Bypassing a corporate Web filter when using the command line

or ‘How to bypass a corporate Web filter and download YouTube videos via the command line’

One of the offices where I work uses a Web filter to block access to certain sites, such as YouTube. However, sometimes it is necessary to view blocked Web sites for work purposes. For example, these days a lot of companies or individuals post product reviews on YouTube that are useful for work purposes. In such cases I have used Tor to access the blocked sites in a Web browser such as Firefox, Chrome, Konqueror etc. See my post How to install and use Tor for anonymous browsing or to access country-restricted content from another country for details of how to set up and use Tor with a Web browser.

But sometimes I need to access blocked Web sites from the command line. For example, today I needed to download a YouTube video for work purposes, and I wanted to use youtube-dl to do it. The solution was simple…

First I launched vidalia and polipo as explained in the above-mentioned post on Tor, then I launched another Konsole/Terminal window and entered the commands shown below:

$ # First find out what resolutions are available for the video I want to download:
$ youtube-dl -F https://www.youtube.com/watch?v=T3Rr4CUoTSQ
Setting language
T3Rr4CUoTSQ: Downloading webpage
T3Rr4CUoTSQ: Downloading video info webpage
T3Rr4CUoTSQ: Extracting video information
[info] Available formats for T3Rr4CUoTSQ:
format code extension resolution note
140 m4a audio only DASH audio , audio@128k (worst)
160 mp4 192p DASH video
133 mp4 240p DASH video
134 mp4 360p DASH video
135 mp4 480p DASH video
136 mp4 720p DASH video
17 3gp 176x144
36 3gp 320x240
5 flv 400x240
43 webm 640x360
18 mp4 640x360
22 mp4 1280x720 (best)
$ # Now try to download the video at the resolution I want:
$ youtube-dl -f 22 -o Clevo_W230ST_overview.flv https://www.youtube.com/watch?v=T3Rr4CUoTSQ
Setting language
T3Rr4CUoTSQ: Downloading webpage
T3Rr4CUoTSQ: Downloading video info webpage
T3Rr4CUoTSQ: Extracting video information
ERROR: unable to download video data: HTTP Error 403: Forbidden

As you can see above, the corporate Web filter blocked youtube-dl from downloading the video.

So I informed the shell session about the local HTTP proxy (polipo) running on my laptop, by assigning and exporting the environment variable http_proxy using the following syntax:

export http_proxy=http://server-ip:port/

which in my case meant the following (refer to my article on Tor):

$ export http_proxy=http://127.0.0.1:8123/

and then I was able to download the video from YouTube despite the corporate Web filter:

$ youtube-dl -f 22 -o Clevo_W230ST_overview.flv https://www.youtube.com/watch?v=T3Rr4CUoTSQ
Setting language
T3Rr4CUoTSQ: Downloading webpage
T3Rr4CUoTSQ: Downloading video info webpage
T3Rr4CUoTSQ: Extracting video information
[download] Destination: Clevo_W230ST_overview.flv
[download] 100% of 100.23MiB in 05:50
$

Useful Reference: How To Use Proxy Server To Access Internet at Shell Prompt With http_proxy Variable

KDE Connect – Link your Android device to your KDE desktop

KDE Connect app icon on my Samsung Galaxy Note II

KDE Connect app icon on my Samsung Galaxy Note II

KDE Connect is a nice tool that links your Android phone or tablet seamlessly via WiFi to KDE on your PC (the latter can be connected via WiFi or cable to the network). It allows your KDE desktop to receive notifications, files and media player commands from your Android device. The available KDE Connect plug-ins are:

Battery report
Periodically report battery status

Clipboard sync
Share the clipboard content

Multimedia remote controls
Control audio/video from your phone
(pause; first track; previous track; next track; last track; change volume)

Notification sync
Access your notification from other devices

Ping
Send and receive pings

Telephony notifier
Send notifications from SMS and calls

You will need to install the Android KDE Connect application on your Android device, and the Linux KDE Connect application on your PC.

Install the KDE Connect app on your Android device from the Google Play Store. You will then see the KDE Connect icon on the apps screen of your Android device.

For Gentoo users an ebuild for KDE Connect is available in the Gentoo KDE team’s testing overlay, so here are the instructions on how to install KDE Connect on your PC from there.

Firstly, mask the KDE overlay so that none of the packages in it interferes with the KDE software you installed from the main Portage tree:

# echo "*/*::kde" >> /etc/portage/package.mask

Then unmask the KDE Connect package in the KDE overlay:

# echo "kde-misc/kdeconnect" >> /etc/portage/package.unmask

N.B. If /etc/portage/package.mask is a directory rather than a file (either is possible) in your installation, and if /etc/portage/package.unmask is a directory rather than a file (either is possible) in your installation, use the following commands instead of the above two commands:

# echo "*/*::kde" > /etc/portage/package.mask/kde_overlay
# echo "kde-misc/kdeconnect" > /etc/portage/package.unmask/kdeconnect

Now add the KDE overlay and merge the package:

# layman -a kde
# emerge kdeconnect

If a firewall is running on your PC, you will need to configure it to allow tcp and udp traffic via a specific range of ports (1714 to 1764). I have UFW running on my main laptop, so in my case I used the following commands:

# ufw allow proto tcp to any port 1714:1764
# ufw allow proto udp to any port 1714:1764

The rules should look like this:

# ufw status verbose | grep 1714
1714:1764/tcp ALLOW IN Anywhere
1714:1764/udp ALLOW IN Anywhere
1714:1764/tcp ALLOW IN Anywhere (v6)
1714:1764/udp ALLOW IN Anywhere (v6)

If you have the KConfig Module kcm_ufw installed on your PC then you can instead use System Settings > Firewall to add the UFW rules via the KDE GUI.

By the way, to check which KConfig modules are installed on your PC you can use the following command under your user account:

$ kcmshell4 --list

Using KDE Connect is not difficult, so I will leave you to play with it. Obviously make sure WiFi is enabled on your Android device, and that it and your PC are connected to the same network. Tap on the KDE Connect icon on your Android device to launch the app, and you should see your PC’s name listed under CONNECTED DEVICES. Tap on the PC name and you should see the following screen:

KDE Connect screen

KDE Connect screen

If you tap on ‘Send ping’, the KDE Notification widget on the KDE System Tray should pop up a notification.

You can see what KDE Connect plug-ins are available, and select/deselect them:

KDE Connect plugins

KDE Connect plugins

KDE Connect also enables you to use your Android device as a remote control for media players running on your PC. When you launch a media player in KDE its name will appear in a list of selectable players in KDE Connect, and the name of the track currently playing will also be displayed:

KDE Connect - Remote control

KDE Connect - Remote control

When you select a file on your Android device and tap the Share icon, KDE Connect will be one of the options displayed on the ‘Share via’ menu. This is a handy way to send files from your Android device to your PC. The KDE Notification widget on your PC will notify you when the file has been transferred to ~/Desktop/ on your PC:

KDE on your PC notifies you when a file has been sent via KDE Connect

KDE on your PC notifies you a file has been sent via KDE Connect

You should also get notifications on your KDE desktop when someone phones or sends you an SMS.

Kudos and many thanks to the people responsible for KDE Connect. KDE is already a superb desktop environment, and with the addition of KDE Connect it is better still.

‘Server not found’ by browser at launch

I haven’t had any significant Linux problems or new requirements in the last few months, hence no new posts here. My last real problem was back in June 2013 when I rolled my Gentoo installation to latest using Portage and found that, whenever I launched Firefox, it displayed the ‘Server not found’ page and I had to click ‘Try Again’, and then Firefox displayed the expected Web site. From then onwards, Firefox would work as expected until I exited the application. Thunderbird was also unable to access e-mail servers on the first attempt after it was launched. The same thing happened in Sabayon Linux when I rolled to latest using Entropy a couple of days later. Anyway, here is how I fixed the problem in both distributions.

First I used Wireshark to see what was going on, and it transpired that Gentoo (and Sabayon) was sending an IPv4 request followed quickly by an IPv6 request, but the reply to the IPv6 request was being received first and was a ‘server not found’ message since my ISP does not support IPv6 and my router apparently does not handle IPv6 requests correctly. Gentoo (and Sabayon) then used an IPv4 address when I clicked ‘Try Again’ in the browser window, and thereafter Firefox always dispayed the expected Web sites.

I should point out that IPv6 is enabled in the kernels I use and I’ve never before had to disable IPv6 in Firefox (or system-wide) on the affected laptops. So why the change in functionality, I wonder?

With Wireshark capturing packets, when I launched Firefox I was seeing a server failure message indicating “AAAA” (IPv6) instead of “A” (IPv4). To stop this happening I could have chosen any one of the three following solutions:

1. I could have used about:config in Firefox (and Config Editor in Thunderbird) to change the value of network.dns.disableIPv6 to true instead of false.

2. I could have disabled IPv6 system-wide by editing /etc/modprobe.d/aliases.conf and uncommenting the line “alias net-pf-10 off“.

3. I could have forced the getaddrinfo() function in glibc to make the IPv4 and IPv6 requests sequentially rather than in parallel.

Just for the fun of it I chose the third option on a couple of my laptops, and, as they use NetworkManager, this is how I did it:

fitzcarraldo@aspire5536 ~ $ su
Password:
aspire5536 fitzcarraldo # cat /etc/resolv.conf
# Generated by resolvconf
domain home
nameserver 192.168.1.254
aspire5536 fitzcarraldo # cd /etc/NetworkManager/dispatcher.d/
aspire5536 dispatcher.d # touch 06-dhclientoptions
aspire5536 dispatcher.d # nano 06-dhclientoptions
aspire5536 dispatcher.d # cat 06-dhclientoptions
#!/bin/bash
echo "options single-request" >> /etc/resolv.conf
aspire5536 dispatcher.d # chmod +x /etc/NetworkManager/dispatcher.d/06-dhclientoptions
aspire5536 dispatcher.d # # Now I disconnect then reconnect to the network
aspire5536 dispatcher.d # cat /etc/resolv.conf
# Generated by resolvconf
domain home
nameserver 192.168.1.254
options single-request
aspire5536 dispatcher.d #

As you can see above, I added a two-line Bash script 06-dhclientoptions in the directory /etc/NetworkManager/dispatcher.d/ that appends the line “options single-request” (without the quotes) to the contents of the file /etc/resolv.conf. The addition of the line “options single-request” in resolve.conf causes the getaddrinfo() function in glibc to make the IPv4 and IPv6 requests sequentially rather than in parallel. With this change, Firefox and Thunderbird no longer have a problem accessing the Internet the first time they are launched.

From “man 5 resolv.conf” under “options”:

single-request (since glibc 2.10)
sets RES_SNGLKUP in _res.options. By default, glibc performs IPv4 and IPv6 lookups in parallel since version 2.9. Some appliance DNS servers cannot handle these queries properly and make the requests time out. This option disables the behavior and makes glibc perform the IPv6 and IPv4 requests sequentially (at the cost of some slowdown of the resolving process).

single-request-reopen (since glibc 2.9)
The resolver uses the same socket for the A and AAAA requests. Some hardware mistakenly sends back only one reply. When that happens the client system will sit and wait for the second reply. Turning this option on changes this behavior so that if two requests from the same port are not handled correctly it will close the socket and open a new one before sending the second request.

I had to use NetworkManagerDispatcher to add the line “options single-request” to /etc/resolv.conf because NetworkManager overwrites /etc/resolv.conf if you edit it manually.

UPDATE (February 4, 2014): As I have recently seen the line “options single-request” occurring more than once in the file /etc/resolv.conf I now recommend /etc/NetworkManager/dispatcher.d/06-dhclientoptions consists of the following:

#!/bin/bash
if grep -q "options single-request" /etc/resolv.conf; then
    exit
else
    echo "options single-request" >> /etc/resolv.conf
fi

Dropbox revisited

In a previous post I explained how I installed Kfilebox, an unofficial KDE front-end for Dropbox. However, development of Kfilebox appears to have stopped, as the original author posted the following recently on a blog:

“I have stopped working on kfilebox after some updates in dropbox. Shortly: there is no way to get recent changed files, no more access to config options, cant configure it.”

Nevertheless I continued using Kfilebox. However, after a few days the Kfilebox icon stopped appearing in the KDE System Tray, and clicking on ‘Show hidden icons’ > ‘Kfilebox’ on the Panel displayed “The Dropbox daemon isn’t running” in the pop-up menu. Also, if I clicked on the hidden Kfilebox icon and selected ‘Preferences…’ the Dropbox folder field was empty and I had to keep re-entering the location of the Dropbox folder. So I decided to uninstall Kfilebox and try using Dropbox directly with KDE. I performed the steps listed below.

  1. Uninstall Kfilebox:

    # emerge -C kfilebox

  2. Remove any associated directories and files that might be left over:

    # rm -rf /home/fitzcarraldo/.dropbox
    # rm -rf /home/fitzcarraldo/.dropbox-dist
    # rm /home/fitzcarraldo/.kde4/share/config/kfileboxrc

  3. Install Dropbox:

    # emerge dropbox

  4. Do not edit /etc/conf.d/dropbox and do not configure Gentoo to launch the Dropbox daemon at start-up (i.e. do not add /etc/init.d/dropbox to the default runlevel). Instead configure KDE to launch the daemon when logging-in to KDE:
    1. Kickoff > System Settings > Startup and Shutdown
    2. Click on ‘Autostart’ in the left pane.
    3. Click on the ‘Add Script…’ button on the right side of the window.
    4. Enter the location of the Dropbox daemon in the box in the pop-up window. I entered “/opt/dropbox/dropboxd” (without the quotes) in the box and clicked ‘OK’.
  5. Run Dropbox for the first time and configure the local installation:
    1. Open a Dolphin window and browse to the directory containing the daemon (/opt/dropbox/) and double-click on dropboxd to launch the daemon.
    2. The Dropbox set-up window will pop-up and it should be obvious what to do from there onwards. As I already had a Dropbox account I selected ‘I already have a Dropbox account’ and clicked ‘Next’, I then entered my e-mail address, my Dropbox password and my computer’s name in the boxes and clicked ‘Next’. I left the default free 2 GB option selected and clicked ‘Next’. I left the default set-up ‘Typical’ selected and clicked ‘Install’. I read the introductory information displayed in the next couple of windows and clicked ‘Next’. I clicked ‘Finish’ in the final ‘That’s it!’ window.
  6. A Dropbox icon then appears in the System Tray on the Panel and synchronises with the Dropbox directory on the remote Dropbox server.

Now if I click on the Dropbox icon in the System Tray, the Dropbox directory window pops up. If I right-click on the icon in the System Tray, a menu pops-up with the expected Dropbox options.

So there was no need to use Kfilebox after all, as using the Dropbox daemon directly is just as user-friendly.

Installing Dropbox in Gentoo running KDE

kfilebox
I had never used Dropbox before and had no intention of doing so, but today a work colleague sent me some large files via Dropbox so I was forced to sign up. I tried to install Dropbox on my main laptop running Gentoo Linux and KDE but, for a well-known application, I had a surprising amount of trouble, hence this blog post.

To begin with, I found the following Dropbox-related packages:

# eix dropbox
* gnome-extra/nautilus-dropbox
Available versions: (~)0.6.9 (~)0.7.0 0.7.1 (~)1.4.0 {debug}
Homepage: http://www.dropbox.com/
Description: Store, Sync and Share Files Online
.
* net-misc/dropbox
Available versions: 1.2.48-r1^ms (~)1.2.51-r2^ms (~)1.4.3-r1^ms (~)1.4.7-r1^ms (~)1.4.7-r2^ms (~)1.4.17^ms (~)1.4.23^ms (~)1.6.16^ms {X +librsync-bundled}
Homepage: http://dropbox.com/
Description: Dropbox daemon (pretends to be GUI-less)
.
* net-misc/dropbox-cli
Available versions: 1 1-r1 {PYTHON_TARGETS="python2_6 python2_7"}
Homepage: http://www.dropbox.com/
Description: Cli interface for dropbox daemon (python)
.
* xfce-extra/thunar-dropbox [1]
Available versions: [m](~)0.2.0
Homepage: http://www.softwarebakery.com/maato/thunar-dropbox.html
Description: Plugin for Thunar that adds context-menu items for Dropbox
.
[1] "sabayon" /var/lib/layman/sabayon
.
Found 4 matches.

But I don’t have GNOME or Xfce installed on my main laptop, so the first and last packages were of no interest. A quick search on the Web turned up Kfilebox, which seemed to be exactly what I needed. I was pleased to find that the package is in the main Portage tree:

# eix kfilebox
* kde-misc/kfilebox
Available versions: (4) (~)0.4.8 (~)0.4.9
{LINGUAS="ar br cs de el es fr gl it lt nl pl pt ru si tr zh zh_CN"}
Homepage: http://kdropbox.deuteros.es/
Description: KDE dropbox client

So I installed kfilebox, dropbox and dropbox-cli, thinking I would need them all. Then, before doing anything else, I surfed to the Dropbox Web site and signed up for an account.

I launched Konsole and entered the command kfilebox. A window popped-up telling me that the Dropbox Daemon was being downloaded, then another window popped up offering me two options/buttons: ‘Run gtk based installer’ and ‘Or simply link account’. I clicked on the latter, thinking that was all I needed to do as I had already signed up for an account via the Dropbox Web site. But a Dropbox icon did not appear in the Panel, nor did Dolphin show a Dropbox folder icon in my home directory, and the KDE Notifications widget kept popping up notification after notification from Kfilebox to “Please visit url to link to this machine”. The trouble was that clicking on the apparent link in the notifications did nothing.

The directories .dropbox and .dropbox-dist existed in my home directory, and the contents of /home/fitzcarraldo/.kde4/share/config/kfileboxrc were as follows:

[General]
AutoStart=true
Browser=rekonq
DropboxDir=/home/fitzcarraldo/.dropbox-dist/
FileManager=dolphin
GtkUiDisabled=true
IconSet=default
ShowNotifications=true
StartDaemon=true

As the rekonq Web browser is not installed on this laptop, I edited the file and changed Browser=rekonq to Browser=firefox then rebooted, but it made no difference.

So I uninstalled everything:

# emerge -C kfilebox dropbox dropbox-cli
# rm -rf /home/fitzcarraldo/.dropbox
# rm -rf /home/fitzcarraldo/.dropbox-dist
# rm /home/fitzcarraldo/.kde4/share/config/kfileboxrc

then rebooted and reinstalled only Kfilebox:

# emerge kfilebox

I then launched Konsole and entered the command kfilebox. The pop-up window appeared notifying me that the Dropbox Daemon was being downloaded, followed by the pop-up window offering me the choice of running the gtk-based installer or simply linking the account. This time I chose the option to run the gtk-based installer and just followed the intuitive instructions in the various pop-up windows that followed, one of which offered to create a new Dropbox account or to link to an existing Dropbox account. As I wanted to do the latter I entered my e-mail address and Dropbox password, a Dropbox icon then appeared on the Panel and a Dropbox folder icon is now visible in Dolphin.

I checked the contents of ~/.kde4/share/config/kfileboxrc and they were the same as listed above, so I edited the file to replace rekonq with firefox, although I’m not sure yet what (if anything) that does, as Dropbox is new to me and I’m still learning. Anyway, the important thing is that I could now click on the ‘View folder’ button in an e-mail sent to me by a colleague and the files uploaded by my colleague were automatically downloaded into the ~/Dropbox directory.

EDIT May 30, 2013: Kfilebox is no longer in development and has started playing up. However, I found out how to install Dropbox directly and use it with KDE, and it’s just as user-friendly as Kfilebox. See my post Dropbox revisited for how to install Dropbox directly.

Setting the wireless regulatory domain in Linux on your laptop

I travel internationally and want to make sure that my laptop uses the legal wireless networking frequencies in the country I am visiting. In Linux, CRDA (Central Regulatory Domain Agent) is the udev helper used to communicate between userspace and the kernel, and it enables you to view and alter the wireless regulatory domain your kernel uses. For more information see the Regulatory page on the Linux Wireless Wiki site.

CFG80211 is the Linux wireless LAN (802.11) configuration API. The kernel on my main laptop has the following configuration settings relating to CFG80211:

# cat /usr/src/linux/.config | grep CFG80211
CONFIG_CFG80211=m
# CONFIG_CFG80211_DEVELOPER_WARNINGS is not set
# CONFIG_CFG80211_REG_DEBUG is not set
CONFIG_CFG80211_DEFAULT_PS=y
# CONFIG_CFG80211_DEBUGFS is not set
# CONFIG_CFG80211_INTERNAL_REGDB is not set
CONFIG_CFG80211_WEXT=y

and the cfg80211 module is loaded:

# lsmod | grep cfg80211
cfg80211 145747 3 iwlwifi,mac80211,iwldvm

I have the package crda installed, and I have the following udev rule file /etc/udev/rules.d/regulatory.rules to allow the kernel to communicate with userspace:

KERNEL=="regulatory*", ACTION=="change", SUBSYSTEM=="platform", RUN+="/sbin/crda"

So, how do you check which wireless regulatory domain your kernel is currently using, and switch to another domain if necessary? These tasks are performed using the iw command. You’ll need to install the package iw if it is not already installed.

To see the regulatory domain your laptop is using now, enter the following command as root user:

iw reg get

When I use the above command on my laptop after start-up, I normally see the following:

# iw reg get
country 00:
(2402 - 2472 @ 40), (3, 20)
(2457 - 2482 @ 20), (3, 20), PASSIVE-SCAN, NO-IBSS
(2474 - 2494 @ 20), (3, 20), NO-OFDM, PASSIVE-SCAN, NO-IBSS
(5170 - 5250 @ 40), (3, 20), PASSIVE-SCAN, NO-IBSS
(5735 - 5835 @ 40), (3, 20), PASSIVE-SCAN, NO-IBSS

The country code 00 is not the code of the country I am in at present. To tell the kernel which wireless regulatory domain you wish to use, enter the following command as root user:

iw reg set ISO_3166-1_alpha-2

where ISO_3166-1_alpha-2 is the 2-character code for the country you are in. You can find the list of ISO 3166-1 alpha-2 codes on the Wikipedia page ISO 3166-1 alpha-2.

For example, if I were in the UK then I would enter the following command:

# iw reg set GB

and the regulatory domain would then be reported like this:

# iw reg get
country GB:
(2402 - 2482 @ 40), (N/A, 20)
(5170 - 5250 @ 40), (N/A, 20)
(5250 - 5330 @ 40), (N/A, 20), DFS
(5490 - 5710 @ 40), (N/A, 27), DFS

It is not a big deal to use the command line, but I wanted to make it even easier. I’m using KDE on my main laptop, so I created a Desktop Configuration File /home/fitzcarraldo/Desktop/Set_wireless_regulatory_domain containing the following:

[Desktop Entry]
Comment[en_GB]=
Comment=
Exec=/home/fitzcarraldo/iw_reg.sh
GenericName[en_GB]=Set wireless regulatory domain
GenericName=Set wireless regulatory domain
Icon=/home/fitzcarraldo/national-flags-icon.png
MimeType=
Name[en_GB]=Set_wireless_regulatory_domain
Name=Set_wireless_regulatory_domain
Path=
StartupNotify=true
Terminal=true
TerminalOptions=\s--noclose
Type=Application
X-DBUS-ServiceName=
X-DBUS-StartupType=none
X-KDE-SubstituteUID=false
X-KDE-Username=

and gave it the following file permissions:

# chmod 744 /home/fitzcarraldo/Desktop/Set_wireless_regulatory_domain
# ls -la /home/fitzcarraldo/Desktop/Set_wireless_regulatory_domain
-rwxr--r-- 1 fitzcarraldo users 496 Jan 15 21:53 /home/fitzcarraldo/Desktop/Set_wireless_regulatory_domain

I used a search engine to find a nice PNG icon consisting of several overlapping national flags, and saved it with the file name name national-flags-icon.png in my home directory.

I created a Bash shell script /home/fitzcarraldo/iw_reg.sh containing the following:

#!/bin/bash
echo "First you need to enter the password of your user account..."
sudo echo ""
echo "The ISO 3166-1 alpha-2 codes are listed on Web page https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2"
echo ""
echo "The current wireless regulatory domain is set as: "
echo ""
sudo iw reg get
echo ""
echo -n "Enter the ISO 3166-1 alpha-2 code (upper case) for the country you are in now, and press ENTER: "
read REGULATORYDOMAIN
sudo iw reg set $REGULATORYDOMAIN
echo ""
echo "The current wireless regulatory domain is now set as: "
echo ""
sudo iw reg get
echo ""
echo "All done. You can close this window."

and gave it the following file permissions:

# chmod 744 /home/fitzcarraldo/iw_reg.sh
# ls -la /home/fitzcarraldo/iw_reg.sh
-rwxr--r-- 1 fitzcarraldo users 632 Jan 15 21:33 /home/fitzcarraldo/iw_reg.sh

Now, if I double-click on the icon for Set_wireless_regulatory_domain on my desktop, a Konsole window pops up with a prompt for me to enter my user account password. When I enter my password the window displays the current wireless regulatory domain the kernel is using and prompts me to enter the 2-character code for the regulatory domain I wish to use instead. When I enter the country code the window displays the new regulatory domain, as shown in the sample below.


First you need to enter the password of your user account...
Password:

The ISO 3166-1 alpha-2 codes are listed on Web page https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2

The current wireless regulatory domain is set as:

country SA:
(2402 - 2482 @ 40), (N/A, 20)
(5170 - 5250 @ 20), (3, 23)
(5250 - 5330 @ 20), (3, 23), DFS
(5735 - 5835 @ 20), (3, 30)

Enter the ISO 3166-1 alpha-2 code (upper case) for the country you are in now, and press ENTER: GB

The current wireless regulatory domain is now set as:

country GB:
(2402 - 2482 @ 40), (N/A, 20)
(5170 - 5250 @ 40), (N/A, 20)
(5250 - 5330 @ 40), (N/A, 20), DFS
(5490 - 5710 @ 40), (N/A, 27), DFS

All done. You can close this window.

The task of viewing and changing the regulatory domain after start-up is now very easy for me. The only thing that would be easier than this would be if Linux could detect automatically which country I’m in and set the regulatory domain automatically.

Synchronise your Gentoo Linux clock with an Internet time server

There are a number of ways to synchronise Gentoo Linux with a time server on the Internet. Here I look at a few alternatives.

ntp-client

ntp-client and the NTP daemon ntpd are installed when you install the package net-misc/ntp. Although I have read on some Web sites that /etc/init.d/ntp-client should be added to the default runlevel in order to read the time from an NTP server (once-only, during start-up), this in fact does not work because usually the network connection is not up by the time the ntp-client initscript runs. Bear in mind that ntp-client does not run continuously; it syncs once with an external time server if there is a network connection, and that’s it.

NetworkManager Dispatcher

If you are using NetworkManager, an elegant solution is to use NetworkManagerDispatcher to restart ntp-client in order to resync your system clock every time a network connection comes up. This is my favoured solution for laptops; see further on for how to configure your machine to do this.

cronjob

Another way would be to create a cronjob to run periodically the ‘/etc/init.d/ntp-client restart‘ command or the ‘ntpd -q‘ command (the -q option means “set the time and quit”).

Wait a while after start up

A ‘quick-and-dirty’ method, which I have used sometimes to synchronise a laptop’s system clock every time it boots, would be to delay running ntp-client until the network is up by putting e.g. the command below in a file 10_ntp-client.start in the directory /etc/local.d/ (10 seconds is usually enough time for a wired or wireless connection to my home network to be established):

#!/bin/bash
sleep 10s && /etc/init.d/ntp-client restart

Don’t forget to make it executable:

# chmod 744 /etc/local.d/10_ntp-client.start

NTP daemon

Regarding the NTP daemon, it is possible to configure this from the command line, rather than via a Desktop Environment GUI, to run at start-up and continue running to adjust your system clock. The command:

# rc-update add ntpd default

will add the daemon’s initscript to the default runlevel so that it is launched automatically at the next startup, and the command:

# /etc/init.d/ntpd start

will start the daemon running right now.

Note that, by default, the NTP daemon won’t correct, all in one go, a time difference between your system clock and the remote NTP server if that difference is above a certain size. However, if you want to override the default behaviour, i.e. allow the NTP daemon to make a large first adjustment to the system clock, you can set the environment variable NTPD_OPTS in the file /etc/conf.d/ntpd as follows:

NTPD_OPTS="-g"
# The -g option enables ntpd to make large adjustments.

This would mean that you would not need to run ntp-client before ntpd. However, if you run ntp-client automatically — either once after start-up or periodically — then that would be good enough for the typical Desktop user, and could be an alternative to having a continuously-running NTP daemon. Nothing stops you doing both if you want, of course.

Updating the hardware clock

If you make clock_systohc="YES" in the file /etc/conf.d/hwclock then the time in the system clock will be written to the BIOS (CMOS) clock (a.k.a. hardware clock) when you shut down your PC.

How to configure NetworkManager Dispatcher to synchronise the system clock only when a network connection is made

If you’re using a machine that is permanently connected to a network, running the NTP daemon makes sense. But what if you have a machine that is not always connected to a network when it is powered up? I have a laptop and I don’t want the NTP daemon running all the time. But I would like my laptop to synchronise with an external time server once after start up when I connect to the Internet. NetworkManager has a handy tool called NetworkManager Dispatcher for doing just this.

If you have installed NetworkManager, you’ll find there is an initscript /usr/portage/net-misc/networkmanager/files/NetworkManagerDispatcher. Copy it to the directory /etc/init.d/ and give it the necessary restrictive permissions:

# cp /usr/portage/net-misc/networkmanager/files/NetworkManagerDispatcher /etc/init.d/
# chmod 744 NetworkManagerDispatcher

Then create a shell script called e.g. 99_ntp-client in the directory /etc/NetworkManager/dispatcher.d/ to be run by NetworkManagerDispatcher when a network connection is established, containing the following code:

#!/bin/bash

INTERFACE=$1 # The interface which is brought up or down
STATUS=$2 # The new state of the interface

case "$STATUS" in
    'up') # $INTERFACE is up
        echo "System time before starting ntp-client:" > /home/fitzcarraldo/ntp-client.txt
        date >> /home/fitzcarraldo/ntp-client.txt
        echo "Starting ntp-client:" >> /home/fitzcarraldo/ntp-client.txt
        rc-config restart ntp-client &>> /home/fitzcarraldo/ntp-client.txt
        echo "System time after starting ntp-client:" >> /home/fitzcarraldo/ntp-client.txt
        date >> /home/fitzcarraldo/ntp-client.txt
        ;;
    'down') # $INTERFACE is down
        # Check for active interface and down if no one active
        if [ ! `nm-tool|grep State|cut -f2 -d' '` = "connected" ]; then
                echo "Stopping ntp-client at:" > /home/fitzcarraldo/ntp-client.txt
                date >> /home/fitzcarraldo/ntp-client.txt
                rc-config stop ntp-client &>> /home/fitzcarraldo/ntp-client.txt
        fi
        ;;
esac

Make the root user the owner of the script, and only allow the root user to write to it and execute it:

# cd /etc/NetworkManager/dispatcher.d/
# chown root:root 99_ntp-client
# chmod 744 99_ntp-client

Then add NetworkManagerDispatcher to the default runlevel so that it will be launched every time you boot your machine:

# rc-update add NetworkManagerDispatcher default

As the package net-misc/ntp installs both /etc/init.d/ntpd and /etc/init.d/net-client, users could optionally add the NTP daemon ntpd to the default runlevel too if desired, which would provide continuous, incremental adjustments to the system clock once net-client has done its one-shot adjustment each time a network comes up:

# rc-update add ntpd default

But users who don’t leave their PCs on for days on end — or who use laptops — can ignore the above step and just stick with the NetworkManagerDispatcher and net-client solution, whereas users who leave their machines on for days or weeks on end can also use the NTP daemon to keep the system clock in sync in between the times when ntp-client has synchronised.

Don’t forget to delete ntp-client from the start-up level if you are using NetworkManagerDispatcher to run it:

# rc-update del ntp-client

Notice that the script /etc/NetworkManager/dispatcher.d/99_ntp-client logs some information in a text file ntp-client.txt in my home directory which I can check. Here is an example of what ntp-client.txt contains after I select a network (or it is selected automatically) following start up of my laptop:

System time before starting ntp-client:
Sun Jun 3 19:24:08 BST 2012
Starting ntp-client:
Restarting init script
* Setting clock via the NTP client 'ntpd' ...ntpd: time slew +0.067178s
[ ok ]
System time after starting ntp-client:
Sun Jun 3 19:24:17 BST 2012

As you can see above, the ntpd command was executed once by NetworkManagerDispatcher and made a small adjustment to the system time on my laptop.

Replacing ntpdate with ntpd in ntp-client

Just for the fun of it, I changed /etc/conf.d/ntp-client to use the command ntpd instead of ntpdate, even though the ntpdate command works fine. Anyway, here’s my /etc/conf.d/ntp-client file these days:

NTPCLIENT_CMD="ntpd"
NTPCLIENT_OPTS="-g -q"

I have added the -g option so that the ntpd command can make large adjustments to the system time if it is way off the actual time. This is useful at the beginning and end of Daylight Saving Time, or if you dual boot with Windows. Here is an example of the former when I powered up my laptop the morning after the clocks changed from BST to GMT at the end of Summer 2010:

$ cat /home/fitzcarraldo/ntp-client.txt
System time before starting ntp-client:
Sun Oct 31 09:37:23 GMT 2010
Starting ntp-client:
Starting init script
* Setting clock via the NTP client 'ntpd'...ntpd: time set -3600.122381s
[ ok ]
System time after starting ntp-client:
Sun Oct 31 08:37:30 GMT 2010

You can specify the NTP server or NTP server pool in the file /etc/ntp.conf, but the default server pool already specified in that file should work. Note again that, when ntpd is run with the -q option, it synchronises the system clock once and terminates, i.e. it is not running as a daemon.

How to install and use Tor for anonymous browsing or to access country-restricted content from another country

Some people want to browse the Web in complete anonymity. One tool for doing that is Tor. However, there are other reasons for using Tor. For example, when I am travelling in a country where the government blocks certain Web sites (or blocks accessing content on certain Web sites), or when I am travelling overseas and certain Web sites back home will not let me view content (e.g. TV shows), I use Tor. Note that some Web sites are now clever enough to detect that you are accessing them via a proxy and could be overseas, so even Tor will not gain you access to media on some Web sites back home. Anyway, it’s still worth trying Tor to see if it works in your case.

For an overview of the installation and configuration procedure, see Running the Tor client on Linux/BSD/Unix. Below I will explain how to install and use Tor in Gentoo Linux.

Before you use Tor, it is useful to check your current IP address. Several Web sites will tell you your current IP address; here is the site I usually use: http://whatismyipaddress.com/

1. Install Tor:

# USE="tordns" emerge -1v tor

(Actually, the more-recent versions of the tor package don’t require that USE flag but I’ve left it in as it does no harm.)

2. Install Vidalia:

# cd /usr/portage/distfiles/
# wget --no-check-certificate https://www.torproject.org/dist/vidalia/vidalia-x.y.z.tar.gz
# USE="tor" emerge -1v vidalia

Use the current version x.y.z of the vidalia package in the package manager and https://www.torproject.org/dist/vidalia/

3. Install Polipo:

# emerge -1v polipo

4. Download polipo.conf

# cd /etc/polipo
# wget --no-check-certificate https://gitweb.torproject.org/torbrowser.git/blob_plain/HEAD:/build-scripts/config/polipo.conf

Edit April 21, 2013: The above URL is now:

https://gitweb.torproject.org/torbrowser.git/blob_plain/ae4aa49ad9100a50eec049d0a419fac63a84d874:/build-scripts/config/polipo.conf

5. Edit it and change proxyPort = 8118 to proxyPort = 8123

6. Copy it to /etc/polipo/:

# cd /etc/polipo
# cp /etc/polipo/config /etc/polipo/config.bak
# cp polipo.conf config

7. Configure Firefox:

Edit > Preferences > Network > Settings

Manual proxy configuration:

HTTP Proxy: 127.0.0.1 Port: 8123
SSL Proxy: 127.0.0.1 Port 8123

SOCKS Host: 127.0.0.1 Port 9051
SOCKS v5
No Proxy for: 127.0.0.1

8. Run Vidalia and then configure it:

$ vidalia &

a) Settings > Sharing

Select ‘Run as a client only’

b) Settings > Advanced

Select ‘Use TCP connection (ControlPort)’
Address: 127.0.0.1 9051

Tor Configuration File:
/home/fitzcarraldo/.vidalia/torrc

Data Directory:
/home/fitzcarraldo/.tor

c) Click on ‘Edit current torrc’ and make it:

# This file was generated by Tor; if you edit it, comments will not be preserved
# The old torrc file was renamed to torrc.orig.1 or similar, and Tor will ignore it
ControlPort 9051
ExitNodes {gb}
Log notice stdout
SocksListenAddress 127.0.0.1
StrictNodes 1

Note that I have specified “{gb}” above so that I am perceived by Web sites to be browsing in the UK even if I am in another country. But you can use a different country code if you want Web sites to perceive you are in another country. For example, “{us}” would make it look as if you are browsing in the USA.

9. Run Polipo:

$ sudo polipo

10. Surf to http://torcheck.xenobite.eu/ to check that you are now using a Tor exit node.

11. Surf to http://whatismyipaddress.com/ to check that your IP address has changed.

Cannot browse some Web sites: yet another cause

Having spent hours yesterday trying to figure out why I could no longer browse a few specific Web sites from my old Gateway Solo 9300 laptop running Linux, whereas all the other Linux and Windows laptops that use my wireless network can browse any Web site, I thought I’d post the solution as Google did not turn up this particular cause.

There are several possible reasons why one may not be able to browse some Web sites: IPv6; the MTU; a black hole router en route; the settings in the various ip_* and tcp_* files in /proc/sys/net/ipv4/, and so on. So, unfortunately I had many avenues to pursue.

My old Gateway Solo 9300 laptop had enabled me to browse the Web reliably via my home wireless network until recently. Suddenly I could neither browse the Sabayon Linux Web site nor access the Entropy package manager’s repository. I could also no longer browse some other Web sites, although most Web sites were still accessible without trouble.

I tried many different things without success, and then finally remembered that I had reconfigured my router a couple of weeks ago because one of my family had reset it whilst I was away from home. Now, when this model of router (BT Home Hub, Version 1.0) is reset it defaults to WEP encryption for wireless networking. However, I normally have it set to use WPA-PSK encryption. So, when I got home I accessed the router’s Web interface via Ethernet from a Desktop PC and changed wireless networking encryption to “WPA-PSK Version: WPA+WPA2″. In the past I had set it to “WPA-PSK Version: WPA”, and thought that setting “WPA+WPA2″ instead of “WPA” this time would not cause any problems. Well, it didn’t on all the other laptops using my network, but my old Gateway Solo 9300 with Linksys CardBus card (‘Linksys WPC54G (EU) v7.1 wireless notebook adapter card’) was different.

As soon as I wondered if the encryption setting was the cause of my problem, I browsed to the BT Home Hub configuration page and changed wireless networking encryption from “WPA-PSK Version: WPA+WPA2″ to “WPA-PSK Version: WPA”. Bingo, my Gateway Solo 9300 running Sabayon Linux E17 Edition and Firefox 4 could browse all Web sites again. Mind you, I also need to have the ipv6 module disabled (I had previously uncommented the line alias net-pf-10 off in the file /etc/modprobe.d/aliases.conf and used the command update-modules) as well as the modifications mentioned in an earlier post (Why can’t I access a specific Web site?). But all those other measures do not solve the problem if the router is configured for “WPA-PSK Version: WPA+WPA2″.

The router’s wireless security option “WPA-PSK Version: WPA” is intended for a network that would only be used by clients configured to use WPA encryption; the router’s option “WPA-PSK Version: WPA2″ is intended for a network that would only be used by clients configured to use WPA2 encryption; the router’s option “WPA-PSK Version: WPA+WPA2″ is intended for a network that would be used by clients configured to use either WPA or WPA2 encryption. So I wonder why there was a problem, as the laptop and CardBus card are configured for “WPA & WPA2 Personal” in nm-applet, and the card supports WPA (TKIP) and WPA2 (CCMP a.k.a. AES).

A fast and easy-to-use scanner of IP addresses and ports

This week I’m working in offices with a local network that uses static IP addressing. Believe it or not, it seems the IT department does not keep a list of configured IP addresses, and sometimes inadvertently configure devices to have the same IP address.

A couple of days ago I was printing quite happily to a networked printer from my laptop in the morning but, when I got back from lunch, found that I couldn’t print any more. It transpired that someone had allocated the IP address of my laptop to a new plotter in my absence. What to do if the organisation has no central list of configured IP addresses? There are too many devices on the local network to check them manually, and I do not have access to them anyway.

So I installed Angry IP Scanner (a.k.a. ipscan), an easy-to-use scanner of IP addresses and ports, and use it to find an IP address that is currently unused on the network.

I wanted to install ipscan by using Gentoo’s package manager Portage. There is no ebuild for it in the Portage main tree, but a quick search of the Web told me that there is an ebuild in the floppym overlay (http://gpo.zugaina.org/Overlays/floppym/net-analyzer/ipscan). Rather than add the floppym overlay, I decided to install the package using a local overlay:

1. I downloaded the ebuild:

wget http://gpo.zugaina.org/AJAX/Ebuild/2251131/View --output-document=/home/fitzcarraldo/Desktop/ipscan-3.0_beta4.ebuild

The ebuild contents are as follows:

# Copyright 1999-2011 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Header: $

EAPI=3

inherit java-pkg-2

DESCRIPTION="Angry IP - The fast and friendly network scanner"
HOMEPAGE="http://www.angryip.org"

MY_PV=${PV/_/-}
SRC_BASE="mirror://sourceforge/${PN}/${PN}${PV:0:1}-binary/${MY_PV}"
SRC_URI="amd64? ( ${SRC_BASE}/${PN}-linux64-${MY_PV}.jar )
x86? ( ${SRC_BASE}/${PN}-linux-${MY_PV}.jar )"

LICENSE="GPL-2"
SLOT="0"
KEYWORDS="~amd64 ~x86"
IUSE=""

DEPEND=""
RDEPEND=">=virtual/jre-1.6.0"

INSTALL_DIR=/opt/AngryIP

S=${WORKDIR}

src_unpack() {
:
}

src_install() {
local jarname
use amd64 && jarname="${PN}-linux64-${MY_PV}.jar"
use x86 && jarname="${PN}-linux-${MY_PV}.jar"
java-pkg_jarinto "${INSTALL_DIR}"
java-pkg_newjar "${DISTDIR}/${jarname}"
java-pkg_dolauncher
}

2. I synchronised the Portage main tree’s ebuilds on my PC with those in the repositories:

# emerge --sync

3. I made sure that /etc/make.conf has the following lines at the end of the file:

PORTDIR_OVERLAY="${PORTDIR_OVERLAY} /usr/local/portage/"
ACCEPT_LICENSE="*"

4. I created the required directories in the local overlay:

# mkdir -p /usr/local/portage/net-analyzer/ipscan

5. I made sure Portage would not nag me about a missing name for my local overlay:

# mkdir /usr/local/portage/profiles
# echo "local_overlay" > /usr/local/portage/profiles/repo_name

6. I copied the ipscan ebuild into the relevant directory in the local overlay:

# cd /usr/local/portage/net-analyzer/ipscan
# cp /home/fitzcarraldo/Desktop/ipscan-3.0_beta4.ebuild .

7. I generated the manifest for the package:

# ebuild ipscan-3.0_beta4.ebuild manifest

8. I merged the package:

# emerge -1v ipscan

9. I downloaded a 64×64 pixel PNG image of the Angry IP Scanner logo from http://www.angryip.org/icon.png. Then I right-clicked on Kickoff, selected Menu Editor and added an entry for Angry IP Scanner under Applications | System, although I can also launch ipscan from the command line if I want:

$ ipscan

To find an unused IP address on the local network which I can allocate to my laptop whilst I’m working in this office, I launch ipscan and enter the start and end IP addresses of the range I wish to check, and click on Start. The application quickly searches through the IP addresses in that range and lists which are in use and which are not. It’s as simple as that. I then use Network Management to edit the connection and enter the static IP address.

Note that Angry IP Scanner will not detect a live IP address if the device is behind a properly-configured firewall. See the Angry IP Scanner Web site’s FAQ and Documentation pages for further details.

Follow

Get every new post delivered to your Inbox.

Join 43 other followers