Friday, 29 December 2017

pfSense vs Game Consoles

pfSense's NAT is a bit too secure for games consoles such as PS3, PS4, Wii-U and Switch.  It is pfSense's default behavior of randomising the outbound ports that is confusing some of our network orientated games.

Reference:
  • https://forum.pfsense.org/index.php?topic=126746.0

Create an Outbound NAT Entry

I have five gaming consoles so I have assigned static IPs to each (via DHCP static mappings) and created an individual outbound port rule for each console.  The must do aspect is ticking the Static Port option when creating the rule.
By creating specific rules for the game console the connections from other devices in the house (TVs, computers, smart devices) continue to be randomised.

Review the OutBound NAT Entries

Note the tick for each console in the Static Port column. 


UPNP is not Required


UPNP appears to be a distraction in the forums and is not required in my experience.  Set up UPNP access for use by specific devices only:
  • https://www.reddit.com/r/PFSENSE/comments/2uc645/need_help_getting_open_nat_on_ps4/

Wednesday, 27 December 2017

Configure Bash Prompt for Git

 git-prompt.sh script shipped with the git package. Add the following lines to your ~/.bashrc file.


source /usr/share/git-core/contrib/completion/git-prompt.sh
export GIT_PS1_SHOWDIRTYSTATE=true
export GIT_PS1_SHOWUNTRACKEDFILES=true
export PS1='[\u@\h \W$(declare -F __git_ps1 &>/dev/null && __git_ps1 " (%s)")]\$ '

For a fancy coloured prompt try this:export $PS1='\[\033[0;32m\]✔\[\033[0;0m\] \[\033[0;33m\]\w\[\033[0;0m\] [\[\033[0;35m\]${GIT_BRANCH}\[\033[0;0m\]|\[\033[0;34m\]✚ 10\[\033[0;0m\]\[\033[0;36m\]…26\[\033[0;0m\]\[\033[0;0m\]] \n\[\033[0;37m\]$(date +%H:%M)\[\
033[0;0m\] $ '

Monday, 31 July 2017

Reverse SSH Tunnelling

References


So you have access to console access on a protected (NAT-ed) network and can reach the whole Internet. You can use a reverse SSH tunnel to get back to using a full featured and fast terminal window instead of the slow graphical console.

In my case I am doing lab exercises for online Linux training in a course provided lab. The lab has Internet access which is great so you can even backup you lab exercises to GitHub for example. However, working through a graphical desktop for terminal work is not desirable with lag, special keys not mapped and dropped keys.   I could not SSH into the lab environment directly so I used a reverse tunnel.


My public SSH server:
  1. only allows access via SSH key. I specifically used "ed25519" key as the public keys are really short, easier to copy out of, especially if you have to type it;
  2. operates on a non-standard port.

On the  Network Protected Client

Create a port forward on the loopback interface of the public server.  Every user with access to the public server can now connect back to the SSH daemon on the protected client.  They still have to authenticate but in my case "student" is not a good password, so be careful.

ssh [-i <identity_file>] [-p <public_port>] -R <local_port>:localhost:22 <user>@<public_server>

Common Server Accessible by Both Parties

Identify a public server that both your workstation and the network protected client can access via SSH.  Enable compression on the inner SSH session as it is the one that has access to the raw text and therefore maximum compression.  There is no point enabling compression on the (outer) reverse tunnel as it only sees the inner encrypted SSH session.

ssh [-C] -p <local_port> <protected_user>@localhost

Friday, 17 February 2017

dokuwiki on Fedora 25 with Docker

dokuwiki on Fedora 25 with Docker

References

Install Docker

dnf config-manager --add-repo https://docs.docker.com/engine/installation/linux/repo_files/fedora/docker.repo
dnf makecache fast
dnf install docker-engine
systemctl start docker
systemctl enable docker
docker run hello-world

Install docuwiki

docker search dokuwiki
docker run --name dokuwiki-data --entrypoint /bin/echo istepanov/dokuwiki Data-only container for dokuwiki.
docker run -d -p 8000:80 --name dokuwiki --volumes-from dokuwiki-data istepanov/dokuwiki
docker container list

Auto-start docuwiki

Create the dokuwiki service file:

cat >/etc/systemd/system/docker-dokuwiki_server.service <<EOT
[Unit]
Description=DokuWiki Container
Requires=docker.service
After=docker.service

[Service]
Restart=always
ExecStart=/usr/bin/docker run -p 8000:80 --name dokuwiki --volumes-from dokuwiki-data istepanov/dokuwiki
ExecStop=/usr/bin/docker stop dokuwiki
ExecStopPost=/usr/bin/docker rm -f dokuwiki

[Install]
WantedBy=default.target
EOT

chown root:root /etc/systemd/system/docker-dokuwiki_server.service
chmod 0644 /etc/systemd/system/docker-dokuwiki_server.service
restorecon -v /etc/systemd/system/docker-dokuwiki_server.service

Enable the dokuwiki service:

systemctl daemon-reload
systemctl start docker-dokuwiki_server.service
systemctl enable docker-dokuwiki_server.service

Use It

Browse to: http://localhost:8000/doku.php?id=start

Backup

Manual backup of the dokuwiki-data container:

docker container exec dokuwiki /bin/tar -cvjf - /var/dokuwiki-storage > /tmp/dokuwiki-data-$(date +%Y%m%d).tar.bz2

Note: only these folders are backed up:
* data/pages/
* data/meta/
* data/media/
* data/media_attic/
* data/media_meta/
* data/attic/
* conf/

Written with StackEdit.