All posts by bsdman

Currently working as an IT Manager. Worked for an OIT company as a Network Engineer in 2011. Worked for a Medical IT company as the Network Administrator 2009-2011. Worked as the Senior Systems Administrator at a computer reseller from 2005-2009. Worked as a Computer Consultant for several small companies from 2007-2009. Worked as a Computer Technician at a computer reseller from 2002-2004.
Networking

Comcast Business with Third-Party Router

Leave a comment

I’ve had a few clients that required the use of their current router/firewall combination but wanted the speed of the new Comcast Business Cable Internet connection.

The last client has 16 employees all running on a bonded T1 connection. Maxing out of 1.544mb/sec is no way to live in today’s age. So this client ordered Comcast high-speed to replace the aging T1 (at less than half the cost too), and wanted help getting everything up and running. Why not use the Comcast/SMC router/firewall combination and call it a day? Well, that would be the easy way out. The SMC device is pretty potent for average use, but does not have a VPN server built in. The current configuration has VPN in the mix.

Unfortunately there is no way to setup the SMC into bridged mode, so that makes it a little more difficult to setup. Here’s a little fix I found out after searching for a few hours (yes, hours).

Log into the SMC Firewall (cusadmin/highspeed by default)
Click on the firewall setting
Make sure Disable Firewall for True Static IP Subnet Only is enabled
Make sure Smart Packet Detection is disabled
Check your network settings AND WRITE THESE DOWN (we want the Public IP address which is not a 10.*.*.*, the netmask 255.255.255.252 usually, the gateway which is usually a single IP off from the public IP, and the DNS servers)
Save all settings

Log into your existing router/firewall
Set the IP address of the WAN to the Public IP of the SMC Firewall you wrote down
Set the Gateway, Subnetmask, and DNS entries also to what you’ve written down.
Save all settings

Plug a cable from the SMC Firewall switch to the WAN port of your existing router/firewall. Check your connection by pinging 4.2.2.2

If you’ve set everything up correctly you should get responses by 4.2.2.2 UNLESS you have a rule specifically denying ICMP replies. In that case, just open a web browser window and start running on the internet. You may want to use www.speakeasy.net/speedtest to run a speed test.

After connecting, the Speedtest indicated a connection of 21395kbps down and 8947kbps up. That’s 2674KB (2.6MB) down and 1118KB (1.1MB) up. Not bad at all.

Miscellaneous

Folding At Home Error

Leave a comment

I use FaH at home (PS3, File Server, Gaming Rig) and at work (Workstation, Non-Production Server). The beta SMP clients give the most points so I end up using those when I can.

I did get this error though:
MISSING_WORK_FILES

Booo.
So I changed the shortcut from:
"C:\Program Files (x86)\Folding@Home Windows SMP Client V1.01\Folding@home-Win32-x86.exe" -smp
to:
"C:\Program Files (x86)\Folding@Home Windows SMP Client V1.01\Folding@home-Win32-x86.exe" -delete 1

Then when you run the program it’ll say “deleting work unit from queue” and then self-close. You may need to run this for all 4 in the queue (or more if you’ve set it that way). Just change -delete 1 to -delete 2, -delete 3, -delete 4, and so on.

Make sure to change it back to -advmethods or -smp if you want it to run again.

Microsoft

ARP Address Security

Leave a comment

ARP, or Address Resolution Protocol, is the primary method for your computer to talk with other network devices. Basically, your computer has an IP address (192.168.1.100) and wants to talk with your email server (192.168.1.101). Your computer will send out an ARP request for the owner of 192.168.1.101. A message will come back saying that 192.168.1.101 has a MAC address of xx-xx-xx-xx-xx-x1. That’s basically how they communicate. It obviously gets a lot more tedious when you add gateways, routers, and switches to the mix. Then add internet devices too with different masks. Oh man!

But there is a problem – broadcast addresses are always the last available IP in a subnet (in our example it’d be 192.168.1.255 with a mac address of FF:FF:FF:FF:FF:FF). Gateway addresses are always the first available IP in the subnet (once again, 192.168.1.1). If someone wanted to poison the ARP cache, they could easily point to the gateway address and spoof everyone else on the network to believe that they’re the gateway.

Computer: Hi everyone, I’m looking for the gateway
Poison: I’M THE GATEWAY!!!
Poison: I’M THE GATEWAY!!!
Computer2: Hi everyone, I’m looking…
Poison: I’M THE GATEWAY!!!
Computer2: … for the gateway
Poison: I’M THE GATEWAY!!!

You can see why the poisoning of ARP can actually work. The poison programs will flood the network with broadcasts saying I’M THE GATEWAY!!!

So, how do you protect against this? The easiest way is to push a startup script to all your machines that deletes the current ARP and puts a static route in for your gateway. The only problem with this approach is if you ever change gateways or switches – the MAC address you enter as the static ARP will no longer be valid, and the routing for internet will cease.

Windows 2000/XP/Vista:

Start -> Run -> CMD
arp -d
arp -s 192.168.1.1 00-18-00-18-00-18

-d is for delete
-s is for static
obviously put your own gateway IP address in there and MAC address. If you need to find it, you can type arp -a and locate the MAC address associated with your gateway.

Vista requires elevated privs to run the arp commands. Right click on your command prompt and that will help with many of the problems.

Vista may require the following:

netsh -c “interface ipv4”
set neighbors “Local Area Connection” “192.168.1.1” “00-18-00-18-00-18”

Then check to make sure with:

arp -a

Microsoft

Unable To Activate Windows

Leave a comment

Microsoft keeps making it more difficult to pirate their software, but at a cost: it’s harder for the average user (or corporate one) to activate legitimate software. I’m not a big fan of paying for software when you can find something similar for free, but sometimes you just have to bite the bullet.

After installing Vista Enterprise X64 on a laptop and Server 2008 on a workstation, I had some issues getting Windows to activate. Something about DNS issues. Ok, I can deal with that – I change the DNS entries to use 4.2.2.2 instead of my gateway (4.2.2.2 is a main ATT backbone DNS server that you *should* always be able to access and ping). It didn’t work – same issues.

So then I started reading a bit on the Technet site. Apparently there’s two ways to fix this issue:
1.) Install a KMS server (Key Management Server)
2.) Convert your key to a MAK (Multiple Activation Key)

Since it’s infinitely easier to convert the key when I’m only running a handful of systems, I chose the second option. Here’s what to do:
Open an administrative command (run as administrator) window.
Then type this code:
slmgr -ipk xxxxx-xxxxx-xxxxx-xxxxx-xxxxx
Then a window will pop up with either a positive or negative on the key change.

Linux

Ubuntu Command Line Change IP Settings

Leave a comment

I find myself forgetting more and more when I use tools like webmin. These usually work with most flavors of linux as well.

sudo nano /etc/networking/interfaces

auto eth0
iface eth0 inet static
address 192.168.3.90
gateway 192.168.3.1
netmask 255.255.255.0
network 192.168.3.0
broadcast 192.168.3.255

Then restart the networking devices
sudo /etc/init.d/networking restart

*** EDIT 10/4/2017 ***
Almost a decade later and I had to update this slightly.

List Your Available Network Devices
ifconfig -a

List Your Currently Enabled/Working Network Devices
ifconfig

Edit Your Network Device
nano /etc/network/interfaces

auto ens32
iface ens32 inet static
address 192.168.3.90
gateway 192.168.3.1
netmask 255.255.255.0
network 192.168.3.0
broadcast 192.168.3.255
dns-nameservers 192.168.3.2 192.168.3.3
dns-search domainname.local

Restart Your Network Device
ifdown ens32 && ifup ens32

*** EDIT 1/12/2018 ***
Only a few months later, but Ubuntu started using netplan instead of the usual ifup/ifconfig commands I’m used to. Now it’s yaml.
This is for 17.10 and later! Proper space is NEEDED to work.


nano /etc/netplan/01-netcfg.yaml

network:
version: 2
renderer: networkd
ethernets:
ens32:
dhcp4: no
addresses: [10.1.10.114/24,’IPV6HEREIFYOUWANT’]
gateway4: 10.1.10.1
nameservers:
search: [domain.local, otherdomain.tld]
addresses: [10.1.10.2, 10.2.10.2]

netplan apply

*** EDIT 2022-12-02 ***

Apparently this changed in Ubuntu 20.04 (although it still supported the “old way”), but in 22.04 I could not get netplan to support my use of the gateway4 option.

I’ve left the old style commented out, but the new way of using only routes for this purpose works well and opens up the idea of multiple gateways or static routes from a single system.
Linux

WordPress and Stats Pages

1 Comment

I have this issue from time to time – wordpress updates will break my stats pages. A simple edit in the .htaccess file clears this up.


RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_URI} ^/(stats|failed_auth\.html).*$ [NC]
RewriteRule . - [L]

# BEGIN WordPress

RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]

# END WordPress

Microsoft

Images Not Showing In Outlook 2007

Leave a comment

We’ve had a couple people that, for whatever reason, have computers that don’t like to play along with the rest of the gang. The primary complaint is that images do not load in the email (mostly screen shots). They will, however, show up when the user attempts to Forward said email.

In 2007, click on New Email to open Word
Click that Giant ugly Microsoft Button on the top left of the window (called the “Office Button”)
Select Editor Options
Click on Advanced
Under Display Email Content, find the Show Picture Placeholders
Uncheck Show Picture Placeholders
Click OK
You may have to restart word/outlook for this setting to stick