Brad Fitzpatrick (bradfitz) wrote in lj_dev,
Brad Fitzpatrick


Wendy is now up and running, processing web requests. The interesting thing about Wendy is that it has no public ethernet interface (it does, but we didn't plug it in).

Bebe is setup locally, but not installed yet. Bebe will be internal network only.

Stan is doing NAT for Wendy and Bebe, but in the future Kyle could too, should Stan die.

Dormando and I are getting aggressive with firewall rules. Somebody syn-flooded us last week with 60 Mbit of traffic for a few minutes. Thanks... that was fun. (assholes) The annoying thing is they seemed to spoof their source address to be inside the network, so they made our internal network get slightly busy too. Some simple rules could have avoided a lot of the problems.

The main annoyance was all Kenny's mbufs getting used up. Evan didn't look at mrtg and rebuilt the kernel, thinking we were hitting a max connection problem.

Anyway, I'll post more about this later.

Also --- I'm going to setup a database server on kenny today (after a nap?) that'll do the directory search stuff. That way if it crashes, it only slows down the directory search, not the whole site.

  • Post a new comment


    Anonymous comments are disabled in this journal

    default userpic

    Your reply will be screened

    Your IP address will be recorded