Configure iptables to bypass the ttl=1 set by ISP

I've just got a cheap 24hours internet account where my ISP sets a ttl = 1 which prevents it from sharing with multiple computers at a time. Which cannot stop me from using the mighty iptables and live a peaceful life. Here is a quick tip as to set up an internet connection sharing and at the same time change the ttl values.

A fancy ascii connection structure

LanComputer (A, 192,168.1.100) ------> gateway(B, eth1 192.168.1.1)

gateway(B, ppp0 public ip) ------------> ISP (internet)

Here are the magic lines

$ sudo iptables -t nat -A POSTROUTING -j MASQUERADE
$ sudo iptables -A FORWARD -i ppp0 -o eth1 -s 192.168.1.0/24 -m state --state NEW -j ACCEPT
$ sudo iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
$ sudo iptables -t mangle -A PREROUTING -j TTL --ttl-inc 1

Also for internet connection sharing make sure the ip forwarding is setup. Here is the command.

$sudo sh -c "echo 1 > /proc/sys/net/ipv4/ip_forward"

More on internet connection sharing is available at https://help.ubuntu.com/community/Internet/ConnectionSharing

Now someone needs to test this with openwrt or ddwrt.

Cheers

My favorite Firefox Extentions

Extentions that i cannot live without in firefox.

1) Adblock Plus
Blocks all the adds, just couldn't live without it.
https://addons.mozilla.org/en-US/firefox/addon/1865

2) delicious bookmarks
Synchronizes all my bookmarks with del.icio.us. There is offline storage of bookmark which opens in a sidebar. Its really helpful.
http://delicious.com/help/quicktour/firefox

3) Downthemall
Helpful for quick and easy download. Supports resume and multiple part download. I rarely use an external downloader now.
http://www.downthemall.net

4) Firebug
Extremely helpful for debugging websites. If you are a webdeveloper then this is a must install addon. Helps to debug http requests, inspect DOM, modify CSS on the fly and lots of other features.
http://www.getfirebug.net

5) Fast Dial
When you open a new tab or a new window, it shows you a the thumbnail display of the websites you add to it. Its like a shortcut to most frequently used website. Extremely helpful.
https://addons.mozilla.org/en-US/firefox/addon/5721

6) Wikia Search Extension
Google isn't the only search engine. Now wikia is in my view a good open source alternative with user feedback option. You can add submit websites by a single Submit button. Also there is feature of rating as well.
https://addons.mozilla.org/en-US/firefox/addon/8267

7) Zotero
Saves your notes and research links inside your browser. Also it has option to sync your notes online. Helpful when you are doing lots of researches.
https://addons.mozilla.org/en-US/firefox/addon/3504

8) Tabs open relative
When google chrome was released, i loved its feature of opening new tab right beside the old tab. No more scrolling to the end of the tab list. Saves a lot of time and ease of use.
https://addons.mozilla.org/en-US/firefox/addon/1956

9) Tab duplicate
Duplicates the current tab. Helpful sometimes although i dont use it too much.
https://addons.mozilla.org/en-US/firefox/addon/28

10) Switch Proxy
Save a list of proxies. It then can be used as a minimalistic interface to switch between proxies. Very easy to use.
https://addons.mozilla.org/en-US/firefox/addon/125

Lots more useful addons available at https://addons.mozilla.org

Cheers all

Disable touchpad temporarily in HardyHeron Kubuntu/Ubuntu

This has been bugging me for a long time. Everytime i start typing a long paragraph, the cursor would randomly move to a different section of the paragraph messing up my typing.

Since the ksynaptics and gsynaptics have been removed from the HardyHeron repositories, i found these two really nice command line tools.

The syndaemon and the synclient programs

But first, before using those two command, we have to allow other programs to share the memory of the touchpad, this can be done by editing the /etc/X11/xorg.conf file. Look for a section called Synaptic Touchpad

Originally i had the section like this
Section "InputDevice"
Identifier "Synaptics Touchpad"
Driver "synaptics"
Option "SendCoreEvents" "true"
Option "Device" "/dev/psaux"
Option "Protocol" "auto-dev"
Option "HorizEdgeScroll" "0"
EndSection

I had to add an extra line Option "SHMConfig" "on" so that my new configuration now looks like

Section "InputDevice"
Identifier "Synaptics Touchpad"
Driver "synaptics"
Option "SendCoreEvents" "true"
Option "Device" "/dev/psaux"
Option "Protocol" "auto-dev"
Option "HorizEdgeScroll" "0"
Option "SHMConfig" "on"
EndSection

Now the syndaemon tool is really nice that it lest you modify the touchpad parameters.
Check out
$ syndaemon --help
for more info on it.

To automatically start syndaemon when KDE starts, i had to make a script and save it in ~/.kde/Autostart folder, so i did

$ vim ~/.kde/Autostart/syndaemon.sh
#!/bin/bash
/usr/bin/syndaemon -d -i 0.8 -t

and save the file.

the -d means run in background, -i 0.8 means disable the touchpad for 0.8seconds and the -t means Only disable tapping and scrolling, not mouse movements. Ofcourse more information can be viewed from man syndaemon or syndaemon --help

Logout and Login again, Happy typing.

Inkscape - Getting Alt+Click work on Linux

In linux, Alt+Click is reserved by the window manager, atleast default KDE reserves it to move windows.

To disable it, go to Control Center > Desktop > Window Behavior > Window Actions
and change Modifier Key + Left Button = Nothing,

Problem should be solved.

Reference
http://wiki.inkscape.org/wiki/index.php/FAQ#How_to_make_Alt.2Bclick_and_Alt.2Bdrag_work_on_Linux.3F

Socks Tunneling, Muaaah....

ssh has this very cool feature called dynamic port forwarding which acts as a SOCKS 5 proxy.

When I am in a bandwidth limited network (usually my university has not so good international connection, plus my home isp sucks), i connect to my server which is in NPIX through ssh and forward a local port in my machine to act as a socks proxy.

I then configure firefox to use the particular proxy and browsing becomes pleasent.

Until now I hadn't thought about using any other application other than firefox, I use downthemall to download files so that was sufficient.

Yesterday while updating my system, i needed to forward synaptic through the tunnel. Since synaptic only supports http proxy and not socks proxy, i was going nuts.

Thanks to tsocks, that problem has been solved.

Through tsocks, you can forward all the network activity of a program through a socks proxy, so just running synaptic or apt-get after tsocks means using the alternative bandwidth that we get :-) .

The whole system is as belows.

a) Connecting to a remote server and opening a socks proxy in local machine

bibek@godzilla:~$ ssh bibek@10.1.1.2 -D 1080
bibek@10.1.1.2's password:
Linux chichekServer 2.6.24-16-server #1 SMP Thu Apr 10 13:58:00 UTC 2008 i686

The programs included with the Ubuntu system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by
applicable law.

To access official Ubuntu documentation, please visit:
http://help.ubuntu.com/
Last login: Mon May 19 17:43:14 2008 from 10.1.1.1
bibek@chichekServer:~$

godzilla is my main server and chichekServer is my remote machine, through godzilla i logged into chichekServer and during that time, opened port 1080 in my local machine,

All i need now is to put the socks proxy name in firefox as below



Time to install tsocks in my home machine
bibek@godzilla:~$ sudo aptitude install tsocks

Configure tsocks to use localhost:1080 as proxy server
the last three lines of /etc/tsocks.conf are

server = 127.0.0.1
# Server type defaults to 4 so we need to specify it as 5 for this one
server_type = 5
# The port defaults to 1080 but I've stated it here for clarity
server_port = 1080

Now lets use tsocks to tunnel apt-get
bibek@godzilla:~$ tsocks apt-get install kde4

This should tunnel your application through the socks proxy. If you want to tunnel any other application just put tsocks in front of it.

This way we the benefit is we can tunnel even p2p applications through the socks proxy, which isn't possible through normal http proxies.

Cheers

Ubuntu ltsp-server-standalone

I nearly pulled all my hairs, the thin client was successfully getting ip from dhcpd but wasn't loading the kernel

The problem was with tftpd, which wasn't starting as it was supposed to :(
i tried
sudo dpkg-reconfigure tftpd-hpa
but no luck

the problem was there was no entry in the /etc/inetd.conf file

so i added the line at the end
tftp dgram udp wait root /usr/sbin/in.tftpd /usr/sbin/in.tftpd -s /var/lib/tftpboot

and restart, client boots successfully :) Hurrah!!

Setup of a local LAN svn server

In this article I will show you how to setup a local LAN svn server.

It assumes that you have all the tools already installed in your main server.

First lets create a new svn repository

$ svn create /home/user/SVNREPO
This creates our local SVNREPO folder, we will have to add projects on it

$ mkdir tmpdir
$ cd tmpdir
$ mkdir projectA
$ mkdir projectA/trunk
$ mkdir projectA/branches
$ mkdir projectA/tags
$ mkdir projectB
$ mkdir projectB/trunk
$ mkdir projectB/branches
$ mkdir projectB/tags
…
$ svn import . file:///home/user/SVNREPO --message 'Initial repository layout'
Adding         projectA
Adding         projectA/trunk
Adding         projectA/branches
Adding         projectA/tags
Adding         projectB
Adding         projectB/trunk
Adding         projectB/branches
Adding         projectB/tags
…
Committed revision 1.
$ cd ..
$ rm -rf tmpdir


There goes our project layout.

Now to access the svn through LAN, we'd use the svnserve command
Assuming our main server is 192.168.0.1, here is what we do

In server
$ svnserve -d -r /home/user/SVNREPO

And to authenticate our users so that to track of who changed what
we'll change the /home/user/SVNREPO/conf/svnserve.conf file

Uncomment these lines /home/user/SVNREPO/conf/svnserve.conf
[general]
anon-access = read
auth-access = write
password-db = passwd

And to add the authentication information in new file
/home/user/SVNREPO/conf/passwd

[users]
username=password
username2=password2

And we're done!!

To import a project
svn import . svn://192.168.0.1/projectA/trunk

Enter username and password as asked

To checkout an existing project
svn co svn://192.168.0.1/projectA/trunk projectALocal

Good day