From david at catwhisker.org Mon Sep 6 17:53:48 2010 From: david at catwhisker.org (David Wolfskill) Date: Mon, 6 Sep 2010 17:53:48 -0700 Subject: SonicWALL Pro 230 -- help with reconfiguration? Message-ID: <20100907005348.GQ16233@albert.catwhisker.org> Someone I know has a SonicWALL Pro 230, and needs help getting it reconfigured, for which he's willing to pay. He had ut set up so that: * The DMZ port was unused. * There was one server outside the firewall (on the same net as the Internet router & the WAN port of the SonicWALL. * The machines in the net on the LAN port were also using the same routable /24 that he had been assigned by his provider. * Each machine has its address hand-assigned. He's planning to switch ISPs, and the new ISP won't provide a /24 -- the biggest subet he can get is a /29. Since the SonicWALL supports NAT, I put together a plan for him to migrate to a state where: * All publicly-accessible machines are on the DMZ net. * All machines in the DMZ use a private net & NAT. * All machines in the LAN use a private net & NAT. * The SonicWALL's DHCP server is activated & used for the LAN. The idea is that once the config is fixed, he'll only need to change the one address, and he's good to go. (Yeah, there's some DNS stuff to deal with....) We got partway through -- the servers are on the DMZ, but using their routable addresses -- and now, when he switches the SonicWALL to NAT mode & sets the LAN BIC to 192.168.168.253/24, the LAN becomes pretty much unusable. It turned out that he had 90 access rules, many of which referred to the old routable address ranges, I've talked him through reducing the number of rules, but he really doesn't want to break access to his Web server. (He has all services local on premises -- no colo.) I confess that I have no prior experience wrangling a SonicWALL device, though I'm fairly familiar with the general principles -- my home firewall is a triple-homed "beige box" running FreeBSD. And I'm fairly confident that I could put together a machine that would handle the traffic, routing, blocking, and NAT, but the UI would be ... unpleasant. While he & I have a good working reelationship, I don't believe he's being well-served by my lack of competence here. I'm out of my depth, and either need someone to take over for this, or teach me the error of my ways. Help? Peace, david -- David H. Wolfskill david at catwhisker.org Depriving a girl or boy of an opportunity for education is evil. See http://www.catwhisker.org/~david/publickey.gpg for my public key. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 196 bytes Desc: not available URL: From slash5toaster at gmail.com Mon Sep 6 20:40:32 2010 From: slash5toaster at gmail.com (Clyde Jones) Date: Mon, 6 Sep 2010 20:40:32 -0700 Subject: SonicWALL Pro 230 -- help with reconfiguration? In-Reply-To: <20100907005348.GQ16233@albert.catwhisker.org> References: <20100907005348.GQ16233@albert.catwhisker.org> Message-ID: On Mon, Sep 6, 2010 at 17:53, David Wolfskill wrote: > Someone I know has a SonicWALL Pro 230, and needs help getting it > reconfigured, for which he's willing to pay. > I think that SonicWall support is probably the best bet. It is their product and they should be able to figure out a workable setup. It might even still be under support. I have to remind myself of that at work - why am I spending my time figuring out mundane problems when the company is paying for support. -- We are what we think. All that we are arises with our thoughts. With our thoughts, we make the world. -Buddha From guy at extragalactic.net Sun Sep 12 22:12:57 2010 From: guy at extragalactic.net (Guy B. Purcell) Date: Sun, 12 Sep 2010 22:12:57 -0700 Subject: September BayLISA meeting reminder Message-ID: <327724AE-2AA3-49FD-83A7-7F22585768F2@extragalactic.net> Hi All! Please note that the September meeting of BayLISA is this coming Thursday the 16th at LinkedIn HQ. This month, members of the Zmanda team will be sharing their experiences with backing up to "the cloud" with us. Date: Thursday, September 16, 2010 Time: 19:30 begins "announcements"; talk to follow immediately, running an hour-ish Place: LinkedIn HQ I hope to see a goodly crowd there! -Guy From guy at extragalactic.net Thu Sep 16 00:50:40 2010 From: guy at extragalactic.net (Guy B. Purcell) Date: Thu, 16 Sep 2010 00:50:40 -0700 Subject: Meeting reminder Message-ID: <9293D372-06B4-4E1C-A8F4-9056B760302F@extragalactic.net> Remember--the September meeting of BayLISA is this coming Thursday the 16th at LinkedIn HQ. This month, members of the Zmanda team will be sharing their experiences with backing up to "the cloud" with us. Date: Thursday, September 16, 2010 Time: 19:30 begins "announcements"; talk to follow immediately, running an hour-ish Place: LinkedIn HQ I hope to see a goodly crowd there! -Guy From david at catwhisker.org Thu Sep 16 11:18:26 2010 From: david at catwhisker.org (David Wolfskill) Date: Thu, 16 Sep 2010 11:18:26 -0700 Subject: Seeking list of "commercial companies that still have large scale FreeBSD deployment" Message-ID: <20100916181826.GF1415@albert.catwhisker.org> [Apologies if this seems familiar; I originally posted it to a FreeBSD mailing list. The thought occurred to me that BayLISA is, after all, for "Large Installations," and that some folks with useful insights might not subscribe to the list to which I originally posted. Also, while the message was originally specific for FreeBSD, I believe that other *BSDs might reasonably qualify, as there remains a fair amount of cross-pollination among them.] My employer has been using HP machines a fair amount over the last couple of years (that I know of); I just received the following request from a contact in IT: | I had a chat with our HP support team today try to get better | FreeBSD support on RAID controller in DL180. One thing that they | requested is to see ifwe can provide them a list of commercial | companies that still have large scale of FreeBSD deployment. They | mentioned that Yahoo is gradually moving away from FreeBSD. Do you | have some names that we can provide them? The ideais they can take | the list back to HP and try to argue for more FreeBSD support. | They hired a guy to do FreeBSD support, but he left HP and went to | Google with his FreeBSD knowledge. Any help? Thanks! Peace, david -- David H. Wolfskill david at catwhisker.org Depriving a girl or boy of an opportunity for education is evil. See http://www.catwhisker.org/~david/publickey.gpg for my public key. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 196 bytes Desc: not available URL: