Rediscovering the commandline with Zsh’s Bang!

I always do my thing on the commandline and I have never really mastered all the nifty power user stuff that ZSH provides.

One of this is the commandline editing command using the Bang (!) /exclamation point. This command saves one a lot of time retyping on the shell. This basically allows you to access the history file and do some cool manipulations like searching and editing.

Now I just need to practice this newly found power I have. Hurray to Zsh!

Howto make your ordinary printer an (HP) Airprint printer

I wanted our brother laser printer to work on my wife’s iphone , it turns out it’s fairly easy to do.

First one needs to install CUPS,which is the only printer server that I use. It just works period.
Then I had to add the printer. I set it up using socket://ip address per the CUPS manual. It says there socket or otherwise known as the jetdirect protocol is the fastest way to connect one’s printer so try that first. For me it worked right out of the box.

Now,in order for the printer to appear on an Iphone or an Ipad,one just needs to check off that box that says “share this printer”. That’s it! Voila! Instant Airprinting! Take note though that one must be using the latest CUPS version so if its not working try updating.

Now, there are certain apps that I notice that asks for a specific brand of printer eg coupons.com ,so when one tries to use print it doesn’t show on the list of available printer. I found a hack to make it work. It’s kinda trivial really. This is how you do it. Let’s say if I wanted my Brother to show up as an HP printer all I need to do is edit the ppd file for that printer. So go ahead and add a new printer and choose the same settings for the one you already have and just change the name and description. Now we have to find that ppd for that new printer we just added and edit that file to make it appear that its an HP printer. The PPD is really just a text file so just edit the manufacturer and model fields and it should work.

If it still doesn’t show,wait a few minutes. If not,restart CUPS and AVahi or your Iphone/Ipad.

Now if only I could print remotely,like through a VPN. . . .

Switching to FreeSwitch

freeswitch

I am taking on a new project. I already started this a week ago and It’s still really a work in progress.

So,from my title you may know that I am trying out Freeswitch. I had Asterisk for so long I can’t even remember now. I mainly use my Asterisk setup for google voice and I don’t like that their implementation breaks a lot. I really don’t know if its Asterisk’s fault but I am just willing to try out something new ,hopefully this will be a whole lot better.

A couple of days ago ,I already figured out how to get incoming and outgoing GV(google voice) calls. Now all I need is to make a few adjustments to the dialplan,if I figure this out.*crosses fingers* The dialplan for me I think is much easier to understand than asterisk ,I just need a refresher on REGEX because all the logic depends on it.

Browsing through the Freeswitch wiki ,I found that refresher on REGEX.Thanks a lot to the Freeswitch community,I feel like I am . . .home. *winks*

Linux IPSec VPN for Ipad

After about a week of googling and like a ton of hours spent on doing trial and error, I finally got a working VPN to my server. I am now able to connect successfully so I can call it rather a success. I may have to do a little more tweaking to further fine tune it though.

There is a lot of information on the web but finding the right recipe is a bit tricky.

First off, I found out that VPN per se is a PITA to setup in linux. There are a lot of stuff we can use for our server. One can use OpenSwan,FreeSwan,StrongSwan and OpenVPN . I tried OpenVPN before and I use it for a while. OpenVPN is purely in userspace so there is no kernel modules needed but most OS do not have a client builtin so one has to install their client.

Now,IPSEC is the linux kernel VPN implementation so there is a lot of benefit that I can only imagine for that. The *Swan’s are mostly right now the userland stuff that controls the kernel modules that one uses. There is a lot of misleading info out there. And most of them tells you to install one of the *Swan’s . I never tried it. I went with a much simpler approach,using just raccoon and xl2tpd.

I tried several times figuring out the proper mix of settings for raccoon and xl2tpd but I could never get it right. I was always stuck with xl2tpd closing the connection.

Reading a bit more in the web,I read that I could ditch xl2tpd all together and just do pure IPSEC. So I did a bit more tweaking and voila! A much simpler setting with only raccoon to contend with.

My raccoon config:

log debug;
path pre_shared_key "/etc/racoon/psk.txt";
#path certificate "/etc/racoon/certs";

remote anonymous {
exchange_mode aggressive,main;
my_identifier user_fqdn "redacted";
peers_identifier fqdn "debian";
dpd_delay 20;
ike_frag on;
nat_traversal on;
passive on;
initial_contact off;
generate_policy on;
lifetime time 24 hour;
mode_cfg on;
verify_cert off;
proposal {
encryption_algorithm aes;
hash_algorithm sha1;
authentication_method xauth_psk_server;
dh_group 2;
}
}
sainfo anonymous {
lifetime time 12 hour;
encryption_algorithm aes;
authentication_algorithm hmac_sha1;
compression_algorithm deflate;
}

mode_cfg {
network4 10.99.99.0;
pool_size 255;
netmask4 255.255.255.0;
auth_source system;
}

Diagnosing a Linux problem

debian
debian

I was trying to backup my debian server using this s3fs script but apparently I forgot that the script needs fuse in the kernel. Since I just upgraded my kernel to 2.6.30 ,I mistakenly compiled Fuse in the kernel ,It needs to be compiled as a module.

So this provides an excuse to upgrade my kernel again,ok done it . Installing but what is this !!

grub-probe: cannot find a device for /

shucks! Grub has a bug or LVM ..anyway I found a temporary solution in the internet..
LVM2+Grub-pc

To top all of this, debian’s kernel-package has a missing or malfunctioning initramfs hook script which leaves my new kernel without an initrd! Thanks to a backup kernel ,I was able to boot and copy the example initramfs script in /usr/share/kernel-package/examples/ .

Wheeew! that tooked a lot of time to diagnose. . I wonder if stable has this kind of problems .

My Openwrt “LinuxRules!” Dnsmasq setup for LTSP

Here it is ,my dnsmasq.conf :

# filter what we send upstream
domain-needed
bogus-priv
filterwin2k
localise-queries

# allow /etc/hosts and dhcp lookups via *.lan
local=/lan/
domain=lan
expand-hosts
no-negcache
resolv-file=/tmp/resolv.conf.auto

# enable dhcp (start,end,netmask,leasetime)
dhcp-authoritative
#dhcp-range=192.168.1.100,192.168.1.250,255.255.255.0,12h
dhcp-leasefile=/tmp/dhcp.leases

# use /etc/ethers for static hosts; same format as –dhcp-host
#
read-ethers

# other useful options:
# default route(s): dhcp-option=3,192.168.1.1,192.168.1.2
# dns server(s): dhcp-option=6,192.168.1.1,192.168.1.2

#My PXE setup 12-30-06
#dhcp-vendorclass=pxe,PXEClient

dhcp-option=17,”192.168.1.115:/opt/debian”
dhcp-option=128,e4:45:74:68:00:00
#dhcp-boot=/opt/debian/vmlinux,debian,192.168.1.115
dhcp-boot=/opt/ltsp/i386/vmlinux,debian,192.168.1.115
#dhcp-boot=/opt/linux/vmlinux,debian,192.168.1.115
dhcp-option=211,nfs
##
#new option from http://wiki.ltsp.org/twiki/bin/view/Ltsp/DHCP#dnsmasq
#
#dhcp-option=17,”192.168.1.115:/opt/ltsp/i386/”
#dhcp-vendorclass=pxe,PXEClient
#dhcp-boot=net:pxe,/var/lib/tftpboot/ltsp/i386/pxelinux.0,tux,192.168.1.115

The ones in red are the most important ones coz that will allow you to boot your thinclient via dhcp and nfs.

Big Blue ThinClient with Debian

About a week ago ,I got the IBM Netvista 2200 that I bought from Ebay . I wasn’t expecting it to be that small a thin client . Its just about an inch and a half thick..Anyways, I was planning to setup it up as a diskless client. So I already had a pretty rough idea how a diskless client works.. To sum it up,it gets its kernel from a server and run everything off of that server ..

Well,for a client to boot from the server it must have PXE. Turns out mine doesn’t have it.. so it has to have some other means of booting from a server since it’s a thin client.. to get it to boot one must setup the dhcp server to serve the kernel via NFS since TFTP via PXE doesn’t work ..

I have my Openwrt setup that way ..I’ll post my dnsmasq here next time ..

Azureus and Openwrt

The following problem has been bugging for the past two days . I have been using bittornado for my torrent needs ever since I was in to torrents. Bittornado is curses base and I tried Azureus which is java base for a while but I didn’t really tinker with it that much . Anyways ,I have a router in between my computer and my cable modem . I have OPENWRT White Russian on it. It’s really nice to have a little bit of something in between you and wild net outside ..

My home computer network looks like this :

* Debian Sid on a Pentium 3 500mhz
* Linksys WRT54G ver 2.2 i think
* Openwrt on the Linksys

I was trying Azureus 2.4.0.2 and I notice that It keeps telling me that my Router is not set up right . I always get a either a DHT firewalled or NAT firewalled status on the lower status bar .I went about googling for solutions :

1. I sshd to my router and added the ff line in my /etc/firewall.user: iptables -t nat -A prerouting_rule -i $WAN -p tcp –dport 6880:6990 -j DNAT –to 192.168.1.100:10000
iptables -A forwarding_rule -i $WAN -p tcp –dport 10000 -d 192.168.1.100 -j ACCEPT
iptables -t nat -A prerouting_rule -i $WAN -p udp –dport 6880:6990 -j DNAT –to 192.168.1.100:10000
iptables -A forwarding_rule -i $WAN -p udp –dport 10000 -d 192.168.1.100 -j ACCEPT
2. I reloaded the firewall after that by : #/etc/init.d/S45firewall restart
3. however that didn’t work ,so ;I tried changing /etc/config/firewall ,this file is used by NBD’s qos-scripts and according to the info I googled supposedly makes it easy to change the nat behaviour ..
I added this line: forward:dport=6880-69990:192.168.1.100:10000

All this suppose to setup my my portforwarding , this supposedly forwards all incoming connections to my routers ports 6880-6990 to my computers port 10000. .
I tried to look at my computers netstat output but all I can see was that my port 10000 is open and when I used shields-up to probe my port 6880-6990 ,it was also open but still no NAT success with Azureus..

I also noticed that the netstat output shows that there are tcp6 and udp6 ports that are open . I didn’t know that I was using anything that has to do with ipv6 .. So I googled my friend google ..hehehehe .. and I came across this forum for redhat users … It suggested there to turn off aliases for ipv6 in /etc/modutils/aliases . That took care of the ipv6 problem when I rebooted no more ipv6 ports opened but i still have no nat for Azureus ..

I finally got a working /etc/firewall.user line that worked .after so many hours of tweaking . I read somewhere that azureus or bittorrent for that matter doesn’t like the usual ports opened coz some isp’s are blocking this ,so I thought about it.. Maybe just change the dport to something else and don’t change the forwarding rule to another port .

So my final rule that got me is this :

iptables -t nat -A prerouting_rule -i $WAN -p tcp –dport 60881 -j DNAT –to 192.168.1.100
iptables -A forwarding_rule -i $WAN -p tcp -d 192.168.1.100 -j ACCEPT
iptables -t nat -A prerouting_rule -i $WAN -p udp –dport 60881 -j DNAT –to 192.168.1.100
iptables -A forwarding_rule -i $WAN -p udp -d 192.168.1.100 -j ACCEPT

That dport flag on the prerouting rule is arbitrary .. You can change it to anything . After this I reloaded the firewall and to make sure ,I rebooted the router and also my computer ..
I also change the port settings on Azureus and voila! Magic! My azureus is going green eversince ..

A few pointers ,give it a little while if at startup its yellow .. it takes a while for it to change ..Also,there are some torrents out there that is bad ,meaning ,there is no seeds and tracker site is down ,So if you run into this then it’s not really you thats the problem . Also, I don’t have to say this but if you’re torrenting you must be prepared to give,i mean don’t try to be a leech.. or you’ll get what’s coming to you ..

I hope this helps all those Azureus users out there. Coz ,this has got me some lost hours of sleep!

HTH