Monthly Archives:: October 2009

APF Firewall — Removing Deny

Posted by & filed under APF, Firewalls, Server Admin.

Sometimes for some reason the APF is tripped, thinking the server is being hammered, when its actually not. The following command removes it from the list immediately:

/etc/apf/apf -u 10.10.10.10

Detect iPhone Clients

Posted by & filed under iPhone, PHP.

In PHP:

  1. <?php if (strpos($_SERVER[‘HTTP_USER_AGENT’], ‘iPhone’) !== FALSE)
  2. { header(‘Location: http://labs.bluemetalcorp.com/iphone/’); }
  3. ?>

.htaccess:

  1. RewriteEngine on
  2. RewriteCond ${HTTP_USER_AGENT} iPhone
  3. RewriteRule .* http://labs.bluemetalcorp.com/iphone/

					
						
 
						
						

							
						
 
					
					
 
					
										
					 
					
										
					 
					
										
					 
					
										
					 
					
										
					 
					
										
					 
					
										
					

						
						

							
							
DD Goodness

							
							
Posted  by  & filed under Linux.

						
						
 
					
						

						
													
														
Well after doing a simple dd backup of my WMBFS formatted usb drive, wiping it out and using it as a Ubuntu Netbook boot disk, I now wanted to recover my WMBFS image. It worked perfectly.


sudo dd if=/path/to/img.dd of=/dev/sdb



It took a while, but it’s all back!

					
						
 
						
						

							
						
 
					
					
 
					
										
					 
					
										
					

						
						

							
							
XBee Project — AirData

							
							
Posted  by  & filed under Electronic.

						
						
 
					
						

						
													
														
The idea behind this project is to facilitate wireless datalogging with the capability of decent datalog rates at least 1/2 mile range.


I bought two XBee Wireless radios and two breakout  boards as well as the components to make it all work.  I built the boards the other night and tonight I have just finished getting them wired up, communicating, and have been able to program them as well. I had to do some hackery with the +5v power on the computer side as the moates hulog I commissioned into use in place of the ftdi cable, but it’s working well so far.  I set the baud rates to 115200, but was unable to get eCt to connect. It’s really late so I just need to braindump here real quick so I can crash.


Datasheet: www.digi.com/pdf/ds_xbeemultipointmodule…


Correct FTDI USB Cable: microcontrollershop.com/product_info.php…


Mouser XBee Radios: www.mouser.com/Search/ProductDetail.aspx…


Simple 5V Power Supply: www.tkk.fi/Misc/Electronics/circuits/psu…


Configuring XBee: www.ladyada.net/make/xbee/configure.html


eCtune Wiki Datalogging Pinout: wiki.ectune.com/index.php/Datalogging

					
						
 
						
						

							
						
 
					
					
 
					
										
					

						
						

							
							
Citrix XenApp (more)

							
							
Posted  by  & filed under Uncategorized.

						
						
 
					
						

						
													
														
After some further research, I need to import the Thawte CA…


CA From Here:thawte.com/roots


Import the cert:help.ubuntu.com/community/OpenSSL#SSL%20…


Importing a Certificate into the System-Wide Certificate Authority Database


You can import a CA Certificate into the system-wide database of trusted certificate authorities. Applications that use this database will automatically trust any certificates stored here.


1. Copy your certificate to the system certificate directory. At a terminal prompt, type:


$ sudo cp mycert.pem /usr/share/ca-certificates/mycert.crt


2. Edit the ca-certificates configuration file /etc/ca-certificates.conf. Add the name of the file you copied to /use/share/ca-certificates to the top of the list just after the final “#”. For example:


# This file lists certificates that you wish to use or to ignore to be

# installed in /etc/ssl/certs.

# update-ca-certificates(8) will update /etc/ssl/certs by reading this file.

#

# This is autogenerated by dpkg-reconfigure ca-certificates.

# certificates shoule be installed under /usr/share/ca-certificates

# and files with extension ‘.crt’ is recognized as available certs.

#

# line begins with # is comment.

# line begins with ! is certificate filename to be deselected.

#

mycert.crt

brasil.gov.br/brasil.gov.br.crt

cacert.org/cacert.org.crt

mozilla/ABAecom_=sub.__Am._Bankers_Assn.=_Root_CA.crt

[… many additional certificates omitted …]


3. Update the CA certificates database by typing:


$ sudo update-ca-certificates


4. You have successfully imported your certificate into the system CA certificates database.

					
						
 
						
						

							
						
 
					
					
 
					
										
					 
					
										
					

						
						

							
							
Setup my iPhone’s VPN client tonight…

							
							
Posted  by  & filed under Linux, Security, Server Admin, VPN.

						
						
 
					
						

						
													
														
Well I finally got the VPN tunnel up for my iPhone.


First I tried IPSec, but it would not connect, and judging from the Firewall’s log output, I’m guessing the IPSec client only works with Cisco units.


Next, I tried L2TP, which I thought would work like a snap since the Sonicwall I’m using has a L2TP server built in. Unlucky for me, it turns out that Sonicwall’s built in L2TP server sucks and is only there for Windows clients.


Ffinally, I turned to PPTP. This was pretty easy to get working since my WLAN router has a PPTP server built in and just needed some quick configuration to get working. After that, I forwarded port 1723 (TCP-PPTP) to the LAN ip of the WLAN Router/PPTP Server.Now, I am able to connect my VPN tunnel, and transmit all data encrypted to my network, where it is then routed out to it’s final destination. Excellent!


I will do some packet captures later on to verify the traffic is truly passing thru my network.