Loopback Filter with Truman Boyes

My eeePC 1000HA mini-laptop has been sitting idle for the longest because I bought it with the intention of doing small linux projects on it, and yet it really has proved to be less than ideal to travel with 2 laptops, all the time taking them out at the x-ray machines, packing them back up as TSA employees shout things like, “take out your laptops, take off your belt, your shoes, take your money out of your wallet and give it to us, etc, etc”. I tried the method below, but it didn’t seem to work. I then tried UNetbootin from windows on a cheap 1GB flash drive.

[tboyes @ sa-nc-apg-36.static.jnpr.net : ~/Downloads]>ls -alh eb4-b1.iso                                          [21:46:07 on 10-07-12 : s001]
-rw-r–r–  1 tboyes  tboyes   789M 27 May 03:08 eb4-b1.iso

[tboyes @ sa-nc-apg-36.static.jnpr.net : ~/Downloads]>diskutil list                                               [21:46:10 on 10-07-12 : s001]
/dev/disk0
#:                       TYPE NAME                    SIZE       IDENTIFIER
0:      GUID_partition_scheme                        *200.0 GB   disk0
1:                        EFI                         209.7 MB   disk0s1
2:                  Apple_HFS Macintosh HD            199.7 GB   disk0s2
/dev/disk1
#:                       TYPE NAME                    SIZE       IDENTIFIER
0:        CD_partition_scheme                        *158.1 MB   disk1
1:     Apple_partition_scheme                         137.6 MB   disk1s0
2:        Apple_partition_map                         1.0 KB     disk1s0s1
3:                  Apple_HFS 3MobileBroadband        23.8 MB    disk1s0s2
/dev/disk2
#:                       TYPE NAME                    SIZE       IDENTIFIER
0:                                                   *1.0 GB     disk2

[tboyes @ sa-nc-apg-36.static.jnpr.net : ~/Downloads]>sudo bash                                                   [21:46:25 on 10-07-12 : s001]
Password:
[%{%}%n%{%} @ %M : %~]>umount /dev/disk2
umount: /dev/disk2: not currently mounted
[%{%}%n%{%} @ %M : %~]>dd if=eb4-b1.iso of=/dev/disk2

<wait>…

1615644+0 records in
1615644+0 records out
827209728 bytes transferred in 307.475770 secs (2690325 bytes/sec)

I then grabbed a 2GB Sandisk Cruiser usb flash drive and began to install the ISO file via UNetbootin. EB4 (Aurora) booted up fine after I defined the USB as the primary boot device inside the BIOS. Ran GParted to partition the hard drive appropriately with an Extended Partition on what was previously the D: drive (~60GB), and then built the logical ext4 fs partition and a 5GB swap logical partition. So far so good. I know there are better ways to make a linux system perform better – ie. swap on the outer cylinders – and having multiple mount points such as /, /usr, /var, /home, etc, etc. But frankly, I just don’t care. It’s a netboot. I don’t care about making it perfect. It’s a tool that I want to use for various things.

Ok, the installation looked like it was working fine, but it failed while installed grub. After closer inspection I think I know why: the software is installed into /dev/sdX, however the grub loader was attempting to write to /dev/hda0. I changed this in the advanced settings and restarted the install. Hopefully this works and I can dual boot this little laptop.

Update: The install worked great and I have a dual-booting working. Wifi works great even to an AD-HOC network that I created from the MBP. Overall I am pleased with the setup and would highly recommend eeebuntu for netbooks and mini-laptops.

I went ahead and decided to update one of the dns servers for suspicious.org. It was running 4.5 stable and I decided to go out on the limb and go 4.7-current so that I can get the latest ports with asterisk 1.6 and all the add-ons. The update wasn’t the easiest but I expected that since I was not doing the update in the “approved way”. Typically updating should be by snapshot to get pretty close to current and then a cvs up and make build would be do-able after a new kernel build. I basically just cvs’d up the src tree, build the kernel, rebooted, and then tried to make obj && make build on the whole tree. There were a few major changes to a few programs and these needed to be build before the whole make build would work. I sorted those out and now the system is updated to the bleeding edge. Once asterisk is installed and running I am going to freeze the system and take a vmware snapshot before any more updates.

dig +short porttest.dns-oarc.net TXT @localhost [10:39:33 on 08-07-11 : pts/17]
z.y.x.w.v.u.t.s.r.q.p.o.n.m.l.k.j.i.h.g.f.e.d.c.b.a.pt.dns-oarc.net.
"216.254.67.211 is GOOD: 26 queries in 2.7 seconds from 26 ports with std dev 20692.47"

Phil upgraded suspicious.org’s BIND with the latest version after the recent security vulnerability covered by CERT and Dan Kaminsky’s research.

Finally got around to enabling IPv6 on postfix for suspicious.org. For the longest time the IPv6 tunnel was up to Hurricane Electric, and yet aside from ping6, traceroute6, and the webserver, we weren’t really using production IPv6 services. I think the real killer app on Internet is still email even if it is pale in comparison to the bandwidth of p2p traffic flows; without email being seamlessly carried over IPv6 networks, we don’t have a chance in hell of converting the masses to the new protocol. My main goal is to provide all the same services on ipv6 as we do on ipv4 and then when I have some time I will setup some v6-only services that create an incentive for the switch.

Postfix is now fully IPv6 enabled. Our main box, inanna is running Linux and we have SIT interfaces for the IP-IP tunnels back to the tunnelbrokers. If speakeasy starts providing native IPv6 services I would easily switch over to a dual stack setup with them, in the meantime the tunnelbroker service is in NYC and the round trip time is less than 15ms from our box. Not too bad.

Setting up Postfix for IPV6 services is as simple as this statement in main.cf:

inet_protocols = ipv4,ipv6

The hard part after setting this up and restarting Postfix is finding an IPv6 SMTP server on the Internet. I would love to see some stats about reachable IPv6 SMTP servers because most of the sites I checked that even talked about IPv6 did not turn up IPv6 SMTP. That being said, after some digging, I found that the Pittsburgh Supercomputer Center (psc.edu) has IPv6 enabled MTAs and I tested some random addresses at their server, and hoped for a bounce message with some information that indicated the message was sent via IPv6:

<test@psc.edu>: host mailer1.psc.edu[2001:5e8:1:3a::64] said: 550 5.1.1
<test@psc.edu>… User unknown (in reply to RCPT TO command)
Reporting-MTA: dns; dns.suspicious.org
X-Postfix-Queue-ID: 68F217CE4
X-Postfix-Sender: rfc822; truman@suspicious[nospam].org
Arrival-Date: Sat, 24 May 2008 04:16:10 -0400 (EDT)

Final-Recipient: rfc822; test@psc.edu
Action: failed
Status: 5.0.0
Diagnostic-Code: X-Postfix; host mailer1.psc.edu[2001:5e8:1:3a::64] said: 550
5.1.1 <test@psc.edu>… User unknown (in reply to RCPT TO command)

Then I wanted to very the outbound message from our MTA to their MTA was sent via IPv6, doing this I just checked the logs:

[root @ inanna : /etc/postfix]>grep smtp /var/log/maillog | grep “\[2001"
May 25 00:24:57 inanna postfix/smtp[8108]: 6781615C6B: to=<test@psc.edu>, relay=mailer1.psc.edu[2001:5e8:1:3a::64], delay=2, status=bounced (host mailer1.psc.edu[2001:5e8:1:3a::64] said: 550 5.1.1 <test@psc.edu>… User unknown (in reply to RCPT TO command))

I haven’t yet testing inbound IPv6 to our MTA, but I presume it is working because I have setup A and AAAA records for the MX record for our domains. Subscribing to a mailing list that uses IPv6 MTAs should be a good test.

In my honest opinion, the best ftp or scp client available is lftp. It is available as packages for most unix’s and of course since it is GNU licensed it is also available as source. It is a highly feature rich client that has job control, which means it supports queueing of files and entire directories that you want to move between computers. I use this all the time to mirror entire directories recursively over SCP

Other Features

The program also supports multiple transfers at the same time, which in some cases is faster than running them in serial. It supports automatic reconnect in the event of loss of the FTP or SCP channel, and it will support a resume feature on the files that were being transfered.

One of the best features within LFTP that I like is the ability to limit the speed of the transfers to a specific bytes per second rate in both upload and download rates. This is very handy when you want to move 10GB of files over SCP but you want to keep this as a background activity which may take a few days to complete when slower DSL connections are involved. Not a problem, you can simply set the following within LFTP:

set net:limit-rate 40000:40000

This would set the download and upload speed to 40Kbps. Perfect for a slow directory mirror between a few slow speed Internet-connected sites.