Frederik Questier
Home / News Photos Biography Varia Links
Frederik Questier


Howtos

Content:


Copyleft 2003-2009 Frederik Questier
Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.2 or any later version published by the Free Software Foundation; with no Invariant Sections, no Front-Cover Texts, and no Back-Cover Texts.



Use of encrypted ssh tunnels for mail, www and other services

Aim
  • Encrypt your passwords and data traffic, e.g. on untrusted (WiFi) networks.
  • Avoid changing smtp servers when moving laptop between work and home.
  • Pass validation as a machine of your university/company/...

Setup of the tunnel
  • We will forward localhost ports over an encrypted tunnel through a ssh server (at our work/university/ISP/...) to our mail and proxyservers over there.
  • Choose your ssh-server as close as possible to your mail and proxyserver, or even better choose one of those two as the ssh-server if possible.
  • It's easy to choose the local ports as { remote port + 10000 }
  • General example (one line):
      ssh -L 10080:proxyserver:80 -L 10025:smtpserver:25 -L 10110:popserver:110 -N sshserver -l your_username_on_sshserver
  • Example for my university (one line):
      ssh -L 10080:proxy.vub.ac.be:80 -L 10025:smtp.vub.ac.be:25 -L 10110:pop.vub.ac.be:110 -N mach.vub.ac.be
  • UPDATE APRIL 2009: My University/VUB proxy server is dead. A proxyless solution can be constructed as follows:
      ssh -D 10080 -L 10025:smtpserver:25 -L 10110:popserver:110 -N sshserver -l your_username_on_sshserver
      ssh -D 10080 -L 10025:smtp.vub.ac.be:25 -L 10110:pop.vub.ac.be:110 -N mach.vub.ac.be

Setup of the client programs
  • Mailclient: smtp host = localhost, port = 10025
  • Mailclient: pop host = localhost, port = 10110
  • Webbrowser
      With proxy: http proxy = localhost, port = 10080
      Without proxy: SOCKS host = localhost. port = 10080

Example of tunnel setup and Firefox (Iceweasel) web browser setup (click to enlarge):
Setup of tunnel and browser

Security

  • This ssh encryption (actually encryption protocols can be chosen) is far superior to any WiFi WEP or WPA encryption.
  • Firewall your 10xx0 ports, otherwise bad people might be able to use your home machine to send spam through your company mailserver or access other info they are not entitled to.
  • This setup allows you to go through undesired firewalls blocking www, mail, or other services (imap 143, news 119, ..., probably not ftp)
    • IF the ssh port is not blocked
    • and IF you have a valid ssh login.
  • Basically this allows you to use in a very secure way services that (probably for security reasons) are only available inside the organisation.
  • If the ssh-port is blocked somewhere in your path, you could setup ssh on any other non-firewalled port on some server inside your organisation ;-)
  • This method does not give you access to services you're not entitled to, but you might need to consult the network policy of your organisation.

General considerations
  • Ofcourse one can tunnel much more than just mail and www.
  • Maybe stunnel could be used instead of ssh?
  • Above method is constructed on Linux with OpenSSH, but you find this OpenSSH or another SSH client (preferably command line) on most other decent Operating Systems (no, that does not include M$ Windows, see below).
  • ssh is standard available on Mac OS X and this is reported to work.
  • M$ Windows lacks a ssh client, but Windows users could have a look at OpenSSH for Windows, cygwin or Putty.
  • Test on a Sony-Ericsson P900 Smartphone: There is a putty client for Symbian, but it seems it does not (yet) support port forwarding.
  • Test on a Qtek 2200(?) PDA: There is a putty client for MS Windows Mobile Pocket PC, but it seems it does not yet support port forwarding.
  • UPDATE APRIL 2009: if you install the package "autossh - Automatically restart SSH sessions and tunnels" you can replace the 'ssh' command in the above examples by 'autossh'
  • You can avoid the need for passwords with ssh-keys:
      ssh-keygen -t rsa
      (enter empty passphrase)
      upload the generated ~/.ssh/id_rsa.pub on your server at your server in .ssh/authorized_keys


Share keyboard and mouse between multiple computers with synergy software

Synergy is Free Open Source Software (GPL Licensed) that allows to use one set of keyboard and mouse to control different computers.

My install log for 3 computers (debian and Kubuntu) was as follows:

  • On all computers:
      apt-get install synergy
  • Edit /etc/synergy.conf on the computer you will use as server:
    section: screens
      mystica:
      lilith:
      satis:
    end
    
    section: links
      mystica:
        right = lilith
        left  = satis
      lilith:
        left  = mystica
        right = satis
      satis:
        left = lilith
        right = mystica
    end
    
    section: aliases
      mystica:
        192.168.1.3
      lilith:
        192.168.1.106
      satis:
        192.168.1.5
    end
    
  • Default setup without encryption:
      Run at server:
        synergys -f
      Run at clients:
        synergyc 192.168.1.5
  • Secure setup with encryption:
      Run at server (satis in my case):
        synergys -f
      Run at clients
        ssh -N -L 24800:192.168.1.5:24800 192.168.1.5
        synergyc localhost

Notes:

  • If you want to change the roles of server and client: upload the synergy.conf on any of your machines, and swap synergyc/synergys.
  • This software works cross platform: Linux or any other Unix, including MacOS X; and even Windows.
  • Yes, this happily saves you big money on a KVM. But you will need a screen for each computer. Which is very nice for me: simultaneous views on each screen.


Mozilla & Webdav based cross-platform solution for sharing calendars with colleagues

Aim (all fullfiled with proposed solution):
  • Share calendars amongst colleagues
  • Have offline access to your own calendar (and others, albeit maybe not up to date)
  • Have (online/offline) access to calendars of colleagues, even when they are offline.
  • Work together on shared calendars
  • Platform independent (at least Linux, Mac, Windows)
Solution: Server install
  • Make sure you have mod_dav enabled for Apache
  • /etc/httpd/httpd.conf should contain something like:

      LoadModule dav_module modules/mod_dav.so

      <Location /kalenders>
      DAV On
      </Location>

  • password protect /var/www/html/kalendars with .htaccess
Client install, config and settings
  • Install Mozilla calendar onto Mozilla webbrowser or Mozilla Firefox.
  • If you want to start the calendar without the browser you can start it with
    • Firefox: firefox -calendar
    • Mozilla: Change Mozilla Preferences, Appearance, Start up
Considerations about the sharing mechanism
  • Subscribe to the remote calendars, chosing a different color for each.
  • Make sure calendar focus (top left) is on your own calendar before you add events.
  • The calendar file on the server is considered as the main copy. Your local file is considered as a copy.
  • If you want to
    • edit your calendar offline
    • avoid colleagues overwriting your calendar
    then
    • make sure Calendar Options, "Reload Remote Calendars on Startup" is off
    • don't enable "publish automatically"
    • publish your own calendar before you ask "refresh remote calendars" (?)
  • Use separate, not-published, calendar for private events. Mozilla works wonderful with multiple calendars.
  • It's possible to have calendars writable by everyone in the team, e.g. a calendar for the meeting room.
Hints:
  • Copy event by Ctrl-drag
Bugs or missing features:
  • Private events are stored on server, because complete calendar file is stored unaltered on server. Mozilla is showing those private events to others. Mozilla hiding those events in the clients would offere no real privacy, as source of files are readable with simple webbrowsers.
  • If one has chosen "Publish automatically" one cannot edit/add events offline.
  • It's not possible to copy events from other calendar to your own (or another) by dragging the event to the calendar of choice.
  • A pasted event dialog starts gets other hours and sometimes other dates.
  • "All day events" are not coloured in week view

Linux installation of Wi-Fi card Proxim Orinoco Silver

HISTORY
  • 05/09/03 Started this HOWTO as documentation and driver was absolutely not widespread on the Internet.
  • ??/??/03 Agere finally released the driver on their website.
  • 26/01/04 Update of this HOWTO for the new driver release and Mandrake 9.2
  • 13/02/05 Avoid this card as drivers for Linux Kernel version 2.6.x seem to stay unavailable.
Details card
  • Outside labels
      Proxim IEEE 802.11b PC-Card Orinoco Silver
      Model 8241-WD
      Proxim Corporation 8420-WD, 842X Agere Systems 0110-PC
      FCC-ID: IMRPC2411B
  • Identified by cardmgr (cardctl ident) as
      product info: "Agere Systems", "Wireless PC Card Model 0110", "", ""
      manfid: 0x0156, 0x0003 function: 6 (network)
Tested Environments:
  • Knoppix V3.2-2003-07-26: card not (yet) supported
  • Mandrake 9.1/9.2: installation as mentioned below
Driver sources and documentation
  • Agere Systems Drivers site
  • Greenblaze.com: He was the first to publish the drivers on the web - Notes for Redhat 9.0
  • Local copy: driver version 7.14, September 2003
    This version supports:
    • "Wireless PC Card Model 0104" ("Gold" and "Silver")
    • "Wireless PC Card Model 0106" ("Gold" and "Silver")
    • "Wireless Integrated Card Model 0202"
    • "Wireless Embedded Card Model 0504" (MiniPCI)
    • "Wireless PC Card Model 0110"
    • "Wireless PC Card Model 0111"
    • "Wireless MiniPCI Card Model 0506"
    • "Wireless MiniPCI Card Model 0508"
    • "Wireless CompactFlash Card Model 1401"
    • Other wireless adapters based on Agere's Hermes-I/Hermes-II chipset.
  • Local copy: driver version 7.22, July 2004
    This version supports:
    • network interface cards based on WL60010, a.k.a. Hermes-II
    • network interface cards based on WL60040, a.k.a. Hermes-II.5
    • NO LONGER Hermes-I
Installation (on Mandrake 9.2)
    Follow the instructions of the readme in the driver package
    My installation log:
      wget http://pcmcia-cs.sourceforge.net/ftp/pcmcia-cs-3.2.7.tar.gz
      wget http://www.agere.com/support/drivers/wl_lkm_714_release.tar.gz
      tar xvzf pcmcia-cs-3.2.7.tar.gz
      cd pcmcia-cs-3.2.7/
      tar xvzf ../wl_lkm_714_release.tar.gz
      ./Configure
      ./Build
      ./Install
      /etc/init.d/pcmcia restart
      
      Insert card and surf
Installation (on Mandrake 9.1)
    Follow the instructions of the readme in the driver package
    My installation log:
      wget http://pcmcia-cs.sourceforge.net/ftp/pcmcia-cs-3.2.4.tar.gz
      wget http://www.greenblaze.com/orinoco/wl_lkm_708_beta.tar.gz
      tar -xzvf pcmcia-cs-3.2.4.tar.gz
      cd pcmcia-cs-3.2.4
      tar -xzvf ../wl_lkm_708_beta.tar.gz
      ./Configure
      make all     # not needed according to README?
      ./Build
      ./Install
      /etc/init.d/pcmcia restart
      
      Insert card and surf
Notes
  • The hard part about this installation was to find which was the chipset and needed driver. The driver is (was) absolutely not widespread on the Internet.
  • The installation procedure of the readme looks difficult (recompilation of full pcmcia package), but actually turned out to be easy.

Linux installation of Wi-Fi card Belkin F5D6020 ver.2

Details card
  • Outside labels
      Belkin F5D6020 ver.2
      ver. 2100
      FCCID: K7SF5D6021
  • Identified by cardmgr (cardctl ident) as
      product info: "Belkin", "11Mbps-Wireless-Notebook-Network-Adapter"
      manfid: 0x01bf, 0x3302 function: 6 (network)
Tested Environments:
  • Knoppix: supported since V3.2-2003-07-25
  • Mandrake 9.1: installation as mentioned below
Driver sources and documentation Installation on Mandrake 9.1
    I choose the easy way and downloaded somewhere (?) the module pcmf502rd.o compiled for my Mandrake 9.1
    My installation log:
      mkdir /lib/modules/2.4.21-0.13mdk/pcmcia
      cp pcmf502rd.o /lib/modules/2.4.21-0.13mdk/pcmcia/
      vi /etc/pcmcia/config
       Add:
         device "pcmf502rd"
      	class "network" module "pcmf502rd"
      
         card "Belkin 11Mbps-Wireless-Notebook-Network-Adapter"
      	version "Belkin", "11Mbps-Wireless-Notebook-Network-Adapter"
      	bind "pcmf502rd"
      
      
      /etc/init.d/pcmcia restart
      
      
      Insert card and surf
Installation on Debian Sarge/Testing, kernel 2.6.3
    Since kernel 2.6, driver support for this card is builtin in the kernel.
    However, a propietary firmware is needed. This can be installed very easy with synaptic or with apt-get:
      apt-get install atmel-firmware
      
      Insert card and surf
Notes
  • This new version of the Belkin F5D6020 is hard to distinguish from the previous version, but uses a complete different chipset, anno 2003 not yet supported out of the box in all Linux distributions.
  • Compared to the Proxim Orinoco Silver 8241-WD and the Lucent Orinico Gold, this F5D6020 ver.2 is very weak: basicaly, it hardly gets any signal through a wall.

Linux installation of D-Link DWL-G650 Rev. C2

Details card
  • Outside labels
      D-Link Airplus Xtreme G 2.4 Ghz High-Speed Wireless Cardbus Adapter DWL-G650
      P/N DWL G650EU.C2
      H/W Ver.: C2 F/W Ver.: 3.1.6
      FCCID: KA220030900 16-2
  • Identified by cardmgr (cardctl ident) as
      product info: "Atheros Communications, Inc.", "AR5001-0000-0000", "Wireless LAN Reference Card", "00"
      manfid: 0x0271, 0x0012
  • Identified by lspci as
      0000:07:00.0 Ethernet controller: Atheros Communications, Inc. AR5212 802.11abg NIC (rev 01)
      Subsystem: D-Link System Inc: Unknown device 3a12
Tested Environments:
  • Knoppix V3.7 (12 dec 2004): not autodetected (madwifi drivers are included, so it must be possible)
  • Mandrake 10.0: not autodetected. Install should be possible. Check again here soon.
  • Debian Sarge (testing): see below
Driver sources and documentation Installation on Debian (Sarge testing, kernel 2.6.8)
    Martin List-Petersen maintains Debian madwifi packages and has an excellent installation manual, which worked flawless. My installation log:
      vi /etc/apt/sources.list [Add the Marlow debian package repository]
      apt-get update
      apt-get install kernel-source-2.6.8
      cd /usr/src
      tar -xjvf kernel-source-2.6.8.tar.bz2
      cd kernel-source-2.6.8
      cp /boot/config-2.6.8-2-686 .config
      make-kpkg --append-to-version "-2-686" --revision 2.6.8 --config old configure
      apt-get install madwifi-source madwifi-tools
      apt-get source madwifi
      cd madwifi-1.6
      apt-get install fakeroot
      fakeroot dpkg-buildpackage
      cd ..
      dpkg -i madwifi-source_20050212_all.deb
      dpkg -i madwifi-tools_20050212_i386.deb
      cd /usr/src/
      tar -xzvf madwifi.tar.gz
      cd kernel-source-2.6.8
      fakeroot make-kpkg --append-to-version "-2-686" --revision 2.6.8 --added-modules madwifi modules_image
      dpkg -i /usr/src/madwifi-module-2.6.8-2-686_20050212-1-onoe+2.6.8_i386.deb
      update-modules
      modprobe ath_pci
      dhclient ath0
      
Installation on Mandrake 10.1 (kernel 2.6.8)
    My installation log:
      urpmi kernel-2.6
      urpmi kernel-source-2.6
      
      cvs -z3 -d:pserver:anonymous@cvs.sourceforge.net:/cvsroot/madwifi co madwifi
      cd madwifi/
      make
      make install
      � 
      update modules
      depmod -a
      
      cp -aR /lib/modules/2.6.8.1-24-mdkcustom/net /lib/modules/2.6.8.1-24-mdk
      � 
      modprobe ath_pci
      
      urpmi dhcpcd
      � 
      vi /etc/sysconfig/network-scripts/ifcfg-ath0
      	STARTMODE=hotplug
      	DEVICE=ath0
      	BOOTPROTO=dhcp
      	NETMASK=255.255.255.0
      	ONBOOT=yes
      	WIRELESS=yes
      	WIRELESS_MODE=Managed
      	WIRELESS_ESSID=XXXXXXXXX
        
      dhcpcd ath0
      
Installation on Mandriva 2005
    My installation log:
      cvs -z3 -d:pserver:anonymous@cvs.sourceforge.net:/cvsroot/madwifi co madwifi
      cd madwifi/
      make
      make install
      � 
      update modules
      depmod -a
      
      cp -aR /lib/modules/2.6.11-6mdkcustom/net/ /lib/modules/2.6.11-6mdk-i686-up-4GB
      � 
      modprobe ath_pci
      � 
      vi /etc/sysconfig/network-scripts/ifcfg-ath0
      	STARTMODE=hotplug
      	DEVICE=ath0
      	BOOTPROTO=dhcp
      	NETMASK=255.255.255.0
      	ONBOOT=yes
      	WIRELESS=yes
      	WIRELESS_MODE=Managed
      	WIRELESS_ESSID=XXXXXXX
      
      dhclient ath0
      
Installation on Fedora Core 4
    My installation log:
      yum install sharutils		# because we need uudecode
      cvs -z3 -d:pserver:anonymous@cvs.sourceforge.net:/cvsroot/madwifi co madwifi
      cd madwifi/
      make
      make install
      � � 
      vi /etc/sysconfig/network-scripts/ifcfg-ath0
      	STARTMODE=hotplug
      	DEVICE=ath0
      	BOOTPROTO=dhcp
      	NETMASK=255.255.255.0
      	ONBOOT=yes
      	WIRELESS=yes
      	WIRELESS_MODE=Managed
      	WIRELESS_ESSID=XXXXXXX
      
      dhclient ath0
      
      
Notes
  • I wanted to buy a few identical 802.11g 54mbit/s WiFi cards, but that proved difficult. Since the G-generation more and more is controlled in software instead of hardware, and manufacturers seem afraid to give the specs and source code of their drivers, as this could be used to change (illegally) the frequencies and signal power. An other problem is that manufacturers change chipsets way too often without changing the model numbers. They use new cheaper chipsets, but don't change the model number if it had good reviews. M$ Windows users just get an up to date driver CD, and notice nothing, but Linux and other users can be f*cked.
    Based mainly on this excellent survey of Linux and WiFi, Atheros chipset based cards seemed the best choice. The first idea was to get a Linksys WPC55AG as I got good experiences with the Linksys WRT54G access point (which comes with Linux firmware built in), but this card wasn't available in Belgium. Our supplier Microdevice offered me to test the D-Link DWL-G650. Testing proved necessary, as revisions A1, B1/2/3 and C1 were reported to work, but I got revision C2.
  • Transmitting power seems to be good. Measurements with iwconfig against Linksys WRT54G:
    • Nearby, average:
        Bit Rate:54 Mb/s Tx-Power:50 dBm Sensitivity=0/3
        Link Quality=57/94 Signal level=-38 dBm Noise level=-95 dBm
    • 10 meters far, with 2 walls in between, average:
        Bit Rate:54 Mb/s Tx-Power:50 dBm Sensitivity=0/3
        Link Quality=29/94 Signal level=-66 dBm Noise level=-95 dBm
    • 10 meters far, with 2 walls in between, trying to cover with hand and body, worst signal:
        Bit Rate:18 Mb/s Tx-Power:50 dBm Sensitivity=0/3
        Link Quality=27/94 Signal level=-68 dBm Noise level=-95 dBm

Solving troubles with Compact Flash in PCMCIA adapter under Linux

Aim:
    Mount a Compact Flash card through a PCMCIA adapter
System:
    Mandrake 9.2
Symptoms:
    repeated errors in /var/log/messages:
    devfs_do_symlink(disc0): could not append to parent, err: -17
Solution:
    # /etc/init.d/devfsd stop
    # mkdir /mnt/cf
    # mount -t auto -O ro /dev/hdc1 /mnt/cf


Creation frederik AT questier.com 05-Sep-03
Last Update frederik AT questier.com 05-May-09
hits on this site since 24-Oct-95

Free Speech   [NoPGPBan]    Against TCPA