Solution for unable resolving an A record with an intranet address when using pfSense

If you are having trouble resolving a domain name with an A record as an intranet address when using pfSense, add the following field to the Custom options of your DNS Resolver settings.

server:
private-domain: "example.com"

继续阅读Solution for unable resolving an A record with an intranet address when using pfSense

Routing local traffic to a remote outbound with pfSense Firewall and OpenVPN

The purpose of this article is to realize the local machine X can communicate over local router A running pfSense through the WAN gateway of the remote router B also with pfSense.


The lab environment

Local machine X:
[IP_ADDR]=192.168.0.254 [Mask]=255.255.255.0 [GW]=192.168.0.1

Local router A:
[IP_ADDR]=192.168.0.1 [Mask]=255.255.255.0 [GW]=Router_A_WAN_ADDR

Remote router B:
[IP_ADDR]=192.168.11.1 [Mask]=255.255.255.0 [GW]=Router_B_WAN_ADDR

OpenVPN client on router A:
[Mode]=TUN [Interface]=OVPN_A  [IPv4 Tunnel Network]=192.168.30.49/30

OpenVPN server on router B:
[Mode]=TUN [Interface]=OVPN_B [IPv4 Tunnel Network]=192.168.30.50/30


1. Establish an OpenVPN TUN tunnel between router A and B anyway. This is not the focus of this article.

2. Set a allow all rule for OVPN_B on router B

[Area]=OVPN_B
[Action]=Pass
[Interface]=OVPN_B
[Protocol]=Any
[Src]=any
[Dst]=any

3. Set an Outbound NAT on the firewall of router B

[Interface]=WAN
[Protocol]=Any
[Src]=192.168.0.0/24 (or any area you want)
[Dst]=any
[Translation addr]=Interface Address

4. Set a rule for routing traffic to OVPN_A on the LAN firewall table of router A

# Route all traffic of local machine X
[Area]=LAN
[Action]=Pass
[Interface]=LAN
[Protocol]=Any
[Src]=192.168.0.254
[Dst]=any
[Gateway]=OVPN_A

# Route specific destnation IP traffic
[Area]=LAN
[Action]=Pass
[Interface]=LAN
[Protocol]=Any
[Src]=any
[Dst]=192.168.11.1 (example)
[Gateway]=OVPN_A


Result: (Tested on local machine X)
> tracert 192.168.11.1

Tracing route to 192.168.11.1 over a maximum of 30 hops

1 20 ms 20 ms 20 ms 192.168.30.49
2 30 ms 30 ms 30 ms 192.168.11.1

Trace complete.

Use Doxygen to generate documents and diagrams or graphs for your source code

1. apt install required paackages

$ sudo apt update
$ sudo apt install doxygen dia graphviz

2. generate the Doxyfile

$ cd [SOME_PATH]
$ doxygen -g

3. edit the Doxyfile

OUTPUT_DIRECTORY = [YOUR_OUTPUT_DIRECTORY]
INPUT = [YOUR_SOURCE_CODE]
RECURSIVE = YES
EXTRACT_ALL = YES
EXTRACT_PRIVATE = YES
EXTRACT_STATIC = YES
CLASS_DIAGRAMS = YES
DIA_PATH = /usr/bin/dia
HAVE_DOT = YES
CLASS_GRAPH = YES
COLLABORATION_GRAPH = YES

4. run doxygen

$ doxygen [YOUR_Doxyfile]

5. result examlple

继续阅读Use Doxygen to generate documents and diagrams or graphs for your source code

Note: Setup collectd and collectd-web on Ubuntu/Debian

# apt install collectd

# nano /etc/collectd/collectd.conf

# service collectd start

# apt-get install git
# apt-get install python
# apt-get install librrds-perl libjson-perl libhtml-parser-perl libcgi-session-perl

# cd ~
# git clone https://github.com/httpdss/collectd-web.git
# cd collectd-web
# chmod +x cgi-bin/graphdefs.cgi

# nano runserver.py

Change listen IP address to 0.0.0.0

# ./runserver.py &

# killall python

Note: Add swap file to ubuntu

Check swap file

# swapon -s

Create swap file

# dd if=/dev/zero of=/swap.img bs=1G count=8

Set swap file right

chmod 600 /swap.img

Check swap file right

# ll /swap.img

Format swap file

# mkswap /swap.img

Activate swap file

# swapon /swap.img

Deactivate swap file

# swapoff /swap.img

Check swap

# swapon -s
# free -h

Auto mount swap fs

# echo "/swap.img none swap sw 0 0" >> /etc/fstab

Note: How to reverse proxy a Minecraft server with Nginx

Check your kernel version >= 4.9

uname -a

Enable BBR

sysctl -w net.core.default_qdisc=fq
sysctl -w net.ipv4.tcp_congestion_control=bbr
sysctl -w net.ipv4.tcp_notsent_lowat=16384
sysctl -p

Add stream config to /etc/nginx/nginx.conf

stream {
include /etc/nginx/tcp.d/*.conf;
}

Create a new config for Minecraft server

upstream [YOUR_MINECRAFT_SERVER] {
server [YOUR_MINECRAFT_SERVER]:[PORT];
}
server {
listen [PORT];
proxy_pass [YOUR_MINECRAFT_SERVER];

}

Test Nginx config

nginx -t

Reload Nginx

nginx -s reload

Optional: Add DNS SRV record

Name     _minecraft._tcp.[YOUR_MINECRAFT_SERVER].tld
Priority [0-65535]
Weight   [0-65535]
Port     [PORT]
Value    [YOUR_MINECRAFT_SERVER]

Note: How to use rsync without SSH

Server config: /etc/rsyncd.conf

uid = www-data
gid = www-data
max connections = 4
use chroot = no
log file = /var/log/rsyncd.log
pid file = /var/run/rsyncd.pid
lock file = /var/run/rsync.lock
#hosts allow = 0.0.0.0
#hosts deny = 192.168.100.0/24

[rsync]
path = /var/www/html
comment = rsync
auth users = rsync
ignore errors
read only = yes
list = yes
auth users = rsync
secrets file = /etc/rsyncd.pwd

 

Secret: /etc/rsyncd.pwd

rsync:rsync

 

Server run:

$ rsync --daemon --config=/etc/rsyncd.conf

 

Client connect:

$ rsync --list-only -rsh=rsh --port=873 [email protected]_TARGET_ADDRESS::rsync