NW Elixirs #1 Hott Sauce
![[mail]](img/envelope.gif){kind=small}
Dear NW Elixirs,
I tried your "#1 hott sauce - sauce piquante" this morning at Besaw's for the first time. I have officially found my new love of hot sauces. No more Tabasco for me!
You apparently sell them at William Sonoma but not many more locations. I'll definitely be going back to Besaw's for a few freebe tastes, but I'm also picking up a few bottles the next time I can find it in the store. I feel like this is the perfect stocking stuffer for the upcoming holiday season, so for all my family members that like hot sauce, be ready!
I hope you can get more accessible stores to carry this in the near future. I'm definitely telling all my friends and will ask for your products where I shop.
Keep up the great work.
Sincerely,
Cory
---
The Hot Sauce is available in a few local stores such as William Sonoma and a handful of local restaurants like Besaw's in the Pearl District on NW 23rd.
For more information on this sauce and their other flavors, see their website at http://nwelixirs.com.
IPoAF (IP over Aluminum Foil)
I've always wondered what kind of connectivity could be achieved over random pieces of household items. After a bet from a friend, I set off to find a soldering iron, solder and roll of aluminum foil.
After setting up a small test for a 100-base-T connection over Aluminum Foil, I was amazed that I had perfect connectivity. On my Comcast connection, I have 50/10 Meg service, which as you can see from this picture, I'm getting all that and more:
After browsing and doing a speed tests for a few minutes, zero errors appeared on the interface.
...So after this test, I don't feel so bad about going cheap on the cables manufactured outside the US. Seems like any piece of metalic-like substance (like Tin-Foil) will pass Ethernet these days!
More tests to come.
XBOX Live (XBL), JunOS, NAT and a Juniper SRX210 on Comcast
After spending 2 months of having my Juniper SRX210H router threatened to be jettisoned across the Columbia River by my better half, I was finally able to track down the cause of my XBOX 360 showing "Strict NAT" type of connection.
Here's a few notes that might help others to get an "Open NAT" connection to XBOX Live with a router running the JunOS router operating system:
1. I use Comcast for my residential home Internet connection. Comcast will not provide more than one IP for residential connections in Oregon or SW Washington, so you must use it wisely.
2. I use PAT (port forwards) to other devices on my network, which means I can't use a 1:1 or Static NAT on my only Comcast-provided public IP.
3. I followed the guidance of many that tried before me and wrote about it. Notably these blog entries were extremely helpful, but not exactly what I needed to solve the problem:
http://www.networkengineerdigest.com/2011/07/05/how-to-configure-a-juniper-srx-for-xbox-live/
http://forums.juniper.net/t5/ScreenOS-Firewalls-NOT-SRX/SSG-5-and-Xbox-Live/td-p/944
4. After contacting a friend that works for Microsoft, he was able to do some digging and come up with some comments that helped me to isolate the issue: Apparently you must enable source port persistence for the XBOX Live (very custom) IPSec tunnel to work. The XBOX makes a UDP connection on source port 3074 and receives traffic on destination port 3074. This means that when it goes though the NAT is must stay on UDP port 3074 for both the destnation AND the source.
5. I'm running the latest version of JunOS that is currently available, which is 11.4R1.6. This may or may not work for you on different versions.
6. My Comcast modem is plugged into ge-0/0/0 and all other ports on the router are on the "Home" side.
7. If your WAN IP changes, you will need to update the configuration to reflect the change under security -> nat -> source -> pool xbox -> address.
8. The only port that needs to be forwarded from the DNAT configuration is UDP/3074.
9. Here are the applicable portions of my configuration:
groups {
home {
interfaces {
<*> {
unit 0 {
family ethernet-switching {
port-mode access;
vlan {
members vlan3;
}
}
}
}
}
}
}
system {
host-name r1;
services {
ssh;
dhcp {
pool 10.0.0.0/24 {
address-range low 10.0.0.100 high 10.0.0.254;
router {
10.0.0.1;
}
}
propagate-settings ge-0/0/0.0;
}
}
}
interfaces {
ge-0/0/0 {
unit 0 {
family inet {
dhcp;
}
}
}
ge-0/0/1 {
apply-groups home;
}
fe-0/0/2 {
apply-groups home;
}
fe-0/0/3 {
apply-groups home;
}
fe-0/0/4 {
apply-groups home;
}
fe-0/0/5 {
apply-groups home;
}
fe-0/0/6 {
apply-groups home;
}
fe-0/0/7 {
apply-groups home;
}
vlan {
unit 3 {
family inet {
address 10.0.0.1/24;
}
}
}
}
security {
screen {
ids-option untrust-screen {
icmp {
ping-death;
}
ip {
source-route-option;
tear-drop;
}
tcp {
syn-flood {
alarm-threshold 1024;
attack-threshold 200;
source-threshold 1024;
destination-threshold 2048;
timeout 20;
}
land;
}
}
}
nat {
source {
pool xbox {
address {
### Set this to your DHCP-assigned IP from ge-0/0/0.0
### with a mask of /32.
255.255.255.255/32;
}
}
port-randomization disable;
rule-set snat {
from zone trust;
to zone untrust;
rule xbox {
match {
### The IP Address of the XBOX.
source-address 10.0.0.20/32;
}
then {
source-nat {
pool {
xbox;
persistent-nat {
permit target-host;
inactivity-timeout 180;
}
}
}
}
}
rule lan {
match {
source-address 10.0.0.0/24;
}
then {
source-nat {
interface;
}
}
}
}
}
destination {
pool xbox-3074 {
address 10.0.0.20/32 port 3074;
}
rule-set dnat {
from interface ge-0/0/0.0;
rule xbox-3074 {
match {
destination-address 0.0.0.0/0;
destination-port 3074;
protocol [ udp ];
}
then {
destination-nat pool xbox-3074;
}
}
}
}
}
policies {
from-zone trust to-zone untrust {
policy trust-to-untrust {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
}
from-zone untrust to-zone trust {
policy untrust-to-trust {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
}
}
zones {
security-zone trust {
host-inbound-traffic {
system-services {
all;
}
protocols {
all;
}
}
interfaces {
vlan.3;
}
}
security-zone untrust {
host-inbound-traffic {
system-services {
all;
}
protocols {
all;
}
}
interfaces {
ge-0/0/0.0;
}
}
}
}
applications {
application xbox-live-udp-53 {
protocol udp;
destination-port 53;
}
application xbox-live-tcp-88 {
protocol tcp;
destination-port 88;
}
application xbox-live-udp-88 {
protocol udp;
destination-port 88;
}
application xbox-live-tcp-3074 {
protocol tcp;
destination-port 3074;
}
application xbox-live-udp-3074 {
protocol udp;
destination-port 3074;
}
application-set xbox-app-set {
application xbox-live-udp-53;
application xbox-live-tcp-88;
application xbox-live-udp-88;
application xbox-live-tcp-3074;
application xbox-live-udp-3074;
}
}
vlans {
vlan3 {
description "Home LAN";
vlan-id 3;
l3-interface vlan.3;
}
}
Since this now works, I'm no longer being threatened to have my enterprise-grade router replaced with a Belkin. Phew.
XML Feeds
