Block Tracking Sites With dnsmasq

Posted by Dave Eddy on Jul 19 2018 - tags: tech

Around five years ago I started looking into different ways to block ads and trackers in the most effective way on my computers. I discovered this hosts list on someonewhocares.org and even wrote a script to automate the process of downloading, verifying, and installing the list on my machines.

https://github.com/bahamas10/someonewhocares

I recently got back into it when I was setting up Encrypted DNS with dnsmasq and dnscrypt-proxy on SmartOS using OpenNIC. I stumbled across the Pi-hole project and really liked it, however I didn't want to run a raspberry pi in my house as part of any critical infrastructure. Instead, I took the essence of that project and found a compiled blocklist to use with my existing dnsmasq setup to block these sites at the DNS level.

notracking

I found notracking/hosts-blocklists which is an automatically updating block list compiled from multiple sources compatible with dnsmasq. I created my own set of scripts to download the latest blocklists from GitHub, verify them, and install them for use with dnsmasq, and finally restart dnsmasq so it picks up the changes.

https://github.com/bahamas10/notracking

I installed this on my nameserver zones with:

Read More...


Nginx Return Remote IP Address

Posted by Dave Eddy on Jul 17 2018 - tags: tech

The nginx server that hosts this website can now return your current IP address if you hit the url /ip.

https://www.daveeddy.com/ip

I have an alias in my bashrc to quickly use this to get my current external IP.

$ type externalip
externalip is aliased to `curl -sS https://www.daveeddy.com/ip'
$ externalip
1.2.3.4

To set this up, I modified my nginx config to add a location section for /ip

I basically ripped off this stackoverflow post but modified it to only match the single URL.

location =/ip {
        default_type text/plain;
        return 200 "$remote_addr\n";
}

location / {
        root /var/www/daveeddy.com;
}

Encrypted DNS with dnsmasq and dnscrypt-proxy on SmartOS

Posted by Dave Eddy on Jul 07 2018 - tags: tech

For the last 3 years I have been using djbdns on SmartOS and it has all been working great. Recently however, I started looking into DNSSEC and DNSCrypt, which ended up leading me to the OpenNIC Project.

I decided to change my home DNS server setup to forward OpenNIC DNS servers over an encrypted channel as opposed to using OpenDNS like I did with djbdns.

To set this up, I have a zone with dnsmasq and dnscrypt-proxy running

  • dnsmasq - listens globally on port 53 for incoming DNS requests, answers local domain DNS requests for my network, and forwards the rest to dnscrypt-proxy
  • dnscrypt-proxy - listens locally on port 5300 for incoming DNS requests from dnsmasq and forwards them securely to an OpenNIC DNS server

Install

To start, install dnsmasq with the following command:

pkgin in dnsmasq

Installing dnscrypt-proxy requires a little bit more work as it is currently not in pkgsrc. To install it, we need to pull in some dependencies.

Read More...


OpenVPN Server Setup With Easy-RSA on SmartOS

Posted by Dave Eddy on Jul 05 2018 - tags: tech

At home I have a zone dedicated to running an OpenVPN server. With this I can connect to my home network securely on both my laptop and phone when I'm away.

I followed this guide for getting the zone ready to route properly for OpenVPN, and then used Easy-RSA to generate the certificates needed.

Zone Setup

To get started, make sure the zone is created with allow_ip_spoofing enabled on the NIC of the zone. I used a payload similar to this to create the vpn zone.

{
  "brand": "joyent",
  "image_uuid": "221635c4-3b85-11e8-b6ba-23f68c9bf2c4",
  "autoboot": true,
  "alias": "vpn",
  "hostname": "vpn.rapture.com",
  "dns_domain": "rapture.com",
  "resolvers": [
    "10.0.1.2",
    "10.0.1.3"
  ],
  "ram": 512,
  "nics": [
    {
      "nic_tag": "admin",
      "ip": "10.0.1.41",
      "allow_ip_spoofing": true,
      "netmask": "255.255.255.0",
      "gateway": "10.0.1.1",
      "primary": true
    }
  ]
}

Read More...



Persistent ssh-agent on Bash on Ubuntu on Windows

Posted by Dave Eddy on Oct 18 2017 - tags: tech

After installing Bash on Ubuntu on Windows I realized some interesting side effects related to how processes and daemons in the Unix environment are handled. Running a process in the background, or daemonizing a process, will work so long as there is a Bash session open on Windows. Once the last window is closed, all of the processes are cleaned up and killed.

I use ssh keys for authentication when connecting to remote servers which requires the use of ssh-agent. I can run this program manually and it will work so long as there is at least one bash session running on my computer, but once I close the last window the ssh-agent is killed and my keys are unloaded. I've found a couple guides online regarding ssh-agent and WSL specifically, but most of them assume the keys you are using are not password protected.

To remedy this situation, I managed to find a way to create a hidden terminal session that runs ssh-agent in foreground mode when I login to my computer which persists through sleeps and hibernations. This way, ssh-agent will run and stay running from the moment I login until the moment I logout (which is almost never, unless I reboot).

Read More...


Install Bash on Ubuntu on Windows

Posted by Dave Eddy on Oct 17 2017 - tags: tech

Last week I made a big change in my life. In 2008, I switched off of using Windows (and even Linux) as my main Operating System for my laptop and haven't looked back... until this year. Last week I finally made the jump and bought a Microsoft Surface Pro.

surface

I wanted something like an iPad, but that didn't feel like a crippled version of a computer. Instead, I wanted something that was a powerful computer that could double as a tablet (touchscreen and removable keyboard mostly).

Note: Some, if not all, of this guide may be deprecated with the release of the Windows 10 Fall Creators Update in 2017.

Read More...


Raspberry PI WiFi Hang Fix

Posted by Dave Eddy on May 17 2017 - tags: tech

If you have a Raspberry Pi on WiFi then you are probably aware of the struggles with it randomly disconnecting. If anything goes wrong with the WiFi (access point restarts, IP address changes, you look at the pi the wrong way, etc.) the WiFi will drop and never fix itself. I've written a script called net-dev-kick to kick the network device if a ping check fails.

https://github.com/bahamas10/net-dev-kick

There are a lot of small scripts floating around forums that do what net-dev-kick does (albeit, poorly and with a lot of assumptions) so I decided to clean it all up and make a simple yet robust program to deal with this situation.

This script attempts to ping a server that should always be up (use your router or something similar) and if it fails, it restarts the interface given as $1.

net-dev-kick is intended to be used on the raspberry pi to fix wlan0, but can theoretically be used on any machine to fix any interface. It's best used as a cronjob that runs every 5 or so minutes.

Read More...


Now Open for iOS

Posted by Dave Eddy on Sep 08 2016 - tags: tech

Use Now Open to find places around you that are currently open

I created What's Open 3 years ago, but got a cease and desist for the name and pulled it from the market. Now, I have an LLC in place and a Trademark filed for Now Open, so it's back up under a new name!

Open this app to see a map that automatically zooms to your current location and shows every place around you that is open - Complete with "food" and "pizza" buttons!

  • Find all places around you that are currently open
  • See how long you have until a business closes (ie. 30 minutes left!)
  • Search for keywords like "pasta", "Chinese", "bars", etc.
  • Easily open your favorite maps app for navigation
  • Quickly call any place you find
  • Share places found on Facebook and Twitter
  • Eat at new restaurants, visit new locations!
  • Great for finding late night spots


Automatic ZFS Snapshots and Backups

Posted by Dave Eddy on Dec 05 2015 - tags: tech

I recently made a new storage server to replace my old one to keep up with my growing space requirements (I think 40T should hold me over for a while!). I store all of my movies, music, tv shows, etc. on it, as well as all of my backups. All of my laptops and desktop computers also backup to this server using rsync.

While it's all stored on SmartOS using the ZFS filesystem in a raid setup that can handle 2 or more drive failures without data loss, it still worries me because it is all stored in one physical location: my closet. If there is a fire or some other disaster like that, all of my data could potential be lost.

To remedy this, I've repurposed the server I replaced (my old storage server) to be an off-site backup server that is used solely for ZFS receive. This server now runs FreeBSD, which you can read about in my blog post here

Automatic Snapshots

Before diving into my off-site backup solution, the first thing to talk about is how I handle automatic ZFS snapshots, and also removing snapshots as they get too old.

zfs-snapshot-all

https://github.com/bahamas10/zfs-snapshot-all

Recursively snapshot all zpools

I use this program to snapshot all zpools on my new storage server automatically in cron. My crontab looks something like this:

Read More...


Newer Posts 1 of 5 Older Posts »