For quite some time I’ve been making use of a dd-wrt modified linksys box on my home network as an openvpn endpoint so that when I’m out and about in the world, I connect the vpn, switch firefox to route through a squid proxy server on the home network and I’ve got a nice fairly secure web browsing setup. But, as they say there’s more than one way to skin a cat. And, that’s what I’ve played around with the last couple days. First off, I guess I should describe the concept. 1) Let’s say that you’re browsing the web at an open wireless access point and you don’t trust the network or 2) let’s say you need to be able to access an intranet web server that is not accessible from the internet side of a network or scenario 3) let’s say a web site is blocking access based on ip address (for instance say you’re behind the great firewall of xyz business/company)…. how can you still manage to access the web pages you want to 3,2) at all or 1) securely with as little snooping as possible.
Category: Networking
-
The Linksys WRT54GL and DD-WRT firmware
I’ve had a couple of small wireless projects lately and have really been having a great time playing around with the Linksys-Cisco WRT54GL Wireless-G Broadband Router and one of the many GREAT 3rd party firmwares dd-wrt. I know, for a couple years I’ve meant to get a hold of one of these little linksys boxes for testing. I had read about OpenWRT and found it an interesting idea. For those that don’t know, the original linksys wrt54g wireless routers were designed based around a customized linux firmware. What made this nice is linksys made the source code available for their firmware which made it a lot easier for others to improve upon linksys’ built in software.
-
AT&T rbl block inquiry site
First, I guess I should give a primer, what’s an RBL? RBL stands for Realtime Black List (or Realtime Block List depending on who you talk to.) The idea is there are machines that either 1) have no business DIRECTLY trying to deliver a mail message to a legitimate mail server or 2) are known to spew out junk mail, or viruses or other bad content. So, many service providers make use of blacklists to decline messages from suspect machines. In some cases these lists are cultivated in house, in other cases people make use of various publicly available lists online.
But…
-
Wiring
I’ve got a home project to run more network cable here lately and found techtoolsupply to be an interesting resource for network and other cabling supplies. I don’t recall who I ordered from last time, it’s been several years (and those big spools of cable last for years unless you do a LOT of cabling.) On other notes…. There are many very good do it yourself wiring resources from electrical like this link to network wiring. Many people think that wireless means that it’s just backwards to install network cabling. (I don’t know how many people told me “why don’t you just use wireless” when I mentioned that when we built I wanted to get cat5 cable installed.) Well – here goes – wired is 1)faster and 2) more secure – yes I’ve heard of WPA for wireless, but my wired lan is between 10 and 100 times faster than my current wireless (yes, I’m running 802.11b still and an upgrade to the wireless wouldn’t get it up to the same speed yet either. then my wired network would be 2-20 times faster. (Of course that’s best case – clear line of sight to the wireless access point.)
-
Custom livecd’s, virtualbox, seamlessrdp and sata dvd burners…
I thought this writeup was interesting on the idea of using a web interface to customize a livecd. I’ve built a couple livecd’s (that I still use) for tech support, but I’m always thinking of one more tool that I’d like to have. After looking through their wizard it seems a bit limited in the granularity of what can be chosen (at least for what I’m thinking of.) But… it might introduce a new interest in the use of livecds.
-
Web translation
I found this link of plugins for wordpress to aid in multilingual site building. I’ve been experimenting with English/Spanish designs of one site I maintain using plain html (index.html.en index.html.es and the server gives the correct page depending on the browser localization. It seems as though there was an .htaccess change that I had to make as well although I don’t recall off the top of my head. (Maybe I can update if I read through it again.)
-
Stopping email hoaxes and chain emails…
How many times have I seen the same chain email about who knows what… it always ends in something along the lines of “I don’t know if this is true, but I figure I don’t have anything to lose, so pass it along and let’s see what happens.” Computers were supposed to improve productivity, sometimes I think they’ve fueled other things though…. breakthechain.org is a good site to refer people to that forward messages to you that may be hoaxes or chains… some of them are real, some are hoaxes, some are absurd but why do we keep emailing them back and forth? Try to get some of your time back by sending folks to breakthechain.org
-
Residential VOIP
Of course, we’ve heard of skype, vonage, and our dsl/cable providers hawking VOIP. I thought I’d make a note of this one though as the name is a bit more obscure… packet8
-
Bellsouth/ AT&T mail problems
I would dare say there are more than a couple people “out there” right now that are puzzled as to WHY some of their mail is bouncing back to them as being rejected. Right now I’m talking about Bellsouth / AT&T mail users…. it appears that this week AT&T is in the process of transitioning it’s outbound mail relays to a new address block. 207.115.11.51 – 207.115.11.56 – the names of these machines are fmailhost01.isp.att.net – fmailhost06.isp.att.net …. Yesterday I noticed 4/5/6 had been moved – today 3 has been moved over and I noticed only because a test message that I RUN through a (formerly) bellsouth system bounced back and made it through…. The problem is the address space that AT&T is making use of used to be in the dial up block of their service and SEVERAL online blacklists have not been notified of the change. It is not possible for an end user to FIX this problem, AT&T technicians need to contact http://www.au.sorbs.net/ (SORBS) Among other locations to help their customers. The only thing techs in control of individual mailservers can do is whitelist the new AT&T addresses. (Well you could disable whitelisting altogether, but that would probably be a big HELLO SPAM).
It may be even murkier a situation – they may using BOTH sets of IP addresses (old and new) for the time being… here are two log entries that would seem to confirm that…
Jul 25 16:47:09 xxxxx postfix/smtpd[7812]: disconnect from fmailhost03.isp.att.net[207.115.11.53]
Jul 25 16:47:09 xxxxx postfix/smtpd[7812]: connect from fmailhost03.isp.att.net[204.127.217.103]Strange… They may have some scheme to help work around this – because the connect from the 204. address immediately followed a DNS block of the connect from the 207 range address.
-
Why? (Why couldn’t AT&T make sure their mail servers weren’t using old dialup IPs that are blacklisted….)
Why do I always wind up being the one to discover problems? …. Today in checking mail I found a mail that had bounced back from one of my clients that uses bellsouth… Now bellsouth has recently been bought by AT&T and it appeared as though the mail had been rejected because the mailserver trying to deliver it was in an email blacklist. *(What – a bellsouth mailserver in a blacklist?) Well, we’ve gone through this before with some of the passive blacklists where people might relay junk through their isp, but… on searching the AT&T outbound mailserver 207.115.11.54 was in the dial up block lists at sorbs and nomorefun…. (as was 207.115.11.55) These seem to be the new fmailhost04.isp.att.net and fmailhost05.isp.att.net outbound mail machines.