This is TikiWiki v1.9.7 -Sirius- © 2002–2005 by the Tiki community. Fri 30 of Jul, 2010 [07:31 UTC]
  add
Menu [hide]
  Wiki
  Blogs
  File Galleries
Last blog posts
Last changes

mobile routing

Mobile Routing Tricks
backlinks print
similar comment

Routing for Mobile Users


Security and Compression


It is very easy to fix a number of things for the mobile user with a single file... /etc/dhclient-enter-hooks
This file gets called every time your dhclient (DHCP) gets a new IP address for one of your interfaces (eth0 for ethernet, ath0 for wireless, ppp0 for ppp link over GPRS)
#!/bin/bash

function make_resolv_conf() {
    pkill -xf "ssh -fnNx -CD 8080 otala.com"
    echo '; generated by /etc/dhclient-enter-hook' > /etc/resolv.conf
    echo 'search otala.com sensage.com' >> /etc/resolv.conf
    echo 'nameserver 127.0.0.1' >> /etc/resolv.conf
    service named restart
    service cups restart
    ssh -fnNx -CD 8080 otala.com
}


  • pkill kills the previous SSH tunnel
  • /etc/resolv.conf gets re-written with local name server, so I'm not relying on anyone else's name servers (reliability & snooping)
  • named restart restarts the local named server — named has a tendency to get very confused when your IP numbers change
  • cups restart CUPS (Common Unix Print System) — tends to die, when your interface (eth0/ath0/ppp0) goes down
  • ssh starts an SSH tunnel to my home system, without executing a command, going into background (until killed), with no X tunneling, WITH SOCKS4 tunnel on local port 8080 with compression

Final touch, is to just change all your programs (mozilla, gaim, etc) to use localhost:8080 for a SOCKS4 server — now all your apps go through your private portable tunneling compressing SOCKS4 proxy server!

How to get your PPP connections (via GPRS, Cell phone) to also work


Forgot the simple way to hook-up PPP connections to do same

/etc/ppp/ip-up.local
#!/bin/bash
# This file should not be modified -- make local changes to
# /etc/ppp/ip-up.local instead

PATH=/sbin:/usr/sbin:/bin:/usr/bin
export PATH

. /etc/dhclient-enter-hooks

make_resolv_conf

exit 0




Perforce (source code control) routing


This is a useful trick for those times, when you're working while having lunch, commuting on train, or similar.
You're connected via either a public access WiFi, or GPRS, and you would like to be able to check out files, sync, or submit files...

In your /etc/rc.local
iptables -t nat -A OUTPUT -p tcp -d 127.0.0.1 --dport 2666 -j DNAT --to-destination a.b.c.d

(Remember to change the IP number a.b.c.d to your corporate P4 server)

In your ~/.bashrc
export P4PORT=localhost:2666

to make P4PORT always point to localhost

Now your P4 client would work again... it always talks to localhost:2666, and the iptables statement routes the traffic to the true destination...
Nothing lost, nothing gained — until

A tunnel script /usr/local/sbin/p4tunnel is run:
iptables -F -t nat
ssh -L 2666:perforce.COMPANY.com:2666 USERNAME@COMPANY.com "date;echo 'Tunnel established -- press RETURN to disconnect' ; read"
iptables -t nat -A OUTPUT -p tcp -d 127.0.0.1 --dport 2666 -j DNAT --to-destination a.b.c.d
date
echo "Tunnel disconnected"


When ever this script is executed, it will wipe out the DNAT routing, create a local P4 tunnel to the inside of your corporate firewall, and thus enable P4 to work remotely, yet securely.
The script stays up, waiting for a RETURN — once received, it will terminate the tunnel, and re-establish the DNAT routing.

Created by: admin last modification: Thursday 18 of May, 2006 [23:28:14 UTC] by TaneliOtala