Now the fun starts! All the parts arrived and it was time to put them on the test bench to burn things in. This is my first ever dual processor build, so it was definitely a learning experience. Nothing is really different, it’s just twice as much. When the motherboard arrived, it was absolutely beautiful.
I couldn’t wait to get everything put together and get it on the bench. The RAM had arrived a few days earlier and I knew the processors were supposed to be arriving via USPS later that day. I was antsy with anticipation! Then the letter carrier arrived and my CPUs were ready to go into the board.
Now that I’ve got the processors and RAM installed, lets put on the coolers, get it mounted to the bench, and get it wired up.
Thank God I sprung for the EATX version of this test bench. For those of you that are curious, this is the Highspeed PC Half-Deck Tech Station XL-ATX and it’s a great little test bench. There’s no metal parts to come in contact with the motherboard, so no worries about shorting things out.
Now that everything was together, it was time for the smoke test. In case you didn’t know, computers actually run on smoke. If the smoke escapes, it stops working, and the first POST of a new computer, especially one with an open-box motherboard and CPUs from eBay, is the time when that smoke is most likely to escape. Luckily, this one passed the smoke test.
I slapped the 6x 6TB drives into a carrier and put the LSI 9211-8i HBA in to start burning everything in. I added a USB fan to keep the HBA cool since there wasn’t any airflow on that side of the board. The HDD rack has it’s own fan. Getting the HBA flashed to the IT firmware was quite the pain, but I’ll save that for it’s own post.
First up was to run memtest86 and check the 128GB of ECC DDR3. I ran this for a few days to really beat up the memory, as memtest86 runs over and over and over again until you stop it. After the first pass, I knew I was going to be good because there were no errors found, but I let it run for a while just to be safe. I love this picture because it shows 32 CPUs found and 16 started (It’s 16 physical cores with hyper-threading for a total of 32)!
After burning in the machine for a while, it was time to transplant it into its permanent home, the Rosewill rackmount chassis. Problem was, there was already a computer in there.
So, I pulled out the old motherboard (which will actually end up being my new gaming rig) to have a fresh case to start with.
After moving some standoffs around, the motherboard fit in perfectly.
My original plan was to use the onboard SAS ports for the six 3TB drives and use the LSI HBA for the six 6TB drives, then use the onboard SATA3 ports for the two SSDs. I ended up using all 8 onboard SAS ports instead. FreeNAS doesn’t care what controller the drives are plugged into. I’m not sure if that was a good idea or not, and I plan on looking into it more. If it turns out it is a bad idea, I’ll just move all the 6TB drives to the same controller.
Once everything was put together, it was time to boot it up in the chassis for the first time. I hit the power button and… nothing. The fans spun up for a second, then the whole thing shut down. I had no idea what was going on. The first thing that came to mind was the fact that I couldn’t find the second CPU power cable for the EVGA power supply, so I “borrowed” one from a Corsair PSU I had. I went ahead and unplugged all the drives to see if maybe something there was shorted and it wasn’t. I grabbed the Corsair PSU and plugged it into the second CPU and the computer booted. Ok, maybe it was the cable…
I pulled the EVGA PSU out, put the Corsair PSU in, kinda redid all the cable management, and hit the power button…
Nothing. WTF??? This thing was working fine on the test bench! I did a little more troubleshooting and figured that if it was working fine on the test bench, I’d just go grab that PSU and use it. Out with the Corsair PSU, in with a Rosewill 1000W that I use for the test bench. I hit the power button and… IT’S ALIVE!
The drives are all recognized, FreeNAS boots up without a problem, and we’re good to go. My wife actually did the cable management in the chassis because I was fed up with dealing with it. I was originally going to start with a fresh install of FreeNAS, but since it booted up with no issues, I decided to just stick with the current install, though I found out pretty quick that I needed to delete all the tunables created by autotune as they didn’t update to the new hardware. My ARC was still limited to 12GB.
The box has been up and running damn good for over a week now, minus a few reboots with me doing stuff.
I built the new volume with the six 6TB drives and started moving some stuff to that new pool.
So, that’s the hardware build of my new FreeNAS server. Next, we’ll get into the software part of the whole thing. Even though I already have FreeNAS installed and running on this machine, I’ll run through the install procedure using another box and we’ll get into the meat and potatoes of getting FreeNAS, Plex, and all the Plex Automation setup.
In my last post I taught you how to forward a port on the ASA 5505 running version 8.3 from the CLI. Some of you prefer to use the ASDM to do you changes, so I guess I’ll show you how to do it from there. The ASDM is a bit of a learning curve for someone that’s used to the CLI, and most CLI guys hate a GUI with a great passion. I can go either way. I use the ASDM to make some changes simply because I want to learn it and there’s some guys coming into the field today that were taught on the GUI rather than a command line.
In this lesson I’m using ASDM version 6.3(1) and ASA version 8.3(1). Since we added a web server in the last post, let’s make this one an FTP server. The FTP server’s IP is the same as the web server, 10.9.8.7/24 and we’re running over the standard FTP port, 21.
First off, we want to start up the ASDM and connect to the ASA. Once there, click on the button at the top of the screen, then the button near the bottom left, and finally select near the top left. You’ll now be at a screen that looks something like this:
Click for larger version
Now we need to create a new object, so click on “Add” under Addresses, then “Network Object”.
Now we need to fill out our new window. Once you fill out the name, IP address and description, you need to drop down the NAT box and fill it out. Click the “Add Automatic Address Translation Rules” box, leave the type as “static” and set the translated address as the outside interface.
We now need to go to the Advanced menu from the Add Network Object window and setup the port forwarding. The source will be inside, destination is outside. Protocol in this instance is TCP and our port is 21, both real and mapped.
Click “OK” twice and your object will be created as well as the port forward. Now we just need to add the access rule. On the left side of the screen, just above the NAT Rules is your Access Rules. From there we want to click “Add” and “Access Rule”.
We need to create the rule on the outside interface, coming from any IP to the FTPServer using FTP as the service.
Once you click OK, your rule is added. You don’t have to add a description like I did in the image above this one, I just did that for the hell of it. When you click “Apply” at the bottom of the screen, the ASDM will issue the commands to the ASA. I have preview turned on, so I can always see what commands are being sent to the device before they are actually sent. If you followed all the steps above and you have preview turned on, you’ll see the following:
And you’ll notice that those are the exact 4 commands that I gave in the last post about doing it from the CLI! Now you can forward any port you want from either the CLI or the ASDM!
On a side note, I know a lot of guys hate the ASDM. When I was writing this post and going through all of this I was kinda upset when I saw that I had 10 pictures for 4 lines of code. The good thing about the ASDM is that you have everything right there at your disposal and you really don’t need to know the vernacular of IOS. The drawback is that it will take you longer to get things done at first, but once you get used to it, it can be just as fast.
So it’s been a month and a half since I posted an update, and it’s 4:15 am right now. I can’t sleep and I found out there’s another networking blog out there using the same WP theme as me, so I figured I better put something up here since it was fresh in my mind. Well, now that the niceties are out of the way, let’s get to work.
I recently added an ASA 5505 to my home network at the edge. Obviously, when I did, all of my port forwards went to hell because the ASA is now blocking everything. I run a web server on one of my servers here and I like to be able to access it because I keep a lot of tech manuals and other stuff on there. Well, I went about trying to set up port forwarding the old way and learned real quick that this pops up when I do:
ERROR: This syntax of nat command has been deprecated.
Please refer to “help nat” command for more details.
Yeah, that sucks. On the new version of the ASA OS, global has gone the way of the dodo. I did a bunch of searches on Google to figure it out and everything I ran across was very hard to decipher. That’s why I’m writing this. You can setup a port forward in 4 quick and easy steps. Just change the things that are underlined to fit your network and you’ll be just fine.
In this example, we want to be able to access a web server behind the firewall. We’ll assume you are using the standard HTTP port, the web server’s internal IP address is 10.9.8.7/24, and that you at least know what you’re doing enough to be configuring an ASA in the first place. I’ll give you the steps, then I’ll explain.
Step 1: Create a new object group for you web server.
asa5505(config)# object network Webserver
Step 2: Add the IP of the web server to the network group.
asa5505(config-network-object)# host 10.9.8.7
Step 3: Forward the port via the NAT command.
asa5505(config-network-object)# nat (inside,outside) static interface service tcp www www
Step 4: Exit back to the root and add the access list
asa5505(config)# access-list outside_access_in permit tcp any object Webserver eq www
That’s it! Now, let’s explain what’s going on here. Cisco has started moving more and more towards use of object groups in their configs. It makes things easier, especially when you have a situation where you have 20 web servers behind the firewall and you want to add 1 more in. Rather than having to rewrite a whole bunch of ACL’s, you just add the IP of the new web server into the object group and everything is done for you. After you create the object group (in this instance a network object, you can also create service objects), you add the IP of the specific object (or objects) that you want to point to. So here our web server is 10.9.8.7. If you want to send port 80 to more than 1 IP on your internal network, just add more IP’s to that object group.
Now is the fun part. While we’re in the object group, we need to NAT port 80 only to that specific object group, hence you’re still at “asa5505(config-network-object)#” prompt. Now type “end” to get back to the regular config terminal and we need to open that port in the ACL. Yes, www = 80. You can type either one and you get the same result. If I have to go through and explain NAT, how it works and why I enter in that specific command to forward the port, then there’s a possibility that I’d need to send you an invoice for my time because we would be here for a while.
This works for ANY port forward. If you want to RDP into a machine, simply replace port 80 (all those www’s you see up there) with 3389. There is one caveat. You can only do one port forward per object group. So let’s say that our web server is also an FTP server and you want port 21 to forward as well as port 80. You’re going to have to create a whole new object group (object network FTPServer), put the same IP in the group (host 10.9.8.7), do the nat command again (nat (inside,outside) static interface service tcp ftp ftp), exit back to the root of config, and add the access list (access-list outside_access_in permit tcp any object FTPServer eq ftp).
This should get you up and running with you port forwards in no time flat. It is a bit of a pain in the ass to have to create a new object group for every port you want to forward, and maybe there’s someone out there that’s reading this right now thinking “dude, you don’t have to create more than one group! You can just do…”. Well, you need to enlighten the world with this knowledge and post it in the comments section. And if you’re too scared to do so, shoot me an email to greg(at)gregledet(dot)net.
I’d also like to thank Stefan Fouant for an excellent class today on JUNOS Switching. I learned a lot in his class and you can learn a lot from his website. Check it out and tell him Greg sent ya!