I’ve just put up a new tutorial (strangely enough about the title)! You can read it here.

The government announced NBN2 and the globe kept spinning; nothing new to see here. However we (as in Australia) got a regulatory review and that was probably a good outcome. As I’ve been half following the NBN in the news I’m finding some of the review findings/submissions interesting. However there are some things that just make me want to go into cryogenic stasis – I might see something change that way.

To think that this is even a source of contention is rediculous. The practical requirement, in my opinion, of getting HIGH speed internet(s) is Fiber to the x, FTTN being the most likely for a first build out, which means optical fiber needs to be run to every pit of every exchange. (NB. I refuse to use the word broadband as it is really a description of relative technologies; not a service).

The risks of having hanging cables are many. Downtime from damage is a biggie. But that is entirely irrelevent. Pits can flood shorting out the copper circuits; someone can dig before dialing; etc… and security wise: it’s not like the current copper network is at all protected from someone who knows how to patch a copper pair – having said that optical fiber splicing is arguably harder so that’s a plus for “back to the exchange”.

None of those risks qualify my statement of rediculous though.

We have perfectly functional cabling conduit and other accesses for rolling out FTTN. The position should be they will be used. To all the people involved: Get over the bureaucracy and get something done for once. Conroy/DBCDE: buy back the wholesale stuff from Telstra – that’s the governments penalty for not seperating during the privatisation; Telstra shareholders: set a price for the buy out – consider it a forced buy out or unfriendly takeover if you will but take a spoon of toughen up: other countries privatisation arrangements seperated wholesale and retail from the outset; Telstra was a bubble that is now going to either burst or be popped; and that writing was on the wall from day one.

In summary: there shouldn’t be an option. It’s rediculous.

I spent a few hours this afternoon upgrading some of the work firewalls, which run pfSesne, from v1.2 to v1.2.1. Which was released a few days ago. Here are my notes and warnings after following the Install and Upgrade documentation.

In theory, the upgrade is meant to be fairly straight forward. You can try to do an online upgrade. However there are documented issues with that. The other option is to reinstall, which in this case means: reflash the CF cards. So long as you have a config backup then you can simply restore your settings and off you go. All in all:

1. Download the new image file
2. Stick the CF card in your CF card adapter
3. zcat pfsense.img.gz | dd of=/dev/XYZ bs=16k
4. Stick the CF card back in the firewall
5. Boot and restore the config

Gotcha #1: The new image does not have any network setup by default. In theory, once again, you should have a serial cable (DSUB 9) that you use to access the serial console of your firewall. Configure a LAN interface address, then use the web interface to restore the config file. Unfortunately I did not have a serial cable; we’ll leave why out of it. I dealt with this by building a config file within the embedded image before writing to the CF card. You’ll need QEMU to do this. Note these steps derived from the Mac_OS_X_together_with_qemu section of the Install documentation.

# Unzip the embedded image and start it with QEMU;
# - Two NICs LAN / WAN
# - The qemu command is all one line
gunzip pfsense.img.gz
qemu -hda pfsense.img -net nic,vlan=0 -net nic,vlan=1 -serial telnet::7890,server,nowait
# Now open a terminal and fake a serial console with telnet
telnet localhost 7890
# You'll need to configure your network devices during boot.
# I used generic settings so I could flash the image to multiple cards
# When you reach the main menu push 8 for a shell
mount -u /cf
cd /conf
vi config.xml
# Check the interfaces are configured properly then
exit
# Choose option 6 to halt the emulated machine.
# Write the updated image to your CF card
dd if=pfsense.img of=/dev/XYZ bs=16k

QEMU is available for most major incarnations of most operating systems. The above are fairly Linux specific but should be easy enough to translate; dd is a physical disk dump program.

Gotcha #2: Bogon Networks! Are updated by a cron script on the 1st of each month at 3:01AM. Unfortunately the default list includes IP’s assigned by Optus Wireless Broadband – which means if I’m using one of Works USB modems I can’t access the servers. That’s bad!. Really the bogon list should be updated during the setup wizard if you turn bogon filtering on. See this pfSense forum topic for how to manually update your bogon filter.

Gotcha #3: Your backup config file DOES NOT contain certain settings. OpenVPN configurations for example. Make sure you have a copy of any custom settings not contained in the backup config file; otherwise be prepared to reconfigure.

And that’s all.

I’ve just uploaded a new tutorial to the Tutorials page on MultiWAN Routing with a Linux server (direct link).