It comes with a proprietary license, but is free for personal use!
Sunday, October 27, 2013
EasyBCD
Check out EasyBCD!
It's a really cool tool to manage the windows boot loader, has lot's of features. You can also add external media, like a ISO Image as Boot Target, e.g to have your Setup CDs available without tinkering around with CDs or USB drives.
It comes with a proprietary license, but is free for personal use!
It comes with a proprietary license, but is free for personal use!
Wednesday, October 23, 2013
New Blog
I'm sick of moving my blog every time because I can't pay my server anymore. The second time this happened. Now i moved to Google, so hopefully nothing goes wrong anymore ;). Only drawback is that I can't do custom Services anymore for which i would need direct Server Access... but you can't have everything... Maybe i look a bit into Googles fancy App Engine...
I just imported my old posts from wordpress into blogger, after converting it with the neat online tool at http://wordpress2blogger.appspot.com/.
It still needed a little tweaking, but actually it worked surprisingly good. Don't hesitate to contact me if you see some layout flaws, etc.
Also, i want to personalize the site's style a bit when i have time and add syntax highlighting.
I just imported my old posts from wordpress into blogger, after converting it with the neat online tool at http://wordpress2blogger.appspot.com/.
It still needed a little tweaking, but actually it worked surprisingly good. Don't hesitate to contact me if you see some layout flaws, etc.
Also, i want to personalize the site's style a bit when i have time and add syntax highlighting.
Tuesday, October 22, 2013
User-Based Routing
I had to route multiple users to their own network interface. The best solution I found to accomplish this was with iptables owner match.
First off, you need a dedicated network interface. It doesn't really matter which method you choose to make this, for the sake of convenience I created an SSH Tunnel via a TAP interface. Here's some instructions that helped me achieving that:
For sure one could also use OpenVPN, IPSec, n2n, or any other VPN Solution.
Once you set up your VPN and added a dedicated user, drop the following lines on your "source" machine (the one with the user which should be routed).
Note that you probably have to adjust the argument for uid-owner (the UID of the user obviously), the name of the interface (tap0 in my case) and the addresses for SNAT source and gateway. In my case 10.0.9.2 is the address of the source machine and 10.0.9.1 is from my gateway, the SSH Server i was connecting to.
log in to your "source" machine, and check which route is used when contacting a host which should be reachable:
First off, you need a dedicated network interface. It doesn't really matter which method you choose to make this, for the sake of convenience I created an SSH Tunnel via a TAP interface. Here's some instructions that helped me achieving that:
- http://sleepyhead.de/howto/?href=vpn
- http://sgros.blogspot.co.at/2011/11/ssh-vpns-bridged-connection-to-lan.html
- http://la11111.wordpress.com/2012/09/24/layer-2-vpns-using-ssh/
localhost:~ ssh -w any -o tunnel=ethernet root@192.168.xxx.xxx localhost:~ ifconfig tap0 up 10.0.9.2 remotehost:~ ifconfig tap0 up 10.0.9.1This automatically created the interface tap0 on both, local and remote host. I only assigned IP adresses to them and it worked kind of out-of-the-box. Note that you have to be root on both machines.
For sure one could also use OpenVPN, IPSec, n2n, or any other VPN Solution.
Once you set up your VPN and added a dedicated user, drop the following lines on your "source" machine (the one with the user which should be routed).
Note that you probably have to adjust the argument for uid-owner (the UID of the user obviously), the name of the interface (tap0 in my case) and the addresses for SNAT source and gateway. In my case 10.0.9.2 is the address of the source machine and 10.0.9.1 is from my gateway, the SSH Server i was connecting to.
# mark all packages from User ID 1006 with target number 5 (You can choose any number, just be consistent and make sure its not used by any other rules!) ~/ iptables -t mangle -A OUTPUT -m owner --uid-owner 1006 -j MARK --set-mark 5 # set up source natting for packages marked with target #5 (is this necessary, it's the same machine?!) ~/ iptables -t nat -A POSTROUTING -o tap0 -m mark --mark 5 -j SNAT --to-source 10.0.9.2 # use routing table 5 for packages marked with target #5 ~/ ip rule add fwmark 5 table 5 # route all packages from routing table 5 through tap0 via 10.0.9.1 gateway ~/ ip route add default via 10.0.9.1 dev tap0 table 5Allright, now that the route is set up, you probably need ip forwarding on the server machine (the one running the SSH Server), otherwise you only reach the server itself and nothing further. The easiest is probably to use Masquerading.
# turn on ip forwarding ~/ echo 1 > /proc/sys/net/ipv4/ip_forward # masquerade packets dedicated for interface eth0 ~/ iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE # forward packets coming from tap0 to eth0 ~/ iptables -A FORWARD -i tap0 -o eth0 -j ACCEPT # forward packets coming from eth0 back to tap0 ~/ iptables -A FORWARD -i eth0 -o tap0 -m state --state RELATED,ESTABLISHED -j ACCEPTNow that's everything set up you can check if your route works.
log in to your "source" machine, and check which route is used when contacting a host which should be reachable:
# find some ip address ~/ dig +short google.com | head -n1 64.15.113.39first, try as a "normally" routed user:
~/ ip route get 64.15.113.39
64.15.113.39 via 192.168.2.1 dev wlan0 src 192.168.2.102
cache ipid 0x85d4 rtt 27ms rttvar 121ms cwnd 10
then, log in as our specially treated user and try the same. You should get a different result: ~/ ip route get 64.15.113.39
64.15.113.39 via 10.0.9.1 dev tap0 src 10.0.9.2
cache
works like a charm...
Subscribe to:
Posts (Atom)