Solid State Drives or SSDs are one of the biggest advancements to modern computing in recent years.
Traditional hard disk drives or HDDs consist of a series of metal platters that spin around. There are magnetic arms that then move around to read the data off of the hard drive. This limits the speed of the hard drive to how fast those platters can spin, and because there are moving parts involved, the hard drive tends to wear out faster than any other part of the computer. Spinning the platters also causes additional heat and noise inside the computer.
SSDs don't have moving parts. You can think of them as basically memory or RAM that stores the data permanently. There are differences, of course, between these two technologies, but the high level concept is the same.
Because there are no moving parts, it is much faster to read/write data. They also use less power and create less heat. While they'll still wear out eventually, they can last longer than traditional hard drives.
The only downside, currently, is that solid state drives cost more per GB of storage. As the technology advances, this is becoming less of a discrepancy. The 128GB SSD cost me $150, but you can currently get a 2TB hard drive for about $100.
The best way to explain the difference is to give you an example. For those of you who know MySQL, you know that backing up the database consists of running MySQLDump, which writes out a file with all the insert statements that can then be read back into MySQL to recreate a database.
I used a database that is large enough to easily see the differences. The database dump file was about 1.5GB in size. It contains 200+ tables and millions of rows of data.
First, I restored it to my traditional hard drive, then I installed an SSD, reconfigured MySQL to use the SSD as the data directory, and then restored the same file again. The rest of the PC was exactly the same, which happens to have 4GB of RAM and a 6 core AMD Phenom II 1090T Processor. It's running Linux Fedora 14.
This computer only has SATA2 controllers, which has a limit of 3GB/s of data that can transfer across its wires. There are now motherboards with SATA3 controllers, which increases this limit to 6GB/s. The SSD I used was a OCZ Technology 128GB Vertex 4 Series SATA 6.0 GB/s 2.5-Inch Solid State Drive. It's backwards compatible to the SATA2 or 3.0 GB/s speed.
My traditional hard drive took 35 minutes to import. My solid state drive took about 5. In theory, if I had a SATA3 controller, this could be cut in half again, though I doubt it would end up that efficient. More likely, it would be 3 1/2 to 4 minutes. So for this one test, the SSD was 7 times faster than my regular hard drive, and might end up 10-12 times faster under SATA3.
There are also SATA3 controller cards that you can buy for about $50. I thought about buying one of these, but I suspect that it wouldn't give you a full 6 GB/s because I believe you'll lose some speed as it travels through the card into the motherboard. If you've done this, please comment and let me know your findings.
Any time you need speed over raw storage, use a SSD. Some common uses are:
You can save and restore your iptable rules by using the iptables-save and iptables-restore commands. An example of an iptables-save file is below, and as you see it allows access to http (port 80), https (port 443), smtp and pop3 (ports 110 and 25), ftp (port 21), dns (port 53), mysql (port 3306), ssh (port 22), plesk (port 8443), and a few others. It also allows traffic through ports 51000 through 51010. This is because ProFTPd is configured to forward established connections to these ports; Otherwise, it’ll use any high port and you won’t be able to lock anything down.
# Generated by iptables-save v1.2.7a on Fri Oct 15 18:04:43 2004
*filter
:INPUT ACCEPT [6496247:1563147047]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [10757411:8360947636]
:RH-Lokkit-0-50-INPUT - [0:0]
-A INPUT -j RH-Lokkit-0-50-INPUT
-A FORWARD -j RH-Lokkit-0-50-INPUT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp –dport 443 –tcp-flags SYN,RST,ACK SYN -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp –sport 443 –tcp-flags SYN,RST,ACK SYN -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp –dport 8443 –tcp-flags SYN,RST,ACK SYN -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp –dport 110 –tcp-flags SYN,RST,ACK SYN -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p udp -m udp –dport 110 -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp –dport 25 –tcp-flags SYN,RST,ACK SYN -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p udp -m udp –dport 25 -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp –dport 21 –tcp-flags SYN,RST,ACK SYN -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p udp -m udp –dport 21 -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp –dport 20 –tcp-flags SYN,RST,ACK SYN -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p udp -m udp –dport 20 -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp –dport 3306 –tcp-flags SYN,RST,ACK SYN -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p udp -m udp –dport 3306 -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp –dport 53 –tcp-flags SYN,RST,ACK SYN -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p udp -m udp –dport 53 -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p udp -m udp –sport 53 -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp –dport 51000 –tcp-flags SYN,RST,ACK SYN -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp –dport 51001 –tcp-flags SYN,RST,ACK SYN -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp –dport 51002 –tcp-flags SYN,RST,ACK SYN -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp –dport 51003 –tcp-flags SYN,RST,ACK SYN -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp –dport 51004 –tcp-flags SYN,RST,ACK SYN -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp –dport 51005 –tcp-flags SYN,RST,ACK SYN -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp –dport 51006 –tcp-flags SYN,RST,ACK SYN -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp –dport 51007 –tcp-flags SYN,RST,ACK SYN -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp –dport 51008 –tcp-flags SYN,RST,ACK SYN -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp –dport 51009 –tcp-flags SYN,RST,ACK SYN -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp –dport 51010 –tcp-flags SYN,RST,ACK SYN -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp –dport 22 –tcp-flags SYN,RST,ACK SYN -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp –dport 80 –tcp-flags SYN,RST,ACK SYN -j ACCEPT
-A RH-Lokkit-0-50-INPUT -i lo -j ACCEPT
-A RH-Lokkit-0-50-INPUT -s 217.160.242.226 -p udp -m udp –dport 53 -j ACCEPT
-A RH-Lokkit-0-50-INPUT -s 217.160.242.226 -p udp -m udp –sport 53 -j ACCEPT
-A RH-Lokkit-0-50-INPUT -s 217.160.243.251 -p udp -m udp –sport 53 -j ACCEPT
-A RH-Lokkit-0-50-INPUT -s 195.20.224.99 -p udp -m udp –sport 53 -j ACCEPT
-A RH-Lokkit-0-50-INPUT -s 195.20.224.234 -p udp -m udp –sport 53 -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp –tcp-flags SYN,RST,ACK SYN -j REJECT –reject-with icmp-port-unreachable
-A RH-Lokkit-0-50-INPUT -p udp -m udp -j REJECT –reject-with icmp-port-unreachable
COMMIT
# Completed on Fri Oct 15 18:04:43 2004
Here is an example of a cronjob that restores the Iptables rules. I added the cronjob to ensure that IPtables was always loaded with the correct rules. This was on a dev box and we were messing with a lot of ports at the time so we wanted to make sure that it was reset periodically. It also helps for when the box was rebooted to make sure the rules were loaded. Of course, a better way to do that would be to modify the startup scripts. Also, you can put the firewall.txt file where ever you want. It doesn’t need to be in root’s home directory.
### Restore Iptables Rules
5 7,14,21 * * * /sbin/iptables-restore -c < /root/firewall.txt
And finally, to set up the ftp server to only use the specified ports, configure /etc/proftpd.conf and add this line:
PassivePorts 51000 51010
The actual ports could be any unused high port, so keep that in mind. It can also be more than 10 ports (which essentially would allow 10 concurrent connections). Whatever you do, you’ll need to make sure the iptable rules allow the ports you’re expecting FTP to transfer data on.
My secure and messages log files were getting really big, and after analyzing them to see if there was a reason, I decided to clear them out.
To do so, I first typed: cat > messages, then typed a couple of blank lines, and hit control-c to quit. I did the same for the secure log file. This cleared the file, but no new messages were being added to the logs. After kicking myself for being stupid, I searched around and found two important things.
First, it’s easier to clear a file by simply typing “> filename”, and second, the syslog daemon is reponsible for writing to those files. Restarting it restores its ability to write to the file. I restarted it by going to /etc/init.d and running ./syslogd restart