Linux Blog

Getting Home

Filed under: General Linux — TheLinuxBlog.com at 6:30 am on Friday, January 16, 2009

Getting into your home network from the wild west known as the internet can be a pain, especially if your IP address is always changing on you, or perhaps the one time that you need to get into your home network your IP address changed.

This happened to me not so long ago, my IP address hardly ever changes but my IP address did happen to change when I moved into my new residence. Assuming that my address would stay the same I headed off to work, unfortunately I was unable to phone home.

Many people know about the free sites that let you update your IP address such as DynDNS, no-ip.org etc. But I couldn’t settle for that mediocre domain. By setting up a CNAME in my DNS I was able to forward a subdomain to my dynamic update address which in effect allowed me to remember home.mydomainname.com rather than the wacky no-ip.org address I chose. You can do the same using free utilities, providing that you have a little time and some control over your DNS.

Before you proceed make sure you have a way of setting a CNAME for your domain name. You can try your domain registrant if you use their web servers, maybe your web host gives you the ability to manage zones and if not ask them if they can add it for you, most times they will.

You will need to set up an account with one of the free providers I used No-IP.com but others like DynDNS.org, freedns.afraid.org, ZoneEdit.com and easyDNS.com should work.

Once you have set up an account with them and have your IP address mapped to a domain name, go ahead and add the CNAME record into your DNS.

The next step is to install and configure the program, script, cron or whatever method your free DNS account uses to update. I used my DD-WRT installation and plugged my account information into the DDNS tab, I checked the update and it registered my IP.

Once you have got your IP address into the free DNS provider, you should check to make sure that it works by doing a lookup on that host name. Use nslookup to do this:

nslookup yoursubdomian.your-free-dns-account.com

If it resolves to your home IP address, then your set to move forward with tackling the task of adding the CNAME into the DNS for your domain name. I cannot cover how to do this with every system in this article but basically you create a zone with the domain, 14400 IN CNAME and the full address of your free DNS with a period at the end. This is important or your name will not resolve properly.

Depending on what DNS servers you use it may take a while for the DNS to get updated. In nslookup I set my server to use OpenDNS’s in to test to make sure the name resolved properly. To do this, start nslookup and type:

> server 208.67.222.222

Once you perform a lookup on your new subdomain, you should see something like the following:

> home.yourdomainname.com
 
Server:         208.67.222.222
 
Address:        208.67.222.222#53
 
Non-authoritative answer:
 
home.yourdomainname.com canonical name = yoursubdomain.your-free-dns-account.com
 
Name:   yoursubdomain.your-free-dns-account.com
 
Address: [your IP]

Thats all there is to it. If your IP is updating via your free DNS service and you set up your CNAME then you will be able to find your home, or give your home address to anyone wishing connect without the embarrassment or hassle of explaining your subdomain and free domain account.

htaccess allow from

Filed under: General Linux — TheLinuxBlog.com at 10:32 am on Tuesday, September 9, 2008

htaccess allow from gives you the ability to allow (or deny) specific IP’s or domain names from a directory on your server. To do this the syntax is quite simple. Using VIM or nano open up the .htaccess file in the directory that you want to restrict access to. You need to add the following:

Order Deny,Allow
Deny from all
Allow from 127.0.0.1 <ip></ip>

This allows access from your local host and the IP address you specify. Using .htaccess you can also allow by host name. This is useful if you wish to allow or deny a friend access to a directory. (note: it will also work if you have them in your hosts file)

Order Deny,Allow
Deny from all
Allow from LinuxBlog
Allow from .thelinuxblog.com

Using htaccess to allow from your LAN is also pretty easy. You use your CIDR address (ip/subnet) to do this try something like this (changing to match your LAN):

Order Deny,Allow
Deny from all
Allow from 192.168.1.1/24

I run into htaccess allow problems a lot, and hope that this will clear the air up for me. htaccess can be very handy if you do not want to keep turning your firewall on and off, but do not want your directories wide open. Just remember, if you want to stop everyone except those you choose to access your apache web directories, use htaccess allow from!

Finding a PC on your network

Filed under: General Linux,Linux Software — TheLinuxBlog.com at 4:31 am on Tuesday, September 4, 2007

When I’m at a remote location I sometimes need to gain access to a computer that is not accessible from the internet but is on the same network as another machine that is. I have remote SSH access into the box that is on the same network but I often don’t know the IP address for the computer that I am trying to gain access to since they are assigned via DHCP.
I have a simple solution that will locate the computer I wish to use once logged into the gateway in no time. The program needed is from our friends at insecure.org and is called nmap. It is a pretty standard tool so it should be included with your distribution. However if you do not own the Linux machine then it may not be installed or you may not have the ability to install it or have sufficient privileges to run it.
Basically what nmap does is scan the network.
The command I use to scan a whole subnet for my host is:

nmap -sP 192.168.x.x/24

The type of scan I use is a ping scan, I only determine if the host is online. If I know the DHCP pool starts from 1.1 and ends at 1.100 then I would use:

nmap -sP 192.168.1.1-100

This will yield faster scanning results since it only has to ping 100 hosts not the whole subnet.
Sometimes if the environment is a busy one (one with lots of hosts) a lot of online IP’s will be returned and its hard to identify which one your trying to connect to. I remedy this by just scanning the host range I need that only have port 22 open.

nmap 192.168.3.1-100 -sT -p22

The -sT option doesn’t require the user to be root but if you have root the -sS option is better as it gives detailed information such as the mac address which can come in handy if you happen to know what brand of network card is in the computer you are trying to log into.

This will work to find a computer on a network with Linux but it still requires you to know a little information about the PC your trying to find. If you need a better way of finding your PC’s I would recommend using static IP’s and DNS. Give it a shot if your on location somewhere and need access to your computer.