Remotely installing PFSense to hard drive with VGA and without CD-ROM

FreeBSD is great for certain tasks (such as firewalls and other embedded devices), but has some real shortcomings when it comes to booting from attached or remote storage. This severely complicates the installation process in some cases.

In my case, I have a remote server in a rack with no CD-ROM. Pulling the server from the rack and plugging in an IDE/SATA CD-ROM is not an option, as there is no physical access at the current moment (I’m about 90 miles away on travel). So far the following methods of getting FreeBSD / PFSense installed have failed miserably:

1. Boot CD-ROM ISO over PXE (current memdisk). Negative.

2. Boot CD-ROM ISO from USB CD-ROM. Negative.

3. Boot CD-ROM ISO from virtual storage (IPMI CD-ROM). Negative.

OK, so it’s 2010 and FreeBSD can’t boot from anything other than a plain old IDE/PATA CD-ROM (which isn’t an option). Seriously, WTF?

So back to the drawing board. Let’s try some other more or less obvious options:

4. Burn PFSense embedded image directly to hard drive using the same instructions for CF memory. Negative. I even watched the serial console through IPMI – nothing.

5. Boot embedded image from network (memdisk). Negative.

All five of these methods have failed.

Time to use brute force, and if this doesn’t work I am banning FreeBSD from my life.

Yank HDD from laptop, throw in a spare, and boot the CD-ROM on the laptop.

Proceed to install PFSense.

Boot into Linux (or FreeBSD, doesn’t matter) rescue mode CD with network connectivity.

Copy the HDD image off to a remote site:

Remote machine (intermediary storage server, in this case my mirror box):

nc -l -p 2222 | dd of=pfsense.img.gz

Local machine (laptop):

dd if=/dev/sda conv=sync,noerror bs=64K | gzip -c -9  | nc -p 2222

Once you’ve got the image, it’s time to boot the target PFSense machine into the same Linux/FreeBSD rescue mode and copy the image to the HDD. In the previous step, my working directory was the /pub folder on a public HTTP mirror. This allows me to burn the image directly over HTTP in the following step:

wget -O- | gzip -cd | dd of=/dev/sda

Much to my surprise, this actually worked! The saving grace for FreeBSD/PFSense, is that it’s able to be installed on one machine, then booted on another. Now on to learning how to use PFSense and configuring firewall rules.

If you want a copy of the HDD image to save you over half of this hassle, you can find it HERE. It was created with an 80Gb HDD so you’ll need at least an 80Gb disk for this to work. Good luck, you’ll probably need it.

Arbitrary MIME support for aacplus streaming with libshout and perl bindings

If you want to be able to support alternative stream types (such as AACplus) using libshout-2.2.2, you’ll need a patch to add a ‘mime’ method. You can then manually set the mime-type for arbitrary stream types. I also included a minor change which sends ‘content-type’ headers to Shoutcast/ICY stream servers, which is required for Shoutcast server support of AACplus streams:

libshout-2.2.2 patch

Additionally, if you’re streaming through Perl, the Perl bindings (Shout-2.1) will also have to be patched similarly both for mime support and for support of the ‘send-raw’ method which is required for non-mp3/ogg streaming. For some reason, send-raw was left out:

Shout-2.1 patch

Decrypting a SSL Server Key for importing into Cpanel

In case someone accidentally encrypts a server key (e.g. not following directions) then expects it to be accepted in to Cpanel, you’ll need to decrypt it first.

Most web hosting platforms (like Cpanel) need the server key to be in clear text. The private key can be decrypted with:

 openssl rsa -in encrypted.pem -out plaintext.key 

Make sure whomever encrypted the key provides you with the pass phrase.

Automatically purge old voicemail on Asterisk/FreePBX/Trixbox

Run this nifty Perl script daily or weekly via cron. This will keep your voicemail from overflowing and unknowingly rejecting new voicemail.

# Script to expire voicemail after a specified number of days
# by Steve Creel

# Directory housing the voicemail spool for asterisk
$dir = "/var/spool/asterisk/voicemail";

# Context for which the script should be running
$context = "default";

# Age (Delete files older than $age days old)
$age = 31;

# Age for unheard messages (Defaults to same age for all messages)
# Set to 0 to not delete unheard messages
$unheardage = $age;

# Delete all files older than $age and $unheardage
# (named msg????.??? to get the audio and txt files,
# but we don't delete greetings or the user's name)

if($age==$unheardage) {

# Save time by doing one find if we're treating everything the same
system('find '.$dir.'/'.$context.' -name msg????.??? -mtime +'.$age.' -exec rm {} \; -exec echo Deleted {} \;');

} else {

# Find everything not in a folder called 'INBOX' and delete it after $age days
system('find '.$dir.'/'.$context.' -path \'*INBOX*\' -prune -o -name msg????.??? -mtime +'.$age.' -exec rm {} \; -exec echo Deleted {} \;');

# If unheardage is set to 0, we won't delete any unheard messages
if($unheardage > 0) {

# Delete things that are in a folder called INBOX after $unheardage days
system('find '.$dir.'/'.$context.' -path \'*INBOX*\' -name msg????.??? -mtime +'.$unheardage.' -exec rm {} \; -exec echo Deleted {} \;');


# For testing - what number to we start when we renumber?
$start = "0";

# Rename to msg and a 4 digit number, 0 padded.
$fnbase = sprintf "msg%04d", $start;

# Make $dir include the context too

mod_security rule for Joomla com_properties [aid] vulnerability

Here’s a mod_security2 rule to block the latest SQL injection vulnerability in a popular Joomla module ‘com_properties’ dated 4/10/2010:

SecRule ARGS:option "com_properties" "phase:1,chain,drop,t:htmlEntityDecode,t:urlDecode,t:lowercase,deny,log,auditlog,msg:'Denied Joomla Component com_properties[aid] SQL Injection Vulnerability'"
SecRule ARGS:aid "\D"

Don’t expect this to be a substitute for updating your vulnerable code, but it will at least buy you and your clients time.

It never ceases to amaze me how incredibly careless PHP programmers are:

Windows Vista / Windows 7 / Server 2008 R2: 0xc0000225 after resizing partition or restoring backup

So I needed to shrink a C: partition of a Windows 7 (Server 2008 R2) machine.  After shrinking with Gparted (my open-source partitioning tool of choice), Windows no longer booted, with the boot manager complaining of 0xc0000225 (awesome error message as usual, Microsoft).

To get things working again, it was necessary to execute the following BCDedit.exe commands from a rescue disk (WinPE worked fine for me):

bcdedit /set {bootmgr} device boot
bcdedit /set {default} device boot
bcdedit /set {default} osdevice boot

After that, life is again normal.

Sometimes you might need to completely reinstall the MBR — for example, you restored only the c:\ partition from backup to a new already-partitioned disk, but did not restore the original partition table and MBR. This can be accomplished as following:

bootsect /nt60 SYS /mbr

In some cases, you may also need to make sure the boot partition is flagged ‘bootable’ or any of the above commands fail. To correct it:

DISKPART (to open the partition utility)
LIST DISK (disk number(s) will be shown)
SELECT DISK n (where n is the number of the disk - probably 0)
LIST PARTITION (partition number(s) will be shown)
SELECT PARTITION n (where n is the number of the Primary partition you wish to make Active)
ACTIVE (the selected partition on the selected disk will be made Active)

Installing RED5 Server on CentOS

First, download, extract and install:

mkdir /usr/local/red5; cd /usr/local/red5
tar -zxf red5-0.8.0.tar.gz

Install JAVA:

wget -O java.rpm.bin
chmod 755 java.rpm.bin; ./java.rpm.bin

Open new init script:

nano -w /etc/init.d/red5

Paste into init script:

# For RedHat and cousins:
# chkconfig: 2345 85 85
# description: Red5 flash streaming server
# processname: red5


# Source function library
. /etc/rc.d/init.d/functions

[ -r /etc/sysconfig/red5 ] && . /etc/sysconfig/red5


case "$1" in
echo -n $"Starting $PROG: "
$DAEMON >/dev/null 2>/dev/null &
if [ $RETVAL -eq 0 ]; then
echo $! > $PIDFILE
touch /var/lock/subsys/$PROG

[ $RETVAL -eq 0 ] && success $"$PROG startup" || failure $"$PROG startup"
echo -n $"Shutting down $PROG: "
killproc -p $PIDFILE
[ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/$PROG
$0 stop
$0 start
status $PROG -p $PIDFILE
echo $"Usage: $0 {start|stop|restart|status}"

exit $RETVAL

Activate init script:

chmod 755 /etc/init.d/red5
chkconfig red5 --add
chkconfig red5 on

Update settings which are located at:


Run it:

/etc/init.d/red5 start

hostapd init script for Redhat/CentOS

Hostapd is a software daemon that turns a Linux box into a full blown wireless access point, but it doesn’t come with an init script to automatically start it when the machine boots up. It seems each Linux distribution that supports hostapd does their own thing, so I went ahead and created this little init script to cleanly start/stop hostapd on a CentOS/Redhat box.

# start/stop the hostapd server
# chkconfig: 2345 99 10
# description: hostap daemon
# processname: hostapd
# config: /etc/hostapd.conf
# pidfile: /var/run/
export PATH

# Source function library.
. /etc/rc.d/init.d/functions

 echo -n "Stopping hostapd daemon: "
        killproc hostapd
        rm -f /var/lock/subsys/hostapd


        echo -n "Starting hostapd daemon: "
        daemon /usr/local/bin/hostapd /etc/hostapd.conf -P /var/run/ -B
        touch /var/lock/subsys/hostapd

# See how we were called.
case "$1" in
        status hostapd
        echo "Usage: hostapd {start|stop|status|restart}"
        exit 1

exit 0

You can check out hostapd here:

I really do think this is the same software many consumer-grade routers are running.

Migrating from Rackspace Cloud to Cpanel

Fed up with cloud hosting? You’re not alone. Just recently, I assisted a mass exodus of over 50 mysql/joomla based sites. After the migration to just a modest dedicated server with Cpanel, MySQL queries improved by 200% on average. Some longer queries and page loading times saw improvement of over 1000%. Additionally, the dedicated server won’t fall on its face when a single script such as a DB backup process consumes ‘too many’ resources and the Cloud decides to put your whole site in the timeout corner.

Here are some scripts to migrate all your files and db’s from a RackSpace Cloud Sites instance to a Cpanel account quickly and easily. Run this script as the Cpanel user you’re migrating to to avoid ownership issues. If you run this as root, you’ll need to run the ownership repair script in this post.

I was able to pull from 10-20 sites simultaneously and even .htaccess and other ‘hidden’ files came across intact.

The progress will be saved in /home/cpanel_user/xferlog.txt so you can monitor it in realtime. You can launch multiple scripts simultaneously to transfer many sites at once.




wget -rc --level=0  --no-parent --cut-dirs=3 -nH \
   --directory-prefix=/home/$LOCAL_CPANEL_USERNAME/public_html/ \
   --ftp-password="$RACKSPACE_CLOUD_FTP_PASSWORD" \
   ftp://$RACKSPACE_CLOUD_FTP_IP/$DOMAIN/web/content/* \
   -o /home/$LOCAL_CPANEL_USERNAME/xferlog.txt -nv &

Now, let’s migrate a mysql database (this can actually be used for migrating from any host, not just Rackspace). Place the file in the Cpanel user’s home folder so it can be run again right before your DNS switch so your records are totally up to date. You can run it as many times as you wish.

# Rackspace Cloud to Cpanel DB copy



MYSQL="$(which mysql)"
MYSQLDUMP="$(which mysqldump)"

CMD="$MYSQLDUMP --lock-tables --add-drop-table \
   | $MYSQL -h'$LOCAL_HOST' -u'$LOCAL_USER' -p'$LOCAL_PASS' --database $LOCAL_DB"

echo "Running: $CMD"
eval $CMD

If you’re looking for cheap and reliable Cpanel, Windows, or other types of Managed Hosting, please check out Fast Serv.