Switching... » Networking http://switch.richard5.net How to build your Mac into a internet server using open source software Mon, 25 May 2009 14:13:02 +0000 en hourly 1 http://wordpress.org/?v=3.2.1 Problems, DSL off-line http://switch.richard5.net/2008/01/16/problems-dsl-off-line/ http://switch.richard5.net/2008/01/16/problems-dsl-off-line/#comments Wed, 16 Jan 2008 20:47:23 +0000 Richard5 http://switch.richard5.net/2008/01/16/problems-dsl-off-line/ Sorry for the downtime of the sites, my ISP had some issues and wasn’t refreshing the DHCP leases. I hope you didn’t get into problems because of it…

]]>
http://switch.richard5.net/2008/01/16/problems-dsl-off-line/feed/ 0
Got myself an iPod touch http://switch.richard5.net/2008/01/13/got-myself-an-ipod-touch/ http://switch.richard5.net/2008/01/13/got-myself-an-ipod-touch/#comments Sun, 13 Jan 2008 12:48:35 +0000 Richard5 http://switch.richard5.net/2008/01/13/got-myself-an-ipod-touch/ I’ve been playing with the thought of getting myself an iPhone for quite some time but didn’t get one because I don’t want to hack it to get it to work with a local cell phone provider. When the iPod touch was released I tought, that is the answer, anything but the phone. I’ve got a decent phone, my employer provided me with it, a Samsung blackjack (i600), with email (Exchange integration, internet and a lot more goodies. The only issue I have with it is that it runs windows mobile and takes at least 5 minuts to startup.

I’ve jailbreaked the touch to get some extra applications on it, I’ve now got email, google maps, games and more… The only issue I still run into where to find an open WiFi connection when travelling around. As there is no bluetooth or any other connectivity besides WiFi you are stuck. That was untill I found the solution!

What about creating an adhoc WiFi network between 2 devices namely my phone (which has got WiFi) and the touch. The only problem here is that network sharing over WiFi is disabled on the blackjack. But with some help I’ve got it to work and I can now surf the internet and email over the 3G connection of my blackjack using the touch. It’s almost like having a 3G iPhone ;-) !

the guy that helped me out also wrote a great guide on how to do this yourself. You will need a touch, a Windows mobile 6 phone with 3G and WiFi and some time to spend. Hope you will like it as much as I’m enjoying my new found connectivity…

]]>
http://switch.richard5.net/2008/01/13/got-myself-an-ipod-touch/feed/ 0
Outage again http://switch.richard5.net/2007/01/12/outage-again/ http://switch.richard5.net/2007/01/12/outage-again/#comments Fri, 12 Jan 2007 13:23:44 +0000 Richard5 http://switch.richard5.net/2007/01/12/outage-again/ My network provider had some major problems today, I was out for most of the morning. It looks like some hardware at one of the central network failed and all customers where affected. The helpdesk phone had a taped message that they where replacing hardware from their vendor. I guess one of the central routers failed ?

I guess the new owner of the network isn’t keeping up with maintenance. I hope it wasn’t too much of a problem to you…

]]>
http://switch.richard5.net/2007/01/12/outage-again/feed/ 0
Problems again, DSL off-line http://switch.richard5.net/2006/10/01/problems-again-dsl-off-line/ http://switch.richard5.net/2006/10/01/problems-again-dsl-off-line/#comments Sun, 01 Oct 2006 10:13:53 +0000 Richard5 http://switch.richard5.net/2006/10/01/problems-again-dsl-off-line/ This morning I had some issues again, this time not my fault. It looks like the take over of my DSL network provider is causing some problems while they migrate the infrastructure. A lot of customers had a problem getting a new ip-address via DHCP on the network. Even though I’ve got a fixed ip-address the lifetime is set less then an hour and the computer needs to refresh. I was out for about 6 hours. From 04:50 CET till 11:10 CET. Sorry if you had any problems due to the outage, this is one of the things I don’t have any control over…

The biggest issue for me was that for the first time I found out that I could not reach the help-desk of my provider (Demon). It normally was one of the best providers with a tech-savvy help-desk. But that’s history now with the takeover by our national telco KPN. There is currently a shortage on good quality ADSL broadband providers due to the consolidation that is going on in the consumer market. I still can’t afford a business DSL line, that is very expensive. It’s cheaper to co-locate a mini and get a cheap, unreliable broadband connection at home. I wonder how many mac-mini’s, external disks, routers and power-supplies I can fit in a 1U 19″ rack.

]]>
http://switch.richard5.net/2006/10/01/problems-again-dsl-off-line/feed/ 3
Securing your SSH access http://switch.richard5.net/2006/09/24/securing-your-ssh-access/ http://switch.richard5.net/2006/09/24/securing-your-ssh-access/#comments Sun, 24 Sep 2006 20:58:20 +0000 Richard5 http://switch.richard5.net/2006/09/24/securing-your-ssh-access/ Having learned the hard way what it means to have a security leak in your system I went out to find tips on how to secure my SSH access a bit better. I had some good tips from readers, thank you who did, and found some good ones on the internet.

Securing SSH, I found out, is actually not that hard. There is a configuration file /etc/sshd_config which when tweaked can help a lot !

I will go through some of the options you’ll want to change if you want to use SSH:

Protocol
The default installation of OpenSSH allows both SSH version 1 and version 2 connections. Version 1 is known to suffer from security vulnerabilities, and it is strongly recommended that only version 2 be used. To disable version 1 connections use

Protocol 2

Disable root access
To disallow the root user to login, add/uncomment the line

PermitRootLogin no

Only allow specific users
By default, all users who have local accounts on the system are permitted to login through SSH. This is not necessary and only provides attackers with more possibilities for an attack. Users with permission to SSH to the systems should be clearly defined and SSH configured to only allow access to those users.

AllowUsers <usernames>
DenyUsers <usernames>
  • <usernames> is a list of usernames separated by spaces
  • Usernames can contain * and ? as wildcards
  • user@host format can be used; it specifies that the given user is allowed/denied only from the host specified

Passwords
To prevent users with no password (this should never be the case) access to the system add/uncomment this line:

PermitEmptyPasswords no

This are the simple ones, there are more elaborate schemes, that will secure your system a lot better. Hope you found it useful. I you know other options/settings that will help please leave a comment or post in the forums.

Other resources on SSH

]]>
http://switch.richard5.net/2006/09/24/securing-your-ssh-access/feed/ 2
OpenDNS a good interim solution ? http://switch.richard5.net/2006/07/24/opendns-a-good-interim-solution/ http://switch.richard5.net/2006/07/24/opendns-a-good-interim-solution/#comments Sun, 23 Jul 2006 22:13:25 +0000 Richard5 http://switch.richard5.net/2006/07/24/opendns-a-good-interim-solution/ Our dear Mac OS X loves to use DNS, for instance when browsing the internet every connection attempt is followed by a DNS lookup (as far as I know). There is not much caching being done on the local machine, therefore I had put this on my to-do list: Document the setup of a local DNS server on your own network that would efficiently cache most of the DNS requests to forego most of the slow internet DNS lookups.

I’m still struggling with parenthood and version 2 of the ISP in a box still has a problem somewhere which I’m sure I had solved but somehow due to all the attention loss I have forgotten what it was about.

When I read Matthew Mullenweg (of WordPress fame) blog entry about OpenDNS I was a bit sceptical. I wouldn’t think speed improvements where possible, the DNS provided by my ISP should be the quickest solution. But to my amazement there was a speed increase when I switched the DNS servers on my Mac. Not much but is was notable and that is enough for me, until I get my own DNS server I’m using OpenDNS.

The added bonus is they promise to prevent phishing and do spell checking. I haven’t had phishing emails for some time so I can’t tell you if that works but the spell checking is great. They correct the typo’s in the domain name you enter in your browser. Try it yourself and find out it is very easy to use they have the the settings you need to change on your local Mac or on your Airport well documented. The best thing it is all for free as well. Hope you like it as well as I did.

]]>
http://switch.richard5.net/2006/07/24/opendns-a-good-interim-solution/feed/ 2
Infrastructure is all you need… http://switch.richard5.net/2006/07/04/infrastructure-is-all-you-need/ http://switch.richard5.net/2006/07/04/infrastructure-is-all-you-need/#comments Tue, 04 Jul 2006 13:11:11 +0000 Richard5 http://switch.richard5.net/2006/07/04/infrastructure-is-all-you-need/ I read this article from Robert X. Cringely on the net neutrality debate that’s going on at the moment. What I liked about it is the emphasis he put on the services ISP’s are adding to the internet connection that only add to the price and aren’t selectable. Myself I need a reliable, fast enough, internet connection without any bells and whistles. I don’t care about ISP provided email addresses, webspace or spamfilters I take care of that myself and I guess you do too otherwise you wouldn’t be reading my blog.

The thing is with all those ISP provided services you might get too dependent on them. We all know how hard it is to switch to another email address. Having your own domain which you host yourself including mail is helping you to become an independent player. You don’t really need the ISP added services and you are free to switch to another ISP without many problems.

This makes it very easy to profit from the ever cheaper connection fees of broadband. To switch to another provider you need to wait till one or two months to end of your contract term (mostly a year) and start shopping around. Get that second phone-line, use it to connect the new ISP. When it is up and running transfer the DNS entries to the new IP address (this usually takes up to 24 hours to go through all DNS servers). After a day or two you can disconnect you old connection and terminate the contract.

I am possibly going to do this myself as my ISP has been bought by a large telco who is infamous for high connection fees. The details of the new contracts we are getting will be published in august, which means I still have time to decide. I’ve been looking around for alternatives that would provide a reliable connection without to many expensive services and found many. But reliability of an is something that is hard to find out so I have been lurking in newsgroups and forums of the ISP’s to see how many complaints there are on connectivity.

]]>
http://switch.richard5.net/2006/07/04/infrastructure-is-all-you-need/feed/ 0
What to do about an ISP blocking port 25 http://switch.richard5.net/2006/02/28/what-to-do-about-an-isp-blocking-port-25/ http://switch.richard5.net/2006/02/28/what-to-do-about-an-isp-blocking-port-25/#comments Tue, 28 Feb 2006 21:02:54 +0000 Richard5 http://switch.richard5.net/?p=76 I told you, in the prerequisites, that you need an ISP that doesn’t block port 25 to be able to run your own mailserver. All mail connectivity uses port 25 for all it’s SMTP traffic. There are workarounds to solve this problem but they usually needed a friend or relative that has a running mail server who would receive your mail and forward it to you on a different port-number. Problem is that there aren’t many people running a mail server and are technical enough to help you out with this. But there is help….

I knew that there are service providers that will provide you this service but at a cost. But today I got pointed to a service provider that will provide you this basic for free. You can find them at http://www.rollernet.us. Just register at their site for a free account to be able to setup your service. You can look at this page to tell you how it works.

All you need to do is change one line in the /etc/postfix/master.cf file, change the line:

smtp inet n - n - - smtpd

into

2525 inet n - n - - smtpd

and restart your mailserver to start receiving your email on port 2525.

I wanted to let you know that I have no connection to the Roller Network LLC. Just wanted give you some info to let you run your own mail server when your ISP is blocking port 25. If you know of other service providers providing this service for free let me know and I’ll list them here as well.

]]>
http://switch.richard5.net/2006/02/28/what-to-do-about-an-isp-blocking-port-25/feed/ 2
Mini network, big style ! http://switch.richard5.net/2006/02/14/mini-network-big-style/ http://switch.richard5.net/2006/02/14/mini-network-big-style/#comments Tue, 14 Feb 2006 20:35:40 +0000 Richard5 http://switch.richard5.net/?p=72 Sorry for not posting that often as I would like to, but there are other things in my life that sometimes take precedence. I wanted to have my description for the spamassassin configuration ready but it’s not going to happen today ! But wanted to tell you found another blog about someone who is using his mini for more than just a cheap desktop mac.

A guy named Ken Collins has used 3 mac mini’s and 2 external hard-drives to setup his own NOC (network operations centre). He is talking about some of the services I wanted to include as well like DNS, external disks and automated back-up. I will follow his blog from now on to see if there is anything interesting I can learn. I hope that besides talking about his efforts he will write about how he did it in more detail so that we can learn more from his efforts.

The fun thing is I just ordered the same two external hard-disk enclosures from
NewerTechnology to be used for my own server. I want to use them to create a raid 1 configuration to be used for the server as the boot-able drive with extra partitions for backup purposes. Will let you know when they arrive and how they perform.

]]>
http://switch.richard5.net/2006/02/14/mini-network-big-style/feed/ 0
Port forwarding on my Mac mini http://switch.richard5.net/2006/01/25/port-forwarding-on-my-mac-mini/ http://switch.richard5.net/2006/01/25/port-forwarding-on-my-mac-mini/#comments Wed, 25 Jan 2006 21:26:45 +0000 Richard5 http://switch.richard5.net/?p=67 I’ve got one of my Mac mini’s running for almost a month now and I’m very happy with how it’s been behaving. It does everything I want and it even allows me to use it as a router of some sort by using the “share internet” option in the Sharing panel in the System Preferences. In this manner I can use my second Mac mini as a desktop computer and surf the internet and maintain my server by using the both Airport Extreme cards to setup a wireless network. The server mini is connect to my ADSL modem using via a cable. I’ve used the Sharing panel to configure the Firewall as well , but I’m not yet very happy with it.

The standard firewall is blocking all interfaces with the same configuration. I would like that to be different, blocking most traffic from the internet and allowing everything from the internal network. I’m not a FreeBSD, Unix or Terminal guru and manually configuring ipfw and natd is a bit daunting. I’ve read many web-pages that tell you how to do it like this one from Frederik. While I end up with a perfect working firewall which blocks everything I require and allows the internal network. I’m unable to get that and Internet sharing (with natd and such) working together. I’m getting desperate and think about ending it all by buying an Airport Extreme base station and let that do all the firewalling and port forwarding.

The standard firewall and internet sharing do their work as they are supposed to but one thing still lacking for me was port forwarding for my bit-torrent downloads. I like to download the publicly available torrents (not copyrighted stuff), like software and tv-shows. I really like to watch NerdTV from Robert X. Cringely. It’s much nicer to download stuff via bit-torrent, it’s much easier to the one providing the files and not hog is bandwidth.

But today I found a solution that allows me to forward the bit-torrent ports from my mini server to my mini desktop. Internet sharing uses natd with some default configuration which I don’t know how to change. But I can kill the running natd process and replace it with my own.

What I do is find out if it is running by using ps -x | grep natd and copy the command-line that appears to the clipboard. Then kill the natd process by issuing a sudo kill <process id>. I then start it up again with the command-line I copied to the clipboard and add the following options behind it:

-redirect_port tcp 10.0.2.2:6881-6999 6881-6999 -redirect_port udp 10.0.2.2:6881-6999 6881-6999

This will redirect all incoming bit-torrent traffic coming in on my mini server and forward it directly to my desktop. The desktop has the ip-address of 10.0.2.2 and you need to change that to your situation. This will increase the speed at which the torrents are downloading significantly.

Still I will keep looking and try to find a proper setup as described above. If someone has some pointers please let me know.

]]>
http://switch.richard5.net/2006/01/25/port-forwarding-on-my-mac-mini/feed/ 1