hostap with a wifi usb stick on demand 
Friday, November 9, 2012, 09:37 - System, Network, Debian/Ubuntu
Posted by Administrator
After plug in of a wifi usb stick linux act's as a hostap.

apt-get install isc-dhcp-server hostapd

changes in /etc/hostapd/hostapd.conf
interface=wlan0
driver=nl80211
ssid=MYSSID
country_code=AT
ieee80211d=1
hw_mode=g
channel=11
beacon_int=1000
dtim_period=20
ieee80211n=1
wpa=2
wpa_passphrase=MYPASSPHRASE
wpa_pairwise=TKIP CCMP

/etc/network/interfaces
iface wlan0 inet static
  address 192.168.9.1
  netmask 255.255.255.0
  hostapd /etc/hostapd/hostapd.conf
  up iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
  up /etc/init.d/isc-dhcp-server restart
  down iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
  down killall hostapd

first check vendor and product id with lsusb:

/etc/udev/rules.d/local.rules
ACTION=="add", SUBSYSTEMS=="usb", ATTRS{idVendor}=="148f", ATTRS{idProduct}=="3070", \
                                                     RUN+="/sbin/ifup wlan0"
ACTION=="remove", SUBSYSTEM=="net", KERNEL=="wlan0", RUN+="/sbin/ifdown wlan0"

On booting this does not work for me so i started the hostap by

/etc/rc.local
lsusb | grep -q "148f:3070" && /sbin/ifup wlan0



[ view entry ] ( 1531 views )   |  print article
transcode a mjpeg ip cam on demand with a cgi script using ffmpeg 
Tuesday, October 9, 2012, 11:04 - System, Web, Network
Posted by Administrator
To minimize bandwidth for video streaming i have to transcode mjpeg to h264.
To do this on demand ffserver is no option for me.
Therefore a small cgi script on the webserver with ffmpeg did the trick:

#!/bin/bash

echo -e "Content-type: video/avi\n"

#ffmpeg -an -analyzeduration 0 -f mjpeg -r 8 -i http://IP_CAM:PORT \
#       -c:v libx264 -preset ultrafast -r 8 -threads 2 -b:v 150k -f avi - 2>/dev/null &

avconv -an -analyzeduration 0 -f mjpeg -r 8 -i http://IP_CAM:PORT \
       -c:v libx264 -pre ultrafast -r 8 -threads 2 -b:v 150k -f avi - 2>/dev/null &
pid=$!
trap "kill $pid" SIGTERM SIGPIPE
wait


[ view entry ] ( 2601 views )   |  print article
port forward with iptables 
Thursday, October 4, 2012, 11:22 - System, Network
Posted by Administrator
iptables -I FORWARD -i INTERFACE -p tcp --dport PORT -j ACCEPT
iptables -A PREROUTING -t nat -i INTERFACE -p tcp --dport PORT -j DNAT --to-destination LOCAL_IP


[ view entry ] ( 1305 views )   |  print article
apt-get behind a server port redirected with ssh to a proxy 
Tuesday, August 28, 2012, 10:44 - System, Network, Debian/Ubuntu
Posted by Administrator
There is an apt proxy (Apt-Cacher NG), a workstation, a server and a server behind that server.
workstation> ssh -R3142:proxy:3142 server

server> ssh -R3142:127.0.0.1:3142 server_behind

server_behind> cat /etc/apt/apt.conf.d/01proxy
Acquire::http { Proxy "http://localhost:3142"; }

server_behind> apt-get update; apt-get upgrade


[ view entry ] ( 1107 views )   |  print article
sftp and port forward only login 
Friday, September 16, 2011, 10:34 - System, Network, Debian/Ubuntu, Security, Programming
Posted by Administrator
I need a ssh login for restricted portforward but without a shell for the user.

This got realized with /etc/ssh/sshd_config:
...
Subsystem sftp internal-sftp

Match user USER
  PasswordAuthentication yes
  AllowAgentForwarding no
  X11Forwarding no
  ForceCommand internal-sftp
  PermitOpen localhost:22
  ChrootDirectory /home/USER

"PermitOpen"restricts portforward to localhost:22 (remote port forward is not restricted)

But if the client needs a login shell this failes.

Well you could tell the client to not use a login shell:

ssh -N -L2222:IP:22 USER@SERVER

putty: SSH / Protocol Option enable "Don't start a shell or command at all"

or use an own loginshell where the user can only press return to disconnect:

/etc/ssh/sshd_config:
...
Subsystem sftp internal-sftp

Match user USER
  PasswordAuthentication yes
  AllowAgentForwarding no
  X11Forwarding no
  PermitOpen 127.0.0.1:2222
  ChrootDirectory /home/USER

sudo touch /home/USER/.hushlogin
sudo cp own_loginshell /home/USER/
/etc/passwd:USER:x:ID:ID::/:/own_loginshell

own_loginshell.c:
/*
   simple program to print to stdout and read from stdin without libc

   taken from http://crazychenz.com/archives/107
   (http://stackoverflow.com/questions/2548486/compiling-without-libc)

   modified 2011 by Peter Holik (peter@holik.at)

   gcc -nostdlib -nostartfiles -fno-builtin own_loginshell.c -o own_loginshell
*/

/* Types - I've defined these just to match the kernel's macros, typedefs, and structs */
typedef unsigned int size_t;

/* Syscalls */
exit(int error_code) {
        /* The asm call is a GCC thing that allows us to put assembly
         * inline with our C code. This particular use is the extended version,
         * which provides a very clean and easy way to map variables in
         * our code with registers in the assembly code.
         */
        asm("int  $0x80"
            : // no output registers
            : "a" (1), "b" (error_code)
        );
}

size_t read(unsigned int fd, char * buf, size_t count) {
        size_t ret;
        /* In this call, we have a return value, which know will be
         * of type size_t, so we put the value of %eax into ret.
         */
        asm("int  $0x80"
            : "=a" (ret)
            : "a" (3), "b" (fd), "c" (buf), "d" (count)
        );
        return ret;
}

size_t write(unsigned int fd, const char * buf, size_t count) {
        size_t ret;
        asm("int  $0x80"
            : "=a" (ret)
            : "a" (4), "b" (fd), "c" (buf), "d" (count)
        );
        return ret;
}

/* Notice that there is no main in this code, that is because
 * main is not _really_ required. All that is _really_ required
 * is the entry point for Linux to execute. I'd suggest
 * always using a main() for compatibility reasons.
 */
void _start() {
        char *buf = "press enter to close connection";

        write(1, buf, 31);
        read(0, buf, 1);
        exit(0);
}


[ view entry ] ( 2989 views )   |  print article

<<First <Back | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | Next> Last>>