Here I present an abbreviated explanation of the process of creating firewall and cluster objects. More detailed step-by-step guides are available in sections “Firewall Object” and “Cluster Object” of the Firewall Builder Users Guide.
Lets see how much effort it is going to take to convert this configuration to entirely different firewall platform – PF on OpenBSD. There are different ways to do this. I could make a copy of each member firewall (linux-test-1 and linux-test-2), set platform and host OS in the copy to PF and OpenBSD and then create new cluster object. This would be a sensible way because it preserves old objects which helps to roll back in case something does not work out. However, to make the explanation shorter, I am going to make the changes in place by modifying existing objects.
I’ve already written about setting the MTU (Maximum Transmission Unit) under Linux including Jumbo frames (FreeBSD specific MTU information is here).
With this quick tip you can increase MTU size to get a better networking performance.
Use ‘cvlc’ to use vlc without interface. This is useful for command line playing or ripping using shell scripts.
M. Shuaib Khan has published a list of open-source cluster management systems.
Personally, I had used openMosix and Red Hat Cluster software (which is also based upon open source software funded by Red Hat).
From the article: In computing world, the term “cluster” refers to a group of independent computers combined through software and networking, which is often used to run highly compute-intensive jobs. With a cluster, you can build a high-speed supercomputer out of hundreds or even thousands of relatively low-speed systems. Cluster management software offers an easy-to-use interface for managing clusters, and automates the process of queuing jobs, matching the requirements of a job and the resources available to the cluster, and migrating jobs across the cluster:
Read this article it offers feature, cons and pros of each solution.
From my mail bag:
How do I accept CIPE connection requests coming from the outside?
CIPE stands for Crypto IP Encapsulation (see howto Establishing a CIPE Connection) . It is used to configure an IP tunneling device. For example, CIPE can be used to grant access from the outside world into a Virtual Private Network (VPN). All you need to find out CIPE number, once you got the number (device name) append following two IPTABLE rules (add rule to your iptables script) to script:
Add the following rules to your iptables script or configuration file:
iptables -A INPUT -p udp -i cipcb0 -j ACCEPT
iptables -A OUTPUT -p udp -o cipcb0 -j ACCEPT
CIPE use its own virtual device. It is use to transmit UDP packets so the above rule allows the cipcb0 interface to incoming request (no need to use eth0).
Replace cipcb0 with your actual device name.
A question from my email bag – How do you find out all drivers loaded by FreeBSD kernel?