DD-WRT, OpenVPN, Policy Based Routing, Excluding IPs/Netflix

These are just notes to use policy based routing when I decide to do so.

hopefully sometime in future setup rules to

  • send all traffic through vpn except for a couple of ips
  • send all traffic through vpn except for certain destinations like maybe netflix

related links to lookup


just random notes from looking at different posts:

  • openvpn adds rules new table ‘table 10’
  • ssh to the router and /tmp/openvpncl – has all the files
    • policy_ips has the ips we list in the ui
    • route_up.sh is the script that sets up the route table 10 and the routes for the ips
  • essentially routes will have to setup and/or firewall rules will have to be setup
  • routing
    • From the Linux networking help pages (http://linux-ip.net/html/routing-tables.html) found that there could be other routing tables other than main and the tables will be under /etc/iproute2/rt_tables. this is not present in the ddwrt. I couldn’t find a command that will list the different routing tables or where they are specified in dd-wrt.
    • “ip route” or “ip route show” lists all the routes from the main routing table
    • finally while looking at the help realized “ip route show table all” – will list the routes from all the tables, this is how i was able to see table 10 added by openvpn
    • ip rule list will show the different rules
    • you can also you “netstat -rn” to look at the rules (this will show the tun1 interface) and iptables to look at the firewall rules, “iptables -L” will list all the firewall rules

linux Ctrl^Z paused process where is it?

I am not a full time linux user and I keep forgetting this most of the time. If you press Ctrl-Z in the terminal window – the process is stopped/paused and pushed to the background. how do you bring it back – use fg

$ fg

fg by itself will bring the most recently paused job to the foreground and runs it.
bg runs the job but doesn’t bring it to the foreground.
jobs lists all the running jobs.
search for “linux fg bg jobs” on the web

List open ports – netstat

netstat can be used to list all open ports on a machine Linux

$ netstat -an | grep -i listen
Command options will be different in diff version of linux

Windows

> netstat -a | find /i "listening"
> netstat -b     //will show the process names
> netstat -?

Powershell with netstat, netsh

Powershell also makes it easy to use and process the output from netstat, netsh or any other commands.

C:\> $n = netstat
C:\> $n | select-string "listening"

(See links below for related articles. Powershell allows getting net statistics via cmdlets like Get-NetIPAddress, the .net classes in System.Net.Networkinformation etc.)

Links on the web used for info:

Apache with HTTPs on Ubuntu

Apache with HTTPs

Basic idea
(https://help.ubuntu.com/community/forum/server/apache2/SSL)

  1. setup ssl ceritifcates
    1. you can use apache_ssl_certificate (some newer version of ubuntu are missing this, see below)
    2. $sudo apache2-ssl-certificate -days 365
  2. enable mod_ssl
    1. $sudo a2enmod
  3. Listen to port 443
    1. add ‘Listen 443’ to ports.conf (without the quotes)
  4. setup a apache site under sites-available
    1. make a copy the sites-available/default to sites-available/ssl
    2. modify available-sites/default
      1. NameVirtualHost *:80
      2. <virtualhost *:80>
    3. modify available-sites/ssl
      1. NameVirtualHost *:443
      2. <virtualhost *:443>
      3. SSLEngine On
      4. SLCertificateFile /etc/apache2/ssl/apache.pem
  5. enable the ssl site
    1. sudo a2ensite ssl
  6. setup rewrite rules for any of the pages that you want to be accessed always by ssl; include these rules in default site
    1. for example if you want your bugzilla page to go to https
    2. RewriteEngine on
    3. RewriteCond %{SERVER_PORT} ^80$
      RewriteRule ^/bugzilla(.*)$ https://%{SERVER_NAME}/bugzilla$1 [L,R]

Instructions

apache2-ssl-certifcate not found

  • the apache2-ssl-certificate and other reqd files are not found in Fiesty and some other distributions
  • the bug that discusses this is here https://bugs.launchpad.net/debian/+source/apache2/+bug/77675
  • they discuss what can be done and one of them suggests using steps given in mod ssl docs directly; the link for mod-ssl docs is below

Links from which info was compiled

unix – find files

(most of the unix shell script have been taken from refs on the web andthe oreilly book unix-power-tools)
  1. Finding files that contains a particular word or string:
    1. $find . -name '*.css' -type f -print | xargs fgrep 'myParagraphStyle' /dev/null
    2. /dev/null – adding this makes grep print the match even if it just matches one file
    3. xargs – splits long set of arguments into chunks; this will prevent the command line exceeding any limits the command might have
    4. fgrep is same as ‘grep -F‘; this makes grep treat the search pattern as fixed strings separated by new lines any of which is to be matched
  2. Using what you find with exec
    1. $find . -name '*.css' -exec echo {} \;
    2. When not using xargs, -exec can be used to get find to execute a command on what it finds; the output of find can be given to another find command
    3. {} is a special argument that contains the name of the file – found by the find command
    4. Semicolon is used to indicate to find the end of the command that find has to execute; the semi-colon must be escaped either \; or ';' so all execs end with a semi-colon
    5. Example copying files
      $find /data/bkups/
      -name 'svn_2007-06-01.[0-9][0-9]'
      -exec sudo cp {}
      /media/bkupserver/svnbkups/svn_2007-06-01/ \;
  3. [placeholder]