Monday, June 28, 2004

Windows 2000 Firewall

Windows 2000 Firewall

Here is a great website showing how to use Microsoft's IP Security Settings to create an effective firewall. I will be modifying the rules to include a firewall for all ingress Internet traffic and both ingress and egress traffic through a PPTP tunnel.

I had to permit TCP traffic on port 1723 for PPTP and permit Other 67 (GRE protocol). I then had to create a trusted network that allowed all traffic through.

I found this article that states the problems using Windows IPSec as a firewall tool.

This Microsoft KB article will show how to disable the vulnerability through the registry.;en-us;811832

Thursday, June 24, 2004


Rsync with Debian

I've been doing some reading on rsync and it is a really neat utility. I would like to use the tool to help move 8 Windows 2000 server backups across our network to a centralized backup server with a tape drive.

I looked into Arkeia (nonGPL), Bacula, and Armanda. Bacula and Arkeia have Windows clients, however Bacula can't backup a Windows registry. I would need to run ntbackup and then run bacula. Arkeia seemed to work great but I started getting concerned about how much stress I was adding to our network and it is a lot more expensive than I was anticipating ($3000-6000 depending how many servers have clients).

That is when I found out about rsync and BackupPC (GPL). Rsync has a great alogorithm that allows it to 'cheat' a file transfer by only sending the binary differences between computers (You can read about it at This sounds like just the type of tool I need to use to create good network backups.

Now for the test: see if I can use rsync to speed up apt-get updates. After running 'apt-cache search rsync', I found out that apt-proxy can use the rsync protocol. However, the Readme.gz file mentions that rsync doesn't work well with compressed files and this article brings up the same concerns.

Since it is easier to try and fail than to spend any more time searching, my next post will show my results.


Working with Debian

I have to stop using my Debian machine at work. Apparently, the ntlmaps package doesn't play well with Windows ISA (MS Proxy) policies or you could say that it works too good. I was sucking up all available Internet bandwidth constantly whenever I ran apt-get upgrade.

I am running SID from work as my experimental server/workstation. Whenever I needed a new network or administration tool, I would search for a tool and apt-get install that tool. It was great. I installed plone when I thought our intranet looked boring, I installed Request-Tracker to see if I could replace Track-It!, I even started running mrtg to monitor our network health on the Debian machine.

I was asked to stop using the Debian server on the network to see if that helped with our Internet bandwidth issue. Apparently it helped.

I think I figured out why I was getting priority when downloading web pages and files. If I downloaded a file through the ntlmaps proxy, I would get around 115 kbps (920 Kbps) downloads and if I downloaded through MS Proxy directly, I would get slowed down by policy to 25 kbps (200 Kbps).

Since, I was stuck on Windows 2000 for everything, I decided to download cygwin to use some of the tools I was used to in Debian. When downloading the packages without going through Internet Explorer my speed increased to the high 115 kbps speed. The same thing happens if you use any program other that IE to download anything. Since ntlmaps wasn't IE there was no reason for it to try to slow down the download.

Thursday, June 17, 2004

Joel on Software - How Microsoft Lost the API War

Joel on Software - How Microsoft Lost the API War

What a great blog article!

This article really puts together a lot of good information about the future of computing. It brings up a good comparison between web applications and rich clients.

I'm hoping that Linux will be able to fill in for Microsoft in the rich client market. The problems that Joel Spolsky wrote about sound too much like the problems developers have with KDE and Gnome. Maybe an article like this will help bring the Linux camp around to a common API.

Monday, June 14, 2004

Debian Linux vs. Windows 2000

The IT shop here has a hard time understanding the benefits of Linux, specifically Debian. And I don't know how to tell them the benefits without showing them the system.

I am not a developer, but I am a heavy tester of software. I like downloading and installing software tools if there is a download out there. I seem to save time if I can install the software in a test environment and look around at the interface and options. Then going back and reading the manual.

I have two computers that I use in my office. One is Windows 2000 which is necessary for Exchange, and unique vendor client/server applications. The other is my Debian unstable desktop/server.

My Windows 2000 computer doesn't work like Debian does. It has fragemented files that can't be fixed -- even in safe mode. I have never had that problem in Linux. The registry is starting to look ugly from all of the software I have installed and uninstalled. Debian's apt-get allows me to install and uninstall software without leaving a trace. apt-get has kept my system clean and sane without needing to reboot unless I update the kernel.

Speaking of rebooting, I have to reboot the
Windows computer way too often. When I install new software. Reboot. When I install windows patches. Reboot. When I installing office/software patches. Reboot. When I uninstall software. Reboot.

The Debian computer allows my to try out enterprise server applications that can be scaled down to a few machines without chasing purchase orders and new licenses. And if I am just testing something I would be willing to buy, I don't have to worry about shareware restrictions. I can keep my installation and configuration the same from testing to production.

My Debian workstation is becoming a useful swiss-army tool for many different ancillary server applications like mrtg, apache, request-tracker, phpbb2, etherape, ethereal, and others. Whereas upstairs, I have 8 rack-servers serving