Lauri's blog

This is a little howto about sharing internet with dnsmasq and Ubuntu.

Firstly let’s create a script which will clean netfilter’s routing tables, set up packet forwarding rules and allow only required services. Create firewall script in /etc/rc.firewall and append this script call to /etc/rc.local:

#!/bin/bash
 
# Echo commands and abort on errors
set -x
set -e
 
# Define network interfaces:
IFACE_WAN=eth0
IFACE_LAN=eth1
 
# Clean
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT
iptables -F
iptables -t nat -F
 
# Do masquerade
iptables -A FORWARD -i $IFACE_WAN -o $IFACE_LAN -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -i $IFACE_LAN -o $IFACE_WAN -j ACCEPT
iptables -t nat -A POSTROUTING -o $IFACE_WAN -j MASQUERADE
 
# Enable packet forwarding
echo 1 > /proc/sys/net/ipv4/ip_forward
 
# Allow DHCP and DNS requests from LAN
iptables -A INPUT -p udp -i $IFACE_LAN --dport 67 -j ACCEPT
iptables -A INPUT -p udp -i $IFACE_LAN --dport 53 -j ACCEPT


Set executable bit and run it:

sudo chmod +x /etc/rc.firewall
sudo /etc/rc.firewall


Next step is to install dnsmasq:

sudo apt-get install dnsmasq


Create dnsmasq configuration file in /etc/dnsmasq.conf:

no-poll
domain-needed
bogus-priv
strict-order
interface=eth1
bind-interfaces
dhcp-range=192.168.0.10,192.168.0.200,255.255.255.0,48h
dhcp-leasefile=/tmp/dnsmasq-leases.txt
dhcp-authoritative
resolv-file=/etc/resolv.conf.upstream
log-queries


Next configure network interfaces in /etc/network/interfaces:

# The loopback network interface
auto lo
iface lo inet loopback
 
# WAN
auto eth0
iface eth0 inet dhcp
    post-up cp /etc/resolv.conf /etc/resolv.conf.upstream
    post-up echo "nameserver 127.0.0.1" > /etc/resolv.conf
 
# LAN
auto eth1
iface eth1 inet static
    address 192.168.0.1
    netmask 255.255.255.0


Finally restart all the services:

sudo /etc/init.d/networking restart
sudo /etc/init.d/dnsmasq restart


If you have internet coming in on eth0 and other computers connected via eth1, they should receive proper IP address and DNS configuration from dnsmasq and internet sharing should work.

The really hassle-free method for installing Ubuntu is this. Get bootable 15 meg image here:

wget -c http://archive.ubuntu.com/ubuntu/dists/lucid/main/installer-amd64/current/images/netboot/boot.img.gz

Write the image to your memory stick device, remember to replace sdz with the correct one!

zcat boot.img.gz > /dev/sdz


Siit ka minu esimene eestikeelne postitus. Sain mõned päevad tagasi “õnnelikuks” Elioni hüperkiire interneti kliendiks. Teoorias lubavad läbilaskevõimet 100Mbps alla ja 20Mbps üles ning paistab, et praktikas ka nii on. Enne ühenduse hankimist tekkis mul terve tosin küsimust, millele klienditeeninduse tädid ei osanud vastata ja küll mulle lubati 2-3 korda et “päris” tehnik võtab kontakti aga ei tuhkagi.

Hüperkiire interneti infrastruktuur paistab olevat ehitatud Tallinnas välja nii mõneski korterelamus ning korterelamu all ma mõtlen just nõukogudeaegseid 5- ja 9-korruselisi hooneid. Majasse tuleb sisse fiiber, keldris on switch ning iga korruse peale on tõmmatud CAT5 kaablid ja 2 pistikut. Tehniku töö seisneski õige juhtme ühendamises switchi.

Elioni kolmiklahendus selle ühenduse baasil on täiesti IP põhine. Kaabli ühendamisel arvutisse saab sealt kohe DHCPga avaliku IP, millel on mul soovi kohaselt kõik pordid lahti. Elioni DigiTV paketid liiguvad eraldi VLANis ning nad on märgistatud identifikaatornumbriga 4, tegu on siinkohal IEEE 802.1Q standardiga. Linuxis on üpris lihtne luua virtuaalvõrguliides, mis sorteerib välja need märgistatud paketid võimaldades arvutist ka vaadata televisiooni.

ip link add link eth0 name iptv0 type vlan id 4

Peale virtuaalliidese loomist saab sealt ka küsida oma “telekale” IP aadressi. Kontrolli mõttes võib pingida aadressi 10.0.16.12 või domeeninime web.dtv. Kui VLAN on korrektselt seadistatud siis need mõlemad peaksid vastama.

dhclient iptv0

Paraku arvuti puhul DHCP keerab ruutimistabeli sassi ja tekitab segadust ka DNS kirjete lahendamisel. Kõige lihtsam lahendus oli kasutada DHCPga antud IPd staatiliselt. Nii või naa jääb veel puudu ruutimiskirje digitelevisiooni multicasti edastamiseks

route add -net 224.0.0.0 netmask 240.0.0.0 dev iptv0

Nii palju kui ma Elioni pakutava Digiboksi kohta kaevanud ja kuulnud olen, siis tegu on embedded Linuxil põhineva seadmega. Vanemates variantides olevat olnud 32MB ROMi, uuemates 64MB ning protsessoriks PowerPC. Krüpteeritud kanaleid mängib Widevine multiplatvormne DRM rakendus. Krüpteerimata on vaid ETV, Kanal 2 ning TV3. Tähele võiks panna seda et Digiboksi MACi aadressi spoofimine POLE vajalik, seda ka mitte vanema ADSL põhise ühenduse puhul! Küll aga võtab omajagu aega multicasti gruppi ühinemise päring, st peale võrguseadete rakendamist võib oodata rahulikult 20-60 sekundit enne kui VLC nõustub üleüldse midagi mängima.

Pika uurimustöö lõpptulemuseks sai minu sülearvuti /etc/network/interfaces fail, mis võimaldab otse Elioni DigiTV-d vaadata:

auto lo
iface lo inet loopback
 
# Primaarne võrguliides
auto eth0
iface eth0 inet dhcp
 
# DHCP toimiks ka aga DHCP kirjutab üle default route ja DNS kirjed
auto iptv0
iface iptv0 inet static
    # Sama mis DHCPga saades
    address 10.253.145.203
    netmask 255.255.192.0
    # Lisame Q VLAN virtuaalliidese iptv0, ühendatuna eth0 külge
    pre-up ip link add link eth0 name iptv0 type vlan id 4
    # Lisame multicasti route
    post-up route add -net 224.0.0.0 netmask 240.0.0.0 dev iptv0
    # Seame lüüsi 10.0.0.0/8 võrgu jaoks, kuna me ei taha vaikimisi lüüsi üle kirjutada
    post-up route add -net 10.0.0.0 netmask 255.0.0.0 gw 10.253.128.1 dev iptv0
    # Lisame multicast grupi liikmelisuse vastamiseks route-i
    post-up route add -net 84.50.255.0 netmask 255.255.255.0 dev iptv0
    # Kustutame virtuaalliidese
    post-down ip link del link eth0 dev iptv0


Peale selle tuli tuuma seadeid natuke muuta failis /etc/sysctl.conf

net.ipv4.conf.iptv0.rp_filter=0
net.ipv4.conf.iptv0.force_igmp_version=2


Ning nende uuesti laadimiseks:

sysctl -p


Üks trikk veel mis muidu kahe silma vahele võib jääda – VLC tahab saada miskipärast @ märki aadressis, st ETV vaatamiseks tuleb täpselt, märk-märgilt kasutada sellist käsku:
vlc udp://@239.3.1.1:1234

Järgmisel korral VoIP ning DD-WRT seadistamisest!

Developing homepages has progressed a lot during past years. There are many good-quality building blocks available, so I am going to list some of the most usable ones here. Perhaps this will save time while creating your next awesome homepage!

jQuery

jQuery is the core of client-side processing at the moment. It has element selection mechanism that actually makes sense. It’s possible show/hide, fade in/out and animate CSS attributes. With jQuery you can do most of the stuff some others might consider doing with Flash. For the compatibility and open-sourceness I prefer jQuery.

Videos, images and other dynamic data

If you need to show and manage videos and photos on a webpage, it doesn’t make sense to build management part yourself. You can have major providers to do the job for you – upload videos to Youtube, photos to Picasa, announcements to WordPress. Use RSS or Atom feeds they provide to aggregate the entries and display them as you wish on your webpage.

jQuery scale

Scaling images is pain-in-the-ass with CSS, so this is a plugin which does almost what I tell it to do with images.

Editease

Editease is jQuery plugin which allows you to transform regular div or p elements to editable ones. When entering into “admin” mode, the same elements are presented with WYSIWYG editor and edit/save buttons. The content is stored in text files using PHP on server side.

Fancybox

Fancybox is a jQuery plugin which allows creating popup boxes from div elements embedded in hidden container. Useful to present AJAX forms or “normal” view versions of thumbnails in a photo gallery

YapGB

In some cases you might need to include old-school guestbook in a homepage. There aren’t any good external guestbook providers, so reading RSS feed is out of the question. YapGB is written in PHP and it stores data in a text file on server side. It’s highly customizable via configuration file, it allows time-limit for posting and it’s easy enough to embed in your site using iframe

Syntactically Awesome Stylesheets

Sass is basically yet-another way to mark-up stylesheets in YAML format. Cool thing is that it allows nesting elements and it allows using variables inside the stylesheet. The source YAML is converted into regular CSS with command-line program “sass”

Wikiss

In some cases you might need to set up a wiki really-really quickly. Wikiss is exactly what you need then. The wiki is not publicly editable, content can only be changed if the user has identified himself with a password defined in the config file. Wiki entries are saved into files using PHP on server side.

For long time I had my laptop running rather hot. The problem was that BIOS was handling the cooling and not so well. First I tried loading i8kfan module but it crashed the whole machine. Finally I found dellfand utility which allows the user to control fan speed. Altough my DELL Studio 1535 wasn’t listed in the supported models list it still worked.

First I downloaded dependencies on my Ubuntu install:
sudo apt-get install build-essential

Then compiled the program since it wasn’t available in the APT repositories:

wget -c http://dellfand.dinglisch.net/dellfand-0.9.tar.bz2
tar xvf dellfand-0.9.tar.bz2
cd dellfand-0.9
make
sudo cp dellfand /usr/local/bin


Finally started it up with following parameters:

sudo dellfand 1 10 25 30 35


The cooling has three modes – turned off, low speed, max speed. In this case the fan is turned off 25-30C, in low mode 30-35C and at max speed when the temperature raises over 35C. More information here.

Friday afternoon me and Estobuntu guys started driving from Tallinn towards Tampere. Unfortunately we didn’t have amphibious vehicle at our disposal so we had to take a boat to cross Gulf of Finland. We arrived here around 9pm – luckily there was some free beer left!

Now the first day of Akademy 2010 conference is slowly coming to an end. There has been dozens interesting and useful lectures. Several Free Software projects are represented – KDE, Maemo, MeeGo, Qt and so on. Salmon for lunch was great, altough it could have been free!

Flickr photo stream has great pictures of the event. In the evening there is going to be a party – hopefully with free beer!

UPDATE:

On monday I took a test and I passed it – I am now Nokia Certified Qt Developer. All the conference attendees could have it for free.