I’m a huge fan of IPCop. It’s a great firewall distro that makes administration a snap using a slick web interface. My goal was to use IPCop and an easy-to-use VPN client to allow access to my LAN while away from home.
I ended up going with the ZERINA OpenVPN addon for IPCop and the OpenVPN GUI for Windows.
If you’ve ever wanted full, secure, encrypted access to your LAN from any remote location, here is your guide.
Just follow these ten easy steps
Sunday, November 29, 2009
Saturday, November 28, 2009
How to install IPCOP
Firewalls are everywhere. They are standard issue, par-for-the-course, ticket-to-ride technology that every network, system, and device that is connected to the Internet now requires. Firewalls also take on a lot of different forms, from software solutions to small devices you can pick up at an electronics store to high-end boxes from vendors such as Cisco.
Friday, November 13, 2009
How to mount network drive manually and auto in ubuntu
Manual mount
On your terminal type choose on the ffollowing command depending your need
For a samba server with password protection:
Code:
sudo mount -t cifs //netbiosname/sharename /media/sharename -o sername=winusername,password=winpassword,iocharset=utf8,file_mode=0777,dir_mode=0777
If your samba share does not require a password just use the following line instead:
Code:
sudo mount t -t cifs //netbiosname/sharename /media/sharename -o guest,rw,iocharset=utf8,file_mode=0777,dir_mode=0777
If your guest access does not allow write access, just remove the file and dir modes like so:
On your terminal type choose on the ffollowing command depending your need
For a samba server with password protection:
Code:
sudo mount -t cifs //netbiosname/sharename /media/sharename -o sername=winusername,password=winpassword,iocharset=utf8,file_mode=0777,dir_mode=0777
If your samba share does not require a password just use the following line instead:
Code:
sudo mount t -t cifs //netbiosname/sharename /media/sharename -o guest,rw,iocharset=utf8,file_mode=0777,dir_mode=0777
If your guest access does not allow write access, just remove the file and dir modes like so:
How to install hp P1006 in ubuntu
On your terminal type in the command below to download the driver
$ wget -O foo2zjs.tar.gz http://foo2zjs.rkkda.com/foo2zjs.tar.gz Now unpack it:
Unpack:
$ tar zxf foo2zjs.tar.gz
$ cd foo2zjs
Compile:
$ make
Get extra files from the web, such as .ICM profiles for color correction,
and firmware. Select the model number for your printer:
$ ./getweb P1005 # Get HP LaserJet P1005 firmware file
$ ./getweb P1006 # Get HP LaserJet P1006 firmware file
$ ./getweb P1007 # Get HP LaserJet P1007 firmware file
$ ./getweb P1008 # Get HP LaserJet P1008 firmware file
$ ./getweb P1505 # Get HP LaserJet P1505 firmware file
Install driver, foomatic XML files, and extra files:
$ su OR $ sudo make install
# make install
(Optional) Configure hotplug (USB; HP LJ P1005/P1006/P1007/P1008/P1505):
# make install-hotplug OR $ sudo make install-hotplug
Installing HP 1020 1022n HP2550
Open Terminal and type in the following
$ wget -O foo2zjs.tar.gz http://foo2zjs.rkkda.com/foo2zjs.tar.gz Now unpack it:
Unpack:
$ tar zxf foo2zjs.tar.gz
$ cd foo2zjs
Compile:
$ make
Get extra files from the web, such as .ICM profiles for color correction,
and firmware. Select the model number for your printer:
$ ./getweb P1005 # Get HP LaserJet P1005 firmware file
$ ./getweb P1006 # Get HP LaserJet P1006 firmware file
$ ./getweb P1007 # Get HP LaserJet P1007 firmware file
$ ./getweb P1008 # Get HP LaserJet P1008 firmware file
$ ./getweb P1505 # Get HP LaserJet P1505 firmware file
Install driver, foomatic XML files, and extra files:
$ su OR $ sudo make install
# make install
(Optional) Configure hotplug (USB; HP LJ P1005/P1006/P1007/P1008/P1505):
# make install-hotplug OR $ sudo make install-hotplug
Installing HP 1020 1022n HP2550
Open Terminal and type in the following
- Plug in and turn on your printer(1020, 1022n, 2550)
- su root then supply the admin password
- Install the follwing packages (apt-get install cups cups-pdf)
- the type in hpsetup and follow the instructions
How to restore and backup with backuppc
After you had setup backuppc lets try to access it by typing the ip address of the server
http://ip address/backuppc
it will ask you the username and password
Click on 'Start Full Backup' button to start your first backup. Note that this first backup will take a while. The next time you back up, it will be an 'incremental' backup and should only take a few minutes.
If you get any error messages, let the administrator know of that message
You should see a screen like the above.
Then click the checkboxes next to the files and folders you want to restore and click on 'restore selected files.'
Once you click on 'restore selected files,' a screen like the below should show up. There are 3 options to what to do with the files / folders you've selected.
Option 2 and 3 will archive the files / folders and let you download the archived package as .zip or .tar respectively. This feature has other potential uses than just backup / restoration; you can access the backed up files / folders from anywhere in the world!
http://ip address/backuppc
it will ask you the username and password
Click on 'Start Full Backup' button to start your first backup. Note that this first backup will take a while. The next time you back up, it will be an 'incremental' backup and should only take a few minutes.
If you get any error messages, let the administrator know of that message
7. Retrieve backed-up data
To restore files / folders, simply click on 'browse backups' link on the left menu.
You should see a screen like the above.
Then click the checkboxes next to the files and folders you want to restore and click on 'restore selected files.'
Once you click on 'restore selected files,' a screen like the below should show up. There are 3 options to what to do with the files / folders you've selected.
- Option 1: Direct Restore
- Option 2: Download Zip archive
- Option 3: Download Tar archive
Option 2 and 3 will archive the files / folders and let you download the archived package as .zip or .tar respectively. This feature has other potential uses than just backup / restoration; you can access the backed up files / folders from anywhere in the world!
How to set up backuppc in mac client
1. Generate SSH keys
We will call the name of the user 'linus.' So every time you see 'linus', replace it with your own username. First, in your home directory, as the linus user, ssh-keygen -t rsa
It will ask for where to store the file and passphrase. Do not enter anything and just keep pressing enter. Now let's make a copy of the public key for the server. cd ~/.ssh
ls
The above is to make sure you have id_rsa & id_rsa.publs
cp id_rsa.pub clientname_id_rsa.pub
clientname is the name of your computer (which appears in your terminal; eg linus@linusbox:~$ - in this case linusbox is your computer name). I am assuming that you have a unique computer name on your network. The private key file (id_rsa) is something that you must guard with your life! (ok i'm exaggerating) Let's make sure that it's non-readable by anyone else but linus; chown linus:linus id_rsa
chmod 600 id_rsa
chmod 600 id_rsa
2. Exchange SSH keys with Server
Email 'clientname_id_rsa.pub' to the administrator so that they can put it in the server's .ssh directory.To allow the server access to your computer, obtain the public SSH key of the server from the administrator.
Once you have the server public key (BackupPC_id_rsa.pub), you must add it to the authorized key list. If you already have a file named 'authorized_keys2' in your /home/linus/.ssh directory, you can skip the third command.
cd /home/linus/.ssh/
touch authorized_keys2
mv /location/of/the/file/BackupPC_id_rsa.pub /home/linus/.ssh/
cat BackupPC_id_rsa.pub >> authorized_keys2
/location/of/the/file/ is obviously where you downloaded and placed the file. Now for additional security, we want to limit the allowed host to the backup server. Note that I use the text editor gedit, but you can use vi, nano, kate, or anything else. touch authorized_keys2
mv /location/of/the/file/BackupPC_id_rsa.pub /home/linus/.ssh/
cat BackupPC_id_rsa.pub >> authorized_keys2
If you use vi for the first time, click here for more information.
gedit /home/linus/.ssh/authorized_keys2
Add the address of the server at the beginning of the file to make the file look like this: (bolded part) from="xxx.xxx.xxx.xxx" ssh-rsa [base64 key, eg: ABwBCEAIIALyoqa8....]
Make sure again the permission is set correctly. chmod -R go-rwx /home/linus/.ssh
3. Create Config File
Now in your home directory as the regular user, create your configuration file named 'clientname.pl' where clientname is the name of your computer. gedit clientname.pl
Copy and paste the following. $Conf{XferMethod} = 'rsync';
$Conf{BackupFilesExclude} = [.Trash', '/Trash', '/automount', '/Network', '/private/var/automount', '/private/var/run', '/private/var/vm', '/private/var/tmp', '/private/tmp', 'Caches', 'CachedMessages', '/stuff/unwanted'];
$Conf{ClientNameAlias} = 'xxx.xxx.xxx.xxx';
This file assumes that you want to back up everything in your harddrive except for the directories specified in the config file. To add more directories to be excluded, simple add the paths to the directories in the second line following the syntax shown above (ie wrap the path with '' and have a comma and a space in between). $Conf{BackupFilesExclude} = [.Trash', '/Trash', '/automount', '/Network', '/private/var/automount', '/private/var/run', '/private/var/vm', '/private/var/tmp', '/private/tmp', 'Caches', 'CachedMessages', '/stuff/unwanted'];
$Conf{ClientNameAlias} = 'xxx.xxx.xxx.xxx';
If you wish to back up only the specified files, then replace the second line with the following and likewise add desired directory paths to that line following the syntax.
$Conf{BackupFilesOnly} = ['/myFiles', '/important', '/home/linus/stuff'];
If you wish to add more options (otherwise the default settings will be used), please refer to the BackupPC documentation website. 4. Submit Files to Administrator
Now let us send the following files and information to the administrator (by email or whatever) if you have not dones so already.- clientname_id_rsa.pub
- clientname.pl
- Your username (in our case it is linus).
5. Turn On SSH Server
In Mac OS X, SSH is installed by default, but the server part of it is not turned on. To turn it on, click on the beloved apple --> System Preference --> Sharing. You should see a screen like the one below.
Click on 'Remote Login' under services and close the window.
How to set up backuppc in windows client
1. Download the software package (zip)
Get it here!Sourceforge.net (get the 'zip' package)
2. Unpackage it
make a folder named 'rsyncd' in C:unzip the content into C:\rysncd
3. Edit Configuration Files
1.) rsyncd.secrets fileLocated at C:\rsyncd\rsyncd.secrets
The file should look like this:
#
# The format of this file is user:password. You can have as many entries
# as you wish. These accounts are sepecifc to the rsync daemon and share
# no relation to Windows local/domain accounts, nor Cywin entries in the
# passwd file.
#
# SECURITY WARNING: Don't use these defaults of UUU for the user name
# and PPP for the password! Change them!!
#
# Also: make sure this file ends in a newline. Otherwise the last
# username/password pair will be ignored.
#
UUU:PPP
Read the instructions. As it says, make sure that the last line is a new blank line.Replace 'UUU' with a username (no, it does not code for phenylalanine). # The format of this file is user:password. You can have as many entries
# as you wish. These accounts are sepecifc to the rsync daemon and share
# no relation to Windows local/domain accounts, nor Cywin entries in the
# passwd file.
#
# SECURITY WARNING: Don't use these defaults of UUU for the user name
# and PPP for the password! Change them!!
#
# Also: make sure this file ends in a newline. Otherwise the last
# username/password pair will be ignored.
#
UUU:PPP
You can just make up this username. Replace 'PPP' with a real password (should at least have numbers and alphabets).
2) C:\cygwin\rsyncd.conf File
Required modification:
Find the following section:
#
# What user(s) have access to this module. The user(s) must be
# defined in the secrets file. A comma or space separated list.
#
# Example:
# auth users = backup, root, larry
# auth users = backup root larry
#
auth users = username, backuppc
Where it says 'auth users = .....', replace any existing name(s) with the username that you placed in 'rsyncd.secrets' file AND add the user 'backuppc' (as shown in the example above). # What user(s) have access to this module. The user(s) must be
# defined in the secrets file. A comma or space separated list.
#
# Example:
# auth users = backup, root, larry
# auth users = backup root larry
#
auth users = username, backuppc
Also find the following section in the file.
#
# What hosts are allowed access to this module? By default, all
# hosts are allowed access. If you wish to further strengthen
# the security of your setup, uncomment and replace with the IP
# address your BackupPC server. This is a flexible setting and
# can be one of:
#
# a dotted decimal IP address: 172.16.0.17
# a address/mask in the form a.b.c.d/n: 172.16.0.0/24
# an address/mask in the form ipaddr/maskaddr: 172.16.0.0/255.255.255.0
# a hostname: backupserver
# a hostname pattern using wildcards: backup
#
# hosts allow =
# What hosts are allowed access to this module? By default, all
# hosts are allowed access. If you wish to further strengthen
# the security of your setup, uncomment and replace with the IP
# address your BackupPC server. This is a flexible setting and
# can be one of:
#
# a dotted decimal IP address: 172.16.0.17
# a address/mask in the form a.b.c.d/n: 172.16.0.0/24
# an address/mask in the form ipaddr/maskaddr: 172.16.0.0/255.255.255.0
# a hostname: backupserver
# a hostname pattern using wildcards: backup
#
# hosts allow =
hosts allow = xxx.xxx.xxx.xxx
IMPORTANT: Make the same modifications for the variables shown at the end of the file. ie for- hosts alow
- auth users
By default, the backup software will back up practically everything in your 'C:\Documents and Settings'folder. If you want to specify the
folders to be backed up, find the following section and modify.
#
# Exact DOS style path to the file or directory to be rsync accessible
#
path = c:/Documents and Settings
#
# A short description of the module. This is what is printed when
# using rsync to 'browse' the server for what modules are available.
#
comment = Documents and Settings
Note that the slash is forward (not backward).# Exact DOS style path to the file or directory to be rsync accessible
#
path = c:/Documents and Settings
#
# A short description of the module. This is what is printed when
# using rsync to 'browse' the server for what modules are available.
#
comment = Documents and Settings
Also note that everything inside the specified folder will be backed up. However, you can exclude certain folders by specifying them on the
config file on the server; you can let the administrator know what folders to be excluded.
Moreover, you can only specify one path here (to specify multiple paths, see below). Here is an example,
path = c:/stuff/important_stuff/really_important_stuff
The 'comment' should only be 1 line. It would be a good idea to write this description for future referenceAutomatic Restoration - if you would like BackupPC to automatically restore files on your computer (ie the backup server has the privilege to
write to your computer), then you must turn on this option (it's off by default). If you are planning on backing up system files so that you can restore the system (not just the data), this may be a good idea.
Otherwise, you will have to download the desired files/folders from BackupPC and manually restore them.
To turn on the option, find the following section and change 'true' to 'false'
#
# Only allow clients to READ from the server. This prevents uploads
# from remote machines. If you wish to allow uploads, change this too
# "true".
#
# WARNING: Setting this to true means that BackupPC restores via
# rsyncd will fail. You most likely want to set this to "false".
#
read only = true
# Only allow clients to READ from the server. This prevents uploads
# from remote machines. If you wish to allow uploads, change this too
# "true".
#
# WARNING: Setting this to true means that BackupPC restores via
# rsyncd will fail. You most likely want to set this to "false".
#
read only = true
4. Change the Permission
Now we want to make the 'resyncd.secrets' file read-only.C:\rsyncd\rsyncd.secrets
To do this, right click the file and choose 'Properties.'
Check where it says 'Read-Only'
5. Set Up rsyncd Service
Next, set up the rsync job as a service to be started at boot-up.Click on Start --> Run
type 'cmd' and press enter. In the terminal,cd \rsyncd
Then,cygrunsrv.exe -I rsyncd -e CYGWIN=nontsec -p c:/rsyncd/rsync.exe -a "--config=c:/rsyncd/rsyncd.conf --daemon --no-detach"
the second command is a long one liner. You must issue these commands without any misspelling.To test to see if the above command was properly issued,
Go to Control Panel --> Administrative Tools --> Services
Find 'rsync' and click on 'start' to see if the service starts properly.
6. Open a Port
Finally, open a port for rsync in the firewall.Control Panel --> Firewall --> Exceptions
- Name: rsyncd
- Port number: 873
- Type: TCP
7. Submit config files to Administrator
Now the final step is to create and submit configuration files to the administrator.cleintname.pl file
Copy and paste the following in Notepad:
# Tell BackupPC we wish to use rsyncd: requires rsync to be running as
# a service/daemon on the client system
#
$Conf{XferMethod} = 'rsyncd';
#
# Tell BackupPC which user name and password to use. This should
# match the userName:password pair in the C:\rsyncd\rsyncd.secrets
# file on the client.
#
$Conf{RsyncdUserName} = 'username';
$Conf{RsyncdPasswd} = 'password';
#
# Tell BackupPC which share to backup. This should be the name
# of the module from C:\rsyncd\rsyncd.conf on the client (the
# name inside the square brackets). In the sample rsynd.conf
# file the cDrive module is the entire C drive.
#
$Conf{RsyncShareName} = 'cDrive';
#
# Link the IP address to the host name
$Conf{ClientNameAlias} = 'XXX.XXX.XXX.XXX';
Now change the bolded items; username and password.# a service/daemon on the client system
#
$Conf{XferMethod} = 'rsyncd';
#
# Tell BackupPC which user name and password to use. This should
# match the userName:password pair in the C:\rsyncd\rsyncd.secrets
# file on the client.
#
$Conf{RsyncdUserName} = 'username';
$Conf{RsyncdPasswd} = 'password';
#
# Tell BackupPC which share to backup. This should be the name
# of the module from C:\rsyncd\rsyncd.conf on the client (the
# name inside the square brackets). In the sample rsynd.conf
# file the cDrive module is the entire C drive.
#
$Conf{RsyncShareName} = 'cDrive';
#
# Link the IP address to the host name
$Conf{ClientNameAlias} = 'XXX.XXX.XXX.XXX';
How to set up backuppc in ubuntu client
1. Generate SSH keys
First, become the root user and generate SSH keys. If you already have SSH keys (id_rsa and id_rsa.pub) in /root/.ssh/, then you can skip the first 2 commands.sudo -i
ssh-keygen -t rsa
It will ask for where to store the file and passphrase. Do not enter anything and just keep pressing enter. Now let's make a copy of the public key for the server.ssh-keygen -t rsa
cd ~/.ssh
ls
The above is to make sure you have id_rsa & id_rsa.publs
cp id_rsa.pub clientname_id_rsa.pub
clientname is the name of your computer (which appears in your terminal; eg linus@linusbox:~$ - in this case linusbox is your computer name). I am assuming that you have a unique computer name on your network. The private key file (id_rsa) is something that you must guard with your life! (ok i'm exaggerating) Let's make sure that it's non-readable by anyone else but the root;chown root:root id_rsa
chmod 600 id_rsa
chmod 600 id_rsa
2. Exchange SSH keys with Server
Email 'clientname_id_rsa.pub' to the administrator so that they can put it in the server's .ssh directory.To allow the server access to your computer, obtain the public SSH key of the server from the administrator.
Once you have the server public key (BackupPC_id_rsa.pub), you must add it to the authorized key list. If you already have a file named 'authorized_keys2' in your /root/.ssh directory, you can skip the third command.
sudo -i
cd /root/.ssh/
touch authorized_keys2
mv /location/of/the/file/BackupPC_id_rsa.pub /root/.ssh/
cat BackupPC_id_rsa.pub >> authorized_keys2
cd /root/.ssh/
touch authorized_keys2
mv /location/of/the/file/BackupPC_id_rsa.pub /root/.ssh/
cat BackupPC_id_rsa.pub >> authorized_keys2
/location/of/the/file/ is obviously where you downloaded and placed the file. Now for additional security, we want to limit the allowed host to the backup server. Note that I use the text editor gedit, but you can use vi, nano, kate, or anything else.
gedit /root/.ssh/authorized_keys2
Add the address of the server at the beginning of the file to make the file look like this: (bolded part)from="xxx.xxx.xxx.xxx" ssh-rsa [base64 key, eg: ABwBCEAIIALyoqa8....]
Make sure again the permission is set correctly.chmod -R go-rwx /root/.ssh
3. Create Config File
Now in your home directory as the regular user, create your configuration file named 'clientname.pl' where clientname is the name of your computer.gedit clientname.pl
Copy and paste the following.$Conf{XferMethod} = 'rsync';
$Conf{BackupFilesExclude} = ['/tmp', '/media', '/mnt', '/floppy', '/stuff/unwanted'];
$Conf{ClientNameAlias} = 'xxx.xxx.xxx.xxx';
This file assumes that you want to back up everything in your harddrive except for the directories specified in the config file. To add more directories to be excluded, simple add the paths to the directories in the second line following the syntax shown above (ie wrap the path with '' and have a comma and a space in between).$Conf{BackupFilesExclude} = ['/tmp', '/media', '/mnt', '/floppy', '/stuff/unwanted'];
$Conf{ClientNameAlias} = 'xxx.xxx.xxx.xxx';
If you wish to back up only the specified files, then replace the second line with the following and likewise add desired directory paths to that line following the syntax.
$Conf{BackupFilesOnly} = ['/myFiles', '/important', '/home/linus/stuff'];
4. Submit Files to Administrator
Now let us send the following files to the administrator (by email or whatever) if you have not dones so already.- clientname_id_rsa.pub
- clientname.pl
Subscribe to:
Comments (Atom)
