Select Page

ipfw rule counters via snmpd

I have a number of FreeBSD machines with jails on them that require me to keep stats and graphs of their bandwidth usage.
The solution I came up with is to add counter rules in the kernel IPFW firewall table and then plug a simple perl script into Net SNMP which will put each ipfw counter rule’s current byte count on a unique OID that you can query and graph using something Cacti.
This same technique can be used to graph things like only HTTP, SMTP, etc traffic, or infact anything that you can express as a IPFW counter rule.
Read the full entry for details on how I implemented this.

(more…)

Jive Messenger

I have been contemplating rolling out a Jabber server for my employer for a while, I have always been persuaded not to do it by the lack of graphical (web or otherwise) configuration tools for the server.
Ease of user management is key since I do not want to burden my systems administrators with even more silly account management stuff which can easily be done by other people.
After a recent outage on MSN I decided to take another look and came across Jive Messenger. It is a Java 1.5 based Jabber server implementing the XMPP protocol. It has a good web based user and server management tool, I would suggest anyone looking for a corporate IM server take a look at this.
One caveat though is that its SSL implementation does not comply with the current XMPP specification so you may we have issues getting encryption going between client and server. Up side though is the developer community is quite active on their forums and have regular online conferences with users and other developers to find where they should address new features and bug fixes etc.

cacert.org

While reading my favorite guide to creating a private CA I noticed it mentions cacert.org.
It is basically a CA like any of the commercial ones, web interface to creating and managing your keys and so forth the only catch is the root key isn’t in the browsers and so forth. It is nice though to do all your keys through them and only have to bother importing a single CA.
Initially your keys will expire after only 6 months but there is a web of trust and a points system that will earn you the right to create longer lasting keys.

Managing Jails on FreeBSD 5

While configuring up my new FreeBSD 5.3 server I noticed that the rc system now supports starting up your jails using settings in /etc/rc.conf. I am not sure when this came about, I have not used FreeBSD 5.x much but I have to say it is a lot nicer than my own hacked up RC scripts.
Read on for more details about this and some other tools that is useful for jail management.

(more…)