Operating Systems
Operating Systems
No technical expert advice can be found here ;)
Weblog by Erik Scholtz
Break through a firewall – SOCKS (dante) tunnel and OS X
New customers, new problems: I am used to get internet-access over the Intranet of my customers and can build up a VPN connection or SSH/SSL connections, so I can reach my IMAP-Mailbox in a secure way. This time I got completely blocked – only port 80 was allowed – and for me being without emails is like living without breathing. So my first plan here was to break through this firewall and get my connections through it.
I did something similar a couple of years before on our university-network, when the admins there decided to block the traffic of the dorm and limit it to port 21/80. So my first idea was a SOCKS-tunnel.
Providing the SOCKS-Tunnel
After asking google for SOCKS I found a recommended implementation of SOCKS5: Dante
There is a very nice overview of SOCKS-implementations on wikipedia: http://en.wikipedia.org/wiki/SOCKS
Installation
Installation was quite easy: On SuSE it is a rpm you simply install, on FreeBSD you find it in the ports (cd /usr/ports/net/dante/; make; make install ). More interesting got the configuration of Dante, and that is what I want to explain today (since I did not find a howto and had to read the documentation):
Configuration
The config-file can be found in /etc/sockd.conf (/usr/local/etc/sockd.conf on FreeBSD). This you have to edit in the following way:
#define the logfile for dante
logoutput: /var/log/dante.log#define the IP/Port Dante should listen for connections
internal: <IP address of your dante server> port = 80#define the IP/interface Dante should use for outgoing connections
# Check the name of your interface using ifconfig
external: eth0
#Alternative: >external: <IP address that should be used>#authentication: deactivated, since I will use a static IP-adress – that is auth enough now!
method: username none#unprivileged user for Dante
user.notprivileged: nobody
Ok – that was the basic stuff – now the interesting part:
#Who can access this SOCKS Tunnel?
client pass {
from: <your ip here>/32 port 1-65535 to: 0.0.0.0/0
}#Loopback may also access the tunnel
client pass {
from: 127.0.0.0/8 port 1-65535 to: 0.0.0.0/0
}#Block all others
client block {
from: 0.0.0.0/0 to: 0.0.0.0/0
log: connect error
}# Once connected, who may be connected then?
# block connections from anywhere to loopback
block {
from: 0.0.0.0/0 to: 127.0.0.0/8
log: connect error
}# Allow connections from anywhere to client
pass {
from: <your ip here>/32 to: 0.0.0.0/0
protocol: tcp udp
}pass {
from: 127.0.0.0/8 to: 0.0.0.0/0
protocol: tcp udp
}#Block the rest
block {
from: 0.0.0.0/0 to: 0.0.0.0/0
log: connect error
}
Please note: this example will limit the access to one IP (/32), you can also allow more IPs. If you are not firm to subnetting, use the Subnet Cheat Sheet
Starting up Dante
After this simple configuration, your Dante-server should start without any problems, by typing:
/etc/rc.d/sockd start
(On FreeBSD first add sockd_enable=”YES” to your /etc/rc.conf, then type: /usr/local/etc/rc.d/sockd start ). Now you can watch your logfile under /var/log/dante.log to see what is going on.
Now let’s come to the complicated part: Make OSX work with the SOCKS5 tunnel we created.
Making OSX using the SOCKS5 tunnel
The first (and unsuccessfull) idea was, to configure it in in the network setup in the System Preferences. (Go to the Network preference pane, then click on further options and go to the “Proxies” tab. Enable SOCKS Proxy and fill in the IP of your server and the correct port, save the changes and activate the setting). Unfortunatly, this setting only works only for Cocoa and WebKit-based applications (and since not all of these applications use the System Preferences, you are covered only by 95% there too).
Screenshot Systempreferences network german
Thunderbird and Firefox for example doe not use the System preferences. You can both configure them to make them use the SOCKS tunnel, but to be honest: I do not want to reconfigure my applications on every new place. So I looked for a general SOCKS-Proxy.
After some search I found Proxifier – a commercial product, that is easy to setup easy to use and does everything you need with just a few clicks. There is also a version for Windows, that I did not check out, but I’m sure it will work as good as the OS X-version does.
The SetUp is easy and does not need the really good documentation that is provided on the Proxifier-homepage. If you feel better by watching the dosumentation, here you will find it: http://www.proxifier.com/mac/documentation/ProxifierHelp.html
After starting and configuring Proxifier, I got back online to the world, bypassing the firewall of my customer over port 80.
ATTENTION: Dante and SOCKS may not be confused with VPN, even if it is the same feeling! The data is send clear-text and my be visualized with any Packet-Sniffer!
How to mirror (“steal”) a complete website with OS X
Anyone of you already know this situation: You found a really great and helpfull site on the internet, put a bookmark on it, and when you need the site and check back to it, it is discontinued and closed.
For me, this is a reason to mirror helpful and (to me) important websites locally to my computer. I usually used a tool called “WebDevil”, that had a view problems, but worked fine. Unfortunatly, this project now seems to be discontinued, since I was not able to get an actual copy of the program. So I began a search for a new application and found:
WebGrabber
WebGrabber is published under the GPL (“OpenSource Freeware”) by Eric Peyton of epicware Inc. and has everything you need to mirror a single website, or the complete internet to your local machine and many more features:
Any thinkable option can be set: ignoreing the robots.txt, rewriting the local saved version, rewriting the links (to get independent from the website), limit the mirroring to one website or even to the same directory on the website, syncing of the actual version of the website and your saved copy, resuming stopped downloads and many more. You can set the download-depth, the sleep time between the documents, max. transfer rates and even the buffer sizes.
Additionally, you can define a set of filters what to download and what not. WebGrapper is definitely the best and compfortable mirroring-tool for the Mac I’ve seen up to now.
Download Link: http://www.epicware.com/webgrabber.html
Since the website was several times not available for me and links in the readme are not longer valid, I’ll mirror this cool project here, since it seems to be discontinued too: webgrabber07tarThe sourcecode of this project (XCode) is included.
Converting Windows characters to Mac and vice versa – Filter for BBEdit
When working with scripts written in perl or php, the encoding of special german characters like “ü” (ue), “ö” (oe) and “ä” (ae) can’t be set correctly, since the file-encoding needs to be set to “Mac OS Roman” with “Unix Linefeeds (LF)”. So these special characters, called “Umlaute” gets mapped to untypable characters in the ASCII-table.
Due to the simple and effective integration of perl into BBEdit, there is an easy solution for this problem: A trivial perl script with some Regular Expressions, that replace all characters within a selection by the correct character.
The script for converting Windows to Mac looks like this:
1 2 3 4 5 6 7 8 9 10 11 12 13 | #!/usr/bin/perl -w while(<>) { my $line = $_; $line =~ s/ƒ/Ä/g; $line =~ s/÷/Ö/g; $line =~ s/‹/Ü/g; $line =~ s/fl/ß/g; $line =~ s/‰/ä/g; $line =~ s/ˆ/ö/g; $line =~ s/¸/ü/g; print $line; } |
And verci versus: the script for Mac to Windows looks like this:
1 2 3 4 5 6 7 8 9 10 11 12 13 | #!/usr/bin/perl -w while(<>) { my $line = $_; $line =~ s/Ä/ƒ/g; $line =~ s/Ö/÷/g; $line =~ s/Ü/‹/g; $line =~ s/ß/fl/g; $line =~ s/ä/‰/g; $line =~ s/ö/ˆ/g; $line =~ s/ü/¸/g; print $line; } |
You can also download the two scripts here: Download the scripts for free
Installation:
Copy the two files into your BBEdit “Application Support”-folder, located in your userfolder at:
~/Library/Application Support/BBEdit/Unix Support/Unix Filters/
Unix Filters directory after installation
So your “Unix Filters”-directory will now look something like this, as showed in the picture right standing.
If you create the scripts yourself, please keep in mind that the linefeed format of the file must be set to “Unix (LF)” for the scripts to work properly.
Here you find your new Filter
After you installed the script, you have to restart BBEdit. To use the filter, simply select the text you want to change. Then select the Filter you want to apply from the “#!” menu to do the conversion.
Additionally characters can be added to this example. Please keep in mind, that you may not break the Regular Expression. A good reference for Regular Expressions can be found at http://de.selfhtml.org.
This is an easy way to deal with a correct ISO-Latin 1 (ISO 8859-1) under BBEdit, using the Mac Roman encoding without having any trouble.
Example:
Here you can see an example of the result of the Filter:
A text in Mac-Roman, selected for conversion
After selecting “Konv Mac>Win.pl”:
The characters within the selection got converted
Show hidden files in FileZilla
How to show hidden files in FileZilla? Up to the previouse version there was an option for it in:
View menu at the top >> select Show Hidden Files
That was it. In the new versions (I think since 3.1.6) this menu dissappeared. Google did not really help, since only the old menu was described on several help-sites. After searching for a while, I found the menu now in:
Server menu at the top >> select Force showing hidden files
Just as simple, but when searching for a menu starting with “Show” you will not recognize the new menu starting with “Force”.
FreeBSD freezes on: Trying to mount root from ufs:/dev/md0 and is stucked
Yeah – huge projects with different types of hardware always bring up many different type of problems: Today I had an INTEL Server Platform S7000FC4UR (really a fantastic System: 160GB of RAM, 4x INTEL Xeon X7350 with 4 Cores, 2,93Ghz, so the system has 16 Cores!) to boot up with FreeBSD 7.1.
The boot-process hang up at several points, but went further after a delay of 20 to 30 secs, till the following point was reached:
md0: Preloaded image 4194304 bytes at 0xffffffff80c4be40
Trying to mount root from ufs:/dev/md0
The boot process is stuck
After trying different boot-options and kernels, I disabled USB2.0 support in the Bios and – *whoop* FreeBSD was booting without any problems. ACPI also seems to have some influences – but the mainproblem is the USB 2.0 support. Due to the fact, that a keyboard is nearly as fast on USB1.0 as on USB2.0 the solution to this problem was quite ok for the customer 
Get in contact:
