notes from an admin for himself. you can read it if you want.

Entries Comments

Custom Search

Untangle firewall common ports to unblock

16 December, 2009 (07:20) | antivirus/spyware, networking, security | No comments

If you are setting up an Untangle firewall and want to use it at your house or business but might not know common ports to allow, here is a list. I have things a bit tighter at work but at the house I like to have instant messengers etc working.

Skype TCP ports 13861, 34954, 42045

Apple remote admin stuff – tcp 5354

typical email – tcp  25, 143, 465, 587, 993, 995 (use these at your own risk. Some you need for gmail etc, but if you open 25 outbound you may be spamming if a machine is owned)

 web – tcp 80, 443

openvpn – tcp 1194

ssh – tcp  22

ftp -tcp 21

Instant messengers – tcp 1863, 5050, 5190, 5222, 5223

Remote desktop – do some port forwarding so it comes in on like 10020 and goes in to 3389. Dont open 3389 to the outside.

How do you find more?

Open a command prompt

type in netstat -no and hit enter

you will see a list of the open source and destination addresses. Compare this list to the auto refresh block list in your untangle firewall. Look for the PID. Compare that to a task manager PID and see what process is using it. Make sure you know what you are allowing when it is blocked.

OpenVPN name resolution to windows Active Directory

13 November, 2009 (19:30) | Mindless Blather | 1 comment

I got my openvpn clients to map to machine names. I was running into a problem with dfs roots. Had to be able to map to \\domain\root  instead of \\serverip\share through my untangle firewall and nat using openvpn.

Open your network connections and look for the TAP adapter. Mine is v9 from the upgrade a few days ago.

Open TCP v4 settings

Advanced button

I added my AD server as the first DNS entry, untangle dns is second

WINS tab – enter your wins server addy, if you don’t have wins, put it on, it is useful still for things like OWA and exchange 2003. Several other MS things don’t work properly without it 9 years after it was supposed to die

Netbios over TCP- enable that

Back on the DNS tab, i told it to append my name. It was trying to append my domain name from my house a few times in troubleshooting. I have vpn working without this setting at a warehouse client of mine. So don’t worry if you dont have a domain to add.

That should be it. I’ll post the bat file I wrote for restarting the openvpn service and pinging when I have a few more minutes to post.

Don’t forget you can go into services and start openvpn as a service. It won’t connect inside your network by default. So it automatically knows when to enable. This is great for doing remote maintenance when users are online. This gets you around user complaints about the openvpn gui having to run as adminstrator on vista and 7 because it is happy as a service.

For the search engines-

Untangle openvpn won’t map a drive using name DNS

Openvpn dns mapping windows vista

Linux goodness and problems continued

20 October, 2009 (07:14) | Mindless Blather | No comments

My main laptop is an M6300 running Vista Ultimate dual booting to Fedora. It currently has a fried power supply that crackles and a dead battery. Until it gets fixed I’m running on the Ubuntu laptop. Problems keep on keeping on but a few things have worked well:

Keepassx – I was able to download my mozy backup of my keepass file in about a minute from the mozy site. I installed keepassx and opened up my keepass file. Worked great.

Openoffice – For simple and I mean simple tasks openoffice is ok. I was able to grab a few excel sheets off my sharepoint server, edit then put back. I am very annoyed that if openoffice opens an .xlsx file it tries to save as its own .oxx documents. Linux people just don’t get it.Normal users can’t handle that.

Logmein – Big fail in Ubuntu. The logmein browser plugin flashes every time you input a click or keystroke in firefox. The solution is that firefox doesn’t work. Use Opera. Sounds a lot like in Windows getting away from IE and using Firefox. So much irony, hypocrisy and fun.

The quest for perfect credit reporting/monitoring, Try 1 equifax FAIL

26 September, 2009 (09:19) | Easy Money Making | No comments

My first try is Equifax 3 in 1 monitoring along with  score watch for $25/month. The Equifax solution started off cool, it gave me my score, each account in my history and ok explanations. After 6 months of paying $25/month I will tell you it has $0 in value. The only things that worked are available from my annual free credit report or other free sources like my credit card page. The ‘features’ that were supposed to work do not, but function fine for free services like It took a little digging, but you can find all this information elsewhere and get mobile monitoring free.

Equifax=fail (did I just ask to have my credit struck by lightning?)

Hopefully this is a bug report for Equifax. I’ll go tab by tab on why I feel I threw away $150 on credit reporting to test them out.

Starting on the tabs – Credit watch – alerts


Repeated attempts to set my phone up to recieve alerts fail. Screenshot:

phonefail I have resent the message more than 5 times in the last 24 hours. It isn’t that hard to automate SMS to ATT. Mint does it. Pingdom does it. It works. I’m using those services today. The main point of monitoring credit is to be able to take immediate action to fight some idiot in Nigeria who got my card number.

More information in Credit watch – It shows Open accounts

Mortgage, installment, revolving, other, total. I have 4. Not hard to track.

For each it tells you a very inaccurate Balance, Available, Credit Limit, Debt to credit ratio, Monthly Payment Amount, Accounts with a balance.

Ok so if I go on to my American Express, Visa and MC sites I have accurate information. The Equifax information for Balance, Available, Credit limit. Ratio, Monthly payment amount = WRONG. I updated last night and it is still wrong. I updated this morning, -it says today’s date on the “equifax credit report as of 9/26/2009 banner.  If I go in to the details, more data that is either really old or just pulled out of thier e-butt. THis just doesn’t match up at all with what is going on in my banking world.

Then we move on to the score watch tab. This is what had me hooked at the beginning. #1 feature!! A chart that shows the change in my score over time. It starts in Feb, Ends today. There are 5 data points all in Feb-May. Now I know there has been activity in my credit that should generate some June, July, August, September data points. Nothing. This thing has been useless except to show me that getting a new credit card does indeed drop your credit score quite a bit for several months. That is with 5 dots. Not much help. Remember – a credit card addition = drop in your credit score.

If this thing showed me more data points, if it didn’t feel like Equifax was intentionally hiding credit information from me, I would pay for this stupid chart. Hell I would pay for an app to keep it as my blackberry background. But they don’t update it for you out of their own database. Something is diabolically wrong. Does Lex Luther run the big 3?

Credit Report Tab

Inaccurate information about the balance I am carrying. It has a lame ass chart for Balance Vs Available credit. Free kills them on any useful/accurate information.  The interesting stuff is Length of Credit History, and Average Account age, but you can get that in your free credit report or on your credit card site. LAME!

Neat chart

Credit Score

This tab is priceless. It shows my credit report from 2/19/2009 when I signed up. The coders are too stupid to pull the data from the score watch tab in July. So the whole $150 worth of monitoring has been to tell me in 6 months my 2/19 score is the same as when I checked it on 2/19. Neat. It goes on to tell me my lender risk % from 2/19. It is 9/26 so that isn’t so helpful as I have eliminated any traces of debt (using mint.) BTW, my mortgage brokers across the hall at my office say this is complete bullshit. I don’t know who to believe there.

In my report manager tabs, you can see that I have 1 “score power” report remaining for the year. Well that sucks because I should just do 1 free credit report a year and pay 1 time to get one 6 months later. Paying $300 a year to “protect my credit” was a bad idea. The unlimited Equifax credit report is useless and inaccurate. None  of the numbers have ever matched my credit card statements.

My goals with credit protection and monitoring:

1. Monitoring alerts to my phone

2. Many data points per month to help figure out exactly what I did to change my score

3. Lowest cost possible.

So far is the winner for managing finance. I have custom alerts set up for all accounts. It won’t watch for a new card being opened in my name. But the data it does provide is accurate because it is drawn directly from my cards/banks web pages.

Next try will be Experian or If I can figure out how to cancel the Equifax account. I hate calling people. Anyhow last screenshot is the cancel subscription/change subscription/show i’ve been billed every month for 6 months FAIL. I can’t cancel my account. No options on any menu that I can find allow me to discontinue automatic billing. What a scam. I should report them to my credit bureau.

If the credit bureaus really operate this poorly when you go to buy a house, well crap. Not like we can do much.

cant cancel

Gmail reports still flooding in

24 September, 2009 (08:23) | Mindless Blather | No comments

chat is broken for my users in multiple states. It has been down since we started work around 8am MST

Gmail problems today

24 September, 2009 (07:45) | Mindless Blather | No comments

On multiple networks we have confirmed issues with Gmail corporate contacts and chat. Mail is also loading very slowly. Maybe it is time to start paying instead of complaining when the free corporate version has problems. 🙂

Set ossec to monitor mysql logs on red hat (not log ossec in mysql)

18 September, 2009 (14:19) | linux, security | No comments

Ossec is super. I was having a hard time googling this so I read the stupid configs and figured it out. Edit your ossec.conf file, add to the <!– files to monitor section-





Restart ossec and it should start reading your mysql logs now. Anyone have additional rules to add in for mysql?

PIngdom is down

3 September, 2009 (18:21) | Mindless Blather | No comments

Funny when your monitoring service goes down. I wonder how bad it is going to be when it comes back up. Get ready pingdom users

Windows Updates can learn a lot from Linux

25 August, 2009 (09:57) | OS, security | No comments

Here is a great linux idea that windows should follow:


After an SSH into a new Ubuntu machine, you can see that there are patches available. And not just Ubuntu patches, for all the packages you have installed.

Dear Microsoft: I wish that at the login screen to Windows, in all that empty space, you have a box that says:

XXX programs can be updated. XXX are security updates

XXX drivers can be updated. XXX drivers address critical issues

Once this is done, I would like to see Microsoft leading a charge to develop a central patch distribution service like Linux does so well. Manufacturers would be responsible for updating and uploading their latest into the system. The default action would be to install updates as a manufacturer releases them. Settings would allow you to download and notify, notify only or ignore. At that point we add to the login screen-

XXX 3rd party programs can be updated. XXX are security updates

I think it will be a pain in the ass to set up. But not as much of a pain in the ass as users who refuse to update java, flash, quicktime, acrobat and everything else out there.

Entertaining CNN tech story… weird

25 August, 2009 (07:36) | Mindless Blather | No comments

Top ten stars that will get you a virus. And not by being a fan at their hotel.

« Older entries

 Newer entries »