Posted on

12-Jul-2016

Nightly job…
The new configuration of the router had some quirks.
Thinking I had it all set up, it turned out that for some reason, IPTV didn’t pass: the set-up boxes had no connection to the Internet. Resetting them didn’t help – that’s what made this clear.
Where there is one VLAN for Internet access, this is routed to ports 1, 2 and 3; over LAN1 (connected to WAN1) or LAN2 (connected to WAN2 – the fast port). IPTV is bridged directly to it’s own LAN and port, and that seemed to go wrong. (VOIP works regardless the WAN port used – the lines are both registered at the provider).
This was in the very early hours of today, and there was no tie to figure it out. So I looked for a backup of the configuration, found a number of older ones, and restored the configuration from the latest of that set, reconnected WAN1 to the internet and set up Port WAN2 as backup. Some things still need to be done, but at the moment, everything is now in working order. So I created a backup of this installation.
And just then I found the pretty recent backup I was looking for…
Well, given the time I didn’t restore from that one. There is still some work to be done to swap the two lines. Unless the ISP has another idea to get the connection working at the intended speed of 100Mb – symmetrical.
Update
I got an answer on my question to Draytek about this issue: Is it a router setting that causes this? The answer is: No, it’s ‘built-in’.
AS they put it (in Dutch)

De WAN 1 is een 10/100 Mb poort. Hiervan is WAN<>LAN doorvoersnelheid ongeveer 50~60 Mb/s. De WAN 2 is een 10/100/1000Mb poort en
hiervan is de doorvoersnelheid ongeveer 100~110 Mb/s. Onze advies om de WAN 2 te gebruiken.

Shrt translation : WAN1 is 10/100 Mb, WAN to LAN throughput is about 50-60 Mb/s. WAN2 is a 10/100/1000Mb port where throughput is about 100-110 Mb/s.
We recommend to use WAN2.

So in stead of 100 Mb, that WAN1 port is actually a 50Mb port – so 50%. WAN2 is even worse: the speed (given you can run full speed (1Gb/s)) your port is actually 1/10th!
So if I want to have full advantage, I’ll have to use WAN2. No problem, all is set up to work that way – just have to see if that works for television as well. And the max speed I got when testing it, was only(!) 70 Mb. Faster indeed though not the 90 I would expect, but it might be that router traffic interfered.
However, if I decide to go any faster (500Mb is possible) I’ll ned to replace the router – and heavily check te actual throughput.

Posted on

11-Jul-2016

Internet access issues
Since I have a fiber internet connection, and a subscription to a 100 Mb connection (symmetrical, so either way) it wondered me when running a speed test, it would get to just 50 – download a bit less, upload a bit more. On contact with my ISP, I checked using the supplied router (Fritz!box 7390). The laptop directly connected to this router, that one directly connected to the FPU (where fiber meets Ethernet). Here, the speed ran to a speed well over 90 Mb – either way. Connected it like the Draytek router – so with another cable, as this isn’t close to the FPU because of all connections – it still was over 90Mb. Still, the Draytek kept running at “half speed”.
The fun part is: this is a dual-WAN router. the first WAN port is 100Mb, the second can handle 1Gb. The connection was set up to use the first, so I switched to the second. It does make a difference: Speeds are now increased to about 70. A bit better, but not yet as is has to be. Of course, all other traffic may interfere, but that would have been the case with the Fritz!box as well. So there is one more test to perform: Disconnect the LAN and rerun the tests. If that closes in to 100Mb, it’s obvious that traffic to the server causes the issue. If not, it’s the router that needs another tweak. I asked Draytek what it might be, but I doubt this can be set – I didn’t see any setting that could be – except, perhaps, MTU. Set to 1442 where the max is 1496. But I cannot image that these 40 bytes make such a difference….
But it might be.
Server issue
Yesterday’s issue with the server is confirmed to be a bug, not a real surprise given the massive overhaul of the code. Mark supplied a hotfix that tackles this one and a few others. It will be installed ASAP – it might be tonight but on the other hand, it can wait a few days. It’s not that important.
Update
Done – and the configuration has been restored. Now it works again.
I also updated the email-program, but here I ran into a problem: It seems that the program is unable to open the language file, the server returns a 403-error but there is nothing wrong (it seems) with the file security…Looked into the code and found that the language file used (EN.TXT) seems to contain more, or less messages than is anticipated. Hence: mismatch. I re-installed (= upzipped) the files once more, and even without rebuilding and reinstalling, the site now starts. That is: there is a message popping up because a routine called within the Javscript cannot be found:
.soymail error
but that doesn’t stop the music. Nor do the missing header and default footer, but I had URL’s to the spamfilter. So I’d like to have them back.
Update on these
I found the reason for the missing header and footer. I forgot the configuration file, didn’t remember name or location (but given the author, it would be ‘soymail.conf’, or so. Checking on the logicals I found it, and adapted the header and footer lines.
The issue with the script is just a matter of clearing the browser’s log. I could have known that…

Posted on

10-Jul-2016

Server updated
Updated WASD server. As usual, it’s been a piece of cake, but this time there is a twist.
In the mapping file, I have a line:

if (client_connect_gt:10) pass * "503 Exceeding your concurrency limit!"

to prevent a single accessor to have more than 10 concurrent sessions – at least, this was my interpretation. But now it blocks ALL access, whether the number of sessions is higher than 10 or not, regardless the originating address. (apart from me, there seemed to be one more user, he got this message, but so did I – with ONE session… Since some parts of WASD are rewritten0, this may have slipped attention, so I reported it to Mark.

Once disabled, the site is accessable again.

This effects the non-secured sites only because the other ones don’t pass this mapping. However, I notices a weird thing using Firefox: The tile (“~”) used in accessing the user’s mail environment, translates to another character (‘not’ character) and therefore, Mozilla cannot be used to access the webmail-program directly – I have to get to the main page and invoke SoyMail from there.

Posted on

03-Jul-2016

Just the ordinary
Again, there is nothing special in the system.
PMAS statistics for June
Total messages  :  1893 = 100.0 o/o
DNS Blacklisted  :   0 =  .0 o/o (Files: 0)
Relay attempts  :  264 = 13.9 o/o (Files: 30)
Accepted by PMAS :  1629 = 86.0 o/o (Files: 30)
Handled by explicit rule
Rejected :  800 = 49.1 o/o (processed), 42.2 o/o (all)
Accepted :  212 = 13.0 o/o (processed), 11.1 o/o (all)
Handled by content
Discarded :  239 = 14.6 o/o (processed), 12.6 o/o (all)
Quarantained :  195 = 11.9 o/o (processed), 10.3 o/o (all)
Delivered :  183 = 11.2 o/o (processed),  9.6 o/o (all)

There were just a few reay attempts causing the logfile to grow over the limit:

  • 5.135.219.26 (38 attempts). The only information I could find on this address is that is seems to be located in France. It tries (bogus) addresses of my domain (the only real one is www.grootersnet.nl) and the attempt was made to connect to a gmail mail server.
  • 208.100.26.230 (16 attemps) but given the sender and addressee used, I think this is a test to see if the mail server is an open array. (It isn’t). The address refers to a hosting company in the USA (Chicago area), and the company that is hosted there, seems to work on QR-codes (ScanMe.org doesn’t own a website, ScanMe.com does)
  • 4.222.41.220 (101 attempts) seems to be a dial-up connection to a server near Wichita (Kansas), so there is no further information.

Since these are simply ‘just a try’ – the number of attempts is relatively low and do not reoccur – I leave it. For now.

Funny: On Windows 10, the Edge browser will highlight the first two as links – and offers Chrome to open them :). Show in Internet Explorer shows the data as it is intended.)

Pending Updates
I have to update WordPress, but for the lastest version PHP 5.6 (that I downloaded and installed) is recommended, as well as MySQL 5.6 or MariaDB 10.0. It should word with PHP 5.0.4 (I curently run 5.2.13) and MySQL 5.5: that I’m using for several years now,
For mySQL, I will have to stick to MySQL 5.5 (or MariaDb 5.5) since there is no recent update of MySQL on VMS (HP won’t fund any attempt) nor has Mark Berryman updated his port of mariaDB.
The previous update (to WordPress 4.3) failed, so I wonder what will happen with this one. I’ll do WP first, than PHP; is has no implications on the blog itself (I hope).

Another update is the webserver (WASD) to 11.0.1 – and that will be a piece of cake. As usual.

Router problem?
The Vigor router has a problem, I think. Although I have disabled any limit (there is no need to limit access), the router complains about exceeding the maximum number of allowed connections. At times not just from the LAN, outside connections get the same error as well. It seems the router doesn’t free disconnected channels, the server has not that much open connectons.. The only solution is a reboot of the router.
This time, I needed anyway, because I updated the servre firmware. But probably I’ll have to reboot the router regularly; it has a schedule option but I need to dig into the manuals first. If possible, this will of course be scheduled at a quit time.