Friday, November 29, 2013

Using corkscrew only if a reference host is unavailable

Here's a very simple solution if you sometimes have to use corkscrew and sometimes not when you could access the host directly.

I'm using socat to replace the corkscrew call if needed. Please comment if you know a better way.

Here's the script (called it selective-corkscrew): 
#! /bin/bash

refhost="$1"
timeout=1

ping -w$timeout -c1 "$refhost" >/dev/null 2>&1 &&\
    exec socat - "TCP4:$4:$5" ||\
    exec corkscrew "$2" "$3" "$4" "$5"
And add this to your ~/.ssh/config. Replace what you have to: 
Host *.domain
ProxyCommand selective-corkscrew referencehost.domain proxy.domain 3128 %h %p

Corkscrew is now only used if referencehost.domain doesn't answer the ping within 1 second.

If you don't know what's this all about, read this: using-corkscrew-to-tunnel-ssh-over-http!

Corkscrew Homepage

Posted by at No comments:
Labels: , ,

Monday, November 25, 2013

Useful Tools and One-liners

Find packages by size

dpigs

dpigs is available in the package debian-goodies. From the Manpage:
dpigs - Show which installed packages occupy the most space 

If you can't install debian-goodies for some reason, you can achieve the same result by this:




dpkg-query -Wf '${Installed-Size}\t${Package}\n' | sort -nr | head


Or, to read from /var/lib/dpkg/status directly without the need of any tools:



sed -ne '/^Package: \(.*\)/{s//\1/;h;};/^Installed-Size: \(.*\)/{s//\1/;G;s/\n/ /;p;}' /var/lib/dpkg/status | sort -nr | head 




Thanks to this site:












Posted by



at





No comments:
  


































          

        

          

        

Thursday, November 7, 2013


          

        










Amebix - Monolith


















Always makes me feel good listening to this ... best album ever!


















Posted by



at





No comments:
  


































          

        

          

        

Friday, November 1, 2013


          

        









Windows: Shutdown from command prompt











How to reboot or shut down Windows from within a script, or even a remote session:


:: show shutdown dialog:
 shutdown -i

:: halt:
 shutdown -s

:: reboot:
 shutdown -r

:: reboot, open all registered applications afterwards:
 shutdown -h

:: log off user:
 shutdown -l

:: shutdown in 60 seconds:
 shutdown -t 60

:: abort shutdown (if previously invoked with -t):
 shutdown -a

:: close all applications without warning:
 shutdown -f

:: enter boot options menu after reboot:
 shutdown -o

:: turn off computer, no warnings:
 shutdown -p

:: hibernate:
 shutdown -h

:: shutdown a specific computer:
 shutdown /m \\HOSTNAME











Posted by



at





No comments:
  


















Labels:

















          

        

          

        

Sunday, October 27, 2013


          

        










EasyBCD










Check out EasyBCD! 






It's a really cool tool to manage the windows boot loader, has lot's of features. You can also add external media, like a ISO Image as Boot Target, e.g to have your Setup CDs available without tinkering around with CDs or USB drives.



 It comes with a proprietary license, but is free for personal use!














Posted by



at





No comments:
  


































          

        

          

        

Wednesday, October 23, 2013


          

        









New Blog










I'm sick of moving my blog every time because I can't pay my server anymore. The second time this happened. Now i moved to Google, so hopefully nothing goes wrong anymore ;). Only drawback is that I can't do custom Services anymore for which i would need direct Server Access... but you can't have everything... Maybe i look a bit into Googles fancy App Engine...



I just imported my old posts from wordpress into blogger, after converting it with the neat online tool at http://wordpress2blogger.appspot.com/.

It still needed a little tweaking, but actually it worked surprisingly good. Don't hesitate to contact me if you see some layout flaws, etc.



Also, i want to personalize the site's style a bit when i have time and add syntax highlighting.









Posted by



at





No comments:
  


































          

        

          

        

Tuesday, October 22, 2013


          

        









User-Based Routing










I had to route multiple users to their own network interface. The best solution I found to accomplish this was with iptables owner match.



First off, you need a dedicated network interface. It doesn't really matter which method you choose to make this, for the sake of convenience I created an SSH Tunnel via a TAP interface. Here's some instructions that helped me achieving that:


Basically I used this line:


localhost:~ ssh -w any -o tunnel=ethernet root@192.168.xxx.xxx
localhost:~ ifconfig tap0 up 10.0.9.2
remotehost:~ ifconfig tap0 up 10.0.9.1



This automatically created the interface tap0 on both, local and remote host. I only assigned IP adresses to them and it worked kind of out-of-the-box. Note that you have to be root on both machines.



For sure one could also use OpenVPN, IPSec, n2n, or any other VPN Solution.



Once you set up your VPN and added a dedicated user, drop the following lines on your "source" machine (the one with the user which should be routed).



Note that you probably have to adjust the argument for uid-owner (the UID of the user obviously), the name of the interface (tap0 in my case) and the addresses for SNAT source and gateway. In my case 10.0.9.2 is the address of the source machine and 10.0.9.1 is from my gateway, the SSH Server i was connecting to.


# mark all packages from User ID 1006 with target number 5 (You can choose any number, just be consistent and make sure its not used by any other rules!)
~/  iptables -t mangle -A OUTPUT -m owner --uid-owner 1006 -j MARK --set-mark 5

# set up source natting for packages marked with target #5 (is this necessary, it's the same machine?!)
~/  iptables -t nat -A POSTROUTING -o tap0 -m mark --mark 5 -j SNAT --to-source 10.0.9.2

# use routing table 5 for packages marked with target #5
~/  ip rule add fwmark 5 table 5

# route all packages from routing table 5 through tap0 via 10.0.9.1 gateway
~/  ip route add default via 10.0.9.1 dev tap0 table 5 


Allright, now that the route is set up, you probably need ip forwarding on the server machine (the one running the SSH Server), otherwise you only reach the server itself and nothing further. The easiest is probably to use Masquerading.


# turn on ip forwarding
~/  echo 1 > /proc/sys/net/ipv4/ip_forward
# masquerade packets dedicated for interface eth0
~/  iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

# forward packets coming from tap0 to eth0
~/  iptables -A FORWARD -i tap0 -o eth0 -j ACCEPT

# forward packets coming from eth0 back to tap0
~/  iptables -A FORWARD -i eth0 -o tap0 -m state --state RELATED,ESTABLISHED -j ACCEPT


Now that's everything set up you can check if your route works.



log in to your "source" machine, and check which route is used when contacting a host which should be reachable:


# find some ip address
~/  dig +short google.com | head -n1
 64.15.113.39


first, try as a "normally" routed user:


 ~/  ip route get 64.15.113.39
64.15.113.39 via 192.168.2.1 dev wlan0  src 192.168.2.102 
    cache  ipid 0x85d4 rtt 27ms rttvar 121ms cwnd 10


then, log in as our specially treated user and try the same. You should get a different result:


 ~/  ip route get 64.15.113.39
64.15.113.39 via 10.0.9.1 dev tap0  src 10.0.9.2
    cache 


works like a charm...









Posted by



at





No comments:
  


















Labels:
,
,
,
,
,

















        

      









Subscribe to:
Posts (Atom)