October 2021 - main

Accessing a web page via another server
by Mark Rogers 17 Nov '21

17 Nov '21

My Pi is on my local network (headless and somewhat physically inaccessible) at 192.168.1.200 I have a 3G USB stick connected to my Pi, which presents itself as an ethernet device (eth1); the Pi gets an IP address of 192.168.8.100 and the USB stick has a configuration website on 192.168.8.1 How can I access this website from my laptop (192.168.1.100) via SSH? I tried SSH tunnelling but it's not working, at least in part because the web page links to resources at http://192.168.8.1 which aren't accessible. I have tried w3m on the Pi itself, but the web page has loads of javascript so doesn't work. Presumably I can set up a proxy somehow? Other suggestions? -- Mark Rogers // More Solutions Ltd (Peterborough Office) // 0344 251 1450 Registered in England (0456 0902) 21 Drakes Mews, Milton Keynes, MK8 0ER

4 16

OT: Mail forwarding and junk folders
by Mark Rogers 21 Oct '21

21 Oct '21

Several family members have domains (mostly at 123-Reg) and use email forwarding for xxx@<their domain> to their personal addresses (eg at Gmail, Virgin, BT, whatever). Increasingly they're finding that mail sent *from* their domain addresses is ending in recipient junk folders. How they send varies: my dad used Thunderbird on Ubuntu (so maybe not entirely OT!), my wife sends via Gmail, others I'm not sure but probably thinks like Outlook/Outlook Express (or whatever it is these days). They'll be using the SMTP settings of their ISP or personal mail provider (eg my wife will be sending via Gmail using her own domain set up as an alias). Since I have several people with issues - and especially since one of them is my wife! - I want to take a fresh look at all of this and get things right. I'm guessing that this is going to involve SPF, DKIM, DMARC stuff that I don't really understand but have succeeded in setting up before. It feels like something that must be a sufficiently common issue that there would be plenty of help out there but it's one of those issues where I can't see the wood for the trees in any search I try, so I'm hoping someone here might have some pointers? The more that can be done server-side the better as that reduces the need for me to help lots of people configure lots of different clients. If I need to move domains from 123-Reg that's not out of the question - indeed I have plans to do that to somewhere I can control DNS, mail forwarding, etc via APIs anyway. -- Mark Rogers // More Solutions Ltd (Peterborough Office) // 0344 251 1450 Registered in England (0456 0902) 21 Drakes Mews, Milton Keynes, MK8 0ER

4 8

Backups and encrypted disks
by Peter 13 Oct '21

13 Oct '21

I'm thinking of moving to an encrypted home partition when setting up a new computer. Its a completely new machine. I'm a bit puzzled how to proceed. I've looked at tutorials on how to use fscrypt and encryptfs but they are quite complicated and probably beyond my ability to carry out error free. So finally it seems the simplest approved way is to create an encrypted home partition on the new machine, then take a backup of home and use it to restore to that partition. This would have the great merit of being very safe, the only thing one could mess up would be the new partition, or worst case the backup. I can do a partition backup easily enough to an external hard drive using clonezilla. So I boot the new machine, connect the external with honme on it via usb... and then what? Do I just copy all the files? Will that preserve the desktop and the links on it? Or is there some way of restoring the partition itself to the encrypted partition? Should have started out with full device encryption of course, but that was more years ago than I like to think! Peter

2 1

Any iptables experts here, I need something explained
by Chris Green 11 Oct '21

11 Oct '21

I have a script I wrote a while ago to enable my laptop to become a WiFi hotspot which connects via a proxy to give me the ability to be 'in the UK' when I'm overseas. The script uses redsocks and some iptables stuff so that HTTP and HTTPS connections to the laptop get forwarded across to the proxy server. So, ssh provides the tunnel to a server in the UK:- ssh -fTnN -D 1080 chris(a)cheddar.halon.org.uk ... and redsocks connects all socks5 requests on port 12345 through to port 1080 to connect to the remote server (portion of redsocks configuration) :- redsocks { /* `local_ip' defaults to 127.0.0.1 for security reasons, * use 0.0.0.0 if you want to listen on every interface. * `local_*' are used as port to redirect to. */ local_ip = 0.0.0.0; local_port = 12345; // `ip' and `port' are IP and tcp-port of proxy-server // You can also use hostname instead of IP, only one (random) // address of multihomed host will be used. ip = 127.0.0.1; port = 1080; // known types: socks4, socks5, http-connect, http-relay type = socks5; } What I can't understand is the iptables bits at the end of the script (I presumably copied it from somewhere!):- sudo iptables -F sudo iptables -t nat -F sudo iptables -t nat -A PREROUTING -s 10.42.0.0/24 -p tcp -j REDIRECT --to-ports 12345 The first line I understand (I think), it clears out any existing iptables settings. Then the second line appears to do the same thing, does the second line actually do anything rather than a clear out of part of what the first line has already done? The third line is what confuses me, it seems to me as if, firstly it's the wrong way round and secondly there should be more needed to make it all work as intended. The intent of the whole thing is that WiFi clients (e.g. my kindle lookalike, or my phone) can connect to the laptop (which is acting as WiFi server) and have their HTTP/HTTPS requests sent through to the proxy. It reads to me as if requests *from* the 10.42.0.0/24 network get redirected but that's all wrong. The LAN with the laptop on it is 192.168.0.0/16 (or is it 192.168.0.0/8) and that line is only supposed to do things to 'a packet that creates a new connection'. However it did all work OK when I first tried it and probably still does if I get it configured right. What I'm confused about is that 10.42.0.0/24 IP, where does that come from? Is it the local LAN's or something else? -- Chris Green

1 0

Nextcloud Pi?
by Phil Thane 01 Oct '21

01 Oct '21

Hi, Anyone else running Nextcloud server on a R Pi? After faffing about with Rasbian and other distros and installing MySQL and Nextcloud someone eventually recommended Nextcloud Pi which works like a charm. The only issue I have is upgrading. The Nextcloud dashboard has various upgrade options and those for upgrading apps work OK but trying to upgrade Nextcloud Pi itself doesn't work, it faiils with a dpkg error: /E: dpkg was interrupted, you must manually run 'sudo dpkg --configure -a' to correct the problem./ Only snag is as far as I can see there is no terminal screen in Nextcloud's dash options. So I tried to SSH into it from my desktop and neither my normal user login, nor the admin login work via SSH, I just get 'permission refused'. Any suggestions? BTW the server runs 'headless' in my shed so adding keyboard, mouse and screen is very much the last resort! -- Phil Thane www.pthane.co.uk Tweet @pthane 01767 449759 07582 750607

1 0