Category: Networking

pfSense Dynamic DNS

pfSense FirewallWorking remotely is pretty common these days, and even if you take your iPad with you, you always end up needing to access something on your local computer. For this, I have a Windows Server to which I connect to via Microsoft Remote Desktop. This works out great and allows me to access files, or use applications on my Windows box, that are not installed on say my iPad or my MacBook. However in order to get to my home machine, I need to have an external address on the internet. For this I have my own domain name which I have had for a few years now. The other issue I have is that my home internet connection does not have a static external IP address and so the IP address changes from time to time. Even though I have a domain name, I need a way for the domain name records to update every time the IP address changes on my DSL modem. This is what Dynamic DNS was invented for: updating DNS records as needed with new IP addresses. If you have your own domain name, you usually have to pay a provider to host your DNS and they will provide some sort of software or script that will update your DNS. This posting details how I setup pfSense to update my DNS provider ChangeIP.

Add Dynamic DNS to pfSense

First log into your pfSense admin panel and choose Services – Dynamic DNS. Under the DynDNS tab click on the cross icon to add an entry. You will come to a screen like this one:

pfSense Firewall DDNS

  • Change Service type to Custom
  • Check the Enable verbose logging option
  • Add your Update URL
  • Add a description
  • Click Save

Update URL

The URL needs to be specific to your setup at ChangeIP. In my case, I have one domain with the three basic DNS A records: domain-name.net, www.domain-name.net, and ftp.domain-name.net

Here is an example of the URL:

https://nic.ChangeIP.com/nic/update?u=username&p=password&set=1&ip=%IP%

In order to update all my dns records, I have setup domain-name.net, www.domain-name.net, and ftp.domain-name.net to be in set 1 at ChangeIP. The SET= parameter tells ChangeIP to update records in set 1 to the IP specified. The %IP% is a the variable pfSense uses to input the IP address it resolves for the WAN interface. Reference ChangeIP DDNS API Information for parameters and Setting Sets for DDNS Update.

Adding Cronjob for DDNS

With the Cron package installed, it is easy to add and modify Cron jobs. What I recommend doing is scheduling a Cron job to run every ten minutes.

pfSense Firewall Cron DDNS

Checking System Log

Once you force the update, it is important to check to see if it worked. You can check the System Log in pfSense to see if there were any problems that occurred and then at ChangeIP, check your Domain Manager – Premium Domains – Domain-Name – A records, to see if all records in Set 1 updated to the same IP address.

Filed under: Networking

Mac OS X 10.9 Mavericks SMB2 and Windows 2012 Essentials Server

Apple LogoApple has a long history with computer networking, from AppleTalk to today’s Internet connected world. However, it is Windows networking that still causes all kinds of headaches for Mac OS X users. It seems that with every release of Mac OS X, Apple seems to have recurring issues with Windows shares. Some of Apple’s defenders will state that Apple adopts industry standards as is, and it is Microsoft and others who publish specs, but don’t actually follow them, so when Apple does follow the specs, it seems to just end up breaking things. SMB is the networking protocol that Microsoft uses for Windows networking. It is what allows Windows network file shares to work across the network. With the latest versions of Mac OS X, Apple abandoned the open source SAMBA package that most Linux distros use to connect to Windows, and wrote their own SMB2 software. This makes Mac OS X 10.9 Mavericks connect faster and better to Windows servers. Well that is when it works!

SMB Connections Fail

There is one Windows 2012 Essentials server with multiple shares. There are two Macs on the local network. One iMac is connected over Wireless N and one MacBook Pro is using a wired ethernet 1Gb connection. When using the Connect to Server… option the iMac connects fine and has no issues. The MacBook Pro opens the share and then never displays any files, it just spins in the lower left hand corner of the window that opens. Both computers are running Mac OS X 10.9.3 Mavericks.

Mac OS X SMB Connect to Server

Connecting via CIFS instead of SMB seems to work for the MacBook, but it is slower.

The Solution

The solution ended up modifying the Windows 2012 Essentials server. There are two registry keys that need to be added in order to fix the problem for the MacBook.

Under this Registry Key:

  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters

Add these DWORD values:

  • Smb2CreditsMin – make this 768
  • Smb2CreditsMax – make this 16384

Once you made the changes restart the Windows Server and then the Macintosh clients. It should now fix the problem.

Microsoft provides the following information on these registry keys:

The defaults are 512 and 8192, respectively. These parameters allow the server to throttle client operation concurrency dynamically within the specified boundaries. Some clients might achieve increased throughput with higher concurrency limits, for example, copying files over high-bandwidth, high-latency links.

Filed under: Apple, Mac OS X, Networking, Windows

Fix SARG Reports in pfsense

torchSARG Reports are a good compliment to Squid Proxy and since there is a package that is available for installation in pfsense, it makes good sense to setup SARG Reports. The downsides to SARG Reports is that the reports do take up space and over time this can be significant. This posting is about a problem I encountered on pfsense 2.1 and the latest SARG package.

For some unknown reason the reports stopped generating. Upon checking my System Log this is the issue I found:

php: /pkg_edit.php: The command 'export LC_ALL=C && /usr/pbi/sarg-amd64/bin/sarg -d `date +%d/%m/%Y`-`date +%d/%m/%Y`' returned exit code '1', 
the output was 'SARG: Cannot get the modification time of input log file /var/log/squid/access.log (No such file or directory). Processing it anyway SARG: File not found: /var/log/squid/access.log'

I am using the 64-bit version of pfsense, so hence the sarg-amd64. If you are using 32-bit, it will state instead sarg-i386.

The solution is to edit the sarg.conf file that is located in one of these locations, depending on your pfsense build:

/usr/pbi/sarg-amd64/etc/sarg/sarg.conf
/usr/pbi/sarg-i386/etc/sarg/sarg.conf

You will need to verify that the access_log line is correct:

#access_log /usr/local/squid/var/logs/access.log

In my case, removing the # sign and specifying the correct path to my Squid access.log corrected the problem.

If you have issues with SARG Reports, it is best to do the following:

  1. Under the Status Menu – click SARG Reports.
  2. On the General tab click Save
  3. Next click on the Users tab and click Save
  4. Click Schedule and create your schedule or if you have one already open it up and click Save.
  5. You can go back to the Schedule and Force Update to see if SARG Reports are working now.

I also schedule SARG Reports in Cron to run at 11:50pm every night instead of midnight.

50  23  */1  *  *
Filed under: Linux, Networking, Software