Installing Dropbox in Gentoo running KDE

I had never used Dropbox before and had no intention of doing so, but today a work colleague sent me some large files via Dropbox so I was forced to sign up. I tried to install Dropbox on my main laptop running Gentoo Linux and KDE but, for a well-known application, I had a surprising amount of trouble, hence this blog post.

To begin with, I found the following Dropbox-related packages:

# eix dropbox
* gnome-extra/nautilus-dropbox
Available versions: (~)0.6.9 (~)0.7.0 0.7.1 (~)1.4.0 {debug}
Homepage: http://www.dropbox.com/
Description: Store, Sync and Share Files Online
.
* net-misc/dropbox
Available versions: 1.2.48-r1^ms (~)1.2.51-r2^ms (~)1.4.3-r1^ms (~)1.4.7-r1^ms (~)1.4.7-r2^ms (~)1.4.17^ms (~)1.4.23^ms (~)1.6.16^ms {X +librsync-bundled}
Homepage: http://dropbox.com/
Description: Dropbox daemon (pretends to be GUI-less)
.
* net-misc/dropbox-cli
Available versions: 1 1-r1 {PYTHON_TARGETS="python2_6 python2_7"}
Homepage: http://www.dropbox.com/
Description: Cli interface for dropbox daemon (python)
.
* xfce-extra/thunar-dropbox [1]
Available versions: [m](~)0.2.0
Homepage: http://www.softwarebakery.com/maato/thunar-dropbox.html
Description: Plugin for Thunar that adds context-menu items for Dropbox
.
[1] "sabayon" /var/lib/layman/sabayon
.
Found 4 matches.

But I don’t have GNOME or Xfce installed on my main laptop, so the first and last packages were of no interest. A quick search on the Web turned up Kfilebox, which seemed to be exactly what I needed. I was pleased to find that the package is in the main Portage tree:

# eix kfilebox
* kde-misc/kfilebox
Available versions: (4) (~)0.4.8 (~)0.4.9
{LINGUAS="ar br cs de el es fr gl it lt nl pl pt ru si tr zh zh_CN"}
Homepage: http://kdropbox.deuteros.es/
Description: KDE dropbox client

So I installed kfilebox, dropbox and dropbox-cli, thinking I would need them all. Then, before doing anything else, I surfed to the Dropbox Web site and signed up for an account.

I launched Konsole and entered the command kfilebox. A window popped-up telling me that the Dropbox Daemon was being downloaded, then another window popped up offering me two options/buttons: ‘Run gtk based installer’ and ‘Or simply link account’. I clicked on the latter, thinking that was all I needed to do as I had already signed up for an account via the Dropbox Web site. But a Dropbox icon did not appear in the Panel, nor did Dolphin show a Dropbox folder icon in my home directory, and the KDE Notifications widget kept popping up notification after notification from Kfilebox to “Please visit url to link to this machine”. The trouble was that clicking on the apparent link in the notifications did nothing.

The directories .dropbox and .dropbox-dist existed in my home directory, and the contents of /home/fitzcarraldo/.kde4/share/config/kfileboxrc were as follows:

[General]
AutoStart=true
Browser=rekonq
DropboxDir=/home/fitzcarraldo/.dropbox-dist/
FileManager=dolphin
GtkUiDisabled=true
IconSet=default
ShowNotifications=true
StartDaemon=true

As the rekonq Web browser is not installed on this laptop, I edited the file and changed Browser=rekonq to Browser=firefox then rebooted, but it made no difference.

So I uninstalled everything:

# emerge -C kfilebox dropbox dropbox-cli
# rm -rf /home/fitzcarraldo/.dropbox
# rm -rf /home/fitzcarraldo/.dropbox-dist
# rm /home/fitzcarraldo/.kde4/share/config/kfileboxrc

then rebooted and reinstalled only Kfilebox:

# emerge kfilebox

I then launched Konsole and entered the command kfilebox. The pop-up window appeared notifying me that the Dropbox Daemon was being downloaded, followed by the pop-up window offering me the choice of running the gtk-based installer or simply linking the account. This time I chose the option to run the gtk-based installer and just followed the intuitive instructions in the various pop-up windows that followed, one of which offered to create a new Dropbox account or to link to an existing Dropbox account. As I wanted to do the latter I entered my e-mail address and Dropbox password, a Dropbox icon then appeared on the Panel and a Dropbox folder icon is now visible in Dolphin.

I checked the contents of ~/.kde4/share/config/kfileboxrc and they were the same as listed above, so I edited the file to replace rekonq with firefox, although I’m not sure yet what (if anything) that does, as Dropbox is new to me and I’m still learning. Anyway, the important thing is that I could now click on the ‘View folder’ button in an e-mail sent to me by a colleague and the files uploaded by my colleague were automatically downloaded into the ~/Dropbox directory.

Setting the wireless regulatory domain in Linux on your laptop

I travel internationally and want to make sure that my laptop uses the legal wireless networking frequencies in the country I am visiting. In Linux, CRDA (Central Regulatory Domain Agent) is the udev helper used to communicate between userspace and the kernel, and it enables you to view and alter the wireless regulatory domain your kernel uses. For more information see the Regulatory page on the Linux Wireless Wiki site.

CFG80211 is the Linux wireless LAN (802.11) configuration API. The kernel on my main laptop has the following configuration settings relating to CFG80211:

# cat /usr/src/linux/.config | grep CFG80211
CONFIG_CFG80211=m
# CONFIG_CFG80211_DEVELOPER_WARNINGS is not set
# CONFIG_CFG80211_REG_DEBUG is not set
CONFIG_CFG80211_DEFAULT_PS=y
# CONFIG_CFG80211_DEBUGFS is not set
# CONFIG_CFG80211_INTERNAL_REGDB is not set
CONFIG_CFG80211_WEXT=y

and the cfg80211 module is loaded:

# lsmod | grep cfg80211
cfg80211 145747 3 iwlwifi,mac80211,iwldvm

I have the package crda installed, and I have the following udev rule file /etc/udev/rules.d/regulatory.rules to allow the kernel to communicate with userspace:

KERNEL=="regulatory*", ACTION=="change", SUBSYSTEM=="platform", RUN+="/sbin/crda"

So, how do you check which wireless regulatory domain your kernel is currently using, and switch to another domain if necessary? These tasks are performed using the iw command. You’ll need to install the package iw if it is not already installed.

To see the regulatory domain your laptop is using now, enter the following command as root user:

iw reg get

When I use the above command on my laptop after start-up, I normally see the following:

# iw reg get
country 00:
(2402 - 2472 @ 40), (3, 20)
(2457 - 2482 @ 20), (3, 20), PASSIVE-SCAN, NO-IBSS
(2474 - 2494 @ 20), (3, 20), NO-OFDM, PASSIVE-SCAN, NO-IBSS
(5170 - 5250 @ 40), (3, 20), PASSIVE-SCAN, NO-IBSS
(5735 - 5835 @ 40), (3, 20), PASSIVE-SCAN, NO-IBSS

The country code 00 is not the code of the country I am in at present. To tell the kernel which wireless regulatory domain you wish to use, enter the following command as root user:

iw reg set ISO_3166-1_alpha-2

where ISO_3166-1_alpha-2 is the 2-character code for the country you are in. You can find the list of ISO 3166-1 alpha-2 codes on the Wikipedia page ISO 3166-1 alpha-2.

For example, if I were in the UK then I would enter the following command:

# iw reg set GB

and the regulatory domain would then be reported like this:

# iw reg get
country GB:
(2402 - 2482 @ 40), (N/A, 20)
(5170 - 5250 @ 40), (N/A, 20)
(5250 - 5330 @ 40), (N/A, 20), DFS
(5490 - 5710 @ 40), (N/A, 27), DFS

It is not a big deal to use the command line, but I wanted to make it even easier. I’m using KDE on my main laptop, so I created a Desktop Configuration File /home/fitzcarraldo/Desktop/Set_wireless_regulatory_domain containing the following:

[Desktop Entry]
Comment[en_GB]=
Comment=
Exec=/home/fitzcarraldo/iw_reg.sh
GenericName[en_GB]=Set wireless regulatory domain
GenericName=Set wireless regulatory domain
Icon=/home/fitzcarraldo/national-flags-icon.png
MimeType=
Name[en_GB]=Set_wireless_regulatory_domain
Name=Set_wireless_regulatory_domain
Path=
StartupNotify=true
Terminal=true
TerminalOptions=\s--noclose
Type=Application
X-DBUS-ServiceName=
X-DBUS-StartupType=none
X-KDE-SubstituteUID=false
X-KDE-Username=

and gave it the following file permissions:

# chmod 744 /home/fitzcarraldo/Desktop/Set_wireless_regulatory_domain
# ls -la /home/fitzcarraldo/Desktop/Set_wireless_regulatory_domain
-rwxr--r-- 1 fitzcarraldo users 496 Jan 15 21:53 /home/fitzcarraldo/Desktop/Set_wireless_regulatory_domain

I used a search engine to find a nice PNG icon consisting of several overlapping national flags, and saved it with the file name name national-flags-icon.png in my home directory.

I created a Bash shell script /home/fitzcarraldo/iw_reg.sh containing the following:

#!/bin/bash
echo "First you need to enter the password of your user account..."
sudo echo ""
echo "The ISO 3166-1 alpha-2 codes are listed on Web page https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2"
echo ""
echo "The current wireless regulatory domain is set as: "
echo ""
sudo iw reg get
echo ""
echo -n "Enter the ISO 3166-1 alpha-2 code (upper case) for the country you are in now, and press ENTER: "
read REGULATORYDOMAIN
sudo iw reg set $REGULATORYDOMAIN
echo ""
echo "The current wireless regulatory domain is now set as: "
echo ""
sudo iw reg get
echo ""
echo "All done. You can close this window."

and gave it the following file permissions:

# chmod 744 /home/fitzcarraldo/iw_reg.sh
# ls -la /home/fitzcarraldo/iw_reg.sh
-rwxr--r-- 1 fitzcarraldo users 632 Jan 15 21:33 /home/fitzcarraldo/iw_reg.sh

Now, if I double-click on the icon for Set_wireless_regulatory_domain on my desktop, a Konsole window pops up with a prompt for me to enter my user account password. When I enter my password the window displays the current wireless regulatory domain the kernel is using and prompts me to enter the 2-character code for the regulatory domain I wish to use instead. When I enter the country code the window displays the new regulatory domain, as shown in the sample below.


First you need to enter the password of your user account...
Password:

The ISO 3166-1 alpha-2 codes are listed on Web page https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2

The current wireless regulatory domain is set as:

country SA:
(2402 - 2482 @ 40), (N/A, 20)
(5170 - 5250 @ 20), (3, 23)
(5250 - 5330 @ 20), (3, 23), DFS
(5735 - 5835 @ 20), (3, 30)

Enter the ISO 3166-1 alpha-2 code (upper case) for the country you are in now, and press ENTER: GB

The current wireless regulatory domain is now set as:

country GB:
(2402 - 2482 @ 40), (N/A, 20)
(5170 - 5250 @ 40), (N/A, 20)
(5250 - 5330 @ 40), (N/A, 20), DFS
(5490 - 5710 @ 40), (N/A, 27), DFS

All done. You can close this window.


The task of viewing and changing the regulatory domain after start-up is now very easy for me. The only thing that would be easier than this would be if Linux could detect automatically which country I’m in and set the regulatory domain automatically.

Synchronise your Gentoo Linux clock with an Internet time server

There are a number of ways to synchronise Gentoo Linux with a time server on the Internet. Here I look at a few alternatives.

ntp-client

ntp-client and the NTP daemon ntpd are installed when you install the package net-misc/ntp. Although I have read on some Web sites that /etc/init.d/ntp-client should be added to the default runlevel in order to read the time from an NTP server (once-only, during start-up), this in fact does not work because usually the network connection is not up by the time the ntp-client initscript runs. Bear in mind that ntp-client does not run continuously; it syncs once with an external time server if there is a network connection, and that’s it.

NetworkManager Dispatcher

If you are using NetworkManager, an elegant solution is to use NetworkManagerDispatcher to restart ntp-client in order to resync your system clock every time a network connection comes up. This is my favoured solution for laptops; see further on for how to configure your machine to do this.

cronjob

Another way would be to create a cronjob to run periodically the ‘/etc/init.d/ntp-client restart‘ command or the ‘ntpd -q‘ command (the -q option means “set the time and quit”).

Wait a while after start up

A ‘quick-and-dirty’ method, which I have used sometimes to synchronise a laptop’s system clock every time it boots, would be to delay running ntp-client until the network is up by putting e.g. the command below in a file 10_ntp-client.start in the directory /etc/local.d/ (10 seconds is usually enough time for a wired or wireless connection to my home network to be established):

#!/bin/bash
sleep 10s && /etc/init.d/ntp-client restart

Don’t forget to make it executable:

# chmod 744 /etc/local.d/10_ntp-client.start

NTP daemon

Regarding the NTP daemon, it is possible to configure this from the command line, rather than via a Desktop Environment GUI, to run at start-up and continue running to adjust your system clock. The command:

# rc-update add ntpd default

will add the daemon’s initscript to the default runlevel so that it is launched automatically at the next startup, and the command:

# /etc/init.d/ntpd start

will start the daemon running right now.

Note that, by default, the NTP daemon won’t correct, all in one go, a time difference between your system clock and the remote NTP server if that difference is above a certain size. However, if you want to override the default behaviour, i.e. allow the NTP daemon to make a large first adjustment to the system clock, you can set the environment variable NTPD_OPTS in the file /etc/conf.d/ntpd as follows:

NTPD_OPTS="-g"
# The -g option enables ntpd to make large adjustments.

This would mean that you would not need to run ntp-client before ntpd. However, if you run ntp-client automatically — either once after start-up or periodically — then that would be good enough for the typical Desktop user, and could be an alternative to having a continuously-running NTP daemon. Nothing stops you doing both if you want, of course.

Updating the hardware clock

If you make clock_systohc="YES" in the file /etc/conf.d/hwclock then the time in the system clock will be written to the BIOS (CMOS) clock (a.k.a. hardware clock) when you shut down your PC.

How to configure NetworkManager Dispatcher to synchronise the system clock only when a network connection is made

If you’re using a machine that is permanently connected to a network, running the NTP daemon makes sense. But what if you have a machine that is not always connected to a network when it is powered up? I have a laptop and I don’t want the NTP daemon running all the time. But I would like my laptop to synchronise with an external time server once after start up when I connect to the Internet. NetworkManager has a handy tool called NetworkManager Dispatcher for doing just this.

If you have installed NetworkManager, you’ll find there is an initscript /usr/portage/net-misc/networkmanager/files/NetworkManagerDispatcher. Copy it to the directory /etc/init.d/ and give it the necessary restrictive permissions:

# cp /usr/portage/net-misc/networkmanager/files/NetworkManagerDispatcher /etc/init.d/
# chmod 744 NetworkManagerDispatcher

Then create a shell script called e.g. 99_ntp-client in the directory /etc/NetworkManager/dispatcher.d/ to be run by NetworkManagerDispatcher when a network connection is established, containing the following code:

#!/bin/bash

INTERFACE=$1 # The interface which is brought up or down
STATUS=$2 # The new state of the interface

case "$STATUS" in
    'up') # $INTERFACE is up
        echo "System time before starting ntp-client:" > /home/fitzcarraldo/ntp-client.txt
        date >> /home/fitzcarraldo/ntp-client.txt
        echo "Starting ntp-client:" >> /home/fitzcarraldo/ntp-client.txt
        rc-config restart ntp-client &>> /home/fitzcarraldo/ntp-client.txt
        echo "System time after starting ntp-client:" >> /home/fitzcarraldo/ntp-client.txt
        date >> /home/fitzcarraldo/ntp-client.txt
        ;;
    'down') # $INTERFACE is down
        # Check for active interface and down if no one active
        if [ ! `nm-tool|grep State|cut -f2 -d' '` = "connected" ]; then
                echo "Stopping ntp-client at:" > /home/fitzcarraldo/ntp-client.txt
                date >> /home/fitzcarraldo/ntp-client.txt
                rc-config stop ntp-client &>> /home/fitzcarraldo/ntp-client.txt
        fi
        ;;
esac

Make the root user the owner of the script, and only allow the root user to write to it and execute it:

# cd /etc/NetworkManager/dispatcher.d/
# chown root:root 99_ntp-client
# chmod 744 99_ntp-client

Then add NetworkManagerDispatcher to the default runlevel so that it will be launched every time you boot your machine:

# rc-update add NetworkManagerDispatcher default

As the package net-misc/ntp installs both /etc/init.d/ntpd and /etc/init.d/net-client, users could optionally add the NTP daemon ntpd to the default runlevel too if desired, which would provide continuous, incremental adjustments to the system clock once net-client has done its one-shot adjustment each time a network comes up:

# rc-update add ntpd default

But users who don’t leave their PCs on for days on end — or who use laptops — can ignore the above step and just stick with the NetworkManagerDispatcher and net-client solution, whereas users who leave their machines on for days or weeks on end can also use the NTP daemon to keep the system clock in sync in between the times when ntp-client has synchronised.

Don’t forget to delete ntp-client from the start-up level if you are using NetworkManagerDispatcher to run it:

# rc-update del ntp-client

Notice that the script /etc/NetworkManager/dispatcher.d/99_ntp-client logs some information in a text file ntp-client.txt in my home directory which I can check. Here is an example of what ntp-client.txt contains after I select a network (or it is selected automatically) following start up of my laptop:

System time before starting ntp-client:
Sun Jun 3 19:24:08 BST 2012
Starting ntp-client:
Restarting init script
* Setting clock via the NTP client 'ntpd' ...ntpd: time slew +0.067178s
[ ok ]
System time after starting ntp-client:
Sun Jun 3 19:24:17 BST 2012

As you can see above, the ntpd command was executed once by NetworkManagerDispatcher and made a small adjustment to the system time on my laptop.

Replacing ntpdate with ntpd in ntp-client

Just for the fun of it, I changed /etc/conf.d/ntp-client to use the command ntpd instead of ntpdate, even though the ntpdate command works fine. Anyway, here’s my /etc/conf.d/ntp-client file these days:

NTPCLIENT_CMD="ntpd"
NTPCLIENT_OPTS="-g -q"

I have added the -g option so that the ntpd command can make large adjustments to the system time if it is way off the actual time. This is useful at the beginning and end of Daylight Saving Time, or if you dual boot with Windows. Here is an example of the former when I powered up my laptop the morning after the clocks changed from BST to GMT at the end of Summer 2010:

$ cat /home/fitzcarraldo/ntp-client.txt
System time before starting ntp-client:
Sun Oct 31 09:37:23 GMT 2010
Starting ntp-client:
Starting init script
* Setting clock via the NTP client 'ntpd'...ntpd: time set -3600.122381s
[ ok ]
System time after starting ntp-client:
Sun Oct 31 08:37:30 GMT 2010

You can specify the NTP server or NTP server pool in the file /etc/ntp.conf, but the default server pool already specified in that file should work. Note again that, when ntpd is run with the -q option, it synchronises the system clock once and terminates, i.e. it is not running as a daemon.

How to install and use Tor for anonymous browsing or to access country-restricted content from another country

Some people want to browse the Web in complete anonymity. One tool for doing that is Tor. However, there are other reasons for using Tor. For example, when I am travelling in a country where the government blocks certain Web sites (or blocks accessing content on certain Web sites), or when I am travelling overseas and certain Web sites back home will not let me view content (e.g. TV shows), I use Tor. Note that some Web sites are now clever enough to detect that you are accessing them via a proxy and could be overseas, so even Tor will not gain you access to media on some Web sites back home. Anyway, it’s still worth trying Tor to see if it works in your case.

For an overview of the installation and configuration procedure, see Running the Tor client on Linux/BSD/Unix. Below I will explain how to install and use Tor in Gentoo Linux.

Before you use Tor, it is useful to check your current IP address. Several Web sites will tell you your current IP address; here is the site I usually use: http://whatismyipaddress.com/

1. Install Tor:

# USE="tordns" emerge -1v tor

(Actually, the more-recent versions of the tor package don’t require that USE flag but I’ve left it in as it does no harm.)

2. Install Vidalia:

# cd /usr/portage/distfiles/
# wget --no-check-certificate https://www.torproject.org/dist/vidalia/vidalia-x.y.z.tar.gz
# USE="tor" emerge -1v vidalia

Use the current version x.y.z of the vidalia package in the package manager and https://www.torproject.org/dist/vidalia/

3. Install Polipo:

# emerge -1v polipo

4. Download polipo.conf

# cd /etc/polipo
# wget --no-check-certificate https://gitweb.torproject.org/torbrowser.git/blob_plain/HEAD:/build-scripts/config/polipo.conf

Edit April 21, 2013: The above URL is now:

https://gitweb.torproject.org/torbrowser.git/blob_plain/ae4aa49ad9100a50eec049d0a419fac63a84d874:/build-scripts/config/polipo.conf

5. Edit it and change proxyPort = 8118 to proxyPort = 8123

6. Copy it to /etc/polipo/:

# cd /etc/polipo
# cp /etc/polipo/config /etc/polipo/config.bak
# cp polipo.conf config

7. Configure Firefox:

Edit > Preferences > Network > Settings

Manual proxy configuration:

HTTP Proxy: 127.0.0.1 Port: 8123
SSL Proxy: 127.0.0.1 Port 8123

SOCKS Host: 127.0.0.1 Port 9051
SOCKS v5
No Proxy for: 127.0.0.1

8. Run Vidalia and then configure it:

$ vidalia &

a) Settings > Sharing

Select ‘Run as a client only’

b) Settings > Advanced

Select ‘Use TCP connection (ControlPort)’
Address: 127.0.0.1 9051

Tor Configuration File:
/home/fitzcarraldo/.vidalia/torrc

Data Directory:
/home/fitzcarraldo/.tor

c) Click on ‘Edit current torrc’ and make it:

# This file was generated by Tor; if you edit it, comments will not be preserved
# The old torrc file was renamed to torrc.orig.1 or similar, and Tor will ignore it
ControlPort 9051
ExitNodes {gb}
Log notice stdout
SocksListenAddress 127.0.0.1
StrictNodes 1

Note that I have specified “{gb}” above so that I am perceived by Web sites to be browsing in the UK even if I am in another country. But you can use a different country code if you want Web sites to perceive you are in another country. For example, “{us}” would make it look as if you are browsing in the USA.

9. Run Polipo:

$ sudo polipo

10. Surf to http://torcheck.xenobite.eu/ to check that you are now using a Tor exit node.

11. Surf to http://whatismyipaddress.com/ to check that your IP address has changed.

Cannot browse some Web sites: yet another cause

Having spent hours yesterday trying to figure out why I could no longer browse a few specific Web sites from my old Gateway Solo 9300 laptop running Linux, whereas all the other Linux and Windows laptops that use my wireless network can browse any Web site, I thought I’d post the solution as Google did not turn up this particular cause.

There are several possible reasons why one may not be able to browse some Web sites: IPv6; the MTU; a black hole router en route; the settings in the various ip_* and tcp_* files in /proc/sys/net/ipv4/, and so on. So, unfortunately I had many avenues to pursue.

My old Gateway Solo 9300 laptop had enabled me to browse the Web reliably via my home wireless network until recently. Suddenly I could neither browse the Sabayon Linux Web site nor access the Entropy package manager’s repository. I could also no longer browse some other Web sites, although most Web sites were still accessible without trouble.

I tried many different things without success, and then finally remembered that I had reconfigured my router a couple of weeks ago because one of my family had reset it whilst I was away from home. Now, when this model of router (BT Home Hub, Version 1.0) is reset it defaults to WEP encryption for wireless networking. However, I normally have it set to use WPA-PSK encryption. So, when I got home I accessed the router’s Web interface via Ethernet from a Desktop PC and changed wireless networking encryption to “WPA-PSK Version: WPA+WPA2″. In the past I had set it to “WPA-PSK Version: WPA”, and thought that setting “WPA+WPA2″ instead of “WPA” this time would not cause any problems. Well, it didn’t on all the other laptops using my network, but my old Gateway Solo 9300 with Linksys CardBus card (‘Linksys WPC54G (EU) v7.1 wireless notebook adapter card’) was different.

As soon as I wondered if the encryption setting was the cause of my problem, I browsed to the BT Home Hub configuration page and changed wireless networking encryption from “WPA-PSK Version: WPA+WPA2″ to “WPA-PSK Version: WPA”. Bingo, my Gateway Solo 9300 running Sabayon Linux E17 Edition and Firefox 4 could browse all Web sites again. Mind you, I also need to have the ipv6 module disabled (I had previously uncommented the line alias net-pf-10 off in the file /etc/modprobe.d/aliases.conf and used the command update-modules) as well as the modifications mentioned in an earlier post (Why can’t I access a specific Web site?). But all those other measures do not solve the problem if the router is configured for “WPA-PSK Version: WPA+WPA2″.

The router’s wireless security option “WPA-PSK Version: WPA” is intended for a network that would only be used by clients configured to use WPA encryption; the router’s option “WPA-PSK Version: WPA2″ is intended for a network that would only be used by clients configured to use WPA2 encryption; the router’s option “WPA-PSK Version: WPA+WPA2″ is intended for a network that would be used by clients configured to use either WPA or WPA2 encryption. So I wonder why there was a problem, as the laptop and CardBus card are configured for “WPA & WPA2 Personal” in nm-applet, and the card supports WPA (TKIP) and WPA2 (CCMP a.k.a. AES).

A fast and easy-to-use scanner of IP addresses and ports

This week I’m working in offices with a local network that uses static IP addressing. Believe it or not, it seems the IT department does not keep a list of configured IP addresses, and sometimes inadvertently configure devices to have the same IP address.

A couple of days ago I was printing quite happily to a networked printer from my laptop in the morning but, when I got back from lunch, found that I couldn’t print any more. It transpired that someone had allocated the IP address of my laptop to a new plotter in my absence. What to do if the organisation has no central list of configured IP addresses? There are too many devices on the local network to check them manually, and I do not have access to them anyway.

So I installed Angry IP Scanner (a.k.a. ipscan), an easy-to-use scanner of IP addresses and ports, and use it to find an IP address that is currently unused on the network.

I wanted to install ipscan by using Gentoo’s package manager Portage. There is no ebuild for it in the Portage main tree, but a quick search of the Web told me that there is an ebuild in the floppym overlay (http://gpo.zugaina.org/Overlays/floppym/net-analyzer/ipscan). Rather than add the floppym overlay, I decided to install the package using a local overlay:

1. I downloaded the ebuild:

wget http://gpo.zugaina.org/AJAX/Ebuild/2251131/View --output-document=/home/fitzcarraldo/Desktop/ipscan-3.0_beta4.ebuild

The ebuild contents are as follows:

# Copyright 1999-2011 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Header: $

EAPI=3

inherit java-pkg-2

DESCRIPTION="Angry IP - The fast and friendly network scanner"
HOMEPAGE="http://www.angryip.org"

MY_PV=${PV/_/-}
SRC_BASE="mirror://sourceforge/${PN}/${PN}${PV:0:1}-binary/${MY_PV}"
SRC_URI="amd64? ( ${SRC_BASE}/${PN}-linux64-${MY_PV}.jar )
x86? ( ${SRC_BASE}/${PN}-linux-${MY_PV}.jar )"

LICENSE="GPL-2"
SLOT="0"
KEYWORDS="~amd64 ~x86"
IUSE=""

DEPEND=""
RDEPEND=">=virtual/jre-1.6.0"

INSTALL_DIR=/opt/AngryIP

S=${WORKDIR}

src_unpack() {
:
}

src_install() {
local jarname
use amd64 && jarname="${PN}-linux64-${MY_PV}.jar"
use x86 && jarname="${PN}-linux-${MY_PV}.jar"
java-pkg_jarinto "${INSTALL_DIR}"
java-pkg_newjar "${DISTDIR}/${jarname}"
java-pkg_dolauncher
}

2. I synchronised the Portage main tree’s ebuilds on my PC with those in the repositories:

# emerge --sync

3. I made sure that /etc/make.conf has the following lines at the end of the file:

PORTDIR_OVERLAY="${PORTDIR_OVERLAY} /usr/local/portage/"
ACCEPT_LICENSE="*"

4. I created the required directories in the local overlay:

# mkdir -p /usr/local/portage/net-analyzer/ipscan

5. I made sure Portage would not nag me about a missing name for my local overlay:

# mkdir /usr/local/portage/profiles
# echo "local_overlay" > /usr/local/portage/profiles/repo_name

6. I copied the ipscan ebuild into the relevant directory in the local overlay:

# cd /usr/local/portage/net-analyzer/ipscan
# cp /home/fitzcarraldo/Desktop/ipscan-3.0_beta4.ebuild .

7. I generated the manifest for the package:

# ebuild ipscan-3.0_beta4.ebuild manifest

8. I merged the package:

# emerge -1v ipscan

9. I downloaded a 64×64 pixel PNG image of the Angry IP Scanner logo from http://www.angryip.org/icon.png. Then I right-clicked on Kickoff, selected Menu Editor and added an entry for Angry IP Scanner under Applications | System, although I can also launch ipscan from the command line if I want:

$ ipscan

To find an unused IP address on the local network which I can allocate to my laptop whilst I’m working in this office, I launch ipscan and enter the start and end IP addresses of the range I wish to check, and click on Start. The application quickly searches through the IP addresses in that range and lists which are in use and which are not. It’s as simple as that. I then use Network Management to edit the connection and enter the static IP address.

Note that Angry IP Scanner will not detect a live IP address if the device is behind a properly-configured firewall. See the Angry IP Scanner Web site’s FAQ and Documentation pages for further details.

Why can’t I access a specific Web site?

Is there one specific Web site that you can never access? That always causes your Web browser to stall when you click on a link to that site or enter the site’s URL in the browser’s address bar? Perhaps it’s an Internet banking site? You don’t have trouble with other sites, just this one particular site or perhaps just a couple of sites?

The chances are that this problem is caused by what is called a ‘black hole’ router somewhere between you and that site. For the technical explanation of a black hole router, see e.g. the article Black Hole (networking).

I experienced this precise problem a couple of days ago with the popular Web site IMDb. The old Gateway Solo 9300 laptop I was using has no built-in networking hardware so I use a couple of CardBus cards for wireless and wired network access. The Linksys WPC54G (EU) v7.1 wireless notebook adapter works fine but, irrespective of the Web browser, I could not access the IMDb Web site; the browser always stalled when trying to load the site. I discovered I also had the same problem with my bank’s Web site.

I could ping other sites by IP address and by domain name, but pinging the IMDb site never received a reply (and it still doesn’t, even after the fix explained below which allows browsing of the site).

I also experienced this problem several years ago under Windows XP when trying to access the Amazon UK Web site, using an MTU that I had incorrectly set to a value smaller than possible. The problem this time was due to a correctly-set MTU. In both cases, the two MTUs are smaller than a router somewhere en route to those sites wanted to handle.

BACKGROUND

Bear with me while I explain how the problem arose, as it’s relevant (and useful) information.

I had just installed Sabayon Linux on the laptop and got the wireless network connection up, and the first thing I then did was to launch Firefox. With an MTU of 1500 for wlan0, Firefox would only load Google (and that, only intermittently). All other sites would stall. So I used the following command iteratively in order to find the MTU for this hardware, which is 1464 (the maximum packet size in bytes that does not fragment + 28 bytes):

# ping -M do -s packet_size_in_bytes http://www.cisco.com

e.g.

# ping -M do -s 1472 http://www.cisco.com

I just varied the packet size in the ping command until “Frag needed and DF set” was not displayed.

I can reduce the MTU to 1464 as follows:

# ifconfig wlan0 mtu 1464

I could make this permanent by adding an entry (mtu_wlan0=”1464″) to the file /etc/conf.d/net, but I chose instead to make it permanent by adding the above ifconfig command to the file /etc/conf.d/local. This (correct) MTU works fine for all sites I have visited so far except for two, which just stall the browser: IMDb and my bank’s Web site.

I also have a Belkin F5D5010 CardBus Network Card (wired Ethernet) for the laptop. It works fine with an MTU of 1500, and there is no problem accessing the IMDb Web site in Firefox. So, apparently, the MTU is the problem when using the wireless network connection. Now let’s look at the solution…

THE SOLUTION

Well, in the case of Windows it is possible to edit the Registry to solve the problem of network ‘black holes’. But what do you do in the case of Linux? It turns out that the kernel /proc file system provides an easy way to enable and disable TCP MTU Probing by changing a value in the ‘file’ /proc/sys/net/ipv4/tcp_mtu_probing. A value of 0 = disabled; 1 = enabled when a black hole router is detected; 2 = always enabled.

This is what my laptop had in that ‘file’:

# cat /proc/sys/net/ipv4/tcp_mtu_probing
0

So all I needed to do was:

# echo 2 > /proc/sys/net/ipv4/tcp_mtu_probing

and, bingo, a browser can access IMDb and my bank’s Web site without a problem. To make it permanent, I just added the above command to the file /etc/conf.d/local so that it is executed every time I boot the laptop. Here is what my file /etc/conf.d/local looks like now:

# Here is where you can put anything you need to start
# that there is not an init script for.

local_start() {
# This is a good place to load any misc programs
# on startup (use &>/dev/null to hide output)

# START OF MY ADDITIONS
# The Linksys CardBus card does not work with a MTU greater than 1464:
ifconfig wlan0 mtu 1464
# Enable TCP MTU Probing in order to deal with black hole routers:
echo 2 > /proc/sys/net/ipv4/tcp_mtu_probing
# END OF MY ADDITIONS

# We should always return 0
return 0
}

local_stop() {
# This is a good place to unload any misc.
# programs you started above.

# We should always return 0
return 0
}

UPDATE (May 13, 2011): OpenRC 0.8.0 and later in Gentoo and Sabayon Linux no longer use the file /etc/conf.d/local but instead require the commands to be in files in the directory /etc/local.d/. So I created a file /etc/local.d/01network.start containing the following lines:

# The Linksys CardBus card does not work with MTU greater than 1464:
ifconfig wlan0 mtu 1464
# Enable TCP MTU probing to deal with black hole routers:
echo 2 > /proc/sys/net/ipv4/tcp_mtu_probing

and made it executable:

# chmod +x /etc/local.d/01network.start

UPDATE (April 11, 2012): If “echo 2″ does not solve the problem, try “echo 1″ instead. The possible values are:

0 Do not perform PLPMTUD (Packetization Layer Path MTU Discovery)
1 Perform PLPMTUD only after detecting a ‘blackhole’.
2 Always perform PLPMTUD.