adblock

There’re many ways of doing this. The scenario and configuration is flexible enough, depending on what you want to achieve.

The easy way

My review: Provide the simplest method, poisoned DNS record will be redirected to 127.0.0.1. Longer page load due to no content served in 127.0.0.1 (wait until connection timeout). However this script let you manually control on white list and black list domain.

My review: The script will attempt to create another interface alias and run pixelserv (simple webserver serving 1×1 pixel transparent gif) on that interface. However, you’ll not be able to manually control on white/black list as previous script.

My method

Again, this might not be the best way, but it served my requirements. I’ll be using the same script except that i tweaked it to suit my environment.

Step 1: Create interface alias
I need my pixelserv to run in different ip address (let say my LAN ip is 192.168.1.1/24 i want pixelserv to run on 192.168.88.1/24) so that my uhttpd can listen on 192.168.1.1:80 for LuCI. Add below interface to /etc/config/network

#nano /etc/config/network
config interface 'lan2'
	option ifname 	'eth0'
	option proto	'static'
	option ipaddr 	'192.168.88.1'
	option netmask	'255.255.255.0'

Restart network interfaces
#/etc/init.d/network restart

Verify new interface alias created

[email protected]:~# ifconfig
br-lan    Link encap:Ethernet  HWaddr 08:00:27:9A:88:DD
          inet addr:192.168.1.1  Bcast:192.168.1.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:629 errors:0 dropped:0 overruns:0 frame:0
          TX packets:661 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:73752 (72.0 KiB)  TX bytes:393608 (384.3 KiB)

eth0      Link encap:Ethernet  HWaddr 08:00:27:9A:88:DD
          inet addr:192.168.88.1  Bcast:192.168.88.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:633 errors:0 dropped:0 overruns:0 frame:0
          TX packets:769 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:82836 (80.8 KiB)  TX bytes:528224 (515.8 KiB)

eth1      Link encap:Ethernet  HWaddr 08:00:27:9C:1E:FF
          inet addr:10.0.3.15  Bcast:10.0.3.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:157 errors:0 dropped:0 overruns:0 frame:0
          TX packets:138 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:15482 (15.1 KiB)  TX bytes:13962 (13.6 KiB)

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:16 errors:0 dropped:0 overruns:0 frame:0
          TX packets:16 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:1648 (1.6 KiB)  TX bytes:1648 (1.6 KiB)

[email protected]:~# route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         10.0.3.2        0.0.0.0         UG    0      0        0 eth1
10.0.3.0        *               255.255.255.0   U     0      0        0 eth1
192.168.1.0     *               255.255.255.0   U     0      0        0 br-lan
192.168.88.0    *               255.255.255.0   U     0      0        0 eth0

Step 2: Pixelserv setup
We already have a web server installed on the router (serving LuCI), we just need to configure a new uHTTPd server instance.

mkdir /www_pixelserv
wget -O /www_pixelserv/blank.gif http://probablyprogramming.com/wp-content/uploads/2009/03/tinytrans.gif

Edit /etc/config/uhttpd

config uhttpd 'main'
list listen_http '0.0.0.0192.168.1.1:80'
list listen_https '0.0.0.0:443'
option home '/www'

config uhttpd 'pixelserv'
list listen_http '192.168.88.1:80'
option home '/www_pixelserv'
option error_page '/blank.gif'

Restart uhttpd

/etc/init.d/uhttpd restart

Step 3: Adblock for dnsmasq
Follow installation instruction at https://gist.github.com/teffalump/7227752
For adblock.sh, add following lines to 127.0.0.1 with 192.168.88.1

....
#Download and process the files needed to make the lists (add more, if you want)
wget -qO- "http://adaway.org/hosts.txt"|grep "^127.0.0.1" >> /tmp/block.build.list

#Replace 127.0.0.1 with 192.168.88.1
sed -i 's/127.0.0.1/192.168.88.1/g' /tmp/block.build.list
#Add black list, if non-empty
[ -s "/etc/black.list" ] && sed -e 's/^/192.168.88.1\t/g' /etc/black.list >> /tmp/block.build.list
...

Update:

Above mentioned method (creating interface alias) is valid for interface that do not have vlan tagging. For my case, eth0 is tagged with vlan500 and vlan600 (eth0.500 and eth0.600) and I cannot find any documentation for creating alias for tagged interfaces. As workaround, I’ve changed the pixelserv uhttpd to listen to 192.168.1.1:80, while for router web ui (LuCI) listened to port 443.

This is my modified adblock.sh

!/bin/sh   
#Put in /etc/adblock.sh

#Script to grab and sort a list of adservers and malware

#Delete the old block.hosts to make room for the updates
rm -f /etc/block.hosts

#Download and process the files needed to make the lists (add more, if you want)
wget -qO- http://www.mvps.org/winhelp2002/hosts.txt| sed 's/0.0.0.0/127.0.0.1/g' |grep "^127.0.0.1" > /tmp/block.build.list
wget -qO- http://www.malwaredomainlist.com/hostslist/hosts.txt|grep "^127.0.0.1" >> /tmp/block.build.list
wget -qO- "http://hosts-file.net/.\ad_servers.txt"|grep "^127.0.0.1" >> /tmp/block.build.list
wget -qO- "http://adaway.org/hosts.txt"|grep "^127.0.0.1" >> /tmp/block.build.list

#Replace 127.0.0.1 with 192.168.88.1
sed -i 's/127.0.0.1/192.168.88.1/g' /tmp/block.build.list
#Add black list, if non-empty
[ -s "/etc/black.list" ] && sed -e 's/^/192.168.1.1\t/g' /etc/black.list >> /tmp/block.build.list

#Sort the download/black lists
sed -e 's/\r//g' -e 's/^192.168.88.1[ ]\+/192.168.88.1\t/g' /tmp/block.build.list|sort|uniq > /tmp/block.build.before

if [ -s "/etc/white.list" ]
then
    #Filter the blacklist, supressing whitelist matches
    sed -e 's/\r//g' /etc/white.list > /tmp/white.list
    grep -vf /tmp/white.list /tmp/block.build.before > /etc/block.hosts
    rm -f /tmp/white.list
else
    cat /tmp/block.build.before > /etc/block.hosts
fi

#Delete files used to build list to free up the limited space
rm -f /tmp/block.build.before

References:
http://jazz.tvtom.pl/adblock-w-openwrt-gargoyle/

http://sfxpt.wordpress.com/2011/02/21/the-best-ad-blocking-method
https://forum.openwrt.org/viewtopic.php?id=35023&p=2

 

Incoming search terms:

  • openwrt adblock
  • 192 168 88 1
  • luci-app-vnstat
  • adblock openwrt
  • 192 168 88
  • ddwrt adblock custom config
  • luci-app-adblock n/a
  • openwrt block ad

AUTHOR: [email protected]

Install ‘curl’ package:

# opkg update
# opkg install curl

Next create a script and call it /root/rc.ddns_opendns.sh :

#/bin/sh

/usr/bin/curl -4 -k -u username:password "https://updates.opendns.com/account/ddns.php?"

Make the script executable:

# chmod +x /root/rc.ddns_opendns.sh

Next create another script and call it /etc/hotplug.d/iface/100-opendns :

#!/bin/sh

if [ "$ACTION" = ifup ]; then
/root/rc.ddns_opendns.sh > /dev/null 2>&1
fi

This will update your IP with OpenDNS whenever you reboot or reconnect.

One of the benefits of using OpenDNS is their web content filter. Login to your account on OpenDNS
and start configuring the content filter for your network. Choose Custom and select the categories
you want the content filter to apply too for your home/office network.

Click Apply and wait for roughly 5 minutes for it to take effect. Your network is now protected.

Reference: https://lemur.mybsd.org.my/drl/OpenWRT/DDNS_OpenDNS_OpenWRT.txt

A very useful IOS tips from PacketLife

Keyboard shortcuts

These shortcuts can be used to speed up operating with the CLI:

Ctrl+B or Left Move the cursor one character to the left
Ctrl+F or Right Move the cursor one character to the right
Esc, B Move the cursor one word to the left
Esc, F Move the cursor one word to the right
Ctrl+A Move cursor to the beginning of the line
Ctrl+E Move cursor to the end of the line
Ctrl+P or Up Retrieve last command from history
Ctrl+N or Down Retrieve next command from history
Ctrl+T Swap the current character with the one before it
Ctrl+W Erase one word
Ctrl+U Erase the entire line
Ctrl+K Erase all characters from the current cursor position to the end of the line
Ctrl+X Erase all characters from the current cursor position to the beginning of the line
Ctrl+L Reprint the line
Ctrl+C Exit configuration mode
Ctrl+Z Apply the current command and exit configuration mode

Filter output

Most show commands support filtering with the pipe (|) character, allowing a user to display only the information he’s looking for.

Switch# show interface status | include notconnect
Gi1/0/7                         notconnect   1          auto   auto 10/100/1000BaseTX
Gi1/0/9                         notconnect   1          auto   auto 10/100/1000BaseTX
Gi1/0/22                        notconnect   1          auto   auto 10/100/1000BaseTX

Filter options are include, exclude, and begin. The remaining characters after one of these filter types is processed as a regular expression, which could be a simple string (as in the example above) or something a bit more complex. The example below demonstrates filtering for interface numbers and any assigned IP addresses.

Switch# show run | include interface|ip address
interface FastEthernet0
 ip address 192.168.0.1 255.255.255.0
interface FastEthernet1
interface FastEthernet2
 ip address 192.168.1.1 255.255.255.0
 ip address 192.168.2.1 255.255.255.0 secondary
interface FastEthernet3

You can also filter by section. Thanks to Carl Baccus to reminding me to include this.

R1# show run | section bgp
router bgp 100
 no synchronization
 redistribute connected
 neighbor 172.16.0.2 remote-as 200
 neighbor 172.16.0.9 remote-as 300
 no auto-summary

Skip through the configuration

You can begin viewing a configuration with the begin filter:

Router# show run | begin interface
interface FastEthernet0/0
 no ip address
 shutdown
...

You can also skip forward to a certain line once you’ve already begun viewing the configuration by hitting / at the --More-- prompt, followed by the string you want to match:

Router# sh run
Building configuration...

Current configuration : 601 bytes
!
version 12.4
...
!
!
/interface
filtering...
interface FastEthernet0/0
 no ip address
 shutdown
...

Do the do

Exec commands can be issued from within configuration mode via the do command. This can be handy for double-checking the current configuration before applying any changes.

Switch(config-if)# do show run int f0
Building configuration...

Current configuration : 31 bytes
!
interface FastEthernet0
description Internal LAN
ip address 172.16.0.1 255.255.0.0
end

Insert question marks

You can insert question marks into literal strings (such as interface descriptions) by typing CTRL+V immediately before the question mark. This acts as an escape character and prevents the command line from summoning the help menu.

Switch(config-if)# description Where does this go[ctrl+v]?

The interface description will appear as “Where does this go?”

Disable domain lookup on typos

Don’t you hate it when this happens?

Switch# shrun
Translating "shrun"...domain server (255.255.255.255)
% Unknown command or computer name, or unable to find computer address

You can disable automatic DNS lookups with no ip domain-lookup, which will remove the delay before returning a new console prompt. However, this will also prevent you from referencing remote hosts by name, for example when telneting.

Switch(config)# no ip domain-lookup
...
Switch# shrun
Translating "shrun"
% Unknown command or computer name, or unable to find computer address

Another option is to leave DNS enabled, but configure your console ports and vtys to have no preferred transport for logging in to remote devices.

Router(config)# line console 0
Router(config-line)# transport preferred none
...
Router# asdfxyz
              ^
% Invalid input detected at '^' marker.

Router#

You can no longer telnet by typing an IP address on the console, instead use the “telnet” or “ssh” commands for connecting to the desired hostname or ip address.

Synchronous logging

When logging to the console is enabled, a Cisco device will often dump messages directly to the screen. This can become irritating when it interrupts you in the midst of typing a command. (FYI, you can continue typing normally and the command will still take, but this still throws some people off.)

Synchronous logging can be enabled to “clean up” the CLI when this happens, outputting a fresh prompt below the message, along with any partially completed command.

Switch(config)# line con 0
Switch(config-line)# logging synchronous
Switch(config)# line vty 0 15
Switch(config-line)# logging synchronous

Revert a configuration to its default

The default command, called from global configuration, can be used to revert any part of a configuration to its default value (which is often nothing). For example, it can be used to remove all configuration from a particular interface:

Switch(config)# default g1/0/5
Interface GigabitEthernet1/0/5 set to default configuration
Switch(config)# ^Z
Switch# show run int g1/0/5
Building configuration...

Current configuration : 38 bytes
!
interface GigabitEthernet1/0/5
end

Show only applied access lists

For reasons unknown to me, IOS doesn’t include a command to view what interfaces have ACLs applied. The closest we can get is drudging through the entire output of show ip interface. But, with a little ingenuity and the help of regular expressions, we can summon an efficient view of where our ACLs are applied.

Switch# sh ip int | inc line protocol|access list is [^ ]+$
FastEthernet0 is up, line protocol is down
FastEthernet1 is up, line protocol is up
  Inbound  access list is prohibit-web
FastEthernet2 is up, line protocol is up
  Inbound  access list is 42
FastEthernet3 is up, line protocol is down
FastEthernet4 is up, line protocol is up

For those curious, the regex above matches a line which either a) contains the string “line protocol”, or b) contains the string “access list is ” followed by a single word. This matches an ACL number or name (which can’t contain spaces) but not “not set”.

Speed up running-config display

When the show running-config command is issued, the output has to be assembled from numerous values in memory into the human-friendly display you see on the CLI. Unfortunately, the longer your configuration is, the more time this takes. IOS 12.3T introduced a feature to cache the running configuration text for quicker output:

Router(config)# parser config cache interface

Changing the break character to Ctrl+C

Router(config)# line vty 0 15
Router(config-line)# escape-character 3
Router(config)# line con 0
Router(config-line)# escape-character 3

Show running configuration with all defaults

Append the full command to show running-config to include all the default statements which are normally hidden for brevity.

Reload command

One of the classic mistakes is to incorrectly update an access-list on an interface when you are connected to the device remotely. And suddenly, the Telnet connection is dropped to the router because of a forgotten list entry that would permit your incoming connection.

When you are doing something tricky, you can use the following feature of the reload command, which causes the router to reboot in a certain number of minutes. For example, let’s tell the router to reboot in three minutes.

Router# reload in 3
    Reload scheduled in 3 minutes
Proceed with reload? [confirm]

Now, we have three minutes to do what we need to do. Let’s say we are applying an access-list to serial0.

Router# config terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)# interface serial0
Router(config-if)# ip access-group 110 in
Router(config-if)# ^Z

We made the change and everything still works. (Well, at least our connection wasn’t dropped.) Now all we have to do cancel the impending reload with the following command:

Router# reload cancel

If the reload is not canceled, all the changes made will be discarded since they only exist in the running configuration.

Decrypting type-7 passwords in house on a device

A good way to catch trailing spaces within passwords

Router(config)#username user1 password 0 pass1word
Router#sh run | inc username
username user1 password 0 pass1word

Router(config)#service password-encryption
Router#sh run | inc username
username user1 password 7 06160E325F1F1E161713

then

Router(config)# key chain TEST
Router(config-keychain)# key 1
Router(config-keychain-key)# key-string 7 06160E325F1F1E161713

Router(config-keychain-key)#sh key chain TEST
Key-chain TEST:
    key 1 -- text "pass1word"
        accept lifetime (always valid) - (always valid) [valid now]
        send lifetime (always valid) - (always valid) [valid now]

Using command aliases

You can speed up your routine operations in IOS if you create aliases to often used commands, for exmaple:

Router(config)# alias exec sip show ip interface brief
Router(config)# exit
Router#  sip
Interface           IP-Address            OK? Method Status              Protocol
FastEthernet0/0     192.168.0.1           YES manual up                  up

avh-x5650bt_rc_rd_ri_green_left_b2When I received my Pioneer AVH-X5650BT 2DIN player, I was struggling to play any video files from any media. In the product manual it provide very brief information on the supported video format. I am very frustrated when I always get “unplayable file” error message. I’m surprised that actually there’re few limitations and requirements for the player to recognized the video files.

Rule of Thumb

  • Maximum height cannot exceed 404pixels or else you will get “resolution not supported”.
  • Some user reported maximum resolution is 720×576. I haven’t tried this.
  • Maximum total bitrate must not exceed 1000kbps.
  • Avoid underscore in filename.

Converting your video files

Download DivX video converter and install it.
Load your video files that need to be converted, and select “HD 720p” profile.
divx profile
Modify resolution, click maintain aspect ratio and adjust the height to 404.
Keep an eye to the Total bitrate, make sure it does not exceed 1000kbps. You can tune the value by adjusting the video bitrate.
divx profile2

Save Presets so that you can load the profile in the future.
divx profile3

Readings

http://forum.videohelp.com/threads/295067-Common-DivX-DVD-Players-AVI-Playback-problems%21
http://avic411.com/index.php?/topic/28038-video-file-playback-from-usbsd-on-x920bt/
http://ezinearticles.com/?How-to-Play-All-Video-Files-by-The-Pioneer-AVH-P4200DVD&id=5252400

Feel free to share your setting or anything that can improve this post.

From the Owner Manual
div5 div1 div div2 div3 div4

Download AVH-X5650BT, AVH-X4650DVD, AVH-X2650BT & AVH-X1650DVD User Manual

Incoming search terms:

  • https://advanxer com/blog/2014/01/playing-videos-in-your-pioneer-2014-head-unit/
  • pioneer car dvd player supported video formats
  • divx converter for pioneer
  • pioneer car dvd player usb video format
  • pioneer video converter
  • pioneer unplayable file usb
  • divx converter for pioneer dvd
  • how to play video on pioneer avh from usb
  • pioneer car dvd player video format
  • pioneer video resolution not supported
  • pioneer video format converter
  • pioneer avh video format
  • pioneer usb video format
  • Pioneer video format
  • pioneer dvd player supported video formats

logo

VPN Mode (Layer 2 or Layer 3)

vpnmode

Layer 2 = Use TAP interface, bridge your LAN to VPN Client. VPN client will reside within the same VPN segment. LAN Broadcast will works in this mode. Considered legacy, only Windows  vpn client support this method.

Layer 3 = Use TUN interface, VPN Client will be given a pool of ip address which is different from VPN segment. Better control and most of enterprise VPN deployment use this method.

vpnmode2

 

Create VPN User

By default, OpenVPN Access Server use PAM authentication, to add new vpn client we can just simply add a new user to our LINUX server.

[email protected]:~# useradd nas
[email protected]:~# passwd nas
Enter new UNIX password: 
Retype new UNIX password: 
passwd: password updated successfully

adduser
If you checked “Allow Auto-login”, your vpn client will be automatically connect to vpn without entering any username/password, useful for automation.

Generate and download OpenVPN profile

Login to https://serverip and select “login”. Login option will allow you to download vpn profile, to connect to vpn server, select Connect.
openvpnlogin
Click on “Yourself (autologin profile) and keep the profile safely.

Connect to vpn server using CLI

Transfer the client profile to your box (in this example, to my OpenWRT router) via SCP. Your must have openvpn binary files installed prior to this.

[email protected]:~# openvpn --config client.ovpn

If you received Initialization Sequence Completed, that’s mean the tunnel is up. You can verify using ifconfig and you will see new interface tun0 is there.

Incoming search terms:

  • openvpn access client
  • openvpn access server troubleshooting

logo
All configuration is performed in Virtual Private Server (VPS). If you have the intention to use VPS, make sure your provider support and enable TUN/TAP module in your VPS container. For the following example, I’m using Ramnode VPS (affiliate link) because of their good support, you can enable and disable TUN/TAP easily on your own and their price is relatively cheap. For myself, I’m subscribed to their OpenVZ SSD VPS (128MB RAM, 10GB SSD Space) for 20.40 USD Annually (USD1.70 per month). Don’t forget to enter the promotional code RN15OFF to enjoy 15% Recurring Discount off your VPS price.

Enable TUN/TAP

Go to your VPS Control Panel, and at the bottom you will see an option to enable TUN/TAP module. Turn it on and reboot your VPS.
2

Once boot up, check whether the module is enabled or not by executing below command:

[email protected]:~# cat /dev/net/tun

If you receive the message File descriptor in bad state your TUN/TAP device is ready for use.
If you receive the message No such device the TUN/TAP device was not successfully created.

Download and Install OpenVPN Access Server

Go to OpenVPN Access Server download page and select your architecture. I’m using Debian 7 32bit OS.

[email protected]:/home# wget http://swupdate.openvpn.org/as/openvpn-as-2.0.3-Debian7.i386.deb

Perform installation by executing:

[email protected]:/home# dpkg -i openvpn-as-2.0.3-Debian7.i386.deb

Change openvpn default password:

[email protected]:/home#  passwd openvpn

Now you can access OpenVPN Admin UI from below link:
Admin UI: https://serverip:943/admin
Client UI: https://serverip:943/

Incoming search terms:

  • openvpn as
  • debian tun/tap support

Email Notification

You may set up email alerts for the following occurrences:.
– HD Status Report
– Fan errors
– Disk errors
– Backup Complete

SMTP Server
Enter the IP address and port number of your SMTP mail server. If no port number is entered, the default port 25 will be used.

POP3 Server
Many types of SMTP mail servers and authentication may be used with the LinkStation. Consult your IT department or ISP for any necessary login information to use your SMTP server.

Subject
Specify a subject line for the email notifications, such as “LinkStation Status Report”.

Recipient Mail Address
Notification emails can be sent to up to 5 email addresses.

linkstationemailsetup

linkstationemailsetupC

linkstationemailsetupD

linkstationemailsetupE

Update: 12 Nov 2015
For those having failed sending test email message, please check that you’re entering the correct password. Secondly, during my investigation I found this log in the NAS:

Nov 12 22:39:49 NAS sSMTP[9663]: Unable to set portno="465"
Nov 12 22:39:49 NAS sSMTP[9663]: Unable to set AuthType="SSL"
Nov 12 22:39:49 NAS sSMTP[9663]: Creating SSL connection to host
Nov 12 22:39:49 NAS sSMTP[9663]: SSL connection using AES128-SHA
Nov 12 22:39:50 NAS sSMTP[9663]: Authorization failed (534 5.7.14 https://support.google.com/mail/answer/78754 fp2sm15179963pbb.34 - gsmtp)

Follow this link and set “Access for less secure apps” to “Turn on”

offsecure

Incoming search terms:

  • buffalo gmail
  • buffalo nas
  • buffalo nas email settings
  • buffulo nas
  • email notification LS220D
  • setup buffalo nas
Posted in NAS.

This is not a complete step-by-step data recovery guide. Here I just listed all software needed during my successful recovery.

1. To fix GPT record, use TestDisk.
2. To read and reconstruct RAID, use UFS Explorer Professional Recovery.

Notes:
1. Linkstation filesystem is XFS
2. Linkstation not using legacy MBR, instead it’s using GPT for partition table record

Some guide:
1. http://www.ufsexplorer.com/inf_linkstation.php
2. http://www.ufsexplorer.com/inf_terastation.php

Incoming search terms:

  • raid recovery buffalo
Posted in NAS.