weight   [0-65535]
Port     [PORT]

Note: How to use rsync without SSH

Server config: /etc/rsyncd.conf

uid = www-data
gid = www-data
max connections = 4
use chroot = no
log file = /var/log/rsyncd.log
pid file = /var/run/
lock file = /var/run/rsync.lock
#hosts allow =
#hosts deny =

path = /var/www/html
comment = rsync
auth users = rsync
ignore errors
read only = yes
list = yes
auth users = rsync
secrets file = /etc/rsyncd.pwd


Secret: /etc/rsyncd.pwd



Server run:

$ rsync --daemon --config=/etc/rsyncd.conf


Client connect:

$ rsync --list-only -rsh=rsh --port=873 [email protected]_TARGET_ADDRESS::rsync