|
|
DD has always worked great for me. If you have similar partitions and fs then you can backup and restore to it. You might run into problems if you had a 10gig partition on sda ext2 and then you try and restore it later to sdb5 ext3 or something like that ? Anyway, some backup is better than no backup. I’m using a ext4 fs and backing my whole disk up to a “dump” using the dd command. Later I might opt to backing up to a partition so i can have a mirror image, but for now this is good.
I use gnu screen because the backups take forever, this way i can detach and go do other stuff.
zonemikel@GalacticAC:/mnt/sda1$ sudo fdisk -l
Disk /dev/sda: 164.6 GB, 164696555520 bytes
255 heads, 63 sectors/track, 20023 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Disk identifier: 0x9eb99eb9
Device Boot Start End Blocks Id System
/dev/sda1 1 1275 10241406 83 Linux <----- backing up to here for now
/dev/sda2 1276 2550 10241437+ 83 Linux
/dev/sda3 2551 2677 1020127+ 82 Linux swap / Solaris
/dev/sda4 2678 20023 139331745 83 Linux
Disk /dev/sdb: 20.0 GB, 20020396032 bytes
255 heads, 63 sectors/track, 2434 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Disk identifier: 0x8f670ed7
Device Boot Start End Blocks Id System
/dev/sdb1 1 2403 19302066 8e Linux LVM <------------- Root partition
/dev/sdb2 2404 2434 249007+ 5 Extended
/dev/sdb5 2404 2434 248976 83 Linux
zonemikel@GalacticAC:/mnt/sda1$ screen sudo dd if=/dev/sdb1 of=/mnt/sda1/ubuntu_dump_Oct_08_09.dump bs=64M After i detached i went to see if the file was growing and it indeed was.
zonemikel@GalacticAC:/mnt/sda1$ ls -l
total 426216
drwx------ 2 root root 16384 2009-09-06 18:22 lost+found
-rw-r--r-- 1 root root 436428800 2009-10-08 11:51 ubuntu_dump_Oct_08_09.dump
zonemikel@GalacticAC:/mnt/sda1$ ls -l
total 5373972
drwx------ 2 root root 16384 2009-09-06 18:22 lost+found
-rw-r--r-- 1 root root 5502926848 2009-10-08 11:56 ubuntu_dump_Oct_08_09.dump
zonemikel@GalacticAC:/mnt/sda1$ ls -l
total 5628820
drwx------ 2 root root 16384 2009-09-06 18:22 lost+found
-rw-r--r-- 1 root root 5763891200 2009-10-08 11:56 ubuntu_dump_Oct_08_09.dump
zonemikel@GalacticAC:/mnt/sda1$ and if i ever wanted to restore
sudo dd if=/mnt/sda1/ubuntu_dump_Oct_08_09.dump of=/dev/sdb1 bs=64M UPDATE:
Well this has saved me a bunch of times, I’m wanting to add this info here so I dont forget it.
Adding noerror makes it so dd wont stop if there is a error it will just fill the places it cant read with zero’s (thats the sync option) and continue on.
The “&” at the end makes it so it runs in the background, this way you can do whatever you want and it will finish when it finishes. It then shows you the process id and gives you another prompt.
zonemikel@GalacticAC:/mnt$ sudo dd if=/dev/sda1 of=/mnt/sdb1/ub_9.10_11.24.09.dump bs=512 conv=noerror,sync&
[1] 3530
zonemikel@GalacticAC:/mnt$ If you want to see the speed/progress of the dd command it sounds weird but you have to send it this kill command. You send it to the proc id that we found above or by “ps aux | grep dd”
zonemikel@GalacticAC:/mnt$ sudo kill -USR1 3530
zonemikel@GalacticAC:/mnt$ 5024233+0 records in
5024233+0 records out
2572407296 bytes (2.6 GB) copied, 376.458 s, 6.8 MB/s Then if you want to restore someday. The notrunc tells dd to continue until /dev/sda1 is full and noerror is the same as before.
# dd if=/mnt/sdb1/ub_9.10_11.24.09.dump of=/dev/sda1 conv=notrunc,noerror
I’m sure no one noticed, but the server was down for about a week or so. I was getting some disturbing output straight to my console about file io failures that repeated constantly and would not even allow you to work on stuff in the foreground.
The server had a 20gig drive with linux, a 30 gig drive with the web files and a 130gig disk for storage. All these were crammed into a very small computer. Anyway the 20 gig was failing, so I made a backup using dd onto another partition of the 130gig. Then I spent about 3 days trying to get the system to boot from the 130gig hdd to no avail. It seems that something in that drive will just not allow it to boot. I had figured this out before and thats why i was using it for storage. Anyway that caused me to learn a lot about grub and lilo. I just reformatted the 20 gig drive and reinstalled the os on it. I ended up using grub, I also ended up using a different OS.
I tried the latest version of slackware, I figured since i was reinstalling midas well get the latest version. I hated it ! They use the resource heavy KDE, there is no apt-get or yum like functionality. They still have that package system where you have to use pkg-tool in the dir where you have downloaded packages and then go through each one and say yes or no. It is incredibly hard to get those packages, you might know you need a program to do this but unless you know its called progname.ver.somecrazystuff.tar.tz.ver34 good luck finding it on their site. You could also just browse through thousands of packages separated alphabetically and say “maybe this is what i need?” Since I’m also familiar with ubuntu i got the ubuntu server version.
The installation of ubuntu was fast and easy. The boot cd also has a way to load a kernel so you can get in and do stuff like “grub-install” (which does not exist for slackware). After I installed Ubuntu I got my firewall script to work just fine on it. Everything i wanted i just “sudo apt-get install” ed it. Ubuntu also comes with awesome tools like gnu screen and nano, it also has a updated version of vi I had not seen before. And of course the updates in ubuntu are a snap, so i wont end up with a OS that has not been upgraded for 2 years like I did with the version of slackware that crashed.
I did very much like the old version of slackware, version 10 or 11 I think. I loved the way it gave random quotes every time you log in. Also the boot cd allows you to specify a different kernel, which i couldnt figure out how to do with the ubuntu cd. This was very helpful when i had 3 different partitions i was trying to boot. But besides that i’m sticking with ubuntu with xfce4 installed !
Everything is up and running now, obviously. I had backups so most of the stuff got restored. A lot of the stuff got a nice cleaning, i had a lot of junk ! Wordpress turned out to be easy to restore thanks to their backup/restore tools. For my other custom web page (social network site) I opted out of my custom stuff and installed dolphin, the dolphin install took me a few hours then i wrote some scripts to do some crazy stuff with the mysql database so all 500 users from before would just pop up in the totally different social networking software, that was not easy but I was able to do it. I had to also write scripts to resize their photos and store them in directories and all kinds of crazy stuff. If you need to port some site to a dolphin site let me know I can help.
I always have been good with backups, but now I keep a duplicate of the entire linux root disk so i can at any time swap it out and replace it without delay. I’m using the dd for most of that.
I will write about my updated firewall script and the other stuff I did to get the ubuntu system to do all that my slackware system did, just got to get some free time. I’ve also made some diagrams and such, hope to write about that soon.
Today I noticed that I had lost all the work I did over summer (which was a bunch). I was able to find them in old binary files for mysql but the pictures and attachments are all gone for good. Here is what wp told me
1. Importing post Using IPTABLES on your linux router... (2 comments)
2. Skipping attachment http://zonemikel.com/wordpress/wp-content/uploads/2009/05/simplers232.jpg
3. Skipping attachment http://zonemikel.com/wordpress/wp-content/uploads/2009/05/ttl-rs232-conv-top.jpg
4. Skipping attachment http://zonemikel.com/wordpress/wp-content/uploads/2009/05/ttl-rs232-conv-back.jpg
5. Skipping attachment http://zonemikel.com/wordpress/wp-content/uploads/2009/05/card-reader-conv.gif
6. Importing post RS-232 to serial Conversion, using 2 transistors... (1 comment)
7. Skipping attachment http://zonemikel.com/wordpress/wp-content/uploads/2009/05/pic-blew-up.jpg
8. Importing post Blow UP your Pic's...
9. Skipping attachment http://zonemikel.com/wordpress/wp-content/uploads/2009/05/rf-out-backspace-fullshot.jpg
10. Skipping attachment http://zonemikel.com/wordpress/wp-content/uploads/2009/05/rf-out-tab-fullshot.jpg
11. Importing post SoundCard Oscilloscope...
12. Skipping attachment http://zonemikel.com/wordpress/wp-content/uploads/2009/05/protoboard-02-top.jpg
13. Skipping attachment http://zonemikel.com/wordpress/wp-content/uploads/2009/05/protoboard-02-bottom.jpg
14. Importing post Protoboard Version 0.2... (2 comments)
15. Skipping attachment http://zonemikel.com/wordpress/wp-content/uploads/2009/05/pic-uart-aa.jpg
16. Skipping attachment http://zonemikel.com/wordpress/wp-content/uploads/2009/05/rs232-a.jpg
17. Importing post RS232 Revisited... (1 comment)
18. Importing post Standard Lab Journal Format that I will be using... (1 comment)
19. Skipping attachment http://zonemikel.com/wordpress/wp-content/uploads/2009/05/network-setup.jpg
20. Skipping attachment http://zonemikel.com/wordpress/wp-content/uploads/2009/05/firewall-flow-chart.jpg
21. Importing post My Linux Firewall Script... (43 comments)
22. Skipping attachment http://zonemikel.com/wordpress/wp-content/uploads/2009/05/rcr-rx-breadboard.jpg
23. Skipping attachment http://zonemikel.com/wordpress/wp-content/uploads/2009/05/rcr-tx-protoboard.jpg
24. Importing post Testing RCT-433-AS-TRANSMITTER and RCR-433-RECIVER... (10 comments)
25. Importing post Ubuntu + VirtualBox + Existing WinXP 64 Hopefully !:... (6 comments)
26. Importing post Ubuntu 9.04 + Virtual Box (non ose) + usb grayed out... (32 comments) At least i got the information back and i wont have to start out from scratch when i pick up those projects again. If i find the pictures i will upload them so they show up.
I’m so dumb i was still using samba. If your using linux you really dont need samba ! You can set it up using nfs and have a easier more secure method. Its like the file was on your own machine.
This is what i used to do to mount my samba shares in ubuntu.
#!/bin/bash
#pass=$1
echo -n "Password: "
stty -echo
read password
#script to connect to samba drive on server.
smbmount //ip/dir /home/michael/server/ #-o username=zonemikel,password=$password
#example smbmount //192.168.1.200/WebFiles /home/michael/webserver/ -o username=zonemikel,password=$password
echo "connected"
read -p "Press any key to unmount drives. " -n1 -s
smbumount /home/michael/server/
smbumount /home/michael/webserver/
echo "unmounted" I had to have it un mount or my pc would not shut down right … anyway thats the old way this is the new
sudo mount -t nfs serverName:/mnt/files /home/michael/server No passwords, it allows only ip addresses from the network to connect. Since I’m using a direct connection from the server to this subnetwork there is no other place for someone to patch in and use that ip, so its relativly secure. If I were using it over a large network i think anyone could change their ip to a “trusted” (/etc/hosts.allow) ip and easily gain acess to your files, but on a home network such as mine with a trusted and un trusted subnetwork this is ok.
Here is the original Link to the instructions
This text below (the remainder of this article) is NOT my writing ! I just want to keep a copy here in case they move their site or something
While most things about Ubuntu work pretty much the way you want/expect the first time, one exception is sharing folders between two computers on the same LAN (”Local Area Network” — in this case, multiple computers in the same house sharing an internet connection via a router). Surprisingly, it’s easier/more intuitive to do this between an Ubuntu computer and a Windows computer! I wish Ubuntu would make a more intuitive, graphical way for non-technical users to do this — though I certainly have fun tinkering with these things and learning more about networking (or what-have-you) as I go.
Through some command-line magic, I’ve gotten my laptop to be able to access the music folder on my desktop — right now I’m playing music on my laptop that’s actually stored on my desktop’s much bigger hard drive. Sweet! How did I manage this?
Say you have two computers, both running Linux (in this case they’re both running Ubuntu and I can’t vouch that this will work on any other distro, but I suspect it would) — the server, which has the folder you want to share on its physical media, and the client, which will connect to the server and access its data.
On the client:
1. In a Terminal window, run
sudo apt-get install nfs-common — this installs the software you’ll need.
2. Run
to find your IP on the local network; it should look something like
(If you see more than one instance of “inet addr” in the output of ifconfig, choose the address that doesn’t begin with 127.)
On the server:
3. In a Terminal window, run
sudo apt-get install nfs-kernel-server 4. Edit the
file and add a line that looks like this:
where “neuron” is replaced with the hostname or a nickname for your client (in this case, “neuron” is the name of my laptop) and “192.168.1.101″ is replaced with the IP you found in step 2.
5. Test this — in a Terminal, run
(or whatever name you used) and see if you get a response. If you get a response like “unknown host”, something is wrong — re-check your work from the previous steps (and check that the two computers are really on the same network!). If you get a response like “… 64 bytes from neuron… 1 packets transmitted, 1 received … ” then everything is hunky-dory so far and you are ready to move on!
6. Edit the
file and add a line that looks like this:
(again, use the IP that you found in Step 2).
7. Edit the
file and add a line that looks like this:
/home/music 192.168.1.101(rw,sync,subtree_check,no_root_squash) where again 192… is replaced with the IP from step 2, and “/home/music” is replaced with the full path to the folder you want to share. Note that for some reason it is important that the parenthesized arguments don’t have a space between them.
8. Run
sudo /etc/init.d/nfs-kernel-server restart 9. Run
and get the IP of your server, the same way that you found it for the client.
Back on the client!
10. Edit
and add a line like
where “192.168.1.103″ is replaced with the IP of your server (from step 9) and “boffin” is replaced with the hostname/nickname of your server (”boffin” is the name of my desktop).
11.
to check that this worked, just like in Step 5.
12. Make a mountpoint for your shared directory — in my case, I used
mkdir /media/boffin-music 13. Mount the shared directory at the mountpoint, like this:
sudo mount -t nfs boffin:/home/music /media/boffin-music replacing “boffin” with your server’s name, “/home/music” with the location on the server of your shared folder, and “/media/boffin-music” with the mountpoint you created in step 12.
14. Now you should be able to browse to the mountpoint and see your shared files, and open them, and use them. Awesome!
to solve this
add yourself to the virtual box group
type “grep vboxusers /etc/group” to get your id .. it will be the number
add
none /proc/bus/usb usbfs devgid=###,devmode=664 0 0
to your /etc/fstab where ### is the number you got with the previous command.
i tried all the other stuff, spent all day on it this worked .. if you have version 9.04 of ubuntu do this ! If you have VirtualBox ose from the package manager your usb devices wont work at all. Just go to the virtual box webpage and get the deb.
This will hopefully tell you how to install virtual box in ubuntu, and have it use your existing windows partition. Of course, no one wants to reinstall all their stuff in the “virtual drive”. This is my first time using a virtual machine. This is based off the tutorials at http://ubuntuforums.org/showthread.php?t=769883 but that didnt work for me so this is what i did to make it work on my machine. A lot of it is the same.
Create a grub boot cd
First you might want to create a boot cd as a easy way to boot your partitions. This first line just takes your current config and moves it to your home directory so you can edit it then turn it into a iso.
cd ; mkdir -p iso/boot/grub ; cp /usr/lib/grub/*-pc/stage2_eltorito /boot/grub/menu.lst iso/boot/grub
<strong>Edit the menu.lst in our soon to come boot cd</strong> at this point we want to edit this file so we can make it ONLY boot our windows partition. If you boot the partition your on in a virtual machine its horrible i’ve heard so we dont want it to default to our ubuntu partition or something.
gedit ~/iso/boot/grub/menu.lst Now go to the part where it has all the ubutnu or other os’s options and delete all that, most of the entries look like this. Only leave the last one which is your windows partition.
title Ubuntu 8.10, kernel 2.6.27-11-generic
uuid 6bb9b9cc-0bc9-4b1f-af2e-bb675a993b65
kernel /boot/vmlinuz-2.6.27-11-generic root=UUID=6bb9b9cc-0bc9-4b1f-af2e-bb675a993b65 ro xforcevesa quiet splash vga=791
initrd /boot/initrd.img-2.6.27-11-generic
quiet Then on your windows partition modify it to look similar to this, the main thing i did was changed “root” to “rootnoverify”
# This entry automatically added by the Debian installer for a non-linux OS
# on /dev/sda1
title Windows XP Professional x64 Edition
rootnoverify (hd0,0)
# savedefault !! comment this out
makeactive
chainloader +1 Make the boot CD iso
Now save and close that gedit window. Then make the grub stuff we were just messing with into a bootable iso.
cd ; mkisofs -R -b boot/grub/stage2_eltorito -no-emul-boot -boot-load-size 4 -boot-info-table -o grub.iso iso
<strong>Make sure you have latest version of VirtualBox</strong> At this point i totally removed my old version of virtual box using package manager, then i installed the new version from virtualbox.org using their easy package installer thing. You need the version 2.1+ to get support for 64bit os’s. I installed version 2.2 … so this tutorial is working for that version.
After i installed i didnt see it anywhere so i went to a terminal and typed “VirtualBox” to start it … yes the case matters.
Add your user to disk and vboxusers
In order for you to run the command we need to run next your user must be part of a group that is allowed to do this so we type this.
sudo usermod -a -G disk
sudo usermod -a -G vboxusers
<strong>Setup our passthrough virtual drive</strong> then run this command to make our weird passthrough thing that links to our real physical partition.
VBoxManage internalcommands createrawvmdk -filename ~/.VirtualBox/WinHD.vmdk -rawdisk /dev/sda -partitions 1 -relative -register Please note the “/dev/sda -partitions 1″ specifies partition one of my first sata disk… change this to your windows partition.
Create different profile for windows MUST DO !!
Ok now you must also at this point boot into windows and create another “profile” to boot into when you boot from linux. If not your hardware profile will get messed up when you boot into it from linux and you will not be able to use windows by itself anymore. So go into windows, right click my computer -> properties -> Hardware -> hardware profiles ->copy. Then name your second one to something you want, and make sure the timer is like 30 seconds so you can choose.
Create and run new virtual machine
Ok now boot back into linux, open a terminal type “VirtualBox” create a new virtual machine as type windows, use the drive we made and tell it to also mount a iso, use the iso we made.
The first time i tried it it said “error 15 file not found” … which i had been getting a lot of, dont fret just type “c” to get a command then type
grub: rootnoverify (hd0,0)
grub: makeactive
grub: chainloader +1
grub: boot I cant because i dont have hardware virtualization in my cpu but you might
Then windows tries to start but cant because it still thinks its running on a 32 bit machine … lets go look in the virtual box settings for our virtual machine.
Ok, this story does not have a happy ending. Turns out my processor E4400 does not support VT or whatever it is. Its called hardware virtualiziation, and you need it to run a 64 bit guest OS. So even if i was in windows 7 using this feature to run Win XP 64 it would not work. Sorry everyone. You should note that everything else worked its just that windows 64 bit was unable to start due to the above problem.
Here is a list of cpu’s and if they have hardware virtualization
Tutorial on how to do this #1
Tutorial on how to do this #2
Brief Description
My purpose was to test this transmitter/receiver pair to see how far i could go and still reliably transmit data. I used my protoboard to transmit. The reciever was attached to a uart to rs232 converter then to the db9 port on my computer and i watched the input from hyperterminal.
Equipment
Prelab
Get and study data sheets for the transmitter and reciever. Brush up on rs-232 and ttl signaling levels.
Procedure
The first thing i did was get the Conversion circuit working. I’ve found that the other circuit i have listed does not work well with the 2N3904/6 transistors that i have on hand. I was only able to get the uart to rs232 portion to work, as soon as i plugged in the capacitor or the line going to rs-232 RX the circuit would stop working. So I only hooked up half of the ciruit using a 2N3906 and three 10K resistors. You can do that or use the other one way circuit. You should be comfortable enough with the signalling levels by this point to do this easily, if not i suggest you go back to those sections.
After thats hooked up connect it to the tx pin on the pic to make sure its transmitting correctly. Then hook up the reciever and put the data out line where your pic was connected (before the 10K going into the base of the transistor). You can get the data sheets for the reciever and transmitter in the links that i posted above in the equipment bullets. Hooking up the reciever is really simple, its just ground and power lines and a data out. I hook up all the ground and power lines just to be sure, and when in doubt remember vsS = “sink” so its the ground.
I hooked the transmitter into my “protoboard”.
There is a program on the pic that just transmits a number like 10 times and then does a newline. That way i can print out lots of data and see what number it messed up on. I used the lowest setting i could for the pic, since it has a 20Mhz clock i can use any baud rate slower than 1200.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
| #include <16F877.h>
#device adc=8
#use delay(clock=20000000)
#fuses NOWDT,HS,NOPUT,NOLVP
#use rs232(baud=1200,parity=E,xmit=PIN_C6,rcv=PIN_C7,bits=8)
int i =0;
int j=0;
void main()
{
setup_adc_ports(NO_ANALOGS);
setup_adc(ADC_OFF);
setup_psp(PSP_DISABLED);
setup_spi(FALSE);
setup_timer_0(RTCC_INTERNAL|RTCC_DIV_1);
setup_timer_1(T1_DISABLED);
setup_timer_2(T2_DISABLED,0,1);
output_b(0xFF);
printf("\f \f \f \r \f \f \f \r \f \f \f \r");
printf("Start");
while(1){
for (j=0;j<10;j++){
printf(".%i",i);
}
printf("\r\n");
i++;
}
} |
Filter Capacitors
In the datasheet for both the transmitter and reciver it says you should use a “bypass” and “filter” cap. I noticed a great improvement of signal quality when i installed these. Pretty much for both of them i just connected them between ground and power in close proximity to the chip, I did this on both the tx and rx ends. You should be able to make it out from the pictures.
Antenna
There is some weird calculation to get “1/4″ of the wave or soemthing like that to calculate the optimum lenght of the antenna. Other people calculated it to 17cm. POST LINK HERE So, I just used a 17cm peice of telephone wire.
Conclusions
The pair works pretty good going at 1200 baud, I was able to transmit through walls. I transmitted at least 20 feet away through walls without loosing any info. This was only after installing the filter capacitors though.
In the datasheets it recommends that you invert the output signal on both ends. This allows you to only transmit when you are actually transmitting, if you dont do this to hold the line without sending data you have to send a ‘1′, but if you invert before it hits the transmitter and then invert coming out of the reciever then you wont need to waste power. If you are transmitting from the pic then you need to set the INVERT option in your program, or you can just invert after that. I didnt implement this part but i might later on.
When you are not transmitting the reciever picks up some weird square wave that does strange things. Then, when you start to transmit some of this weird square wave is picked up in the beggining of your signal, this almost always makes the first part of a string of data get garbled. You can get around this by just constantly transmitting data, which might not be efficent. Possibly you could create some kind of circuit to filter this out, or maybe by inverting the singal it would help ? Just something to consider.
Depending on the needed applications of this it seems to be a very nice way to transmit data, I plan on making a RC car, for that it should work just fine.
This is a continuation of articles “using iptables on your linux router“ and “how to setup your slackware linux box as a router“. This is the script that im pretty much finished with and how it works.
Hardware Setup
This is a basic diagram of my network setup. Crossover cables are denoted with ‘C’. This does not represent the actual spacing between items at all, for instance PC 2 is about 100ft away from the hub, the hub is right on top of the server.
Eth1 Network (192.168.10.0)
Very Un-trusted !
Only allow ports 80, and 22
PC1 can be allowed samba ports also
Eth2 Network(192.168.1.0)
Very trusted
All Packets are passed directly through
Firewall Script Flow Chart
This is a flow chart that explains how the firewall handles packets.
After making all this i realized that everything goes differently, packets go to see if its pc3 then to see if eth1 then they go to the firewall table to see if established/related, that is of course if they made it that far. If they were eth1 then they would have gone to net two. So please realize this above diagram is not exactly like my script, but very similar.
For simplicity I don’t include the “firewall” table which just accepts all local loopback and then goes to the trusted table. Really I should eliminate the “firewall” table, feel free to. The “NETTWO” table is dedicated to the unsecure network, It only allows port 80, 22 and PC1. PC1 is also pretty restricted. The table “NETTWO” hooks into the wifi router, which I am VERY weary of, I do further security on that router, its just a old Linksys wireless router. Its actually the router that I replaced my linux box with.
Anyway without further a due here is the actual script.
#!/bin/bash
RETVAL=0
external_int="eth0"
external_ip="`ifconfig $external_int | grep 'inet addr' | awk '{print $2}' | sed -e 's/.*://'`"
# start the firewall
start() {
# set all default behaviour to accept
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT
# create new chains for firewall and trusted filtering
iptables -N FIREWALL
iptables -N TRUSTED
iptables -N NETTWO # temp? tables for subnetwork of wifi, luis and garage computer
# Log chain
iptables -N LOG_DROP
iptables -A LOG_DROP -j LOG --log-prefix '[IPTABLES DROP] : '
iptables -A LOG_DROP -j DROP
# allow established and related incoming connetions only
iptables -A FIREWALL -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT
# Allow self communication
iptables -A FIREWALL -i lo -j ACCEPT
iptables -A FIREWALL -o lo -j ACCEPT
# send all package to the trusted chain
iptables -A FIREWALL -j TRUSTED
# drop all other packets
iptables -A FIREWALL -j LOG_DROP
############################
# Prerouting, to speed up things
############################
# give the ubuntu pc a green light to do whatever, compleatly trusted ! (to firewall only)
# ubuntu pc is connected to eth2 and has static ip of 192.168.1.11
iptables -A INPUT -j ACCEPT -p all -s 192.168.1.11 -i eth2
iptables -A OUTPUT -j ACCEPT -p all -d 192.168.1.11 -o eth2
# for the subnetwork that has luis and wifi we send it to its own table
iptables -A INPUT -i eth1 -j NETTWO
# send all input packets to the firewall chain
iptables -A INPUT -j FIREWALL
############################
# Begin Forward Table and Inet sharing
############################
# forward all traffic coming from eth1 to eth 0 ( make all eth1's stuff go to the net)
iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT
# forward only established or related connections from eth0 to eth1 ( so only stuff a local lanputer has started)
iptables -A FORWARD -i eth0 -o eth1 -m state --state ESTABLISHED,RELATED -j ACCEPT
# same as above but for eth2 (gigabit connection)
iptables -A FORWARD -i eth2 -o eth0 -j ACCEPT
iptables -A FORWARD -i eth0 -o eth2 -m state --state ESTABLISHED,RELATED -j ACCEPT
# forward all sof2mp test stuff to this computer (take all connections to server)
iptables -A FORWARD -i eth0 -o eth2 -p udp -m udp --dport 20100:20112 -j ACCEPT
# broadcast the sof2 mp test server
iptables -A FORWARD -i eth0 -o eth2 -p tcp -m tcp --dport 20100:20112 -j ACCEPT
# any packets that get to this point are logged then dropped
iptables -A FORWARD -j LOG_DROP
# masquerade the ip's so they look like they are "all from one" machine
iptables -A POSTROUTING -t nat -o eth0 -j MASQUERADE
# turn forwarding on "tell the kernel"
echo 1 > /proc/sys/net/ipv4/ip_forward
############################
# network two routing table, for subnetwork with luis and wifi
# only port 80 and 22 are allowed, the rest are logged/dropped
############################
iptables -A NETTWO -p tcp -m tcp --dport 80 -j ACCEPT
iptables -A NETTWO -p tcp -m tcp --dport 22 -j ACCEPT
#iptables -A NETTWO -m mac --mac-source "pc2's mac" -p tcp -m tcp --dport 137:139 -j ACCEPT
#iptables -A NETTWO -m mac --mac-source "pc2's mac" -j ACCEPT
iptables -A NETTWO -j LOG --log-prefix '[NETTWO DROP] : '
iptables -A NETTWO -j DROP
############################
# Begin Trusted Table
############################
# Allow http, the eth+ defines "all" ethernet devices
iptables -A TRUSTED -i eth+ -p tcp -m tcp --dport 80 -j ACCEPT
# Allow http, the eth+ defines "all" ethernet devices
iptables -A TRUSTED -i eth1 -p tcp -m tcp --dport 80 -j ACCEPT
# Allow https
iptables -A TRUSTED -o eth0 -p udp -m udp --dport 443 -j ACCEPT
iptables -A TRUSTED -o eth0 -p tcp -m tcp --dport 443 -j ACCEPT
# Allow SSH
iptables -A TRUSTED -i eth+ -p tcp -m tcp --dport 22 -j ACCEPT
# sof II test
iptables -A TRUSTED -i eth0 -p tcp -m tcp --dport 20100 -j ACCEPT
iptables -A TRUSTED -i eth0 -p udp -m udp --dport 20100 -j ACCEPT
# Nexuiz
iptables -A TRUSTED -i eth0 -p tcp -m tcp --dport 26000 -j ACCEPT
iptables -A TRUSTED -i eth0 -p udp -m udp --dport 26000 -j ACCEPT
# teamspeak
iptables -A TRUSTED -i eth0 -p tcp -m tcp --dport 8767 -j ACCEPT
iptables -A TRUSTED -i eth0 -p udp -m udp --dport 8767 -j ACCEPT
# allow samba server for print and files to local nics only
iptables -A TRUSTED -i eth1 -p tcp -m tcp --dport 137:139 -j ACCEPT
iptables -A TRUSTED -i eth2 -p tcp -m tcp --dport 137:139 -j ACCEPT
iptables -A TRUSTED -i eth1 -p tcp -m tcp --dport 445 -j ACCEPT
iptables -A TRUSTED -i eth2 -p tcp -m tcp --dport 445 -j ACCEPT
# log and drop all packets going through the trusted chain that make it this far
iptables -A TRUSTED -j LOG_DROP
# end message
echo "- Iptables Script ran, security enabled"
RETVAL=0
}
# open everything and forward everything
dumb() {
# set all default behaviour to accept
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT
# now forward everything
# forward all traffic coming from eth2to eth 0 (all ubuntu's computer goes to net)
iptables -A FORWARD -i eth1 -o eth2 -j ACCEPT
# forward all traffic from eth0 to eth2, all traffic from net to ubuntu computer
iptables -A FORWARD -i eth2 -o eth1 -j ACCEPT
# same as above but for eth1 (local lan slow)
iptables -A FORWARD -i eth2 -o eth0 -j ACCEPT
iptables -A FORWARD -i eth0 -o eth2 -j ACCEPT
iptables -t nat -A PREROUTING -p udp -i eth0 -d $external_ip --dport 20100:20112 -j DNAT --to-destination 192.168.1.11
iptables -t nat -A PREROUTING -p tcp -i eth0 -d $external_ip --dport 20100:20112 -j DNAT --to-destination 192.168.1.11
# masquerade the ip's so they look like they are "all from one" machine
iptables -A POSTROUTING -t nat -o eth0 -j MASQUERADE
# turn forwarding on "tell the kernel"
echo 1 > /proc/sys/net/ipv4/ip_forward
echo "+ everything accepted, everything forwarded";
}
# stop the firewall (everything is open !)
stop() {
# set the default policy
iptables -P INPUT ACCEPT # accept all incoming packets
iptables -P FORWARD ACCEPT # forward all packets to other puters (flood)
iptables -P OUTPUT ACCEPT # accept all outgoing packets and send them
# set default policy for the NAT table
iptables -t nat -P PREROUTING ACCEPT
iptables -t nat -P POSTROUTING ACCEPT
iptables -t nat -P OUTPUT ACCEPT
# delete all old rules
iptables -F # flush
iptables -t nat -F # flust nat table
# delete all chains
iptables -X
iptables -t nat -X
echo "+ All tables flushed"
RETVAL=0
}
lockdown() {
echo "locking down everything"
iptables -t nat -P PREROUTING DROP
iptables -t nat -P POSTROUTING DROP
iptables -t nat -P OUTPUT DROP
iptables -t nat -P PREROUTING DROP
iptables -t nat -P POSTROUTING DROP
iptables -t nat -P OUTPUT DROP
echo "itz locked down"
}
# case statement to call the correct function, exept status which is in the case
case $1 in
start)
start
;;
dumb)
stop
dumb
;;
stop)
stop
;;
restart)
stop
start
;;
status)
iptables -L
iptables -t nat -L
RETVAL=0
;;
lockdown)
stop
lockdown
;;
*)
echo "Usage: Firewall (start|stop|restart|status)"
esac
exitThats pretty much it. I’m still kinda dumb when it comes to the forwarding part, so be careful of that part. Also when i allow pc2 to connect to samba ports i use its mac addres so replace “pc2 mac” with the mac address without quotes. Like this 00:00:00:00:00
Im dropping packets like there is no tommorrow. I’ve found that pc1 has something on it that is always sending packets to weird ports/ip’s they are all getting blocked.
Please comment if you know how i can improve this, or can point out any errors.
Another note, if you have email coming out from your server be sure to enable port 25, or whatever port you use. I just did that to mine.
I’ve been wanting to organize my findings in a easy to read/reference way. So, I’ll be using a standard lab journal format for most of the things that i start as of now. Of course, it does not apply to everything. I’ve done so much stuff that i never wrote down anywhere, i want to be sure i can look back at stuff i do from now on. Anyway the standard format ill be using (thanks to my teachers)
Standard Lab Format
The following is a description of the standard lab format to be used:
I. Each lab entry should start with the title of the experiment and a brief description
II. The equipment to be used should be listed; leave some room below the initial list to add additional equipment and parts.
III.A prelab section (when applicable) should include any preliminary work to be done prior to coming to the lab.
IV. The procedure section describes the activities done in the lab. The reader of your journal should be able to follow your description without referring to a manual or handout, but you may summarize in your own words. Record your data, figures, sketches and observations. Be sure to label everything.
V. In the conclusions, you should write in a narrative style. Summarize your results and condense data when appropriate. Answer all questions asked.
Abstract
Even though I have studied this subject several times it still continues to annoy me. This will be a in depth disscussion (kinda for myself) of the signal levels and such. Im wondering if CCS C is inverting the signal coming out of the pic so that its ready for consumption by the db9.
This straight out sort of conversion works off of the fact that most rs232 with short range cables can work just fine with +/- 3 volts. So if you use a transistor to invert the pic signal and a resistor to sink the current when the line is 0 you will get +/-3 volts to drive the rs232 line. So basically we invert the data coming out of the pic and add a resistor to that so when the pic outputs a 1 it is inverted to a 0 then sunk to the resistor to make -3 ish. This is best looked at with a table
Table 1
Pic out | RS-232 In
0volt | +3volt
5volt | -3volt
This is because for the pic a ‘1′ is 5v and for the rs-232 a ‘1′ is less than -3volts, likewize for the pic a ‘0′ is 0v and for rs-232 it is above 3v. So its pretty easy (in theory) to convert from the pic to rs-232, converting from rs-232 to pic levels is more tricky though. But, enough theory and such lets see what we actually get through the scope.
Results
Here I will show you (and myself) the results i get from rs232 and pic while sending the same characters. Hopefully after looking at everything and putting it in perspective we will be able to clearly see whats going on, or we will realize what we are doing wrong.
Setting the scope (soundcard scope)
I’m going to send ‘A’ then ‘a’ at 1200 baud via the pic, and via rs-232, we will be using eight bits with one stop bit. This makes 9 bits total so 1200/9 gives ~133 Hz for each bit. A less confusing way of figuring this out is: we have 1200 bits per second so thats 1/1200 8.3e-4 seconds or (*1000) .83 milliseconds for each bit. We know that we are getting 9 bits so to see the “whole thing” we use .83ms*9bits= 7.5ms. When i set my scope to 8ms i see nothing so i will just use about 60ms then zoom in.
Getting the shot
If you turn on your speakers and your using the soundcard scope you will be able to “hear” the bits go through. I use this as a metronome and i hit the run/stop button to get a good shot of what was sent. Then in the mid bottom i go to the “measure” setting and put it on cursor time. Then i get the blue lines and drag them from the start till about 130hz. This is what i get
So where i have the blue lines is the first char ‘A’ and the rest is the second char ‘a’. From http://www.asciitable.com/ we know that ‘A’ is 65D or 1000001 in binary. Looking at the output we can see we have something like 10???01, we know those four bits so the rest must be 9-4=5. But, I think there is always a “start” bit so that would make it 10 bits we really have so 10-4=6, and that chunk in the middle is all 1’s so 1011111101 is what we have which looks like
start bit | (data)’ | stop bit
I know we cant tell with this one but the data is sent lsb first, and yes that is the inverse of the data. So, where there was a 1 there is a 0 and so forth. This is what we get out of the pic, there is no manipulation its just “putc(’A')” so either it should be inverted, or ccs c is inverting it for us. Looking at the ‘a’ we see it is 1100001, and we are getting 10???001. Since we can make out 5 bits, 5 are left that chunk is 1’s so we get 1011111001. Which is just like before start/stop bits and lsb first inverted data. You dont have to figure out just by looking at it what the bits are you can start from the first bit and set f=134/9 and see what each bit is if need be.
Doing the same thing with RS232
It wasnt as easy to get the shot with rs232 but i opened hyperterminal set bits to 8 stop bits to one and baud to 1200. Then while hitting ‘A’ i hurried up and hit run/stop to get this.
From before we know that ‘A’ is 1000001, and yes all that below the red line is negative so we get “1011111101″, assuming that second bit is supposed to be above 3v (what else?). Also i already inverted everything from rs232 to ttl in my head. So we see that here too we get the data portion inverted.
Well, this is what we are getting, but according to sites like http://www.winpicprog.co.uk/pic_tutorial7.htm we should be getting something compleatly different, mainly inverted stuff. But im going to see terminator “salvation” in a hour so ill have to come back to this 
This is my second attempt at making a general purpose board for my pic 877’s. This time the plan was dont connect anything. So the only connectors on the board are iscp, power, and a 40 pin header.
My idea behind the 40 pin header was to be able to connect this board through a normal ide cable to other stuff. I had planned a nice clean structure for the pins, but after soldering things went wrong. Its very confusing when everything is backwards and upside down. None the less its mostly consistent.
So far its working well. The only problem i have had is shorting the +- and blowing up a pic, also the ide cables for more than one drive dont seem to work with it. I dont think ide cables that go to more than one drive are “straight through”.
For anyone curious about version 0.1 you can see a picture here, its in a box ill pull it out and do something useful with it one day, its pretty stable. Its just too big.
this is the bottom view of version 0.1
I’ll write more about this as i use it, im kinda in a hurry now. I want to do a little more and write a little less, but i also want to document everything i do. Even if I’m brief.
|
|
Recent Comments