Sunday, May 11, 2014

OpenDNS provides a way to secure your internet so that kids will not be allowed to visit sites YOU don't want them to visit.

Frankly speaking I don't know how effective this is because if they have laptop and they connect to internet from sat StarBucks. There's no way you can control which sites they visit when they are their. Or limiting their access to social networking sites like Facebook.

However if your goal is to protect them when they are on your network then read on.

You need to subscribe to OpenDNS package and configure your access on OpenDNS Website.
e.g. If you are pretty strict you would restrict ALL Email sites which blocks access to Gmail, Yahoo Mail and all well known email websites.

The next task is to tell your router to redirect requests to ALL domains to OpenDNS servers rather than say Google or your ISP DNS servers so that OpenDNS could actually filter results based on your restrictions rather than being open to the world.

Here's the screenshot of settings under OpenWRT. Ignore the last 2 entries, those are actually Google DNS servers and remember that listing dozens of DNS servers is actually useless. Only first 3 entries will be used to resolve the Website IP addresses.






One would think that we are done at this step. But then we will be underestimating the kids. Because every computer maintains the DNS servers the computer can talk to regardless of what the router configuration says.

Which means configuring each machine to use 192.168.1.1 or the router as the DNS server. That works very well too until the Computer users can modify the list of DNS servers on Linux it's /etc/resolv.conf where the list of DNS servers can be provided thus bypassing the settings at router.

For that OpenDNS has a solution. Configure the firewall to REJECT all requests to outside DNS servers.

Configure the router to REJECT any TCP+UDP requests from any host in the LAN to any host in WAN on port 53. Thus if DNS servers are using the standard port 53, no hosts in your network can send requests to them.

Again if you are using OpenDNS this can be achieved by going to Network -> Firewal -> Traffic Rules and creating a new rule shown in the picture below.


Once you create the new rule do not forget to Save and Apply under OpenWRT.

Good luck!

Thursday, April 24, 2014

Unite.vim is quite useful

For several days I had been using Unite.vim plugin to navigate through the project files. It's quite useful.

After installing plugin my ~/.vimrc contains the following code ( I found somewhere on the web )

  " Unite : http://www.codeography.com/2013/06/17/replacing-all-the-things-with-unite-vim.html  
  let g:unite_source_history_yank_enable = 1  
  call unite#filters#matcher_default#use(['matcher_fuzzy'])  
  nnoremap <leader>t :<C-u>Unite -no-split -buffer-name=files  -start-insert file_rec/async:!<cr>  
  nnoremap <leader>f :<C-u>Unite -no-split -buffer-name=files  -start-insert file<cr>  
  nnoremap <leader>r :<C-u>Unite -no-split -buffer-name=mru   -start-insert file_mru<cr>  
  nnoremap <leader>o :<C-u>Unite -no-split -buffer-name=outline -start-insert outline<cr>  
  nnoremap <leader>y :<C-u>Unite -no-split -buffer-name=yank  history/yank<cr>  
  nnoremap <leader>e :<C-u>Unite -no-split -buffer-name=buffer buffer<cr>  
  " Custom mappings for the unite buffer  
  autocmd FileType unite call s:unite_settings()  
  function! s:unite_settings()  
   " Play nice with supertab  
   let b:SuperTabDisabled=1  
   " Enable navigation with control-j and control-k in insert mode  
   imap <buffer> <C-j>  <Plug>(unite_select_next_line)  
   imap <buffer> <C-k>  <Plug>(unite_select_previous_line)  
   imap <silent><buffer><expr> <C-t> unite#do_action('tabopen')  
   imap <silent><buffer><expr> <C-v> unite#do_action('vsplit')  
   imap <silent><buffer><expr> <C-x> unite#do_action('split')  
  endfunction  

Find a file somewhere in the source code.

Today I find another feature of Unite.vim, searching files.

It turns out you don't need to know which directory the file is in under your source code. Just



<Leader>f
**/*obj.pm

and Unite will display the matched files.
 

Tuesday, April 22, 2014

tmux + bash - C-a to move to the start of command line.

Recently I compiled tmux on the development server when I got tired of trying to find a good terminal multiplexer which I could use confortably.

Don't get me wrong ConEmu is a terminal as good as it gets on Windows.

I've tried several of them following are a few of them
  • Putty Connection Manager
  • Poderosa - Development on this one seems to have been stalled quite a while back.
  • mrxvt - Compiled on Cygwin, this was working fine and probably the longest one I used. But it doesn't support Unicode and there's no plan of supporting it as well. If you just want the multiple TABS with a single window, this should be the choice.
For one reason or the other they fell short. None of the above do more than giving you a TABBED interface like "gnome-terminal" or KDE "konsole".

Then I found ConEmu and it's simply great! Although I could not find a key to set CTRL-Arrow to move from one tab to another.

Bugged me a lot! And hence compiling "tmux" on the Linux server so that I can use it.

"tmux" is great although comes with a default Key Prefix C-b. GNU screen uses CTRL-a as a Prefix key.

If you are like me, I use C-a a lot to move about on the command prompt. Once you bind C-a in ~/.tmux.conf as prefix to "tmux" commands you can't seem to use it.

So if I define the following in ~/.tmux.conf 

unbind C-b
set -g prefix C-a    # I loose the ability to use C-a to move to the start of the line. 

How to use C-a mentions the following tmux configuration to be able to use familiar shortcut.

bind a send-prefix




And now one can use "C-a a"  to do the same trick.

Just in case you want to see what tmux looks like? Here's the screenshot.

tmux running under ConEmu!



Wednesday, March 05, 2008

WPC54G with ndiswrapper on an Fedora Core 8

Configuring WPC54G on a Fedora Core 9 is seriously dflock-1.1d.en-US.linux-i686.tar.gzaunting task. I did buy this card quite a while back but the problem is at home as I have the desktop never got around using the same. Also there were network cables around the house and Network Card 8139too was working quite fine.

I came to US on 7th February and figured that hotel has an unlimited access to internet but only problem is it's wireless internet and not the RJ45 cable one. Hence I had to get this working somehow to use my WPC54G with Fedora Core 9.

Sometime after trying to make this work I was finally able to use the b43 driver for quite a while untill b43 driver just stopped working one fine day. That happened when I moved from one room to another, from 2nd floor to 1st one.

I finally decided to make it work with the ndiswrapper driver thought that I should give it a try.

  • First I downloaded the drivers published by Linksys/Cisco for this version of the card. I have WPC54G Ver 3.0 pcmcia card.
  • Unzipped the downloaded files to see there really are drivers. They have 2 directories under Driver directory one for NT and another for 9X
  • Use the driver listed in NT directory. You should fine LSBCMNDS.INF, a driver file there.
  • Install ndiswrapper and kmod-ndiswrapper using your favorite installation tool. I used yum as fedora uses yum, from the livna repository.
  • As I did not have any internet connection other than the wireless one can just download these packages off the repository to USB Flash drive or something and install them using rpm commands.
  • After this you need to blacklist b43, b43legacy, b43xx drivers so that they do not handle the device and stop ndiswrapper from handling it. The way to do that would be edit /etc/modprobe.d/blacklist file to add following
blacklist ssb
blacklist b43
blacklist b43legacy
blacklist b43xx
  • After this we will install the Windows driver that we downloaded from the Linksys site.
  • Type ndiswrapper Drivers/NT/LSBCMNDS.INF at the command prompt. I am assuming that you are already in the unzipped directory for the drivers. If not you can give the full path of the driver file.
I had been able to connect to the internet using this new ndiswrapper driver. I did connect using this to an unsecured network at the hotel. So you would not see any references to the WPA configuration. My laptop connects to the internet by requesting the IP address and it connects to https://login.globalsuite.net, where I need to sign in with a common password.

So long.......hope this helps someone........

Blogged with the Flock Browser

Thursday, August 16, 2007

BSNL Broadband with Fedora Core 6 or 7 ( FC6/FC7 )

Lets say you have got BSNL Broadband service, meaning you have received or bought the Modem ( I have HUWAI one ), you have received the login and password for your service as well. You will need RJ-45 Cable going from your computer's network card to the modem. Here we are going to assume that you have everything above ready and you want to connect to internet using BSNL Modem.

For Fedora Core 6 you are going to need a script named adsl-setup. The same script is called pppoe-setup on Fedora Core 7. On Fedora Core 7 you need to install rp-pppoe RPM installed on your system. On Fedora Core 6 you need the same RPM you can get one from download rp-pppoe or you can run "yum install rp-pppoe" if your yum is configured to download and install the packages.

Now lets say you have proper version of rp-pppoe RPM installed on you platform. Lets begin to configure the connection.

  • Login to your system as root and run "adsl-setup" on FC-6, on FC-7 that will be "pppoe-setup". You will be asked number of questions including whats the name of the new connection ( generally by default this is ppp0 ) a network alias with that name will be created.
  • One of the questions you need to answer are about your login and password. Give your BSNL Broadband userid and password given by BSNL. e.g. your userid would be username@dataone and password.
  • One of the questions would be to configure Firewall for your connection. For starters select None. You can configure this later on.
  • Another question would be about DNS Entries give 218.248.240.208 and for secondary DNS server provide 218.248.255.193. Keep these entries handy in case you need to reconfigure your connection again.
  • You may not want your connection to be up when you start the computer, so do say "Yes" to "Do you want this link to come up on demand?"
Once you have answered all the questions your connection setup would be ready and script should print how to start your connection.

Connect to BSNL
  • As root tail the /var/log/messages in one console while you try connecting to BSNL in another. ;-)
  • On FC-6 run "adsl-start" as root or on FC-7 run "pppoe-start" check out messages in /var/log/messages for any problem your connection may encounter.
  • General problems are because of password mismatch like "Incorrect userid or password provided" passwords are stored in /etc/ppp/pap-secrets and readable by root only. ( There is also /etc/ppp/chap-secrets and they both are alike but I am yet to figure out which one is used for what? ). If you need to modify your userid or password one can directly modify these files.
If you have any problems, or anything above is not clear, let me know and I will try to correct them.
P.S. :- I did setup BSNL Broadband on FC-6 initially. But later I got Linksys router which is now connected to the modem through RJ-45 (LAN) Cable. So now whenever I power on my modem and router connection is available to the computers connected to the router. In short I have jotted down the above things from the memory :-)

Friday, December 01, 2006

scp using Python and pexpect

Following is the python script which shows how to Copy file from another machine using pexpect.
Script uses pexpect and you should have it installed before you try it.

Idea is enter all the errors etc in a list which then is passed to pexpect. Then on certain conditions the functions is recursively called e.g. After receiving "....continue (yes/no)?" script sends "yes" and then calls itself again. Next time it gets "[Pp]assword", sends password and then calls itself again.

If any of the errors ( res >= 4 ) it returns False.

Copy the following script in a file and sun with the filename parameter.

e.g. scp.py hello.tgz

-----Script Follows----------



#!/usr/bin/python
# Python SCP and Expect Example 1.0
# Author: Arvind Deshpande
# License: GPL http://www.gnu.org/licenses/gpl.txt

#from pexpect import pexpect
import pexpect
import sys
import time
import os

expectations = ['[Pp]assword',
'continue (yes/no)?',
pexpect.EOF,
pexpect.TIMEOUT,
'Name or service not known',
'Permission denied',
'No such file or directory',
'No route to host',
'Network is unreachable',
'failure in name resolution',
'No space left on device'
]

def fetchFileSCP(child=None, *args):
print "Received Args:",child, args
try:
if not child:
child = pexpect.spawn( 'scp -r USER@SERVER.COM:%s /HOME/USER/'%(args[0]))
res = child.expect( expectations )
print "Child Exit Status :",child.exitstatus
print res,"::",child.before," :After:",child.after
if res == 0:
child.sendline('XXXXXXXX')
return fetchFileSCP(child,None)
if res == 1:
child.sendline('yes')
return fetchFileSCP(child,None)
if res == 2:
line = child.before
print "Line:",line
print "Now check the result and return status."
if res == 3:
print "TIMEOUT Occurred."
child.kill(0)
return False
if res >= 4:
child.kill(0)
print "ERROR:",expectations[res]
return False
return True
except:
import traceback; traceback.print_exc()
print "Did file finish?",child.exitstatus

if __name__ == '__main__':
stat = True
stat = fetchFileSCP(None,sys.argv[1])
if stat:
print "File Transferred successfully."
else:
print "Failure while copying files securely."