ufw to manage the firewall

Posted by on March 4, 2012 No comments

New server installed? You don’t want to play with iptables, yet you want your firewall active?

ufw is the standard tool on ubuntu and it does the job.

In case you’re logged in from a remote host, take the following precaution.

root@robbyx:/etc# ufw allow 22
Rules updated
Rules updated (v6)
root@robbyx:/etc# ufw status
Status: inactive
root@robbyx:/etc# ufw allow 80
Rules updated
Rules updated (v6)
root@robbyx:/etc# ufw allow 443
Rules updated
Rules updated (v6)
root@robbyx:/etc#
root@robbyx:/etc# ufw enable
Command may disrupt existing ssh connections. Proceed with operation (y|n)? y
Firewall is active and enabled on system startup
root@robbyx:/etc#
root@robbyx:/etc# ufw status
Status: active

To                         Action      From
--                         ------      ----
22                         ALLOW       Anywhere
80                         ALLOW       Anywhere
443                        ALLOW       Anywhere
22                         ALLOW       Anywhere (v6)
80                         ALLOW       Anywhere (v6)
443                        ALLOW       Anywhere (v6)

root@robbyx:/etc#
root@robbyx:/etc# ufw logging on
Logging enabled
root@robbyx:/etc#

Now remove all the ufw logging from /var/log/syslog by editing /etc/rsyslog.d/20-ufw.conf and remove the comment before “& ~”

# Log kernel generated UFW log messages to file
:msg,contains,"[UFW " /var/log/ufw.log

# Uncomment the following to stop logging anything that matches the last rule.
# Doing this will stop logging kernel generated UFW log messages to the file
# normally containing kern.* messages (eg, /var/log/kern.log)
& ~

Your ufw logs are here: /var/log/ufw.log

Avoid locale errors on Ubuntu 11.10

Posted by on March 4, 2012 No comments

After installing Ubuntu 11.10, I discovered these annoying things during installations. A quick search on the forum gave me a working solution.

Errors:

/usr/bin/locale: Cannot set LC_CTYPE to default locale: No such file or directory
/usr/bin/locale: Cannot set LC_ALL to default locale: No such file or directory

Edit /etc/environment and add the following (change according to the language you’r using):

LC_ALL="en_US.utf8"

Site unavailability

Posted by on March 4, 2012 No comments

Oops, site is gone?

Nope, just changed the OS ;)

All should be back to normal is a few days.

Steve Jobs, 1955 – 2011

Posted by on October 6, 2011 No comments

Steve Jobs

TweetDeck won’t log you in

Posted by on June 29, 2011 No comments

For whatever reason, TweetDeck which I did not use for a little while refused to log me in today and a pop up window directed me to this page on Adobe’s site.

It was not my Gnome keyring that was corrupted.
I just had to reset the Air data:

rm -rf ~/.appdata/Adobe/AIR/ELS

Restarting TweetDeck, I had to input my credentials and it’s working again.

Dropbox notification area icon not showing up

Posted by on May 8, 2011 2 comments

The Dopbox icon disappeared from the notification area after the upgrade.

I decided to reinstall Dropbox. I headed to the Dropbox site and downloaded the amd64 version (take the 32 bits version if you are running 32 bits ubuntu). I chose Ubuntu Software Center in the download dialog box, installed it, …, re-logged … and … still not ok.

So, I googled it and found a post on the dropbox forum suggesting to stop and start dropbox from the command line.
That did not work for me.

Well, let’s have a quick look at the man page of the dropbox command line that I never used before this issue.

dropbox start [-i]

Starts the dropbox daemon, dropboxd. If dropboxd is already running, this will do nothing.

options:

-i –install auto install dropboxd if not available on the system

This is what worked for me:

robby@asus:~$ cd
robby@asus:~$ dropbox stop
Dropbox daemon stopped.
robby@asus:~$ rm -r .dropbox-dist/
robby@asus:~$ dropbox start -i
Starting Dropbox...Done!
robby@asus:~$

Give it a shot if you run in the same issue.

Upgrade from Ubuntu 10.10 (Maverick) to 11.04 (Natty Narwhal)

Posted by on May 4, 2011 No comments

It’s that time again, when you can’t refrain yourself from messing with your perfectly well running system, oh well ;-)

So I hit “upgrade” and it said “nah, can’t do, bye!”

Quick check in /var/log/dist-upgrade/ revealed xorg issues. I narrowed it down to the glasen driver.

I reverted back to the standard driver for the upgrade to work:

apt-get remove xserver-xorg-video-intel
mv /etc/apt/sources.list.d/glasen-intel-driver-maverick.list* /root/
apt-get update
apt-get install xserver-xorg-video-intel xserver-xorg-video-all

Hit “upgrade” again, … and … working.

Now the game of finding what’s broken has begun …

PS: there’s a Natty Narwhal ppa for the glasen intel driver

Installing Firefox 4 in Ubuntu

Posted by on March 23, 2011 No comments

Firefox 4 is out!

To install the stable version from ppa:

# add-apt-repository ppa:mozillateam/firefox-stable
# apt-get update
# apt-get upgrade

How to enable SSH port forwarding in Fedora with SELinux

Posted by on March 11, 2011 1 comment

If this is something that’s been bugging you and you just disabled SELinux altogether to get it working, well there’s another way 

# setsebool sshd_forward_ports=on

Source

3G+ connection with Huawei K3565 dongle

Posted by on March 8, 2011 No comments

I recently bought a 3G+ USB dongle to be really mobile (although I use it mainly at work ;-)

This is how I set it up on Ubuntu. But the packages are available for all main distributions.

The packages I needed to install are the folowing:

# ls -1
libuniconf4.6_4.6.1-1ubuntu1_amd64.deb
libwvstreams4.6-base_4.6.1-1ubuntu1_amd64.deb
libwvstreams4.6-extras_4.6.1-1ubuntu1_amd64.deb
ozerocdoff_0.4-2_amd64.deb
python-pyasn1_0.0.11a-1_all.deb
python-twisted_10.1.0-2_all.deb
python-twisted-conch_10.1.0-1_all (1).deb
python-twisted-conch_10.1.0-1_all.deb
python-twisted-lore_10.1.0-1_all.deb
python-twisted-mail_10.1.0-1_all.deb
python-twisted-news_10.1.0-1_all.deb
python-twisted-runner_10.1.0-1_amd64.deb
python-twisted-words_10.1.0-1_all.deb
python-tz_2010b-1_all.deb
usb-modeswitch_1.1.4-1_amd64.deb
usb-modeswitch-data_20100826-1_all.deb
vodafone-mobile-connect_2.25.01-1_all.deb
wvdial_1.60.4_amd64.deb

Once installed, plug in the dongle and launch vodafone-mobile-connect, choose your device (which should be recognized) No changes to be done to your initial profile. Connect:

Good to go :-)

I came across an error I could not understand. After a few days of usage, one day it did not load properly. Using debug mode, it listed python errors.
I searched a bit, I re-installed packages, but in the end, the solution was easy: remove the .vmc2 directory holding the corrupt config.

$ rm -rf .vmc2

After that, I had obviously to go through initial setup again, but everything worked again as intended.

The next step was to share the connection with my fellow office mates. I partially followed the Ubuntu guide.

As we wanted to share the 3G+ connection over wireless, I created an ad-hoc connection.

  1. #!/usr/bin/env bash
  2.  
  3. iwconfig wlan0 mode ad-hoc
  4. iwconfig wlan0 essid "beam"
  5. iwconfig wlan0 channel auto
  6. iwconfig wlan0 key <your wep password here>
  7. ifconfig wlan0 192.168.1.10 up

After that, the missing bit was NAT and routing:

Enable forwarding in /etc/sysctl.conf:

# Uncomment the next line to enable packet forwarding for IPv4
net.ipv4.ip_forward=1
sahre3G   
#!/usr/bin/env bash
iptables -A FORWARD -o ppp0 -i wlan0 -s 192.168.1.0/24 -m conntrack --ctstate NEW -j ACCEPT
iptables -A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
iptables -A POSTROUTING -t nat -j MASQUERADE
 
echo 1 > /proc/sys/net/ipv4/ip_forward

Clients then connect by creating an ad-hoc connection the same way, set a default gw route to my host and edit /etc/resolv.conf with the proper DNS entries.

This can of course be refined using dnsmasq or with a bind/dhcp configuration, but I don’t need that on my laptop for the occasional usage ;-)