, 6 Guests, 2 Bots


Print This Post Print This Post

Protect you network with IPFire


Through out my attempts to build implement a firewall I went through quite a few different possibilities.  So what will I do purchase of a commercial firewall appliance, a higher end router with extended firewall features, or building my own on a computer?  After a great deal of research and debate I decided to build my own firewall using one of the open source Linux distros.  So I tested several Pfsense, Endian, IPCop, Smoothwall, and IPFire.  I primarily did this with virtual machines to start with and then would progress on to hardware and testing.

In my testing I came across an IPFire image for a Raspberry Pi.  Me being an R Pi enthusiast I decided to test it out.  I know the R Pi only has a 10/100 and only has on NIC but was willing to give it a try.  Believe it or not I installed the image and used a USB Gigabite NIC for the internal network interface.  I ran this for about 2 months and it worked well.  The only thing I couldn’t run was Snort because it made my R Pi lockup.  Then my ISP was going to increase the speed of my WAN connection so the R Pi just didn’t have enough horse power to handle the 300Mbps speeds.  It would only allow 30Mbps through.  So I had to get new hardware to make this work.  I am all about saving electricity so I was not willing to run a full desktop, and I didn’t want to dedicate one of my laptops to this.  Finally at one of my favorite computer store I found a Gigabyte Brix micro computer in the clearance bin.  I thought this would be worth a shot for the new firewall hardware.  I know the store part if this is long so I will get into the build now.

The Brix doesn’t come with a hard drive and I found that the SATA connector inside the machine will not spin a standard hard drive.  So you will need an SSD plus you will want the improved speed to keep the bandwidth loss to a minimum.  Here is the specs of the device I picked up.

  • Features 22nm Intel® Celeron N2807 to deliver to the most intuitive and integrated operating systems in the world
  • Supports 2.5” thickness 7.0/9.5mm Hard Drives (1 x 3Gbps SATA2)
  • Ultra compact PC design – 0.69L(56.1x 107.6 x 114.4mm)
  • 1x SO-DIMM DDR3L 1.35V Slots (1333 MHz)
  • Preinstall IEEE 802.11 b/g/n Wi-Fi / Bluetooth 4.0 Mini-PCIe card
  • Supports dual displays via a VGA and a HDMI port
  • Gigabit LAN
  • Audio jack (Headphone/MIC)
  • VESA mounting bracket (75 x 75mm + 100 x 100mm)
  • Supports Fan less design

So this device needs a hard drive,a memory stick, and a USB NIC to make it work for a firewall.  I had all of these parts laying around so it was nothing for me but should be remembered if you are going to do something similar.  I already had experience with IPFire and I liked it so I used the same OS for this firewall build.  Here are the requirements for IPFire.

  • Intel Pentium I (i586)
  • 512MB RAM and
  • 2GB hard drive space
  • 2 NICs

So I installed an 60G SSD and 4 Gigs of memory into my micro PC to do my testing.    I also needed and external CDROM drive to install the OS.  IPFire’s current version at the time I am writing this is 2.17 update 93.  Installation is pretty straight forward and you can get all the help you need from their wiki at .

Once the OS is installed it will finish with a setup script that It has you picj which adapter are for the Red and Green side of the network.  I chose the USB NIC to be the Red interface because if it failed I would still have internal network.  The USB is also on a USB 3 interface so I have more than enough speed for the WAN connection.  I know that it is better to have a machine with 2 internal NICs but that would increase my expense from around $200 to closer to 3 or 4 hundred dollars.  Here is what the install script looks like.


If you have a the need for additional interfaces such as a DMZ or WiFi interface, IPFire does support this as well.

Red WAN External network, Connected to the Internet (typically a connection to your ISP)
Green LAN Internal/Private network, connected locally
Orange DMZ The DeMilitarized Zone, an unprotected/Server network accessible from the internet
Blue WLAN Wireless Network, A separate network for wireless clients

You can re-run this setup at anytime if you want to make NIC changes by typing setup in a terminal on the firewall itself.  Once you are up and running you can log in to the web interface by typing https://<green NIC IP>:444 .  Here you can access all of the additional settings and information that the firewall has.  I like the reports that it has and the fact that you can expand the function of the firewall if you want. The interface has themes as well but I use the default on.  More specifics on the interface and setup can be found her .  Below are pics of the web interface.



The only additions I made was activating SNORT and using the Guardian script to make it more of an IPS not an IDS.  I also install the email addon to have the firewall email me reports and when it blocks or unblocks things.  All I did was add a statement into the scripts that would make it email me when it was executed.  So I get a lot ofemails from the firewall but I like it that way.  You install addons using pakfire.  The list is quite extensive and can be found at the at .

Guardian is a perl script that goes through the SNORT logs and the blocks IPs that have 5 violations.  It blocks them for 24 hours.  This is where setting up the SNORT rules becomes important.  If you don’t you may find yourself locked out of you own firewall or blocking good traffic as well as unwanted traffic.   You need to realize that all addons require processor time and may cause some loss of bandwidth going through the firewall.  My WAN connection from the modem is 329Mbps.  Going through the firewall with SNORT running I get 242Mbps.  My Brix micro PC is idle 96% of the time so I am not coming even close to maxing out this system.  But hardware and addons need to be thought through to insure you get as much bandwidth as possible.  If I disable SNORT my bandwidth increase to around 260Mbps.

You will also have to setup you firewall access as well.  IPFire uses iptables as the firewall and can be a little tricky to setup if you are not  use to setting up firewall rules.  This can be done with the web interface and a guide to do this can be found at .  I had to do some trial and error to get everything setup correctly, but once it was setup it functioned perfectly.

I know I have been pointing to a lot of web pages for setup info but if I put it all in here this would be about 50 pages long.  I ran this for a few months and am happy with the performance and love the reports that it produces.  It will give you a roll up report of all activity the previous day but it can be a little cumbersome to read through.  But you can go to each of the individual reports in a GUI format and look at activity for any day that the firewall has been running.  Some of the reports are shown below.




These are default image I got from the internet not my network but this is what it looks like for the firewall traffic (bottom) and IPs that have connected to the firewall (above).  I truly wanted a firewall so I could get these type of report of network activity on my network.  So this may not be the path that most people want to take but I tried a few commercial router/firewalls that were in my price range and found them to be crap.  The would cause a large bandwidth drop and the firewall was not as configurable.  Plus the logs were all text and you would have to read through them and try to figure out what they were doing.

My cheep hardware setup was pretty simple to put together and works very well.  I like IPFires interface and there forums have a great deal of good information in them.  So if you are looking for a firewall without all of the crazy costs that come with commercial ones.  This may be a good option for you.  It does require some knowledge of Linux but not to expert or even intermediate level.  You can run this from the web interface and never really need to access it through a terminal.  So give it a shot and let me know if I can help in your testing.



Print This Post Print This Post

Raspberry Pi MineOS Minecraft Server


I have built a few Minecraft R Pi servers but wanted more functionality that what the other guides were building their servers.  So I built this several times and it works but isn’t as powerful as any of the x86_64 systems but it is pretty cool to do.  First let me list the stuff I used to create this server.

  1. Raspberry Pi 2
  2. MineOS webpages
  3. SDFormatter
  4. Win32disk
  5. Ubuntu R Pi image
  6. 16 Gig MicroSD card
  7. Putty

The reason I didn’t user Rasbian is due to the overall size of the image.  The Ubuntu 14.04 image is only 1.75G vs 3.05G Rasbian image.  So to prep the OS I did a few things. The Ubuntu image can be downloaded from .  The default user is ubuntu and a password of ubuntu.  So I used my Windows machine to setup my MicroSD card and write the image to the card.  I used SDFormatter to format the card and Windisk32 to write the image.  You can do this with Linux as well and the Ubuntu webpage has all the directions you need to accomplish this.  Now you should be ready to pop this bad boy into the R Pi.

The first boot will need a monitor and keyboard connected to the R Pi because the OS doesn’t have an ssh server installed by default.    So enter sudo su – to elevate to the root prompt and type apt-get update.  If just tried to install the openssh server from the git go but it kept failing until I ran the update.  You should also follow the following instruction from the Ubuntu webpage.

There are no Raspbian-specific utilities included, specifically no automatic root resizer. However, it’s not hard to do manually. Once booted:

 $ sudo fdisk /dev/mmcblk0

–  You can use fdisk -l to see the available size of your Micro SD before increasing the size.

Delete the second partition (d, 2), then re-create it using the defaults (n, p, 2, enter, enter), then write and exit (w). Reboot the system, then:

$ sudo resize2fs /dev/mmcblk0p2

There is no swap partition/file included. If you want swap, it’s recommended you do:

 $ sudo apt-get install dphys-swapfile

You should have a (resized) SD card at least 8GB, because by default it will want to create a ~2GB swapfile and allow for the actual game files to grow.  This gave me a 1866 Meg swap space.

This will give you the full Micro SD card space and add a swap that the R Pi will need even with the 1G of memory the R Pi 2 has.  Below is a before and after df -h for this server.





 Now that the drive space is ready it is time to download and install the MineOS webpages.  This part is optional but I really like the functionality that it brings to the server.  First thing is to go to  This would be the apt-get link for the Ubuntu install we are using here.  If you decide you want to use MineOS you can go the link above and install it.

MineOS makes downloading and setting up the server pretty easy,  if you are not going to use MineOS you can wget the minecraft server from .  I personally like Spigot better however with the copyright problems you can’t just download it anymore.  So if you want to use Spigot you can build it using the instructions on their website. The link to setup the MineOS webpage is at the bottom of the post.  Also the link to build instructions for Spigot is at the bottom of the post.

On distributions featuring apt-get, you can install dependencies with these commands:
As root:
apt-get update apt-get -y install -y nodejs nodejs-legacy npm git rdiff-backup screen openjdk-7-jre-headless


MineOS requires rsync 3.1.0+, which comes default in Ubuntu 14.04 and later. Ensure you have a recent enough version.
Installing MineOS scripts with git
As root:

mkdir -p /usr/games
cd /usr/games git clone minecraft
cd minecraft
git config core.filemode false
chmod +x service.js mineos_console.js webui.js npm install –all
ln -s /usr/games/minecraft/ /usr/local/bin/mineos

As updates are made frequently to the MineOS scripts, you should make a habit of updating the webui via git on a regular basis. Updating the web-ui does not require a host or server restart.
Running the MineOS Web Service
Starting the web-ui at boot

This method uses upstart, which is available on Ubuntu 14.04 by default.

Have the web interface start
As root:
cp /usr/games/minecraft/init/upstart_conf /etc/init/mineos.conf start mineos

Using secure HTTPS operation

Before you can start the server, you must generate a self-signed certificate for HTTPS functionality: /etc/ssl/certs/mineos.{pem,crt,key}
As root:
cd /usr/games/minecraft ./
Starting/Stopping the webui

Remember, you won’t need to do this on subsequent restarts, as the initscript will take care of it.
As root:
start mineos stop mineos

Using the webui

The scripts, by default, will run a server operating on port 8443 and place minecraft data files into /var/games/minecraft.

When creating minecraft servers, it is required to use an unprivileged user to create and manage Minecraft servers. For most distros, this will be with the adduser username command. The password you set during user creation will also be the password used for the web-ui.

In your browser, visit the location:

Servers may only be created by unprivileged users, or in other words: not root. Be sure to log in as any unprivileged user to create any servers you wish and leverage group membership to share control of servers with others!

standalone UI


Another reason that I use Spigot is for the plugins that can be added to the server.  The main one I would add is called Dynmap.  This plugin simply draws a map of the areas that you have explored.  This can be opened in a web browser and can be set to very fine detail for map resolution.  It will give you a map like the following.




The one thing I did find is that the R Pi works for a Minecraft server but it needs some tweaking to get it to work well.  I think the R Pi 2 has enough power to really run the server as long as it has a small map, but it needs some tweaking to really get it to run well.  I experienced lag and blocks reappearing after you had broken it.  Now you can strip everything out and just run a Minecraft server without any add-on but that is part of what makes the server functional to me.  But running the server by itself in a terminal on the R Pi does work but I still has some lag and performance problems.  So  for the people that will say don’t use an R Pi to build a Minecraft server I say why not.  I understand it is low powered and was not built for this, but what was it built for.  It was built for people to buy and tinker with, program and see what it can do.

  So in closing the R Pi 2 will work as a Minecraft server and the performance isn’t that bad.  It could use some tweaking and once it is figured out I am sure it will be a low power option to a power hungry desktop.  Not that it will out perform it, but it is cheap and can stay on all day without using a Kilowatt of power.  So tinker around see how it goes.  It you have any questions about this setup feel free to leave a comment.

Print This Post Print This Post

Make Your TV a Smart TV with Android TV Dongles


  On  a recent trip I was looking at a store and saw this dongle that was billed as make any TV a smart TV.  So I looked at it and it looked like a large flash drive with Android as the operating system.  So it was $47 so I decided to give it a try and purchased it.  Well when I got back to the hotel I plugged it in and it had Android 4.2.2 on it and needed some kind of input device hooked to it so you could control it.  All in all I thought it worked really well and that I would now use this as my traveling media center because most TVs these days have a HDMI port and I could watch moves, listen to music, and even surf the internet if I wanted to.  All in all I liked it.

So I decided to dig into the device hardware and what I could do with it.  The device I bought was an AVOL UAD2842 Android TV dongle.  It uses Nexeon board and it turns out these are used in a lot of these devices.  The full specs are below.

  • CPU:  RockChip 3188-T  1.4Ghz Quad core
  • Mem:  2G DDR3
  • Nand:  8G flash ROM
  • GPU:  Mali Quad core 500Mhz
  • USB:  2 micro USB, 1 Standard USB
  • WiFi:  RTL8723bs or AP6210 with Bluetooth
  • Storage:  MicroSD card slot up to 32G

Now the specs can be different depending on your device but both of mine had these specs.  Just as a note insure you now the exact specs of you device before you start trying new ROMs.  I bought one to use and the one to tinker with.  I opened the one I use and the installed new ROMs on the other one.  Well after several attempts and ROMs that are suppose to work on these specs I took the other one apart and found it had a different WiFi card.  So just make sure you now what hardware you have.

So I found some Android 4.4.2 ROMs for similar devices with the same chip set and started researching.  So to make a long story short chances are you will not find a perfect ROM for your device but you will find tons that may work.  So I downloaded about 12 different ROMs and flashed each one.  I only had one that all the hardware worked but the ROM was really laggy on my device.  So here are some of the tools you will need.

  1. A Rockchip flash tool or one for the chip set you have.
  2. Some ROMS of course.
  3. Know how to boot your system into download or flash mode.
  4. Drivers for the computer you will be flashing from.

First thing you have to do is install the usb drivers so the system can read the device.  Mine is a Rockchip based system so I installed the 64bit ones to go with my 64bit laptop.  Once that was completed the dongle has a reset button that you will use to put the device in the right mode.  You plug in the one end of the USB cable and then hold in the button and plug in the other end of the USB.  Then computer should pick up the device, if not you may need to try the process again or reinstall the drivers.  Once the computer recognizes the device you can open the flash tool.  I use RKFirmwareTool version 1.34.  There are several versions so use which one works for you.  The you select the ROM to flash and select restore.  Once it is done plug it into the TV and see how it works.  Below are some pics of the flash tool.

v1 v2

After I tested about 12 ROMs I started looking a Linux for the device.  I also found several ROMs that were Dedian based.  I was a Linux administrator  for a few years so I now my way around a console and thought it would be cool to see how it worked.  I found some ROMs at Radexa and they have several Android and Linux ROMs.  I used the exact same tools to flash Ubuntu to the Nand on the device.  It worked well but I couldn’t get the graphics to work quit right.  Another great thing is the ability to boot Linux from you SDcard.  So if you don’t want to remove you Android you can just prep a MicroSD card to accomplish the same thing.  I found that the Lubuntu image I got from Radexa worked really well when I ran it from the SDcard.  The WiFi didn’t work but I only played with it for about 30 minutes.  Here are some pics of Linux on the device.




So once I get back home I am going to try and get a USB Ethernet device to work so I can work on fixing the WiFi.  I sure beats going out and downloading stuff and trying to get it uploaded through USB or SDcard.

For the most part though these devices work really well for a media center device.  I installed several of my favorite Android apps and I have been listening to music, watching movies, and even checking the status of my network with this device.  Once I have a wireless keyboard to plug into it I believe it will be worth every penny I paid.  I also have a small remote that works like a Wii mote and has a qwerty keyboard on the other side.  This will make the device family room ready for the kids to use.

So if you want to make your TV do a little more than watch shows you may want to pick one of these devices up.  Below will be some links to firmwares and names of devices that you can look for.  I really like the device and I use it everyday.  If you have any questions feel free to leaves a comment and remember that if you decide to change your firmware you always do it at your own risk.



Page 1 of 4812345...102030...Last »