Varnish Reverse Proxy

Posted by Phantom Mongoose Thu, 24 May 2007 13:41:00 GMT

This Varnish reverse proxy looks really neat.

I haven’t been able to find terribly much documentation on it but it seems like a neat thing to try instead of squid, nginx, pound, lighttpd, etc.

The RPMs for RHE / CentOS seem to install easy enough, now time to figure out VCL.

A blazing fast caching reverse proxy in front of a web app is to be desired. It’s good to have a lot of choice.

Quest for the NAS appliance of low power 3

Posted by Phantom Mongoose Wed, 25 Apr 2007 19:42:00 GMT

This is Part Deux of my low power appliance network quest of extra-ordinary magnitude.

You may recall from "Part Un ":partone of our grand adventure we replaced the power hungry and quite possibly mad p233 with a new firewall / router / wireless access point / low power appliance with custom firmware.

Where next does our quest lead? I tell you, dear reader, it leads to an even bigger and louder loutish brute— or brutish lout as the case may be: the file server.

Despite having 3 hard drives in it my file server has a mere 17g of space. It’s This is just barely enough space for one iMovie project from one MiniDV tape of home movies. And I have 8 tapes.

Not only that, it’s loud and power hungry. So here the goal is to replace the frankenfileserver with a NAS.

A "NAS (network attached storage) ":nas is not to be confused with a "SAN (storage area network) ":san. One is a fancy name for storage accessed across a network with network protocols and one is a fancier name which commands a heftier price — but boy does that storage look local.

So here are the decisions to be made:

  • BYOD or disk(s) included?
  • How many disks?
  • if disks > 1 then JBOD or RAID?
  • How much total storage?
  • Do we want to hack the firmware and add new features?

All this of course factors in to price. I’m trying to do this on a budget so bad-ass NASes such as the ReadyNAS NV+ are out.

So far the contenders are (in no particular order):

  • LaCie Ethernet Big Disk
    • Storage: 2 × 7200rpm 500G JBOD
    • Pros:
      • very cheap (see also cons) 1 TB.
      • does AFP.
      • Shiny.
    • Cons:
      • No fault tolerance
      • No firmware hacking community fun that I’ve found.
      • Though the list price is cheap I can’t find it in stock and the price seems to wildly fluctuate from site to site.
  • D-Link DNS-323
    • Storage: 2 x SATA BYOD
    • Pros:
      • There is a community around extending the Debian linux on this box, without even having to reflash the firmware.
      • Does Raid 0 or 1
      • Drives slide in and out without tools.
      • USB Printer port
    • Cons:
      • I’m biased against D-Link and I’m not even sure why.
      • No AFP out of the box.
  • Linksys NSLU2
    • Storage: 2x USB 2.0
    • Pros:
      • Community with tons of cool hacks and such.
    • Cons:
      • Drives must connect USB
      • Ugly. Like a slug.
  • Kurobox
    • Storage: 1x PATA BYOD
    • Pros:
      • Built by the manufacturer specifically for the hacking community, which is cool in and of itself besides the stuff possible with some linux knowledge. It’s basically a Buffalo Linkstation without a HD and with less polished firmware.
    • Cons:
      • No fault tolerance
      • For experts: manuals and menus come in Japanese (can download and install English web interface)

Still doing research, more later.

Recipe: Buffalo with Tomato Sauce

Posted by Phantom Mongoose Tue, 24 Apr 2007 09:30:00 GMT

Over the past 6+ years I’ve been running my home firewall on an old P233 running either a custom linux firewall or the IPCop distro1. This old faithful friend has stood as a beacon of courage and truth in a sea of spam and deceitful packets. Tirelessly and without fail it protected my home network and logged its efforts meticulously.

On Earth Day this year I treated this old friend to a hero’s fate: I turned him in to be recycled.

What cruel reward I bestow—not really heroic at all. No error was made, no hardware had failed, indeed he was as healthy as when first he came online as my firewall. Outrage! Why then had I dropped him like a bad habit? Simile not withstanding, it was indeed due to a bad habit. It wasn’t my bad habit. It was his.

You see I came to realize — as I was welcomed to my basement by the warm whirring cacophony of a myriad fans—that my servers had a filthy addiction. They were addicted to the juice. Oh they loved the juice. The pulsing flow of electron after electron as they consumed watt after watt became a burden unto me; then and there I vowed it must end.

But to tackle the firewall first? Why was my fantastic old faithful firewall friend the first to find itself fiendishly phased out2?

The answer here, dear reader, lies in the failures of another.

This other—who I shall refer to by the alias tw433p — seemed at first glance to be the veritable savior of my network. A low power consumption firewall / router / wireless access point / ethernet switch was just what the proverbial doctor had ordered; this tw433p seemed to be ideal for my needs. But all was not as it seemed.

Tw433p had a secret. A dirty little secret. The twr33p was crap. DHCP would stop responding, DNS would stop responding, it’d stop routing anything at all. All-in-all I had to reboot it two or three times a day.

So the only solution was to start fresh. And so it struck me, an equation of extra-ordinary magnitude. Wireless router appliance + third-party opensource firmware = all the power, flexibility, and security at a fraction of the electrical consumption.

After much googling, I came to the conclusion that while dd-wrt sounded awesome, Tomato sounded boss.

What I mean to say is that since I didn’t want my firewall taking on too many responsibilities, dd-wrt and all its packages was overkill.

Tomato made a lean, mean, flexible, powerful, and fast firewall. All the other conceivable services I may run on my home network will run elsewhere.

So which appliance shall be the gleaming receptacle for Tomato firmware, to be my new shining beacon of truth and sensibility in a sea of deceitful packets and spoofed martians?

It was then that I was visited by a wondrous vision: The sky was lit with shiny packets of data, good packets glowing a pale ethereal blue flew true and proud; evil packets filled with chaos and strife glowed a menacing purple and flew haphazardly as if drunk on the heady vapors of spam. These packets flitted and floated in the same general direction, slowly getting tighter and coalescing into a steady stream directed at a singular point — a cone filled like a quantum cloud of probability which tightened and solidified as it neared the tip.

There! In front of that point, standing as proud sentinel was a gleaming silver Buffalo, it’s proud horns aglow with bright red power. With a crackle and a hiss all packets purple with evil would shatter and twist, falling about the feet of the beast; there they lay broken and discarded. And lo, behind the beast there hung an orderly network of interconnected blue beams gleaming pure blue as the packets they contained transited space and time.

Okay, in reality I just read reviews.

Would the WHR-HP-G54 and the Tomato firmware in merging form a device greater than the sum of its parts bringing about a new order to my home network and thus usher in an era of peace, stability, wireless coverage (both strong and wide) and blazing speeds?

The answer, dear reader, is my network now rocks; my internet access from various computers is now both subjectively and objectively3 faster. I haven’t even turned on the QoS and already my VOIP is steady and all previous choppiness has disappeared. Did I mention the fraction of the electrical consumption thing?

This appliance is out performing the both my expectations and the legacy left behind by my good ol’ p233. Farewell ol’ faithful — I won’t miss you a bit.

1 IPCop is highly recommended, although-up-and comer pfSense is looking very neat.

2 To be read in the voice of the narrator from Batman.

3 Though I neglected to measure.