Eubolist's Blog

about IT, Linux, the web and much more

Archive for the ‘Networking’ Category

A simple way to enable .py Python CGI scripts on Lighttpd (“Lighty”) webserver on Ubuntu

leave a comment »

After multiple, failed, attempts with mod_fastcgi I found a simple three step solution to enable python scripts on my webserver:

  1. sudo ln -s /etc/lighttpd/conf-available/10-cgi.conf /etc/lighttpd/conf-enabled/
  2. Add the following section to your /etc/lighttpd/lighttpd.conf file:
    ### Python Config ###
    cgi.assign = (

    “.py” => “/usr/bin/python”
    )
  3. Restart lighty: sudo /etc/init.d/lighttpd restart


That should do the trick. As it says in the title, this is a simple and painless way to enable Python CGI scripts on lighty.

Written by eubolist

2010/06/13 at 15:06

Spirit – the jailbreak for the iPad

leave a comment »

Today the Dev-Team has released their latest stroke of genius: Spirit is the name of the latest untethered jailbreak for iPad, iPhone and iPod Touch. Before you jailbreak your device you should take two steps:

  1. Save the SHSH blob of your device. To do so you either have to download the necessary tool for Windows or Mac or edit your hosts file (/etc/hosts) to point “gs.apple.com” to “74.208.10.249” (Saurik’s server)
  2. Perform a full backup with iTunes! Especially if you’re trying to jailbreak your iPad – the whole procedure as well as Cydia on iPad is still considered beta.

Then go to http://spiritjb.com/ and download the jailbreak application for Mac or Windows. The jailbreak itself is as easy as one single click.

Written by eubolist

2010/05/03 at 15:46

Howto: PPTP VPN Server with Ubuntu 10.04 ‘Lucid Lynx’

with 19 comments

This tutorial describes how you set up a computer as a dedicated VPN server for your network. With a VPN server you can open secure data tunnels and access files and deivces in your local network (eg. home or office) from remote locations, which is not only a pretty cool thing (accessing your media library from anywhere) but also very handy for system maintenance or customer support or if you want to work from home.

VPN scheme

A simple scheme how VPN works: Through your VPN server you will have full, secure access to your LAN (source: caconsultant.com)


Note that Lucid Lynx is still in Alpha 2 stage at the time of writing this article, this means you should only use it for testing purposes. Although the server I’ve set up writing this tutorial has been running without any kind of problems for two weeks now I recommend if you want to set up a Ubuntu server in a working environment you to go back to 9.10 ‘Karmic Koala’ or even an earlier stable version. Okay, this being said
let’s get started:

1. Download the Lucid Lynx Alpha 2 server CD image from this page: http://releases.ubuntu.com/releases/10.04/

2. Follow the installation wizard and install the core system

3. Under software selection select OpenSSH server – for remote management of the machine – and manual package selection for the actual pptpd package. If you want more services, for example if you want to use the computer also as a webserver, you may of course select the additional software. For security reasons I generally advise people to only run one from the outside accessible service per machine if set up in a critical environment, but really that’s up to you.

Lucid server install, software selection

Software selection

4. In manual selection navigate to ‘not installed packages’ -> ‘net’ where you will find pptpd. Select it and press ‘g’ twice in order to install the package.

Lucid server install package selection

Package selction --> PPTPd

5. Let the installation finish and reboot your system.

6. SSH into your newly set up machine and run ‘sudo aptitude update && sudo aptitude safe-upgrade’ first to update all packages. Reboot if necessary.

7. Open the pptpd.conf file: ‘sudo nano /etc/pptpd.conf‘ Adjust the IP settings at the bottom to your needs. Under local IP you enter the IP in the local network of your VPN server (if you don’t know it type ‘sudo ifconfig’ and it will show you your network interfaces and the assigned IPs). For that matter I recommend to set up a static IP in /etc/network/interfaces or in your router configuration.

8. If you want to, you can change the hostname in /etc/ppp/pptpd-options

9. Specify the user names and passwords you want to give access to your vpn: ‘sudo nano /etc/ppp/chap-secrets‘. If you changed the hostname in the step before make sure you type in the same hostname now under ‘server’

Example:

# client server secret IP addresses
eubolist pptpd my├╝bersecretpassword *

As in pptp there is no keyfile security depends solely on the password. Which is why you should choose a long (eg. 32 characters), random password. You can generate such a password here.

10. Now we need to set up ip-masquerading: ‘sudo nano /etc/rc.local

Add the following lines above the line that says ‘exit 0

# PPTP IP forwarding

iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

Optionally I recommend securing your SSH server against brute force attacks:

# SSH Brute Force Protection

iptables -A INPUT -i eth0 -p tcp –dport 22 -m state –state NEW -m recent –set –name SSH
iptables -A INPUT -i eth0 -p tcp –dport 22 -m state –state NEW -m recent –update –seconds 60 –hitcount 8 –rttl –name SSH -j DROP

(also to be inserted above ‘exit 0’)

You may have to change ‘eth 0’ to another interface, depending on which interface is configured to connect to the internet on your machine.

11. Lastly, uncomment this line in /etc/sysctl.conf:

net.ipv4.ip_forward=1

12. Reboot

13. In case your vpn-server doesn’t directly connect to the internet you may need to forward port 1723 TCP and GRE to the LAN IP of your vpn-server. Refer to your router’s manual or to portforward.com for vendor specific instructions.

Done. Enjoy!

UPDATE(2010-07-18): If connecting to the vpn-server goes well but you can’t connect to the internet you might want to try uncommenting the ms-dns entries in /etc/ppp/pptpd-options so it looks like this:

ms-dns 208.67.222.222
ms-dns 208.67.220.220

Written by eubolist

2010/01/28 at 15:56

How to set up WRT54G as a WiFi bridge to Fritz!Box 3270

with 6 comments

Fritz!Box WLAN 3270

Recently we got a Fritz!Box as a new DSL modem, our old ZyXel P-660HW suffered frequent crashes (it froze or interrupted the internet connection) especially when there were a lot of devices associated with the wireless network and/or a lot of banwidth used by someone. The Fritz!Box WLAN 3270 is a great piece of hardware and has never crashed so far by the way. Because it supports the IEEE_802.11n standard it offers quite a satisfying range and speed.

Linksys WRT54G

But due to two desktop PCs which aren’t wifi capable I needed to set up our Linksys WRT54G router as a wireless network bridge.

The first part was to download dd-wrt, an alternate firmware, and flash the device with it. You can do this under the tab “Administration” –> “Firmware Upgrade”. Note that this procedure can potentially brick your router (=you can’t access nor use it anymore), for a full description see this howto the dd-wrt wiki.

The second part is a bit more complicated, but essentially you can just follow the tutorial from the dd-wrt wiki, with a few changes. Here is what I did:

  1. Connect a cable from your computer to the LAN port on your router.
  2. Set your computer to a static IP address of 192.168.1.9
  3. Set your browser to 192.168.1.1 and open the dd-wrt webgui.
  4. You should be asked to change your password and username. Carefully type these in. Hit change password.
  5. Go FIRST to wireless, wireless security and enter the security type and key that matches your primary router.
  6. !!!Bridging with WPA2 security does NOT work. Believe me, I spent hours figuring out the problem and looking why there was no link. Your Fritz!Box (primary router) has to be set to WPA or WPA + WPA2 and your WRT54G accordingly to WPA!!

  7. Hit SAVE
  8. Go to the wireless, basic settings page and change the wireless mode to Client Bridge.
  9. Your wireless network mode should be set to the same as the primary router.
  10. Set the wireless channel to match your primary router channel
  11. Set mode to mixed.
  12. Set the wireless network name to exactly the same as your primary router. Make sure spelling and capitalization match.
  13. Set Ack timing to 0 unless you have a long distance (>300 meter) link
  14. Hit SAVE at the bottom. Then hit APPLY.
  15. Check to make sure all the configurations, including the mode, saved and the mode is still client bridge. If any changed, fix them, and save again.
  16. Goto Setup, basic setup and enter a router Local IP address of 192.168.178.10. You can also enter another IP, just make sure it’s in the same subnet (192.168.178.X) and outside the DHCP range of your primary router (Fritz!Box: 192.168.178.20-200) Leave subnet mask at 255.255.255.0.
  17. Set the Gateway IP (the one in network setup) to 192.168.178.1
  18. Leave Local DNS (the one in network setup) blank
  19. Change your timezone and DST to match where you are.
  20. Optionally enter a NTP server (eg. 17.151.16.20)
  21. Hit Save.
  22. Goto Security, Firewall. Uncheck all boxes and disable SPI Firewall
  23. Hit Save.
  24. Goto Services. Uncheck Dnsmasq
  25. Hit Save.
  26. Goto Setup, Advanced Routing, set Operating mode to “Router”
  27. Hit Save
  28. Set Dynamic Routing interface to “Lan & Wlan”
  29. Hit Save
  30. Goto Administration and hit “Apply Settings” at the bottom.
  31. Set your computer back to DHCP (auto IP and auto DNS).

And that’s it. You should have a working wireless bridge now with the wired computers in the same subnet as the wifi devices. Worked for me so far.

Although I haven’t tried it yet, it should work just as well in “Repeater Bridge” mode.

Written by eubolist

2010/01/16 at 23:39