1. A Jabber server. Because local messengers are trash, and Miranda looks pretty :)
2. Kerio Mail Server is crap. Sorting rules are pathetic, log visibility is zero. And hMailServer too. Or maybe I’m just clueless. Looking at MDaemon and XMail.
3. Shadow Copy refuses to work without some filing down. The folder that’s supposed to hold the XP update for version control support — empty. Works with glitches. Figuring out nnBackup and its dump-style operation. Thinking about how to do it properly — so there’s enough space and you can roll back to any version. Haven’t come up with anything solid yet, still reading.

That’s a little plan for the week. MDaemon was aptly named — its settings are truly demonic :)

to boot FreeBSD via ntloader you need

c:\boot0=“FreeBSD”

Turns out Windows has this neat thing called Volume Shadow Copy. Its usefulness lies in the ability to back up files that are open for writing, and on a 2003 Server you can even keep up to 64 copies of a network-shared resource. That is, a file being modified by a user is automatically backed up every time before it’s written, and also when it’s deleted. Kind of a transparent backup — transparent to the user (which is good) and to the admin (also not bad).

Rejoicing at the idle capacity of the server, I set up a zoo of virtual machines on it. Installed XP, 2003, 7.0. In the firewall (Kerio Winroute) I added a rule that everything is allowed for anyone in the “virtual servers” group. In VMWare, the network type for each machine is “Bridged”. That is, their IPs are from the local network and they are visible — the Windows ones via NetBIOS/RDP and the FreeBSD one via SSH. There is a machine on the network with an ADSL connection, configured as a transparent gateway. It is set as the default gateway in all the virtual machines. And all of them show the same picture — the world is pingable (I checked against Yandex), but http/ftp does not work. Not at all. I already mentioned that the outbound access is open in the firewall. I tried all kinds of additional rules — for the server group, for the IP, for all ports, for port 80 — nothing works. Ping is there, traffic does not flow. After a week of poking around I decided the problem is still in Kerio. My suspicion is that this bastard somehow additionally filters popular protocols — I found something about HTTP and FTP inspectors in it. I disabled them, i.e. created services without these inspectors — did not help. Disabled anti-spoofing, jumped on my left leg, spun around three times at full moon — same result. Are there any Kerio users among the few readers of this journal? Tell me — where is the bottleneck?

The picture is taken from the [relevant website

](http://www.downshifting.ru/) I learned about this phenomenon from BOR’s quote It seems to me that this sermon against shoddy work and philistinism was at the same time a sermon in favor of downshifting. More precisely, in favor of choosing between a life model based on living and a model based on experiencing. And since it is hard to keep experiencing the purchase of a refrigerator or a pay raise for long, the choice seems obvious. The only question is when it will be made, and how much time we will have left after that.

Today is that one day of the year when the general public remembers the Chernobyl tragedy. Even Yandex Pulse clearly shows a spike in activity. Chart for the year: Interestingly, it turns out that on this day the words “Chernobyl” and “ass” are used equally often. Meanwhile, “money” remains consistently popular. Chart for 2 months, for a closer look:

Seems I was wrong to blame the seventh version. Installed 6.3 and the problem remained — the ADSL connection refused to come up. Turned out the card was acting up; after a wipe with alcohol and moving it to a different slot, it started working. Hooray, we have a gateway, two networks — old and new — both running, all systems go! (knock on wood…) Next tasks: a) SSH authentication without a password, using a key b) Sending mail from a different address. This is caused by the fact that the mail setup in the organizational hierarchy is configured in a somewhat odd way, and a local user needs to send mail on behalf of our organization’s address, which is registered on the upstream mail server… something’s off here, but we’ll have to adapt to the existing rules :( c) And the dyndns questions remain. Fortunately, there’s now an extra machine for experiments. Instead of Hamachi I’ll probably try either Kerio or OpenVPN, because Hamachi lags terribly.

Reporting season has arrived, which means I have less and less time for network tuning. For now I’ve given up on the wall sockets (figuratively speaking), plugged a patch cord into one of them leading to one of the old switches, and I’m working like that. The plan is this: to end up with a “model” network as a result of all this work. Beautifully and thoughtfully configured according to a pre-designed scheme. Reliably protected from external interference, and regularly backed up against internal mishaps. With documentation — both ongoing and final. Something pleasant to look at. Since the existing server runs Windows, I — as an enthusiastic if not particularly skilled OpenSource advocate — want to build a gateway on FreeBSD. Both for security reasons and out of love for it. So while the girls are putting together reports that I’ll later have to shove into a buggy and glitchy program, a spare machine has been chosen, a second network card has been plugged in, and FreeBSD 7.0 has been installed (with a patched OpenSSH). Without overcomplicating things, I copied the configs from my home machine (ppp.conf and rc.conf), adjusted the login/password/interface names in them, and at a convenient moment I give it a try. What do I see? Instead of connecting to the internet and working productively for the good of the organization, I get an error message saying: **WARNING: attempt to net_add_domain(netgraph) after domainfinalize() ** Well, damn. Googling around on Google, Yandex, and opennet showed that I’m not the only one who’s seen that line, but other people mostly have issues with mpd, while mine is with PPPoE. A quick fix wasn’t found; it seems I’ll have to do a lot of reading again, and the behavior looks quite strange. And since the whole network design theory hinges on this gateway, tomorrow I’ll reinstall it with FreeBSD 6.3 instead, and if that doesn’t help either — then I’ll start reading. Because to set up a proper working machine (with internet, ICQ, a proper LAN), I need to remove the current services from it — mail and proxy. And to move those to a new server (as per my plan), I need a working gateway. Blasted nuisance.

The first glitch was rather unexpected. I decided to set up remote access to the server so I wouldn’t have to walk across the hallway. I plug a patch cord into the socket and watch as the server refuses to respond to pings, while the port indicator light on the switch blinks at a steady interval. I suspected the cable, the socket, the quality of the crimping… Until I thought to check the cable’s wiring scheme. Turned out they had been crimped according to an arbitrary scheme, as long as both ends matched. Why cables crimped the same way worked fine in the old network with simple switches but refused to work with the fancy new one remained a mystery. But I did get plenty of practice re-crimping cables to the standard wiring scheme. It’s not the connectors I feel bad about so much as the 15 wall sockets. They’re installed in hard-to-reach spots, the wires keep breaking off — over the course of a week I only managed to redo 6 of them.

So, about work.

A typical mid-sized government-owned office. A motley collection of PCs, network cabling running along the floor, no documentation, two cheap Surecom hubs/switches. However, the guy who managed all this before me is a very smart fellow. No irony intended. Antivirus software is installed, users work with Total Commander (all of them!), The Bat, and a local messenger. On top of that — there's the aforementioned server, which sits in a rack cabinet together with a 24-port **3COM** switch. Fifteen UTP lines (run through cable ducts) lead into the cabinet and terminate in wall outlets at the workstations. My job is to migrate the local network from its current state to the new equipment.
The server is a decent piece of iron from **DELL**, configured either at the factory or by the resellers. It runs Windows 2003 RC2 (licensed, mind you). So the question of configuring RAID arrays has (fortunately or unfortunately) been taken off my plate. It's powered on, it works, it hums away.