Juniper SRX and DHCP Client Challenge

A couple of years ago I wrote a post about a dual ISP config with a Juniper SRX firewall. At the time I ran into some challenges regarding the DHCP client functionality of the SRX. For some reason it couldn't get a lease from the Ziggo ISP DHCP servers. Any other DHCP server on my local network worked just fine. Since I created a work-around at the time (by using an additional NAT router and static IP addresses) I didn't give it much thought.... Until last week.

Last week I ran into a networking challenge that kinda freaked me out. For some reason my Apple TV wouldn't connect to my NAS, but it could connect to the Internet. For some reason my Apple TV got a public IP address while it was located on my internal network. The public IP address was completely unknown to me. So, WTF was giving my Apple TV a public IP address?

Posted on February 13, 2017 by Willem and filed under Internet, Security, Tips'n Tricks, Junos and tagged Juniper SRX DHCP TTL.

Configure NGINX as a Secure Reverse Proxy

NGINX (pronounced as engine-x) is a versatile (reverse) proxy service for Linux which can be used for many purposes. This post gives a relative small and easy example that I use at home for accessing insecure web services in my home. These are:

Domoticz
Free and opensource Domotica software
SabNZBd
Free and opensource software for downloading binaries from usenet. Available for multiple operating systems
Sonarr
(former NZBDrone) is a so-called PVR (personal video recorder) for Usenet users, which checks multiple RSS feeds (also called Indexer) for new episodes of the shows you're following.

These services run on different platforms and are not protected by username/password or encryption. Something that's not done if you want to access this over the Internet.
To get secure access to these services you might want to use a VPN solution into your home, but you can also achieve this by using a reverse proxy that 'protects' these services.

I run my NGINX reverse proxy on Ubuntu Linux, but it will also run on the average Raspberry Pi.

Posted on January 29, 2017 by Willem and filed under Internet, Security, Tips'n Tricks and tagged nginx reverse proxy ssl authentication domoticz sonarr SabNZBd.

Internet of Things (IoT) and Ransomware

Unfortunately, and no matter how funny the cartoon may be, this may be what the future is going to bring us if we're not careful.

Below are some of the online appliances (just random picks from Google):

The only item I couldn't find was the Internet-connected broom. But I guess that won't take long. The other items can all be bought with some sort of Internet connectivity, and are therefore potential vulnerable for abuse.

Posted on October 10, 2016 by Willem and filed under Annoying, Gadgets, Hardware, Internet, Security and tagged ransomware IoT Internet of Things.

Disable Fritzbox Provider Services

This weekend went my Internet (VDLS) down. The DSL part was still up, but the IPv4 connectivity (over PPPoE) was down. When I checked the Fritzbox (7340) I saw that the DLS had 'trained' on ~100Mbps down and ~30Mbps up. Connection speeds I could only dream of......

Trying to re-establish the IPv4 connection I restarted the DSL modem. Upon reboot, it trained on about 70Mbps download and 30Mbps upload, and the PPPoE tunnel for IPv4 established nicely..... for about 5 minutes.

It turned out that the DSL connection tried to get a better connection, and got it. So starting off at 70Mbps, it could establish a 74Mbps a couple of seconds later, and 75Mbps a bit later after that, and so on, and so on. During this time the PPPoE connection worked like a charm. Until the DSL reached the magical 100Mbps rate. That's when the PPPoE (and the actual IPv4 connection to the Internet) failed.

Posted on May 17, 2016 by Willem and filed under Annoying, Hardware, Internet, Tips'n Tricks and tagged vdsl vvdsl vectored Fritzbox provider services upgrade.

Why Encryption Matters

John Oliver addresses the need for encryption in an hilarious way. The clip is ~18 minutes, but well worth it.

If you still think that encryption is only used for evil (terrorism, child pornography, etc.), and that governments / security agencies should need (backdoor) access to your data..... Well, I'm not gonna end that sentence.

Posted on April 12, 2016 by Willem and filed under Fun, Internet, Privacy, Security, Video and tagged encryption daily show john oliver.

Firefox v42 Tracking Protection

With the launch of Firefox v42 (and up) they introduced an adBlocker in the browser. The ad blocking feature is available (by default) during the use of Private Browsing.

But if you don't want to see those advertisements, and for some reason you don't want to use Private Browsing (like me), than you're out of luck (by default). There's no normal way to enable this feature without the use of Private Browsing (or use an adBlocker add-on for Firefox). Thankfully, Firefox uses a config module in which you can tweak almost everything.... including the Tracking Protection.

Posted on November 4, 2015 by Willem and filed under Browsers, Internet, Privacy, Security, Software, Tips'n Tricks and tagged adblocker tracking protection firefox privacy.

REDELIJKHEID.COM Turned Black

and not that I wanted it.

This weekend all the REDELIJKHEID.COM services went down. This included;

Mail services (for the family)
My website (this website)
My father's website
My photo website
Tumblr
etc.

Posted on February 19, 2014 by Willem and filed under Annoying, Internet, No Way!!!, Personal, Website and tagged domain outage hover domaindirect.

Google+ Custom URL

Google+ introduced a new (shiny) feature recently called Custom URL's. Up till now people had to communicate these long URL's if you needed to find someone on Google+. Mine for example is: https://plus.google.com/u/0/105217840082627216167/. Not a real slick way of presenting yourself on the Interwebs. When you log in to your Google+ account you get the option of getting one of those URL's for 'free'. It basically is your screen-name in the URL.

Mine would be http://google.com/+GuillaumeRaisonnable/. Would be, because, I'm not getting mine. The reason for this is that you need to leave your mobile phone number with Google for so-called verification purposes. By doing this I would be giving away another piece of privacy for something shiny. Something a lot of other people will be more than willing to do so. Just remember that the NSA never had it any easier since the arrival of social media to violate your privacy.

Posted on October 30, 2013 by Willem and filed under Annoying, Internet, Personal, Privacy and tagged Google Plus Custom URL.

What We Searched For in 2012

and what we found using the Googles.

Posted on December 23, 2012 by Willem and filed under News, Internet and tagged 2012 Google Youtube zeitgeist.

Ziggo Internet, Juniper Firewalls and DHCP

At the house I have currently two ISP delivering broadband. Well, broadband isn't the correct word, since the the one of them is only a mere 256kbps (I think). The other is a 'whopping' 20Mbps.
The 20Mb connection is provided by XS4ALL, and the 256kbps is for free (if you have a phone subscription with Ziggo). The 256kbp is the minimum they provide to transport the phone calls, but if you're a masochist you can also browse the internet over that connection.

So, two ISP @ home. Combine that with a Juniper SRX firewall, and a dual ISP setup is born. The theory of that setup is that I connect both ISP's to the firewall, and use the 20Mb line as a default internet connection, but when that one dies, I automatically get switched to the backup line (256kbps).

Posted on August 9, 2012 by Willem and filed under Annoying, Hardware, Internet, Security, Tips'n Tricks and tagged Dual ISP Ziggo dhcp srx Juniper.