Setup DNS, DHCP and Content Filtering using DNSMASQ and HAVP in Ubuntu.

The idea here is to setup DNSMASQ and HAVP to provide DNS, DHCP and content filtering in a Windows 7/Vista/XP client environment on Ubuntu Server Edition. DNSMASQ is a light package which will provide DNS caching and DHCP to a network (amongst other things). HAVP is a proxy server which uses a third party virus scanner (usually ClamAV)┬áto scan internet content for viruses. This assumes that you already have Ubuntu Server Edition installed on a suitable machine and have a working internet connection. In the settings “192.168.1.254” refers to this machine which is acting as a router/firewall, you could equally set it to the ip of another router on the network. “192.168.1.253” refers to the ip of a Windows server. First off install DNSMASQ:-

apt-get install dnsmasq

Edit “/etc/dnsmasq.conf”:-

nano -w /etc/dnsmasq.conf

We now need to set the relevant options:-

Continue reading Setup DNS, DHCP and Content Filtering using DNSMASQ and HAVP in Ubuntu.

Wake On LAN over wireless

What is it?

Wake On LAN is a mature technology for switching on computers over a network or remotely.

Why would I want it?

Perhaps you are a techy such as myself and you want to be able to switch customers computers on and work on them remotely (saves having to tell people to leave machines on if you are working after hours).

I also use it to switch on my Ubuntu machine upstairs when I am downstairs (saves me or my better half having to wait for boot or to get a file to or from the machine without physically going up there).

Is it easy to do?

Yes when you know how ;)

Before I go any further I will mention a caveat. Almost all of the WOL howto’s out there mention using a “magic packet” packet to wake the machine. Unfortunately I found out after much head banging and googling “magic packet” doesn’t work over wireless networks, apparently because wireless frames screw the magic packet up so that the wakee doesn’t recognise it any more.

So if you want to use WOL by sending the wake up through a wireless network your options are limited and it depends on the network card you have. At least 2 of the cards I have support a variety of WOL options “pumbg” and the other one only supports “pg”.

  • P stands for PHY activity
  • U stands for Unicast activity
  • M stands for Multicast activity
  • B stands for Broadcast activity
  • G stands for Magic Packet activity

Firstly I tried phy activity that had the unfortunate effect of starting the machine every few seconds. Then I graduated to broadcast which started the machine periodically (my thick wireless router is sending out broadcasts every hour or so). Eventually I settled on unicast here is how to get it working.

Continue reading Wake On LAN over wireless

The importance of a minimal firewall.

I have long been an avid user of the well known interface to iptables – Shorewall. Of late though I have suspected it is slowing my network down. I once decided to see what actual iptables rules it was creating and ran “iptables -L”. There was a lot of output and I wasn’t sure was all of it necessary. It niggled away at the back of my brain for the last few months, and I decided yesterday it was time to do something about it.

I first looked at another “user-friendly” interface that would perhaps give me more control and proper ipv6 support, so I installed Firewall Builder. However it seemed quite complex and after spending some time trying to get to grips with the interface I decided it would be easier to type the rules in manually and anyway that would be the only way I was 100% sure everything in there was needed.

I familiarised myself with the Packet Filtering HOWTO and thought the easiest thing to do would be use “iptables-save” to copy the existing Shorewall rules into an iptables friendly format. The resultant file was 9k long and appeared to have a lot of user defined chains for no good reason. It also didn’t make good use of the multi-port option for tcp connections and therefore there were dozens of rules where there only needed to be one.

Continue reading The importance of a minimal firewall.