Printing from a CUPS server to Windows 7

A colleague of mine has some family issues that require him to be home more often. However, work continues. So he started working at home with a laptop. Nothing special about that. What is special, is that we're running a piece of software ("RR") that has old-style telnet-like terminals, which is sending it's print jobs straight to the printer.

His laptop has a direct VPN connection to the company network, but his printer doesn't.

Network info

The old software ("RR") is running on a pretty new RHEL 5.6 installation. It uses CUPS to queue and deliver print jobs. In my situation, the RR printer has zero printers configured, there's another Linux server that has all printers configured and broadcasts those printers over the network. But you could leave that print server out.

Problem

RR cannot reach the printer directly. But it can reach the laptop, which is running Windows 7 Professional. I searched for an IPP server that I could install on Windows, so that the printserver could use that to relay messages to the local printer, but I couldn't find any.

Solution

Windows 7 still has the option to install an lpd server. It's not installed by default, but it's very simple to install.

Windows setup:

  • In the Windows 7 Control Panel
  • Go to the "Programs and Features"
  • Click "Turn Windows Features on or off"
  • Turn on the LPD protocol.
  • Now go to the "printers" and share all printers you want to share.
  • Don't use long names and names with spaces, like "HP Laserjet 4200 Series", which are hard to setup on the client. Use something short like hplj4200.

Client setup:
Now you can setup the client to print to lpd://[ip-or-hostname-of-client]/[printername], for example lpd://10.10.10.17/hplj4200

If you can't get it to work, please check printer permissions and the firewall of the Windows 7 machine, which must have port 515 open.

© GeekLabInfo Printing from a CUPS server to Windows 7 is a post from GeekLab.info. You are free to copy materials from GeekLab.info, but you are required to link back to http://www.geeklab.info

1 Star2 Stars3 Stars4 Stars5 Stars (2 votes, average: 3.00 out of 5)
Loading...

Find the Dell Service Tag Remotely

Windows with VNC/RDP

If you can login to the computer over VNC or RDP, you can use wmic to find the service tag:
start > run > cmd
On the command line, enter:
wmic bios get serialnumber

Windows without VNC/RDP

If you cannot login to the computer over VNC or RDP, you can still use wmic to find the service tag:
start > run > cmd
On the command line, enter:
wmic /node:computer-name-here bios get serialnumber
You may need to use /user:yourusername and /password:yourpassword to get access to the remote computer. Running wmic /? gives a pretty good manual on what wmic can do.

Other uses of wmic

wmic is a very useful tool for a lot of stuff. For instance wmic csproduct can tell you exactly what model the computer is and wmic nic list shows useful information about your network.

Linux

Under Linux, you can run dmidecode -s system-serial-number to get the serial number. This can be done locally or over ssh.

© GeekLabInfo Find the Dell Service Tag Remotely is a post from GeekLab.info. You are free to copy materials from GeekLab.info, but you are required to link back to http://www.geeklab.info

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading...

USB Video DVD Maker for Linux

Today I borrowed a USB video device, just to see if I can get it working on Linux. And I did! The device's package shows that is supports PAL (720x576@25fps) and NTSC (720x480 @ 30fps), but not much more.

According to lsusb, the device is built by eMPIA Technology, Inc and it has id eb1a:2861. Because I have another webcam attached, the device is connected to /dev/video1 is a character device with major 81 and minor 1. In the /sys filesystem, there's information on the device. I can find the right node using the next command:

cd /sys/dev/char/81:1

This is a symlink to (in my case) /sys/devices/pci0000:00/0000:00:1d.7/usb2/2-5/2-5:1.0/video4linux/video1. In this directory, I find some more useful information. The file name tells me the device is actually a em28xx-based device.

The device has 2 inputs: a serie of RCA connectors with a composite signal and a SVideo connector. This is represented by showing two "sub-devices". The composite signal is /dev/video1, while the SVideo connector is /dev/vbi0.

To display the screen of my Sony* HDR-SR11 camera, I use the command:

mplayer -cache 128 -tv driver=v4l2:device=/dev/video1:input=1:width=720:height=576:outfmt=i420 tv://

* Yes, a Sony. And I'm really sorry. I bought it several years ago. I'm boycotting Sony nowadays.

© GeekLabInfo USB Video DVD Maker for Linux is a post from GeekLab.info. You are free to copy materials from GeekLab.info, but you are required to link back to http://www.geeklab.info

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading...

Use your laptop as a wifi router

Last week, I was snowboarding with my family in Scheffau, Austria. In the appartment, there was one single cat-5 cable, while 5 of us wanted to use the internet. So I figured out how to build a ad-hoc wifi network with my laptop in order to share the network connection.

My configuration

On my laptop, I'm running Fedora 13 with dnsmasq installed. All other software is pretty standard. My wifi driver creates a wlan0, but other laptops may create wmaster0 interfaces etcetera.

Step 1: Enable routing

We set up IP forwarding:
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -I FORWARD -j ACCEPT
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
For a permanent situation, you may want to be a little more picky in what to forward and what not.

Step 2: Set up the wifi

First, we switch from managed mode to ad-hoc mode:
/sbin/iwconfig wlan0 mode Ad-Hoc
Then we choose a name for the new network. I chose my own name:
/sbin/iwconfig wlan0 essid "David"
I use WEP, which is pretty insecure, but is just good enough to keep neighbours from connecting by accident. (I would not use this for a network that stays up for more than an hour.):
iwconfig wlan0 key 1351351350
And we set the wifi channel to "automatically select a channel":
iwconfig wlan0 channel auto

Step 3: Configure the network

Then we must configure an IP. Since 192.168.0.0/16 and 10.0.0.0/8 are mostly used in ADSL environments, I use the third IANA assigned block: 172.16.0.0/12 (172.16.0.0-172.31.255.255):
ifconfig wlan0 172.31.1.254 up

And allow incoming DHCP/DNS requests:
iptables -I INPUT -m udp -p udp --dport 67 -j ACCEPT
iptables -I INPUT -m udp -p udp --dport 53 -j ACCEPT

Then, finally, we start dnsmasq as a DHCP/DNS server:
dnsmasq --no-daemon --domain-needed --bogus-priv --interface=wlan0 --bind-interfaces --dhcp-range=172.31.1.50,172.31.1.100,12h --dhcp-option=option:router,172.31.1.254 --dhcp-authoritative --log-queries --log-dhcp

Step 4: Have fun!

We're done. Other laptops can now connect to your network and you're forwarding their packets.

© GeekLabInfo Use your laptop as a wifi router is a post from GeekLab.info. You are free to copy materials from GeekLab.info, but you are required to link back to http://www.geeklab.info

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading...

iptables and dynamic DNS

Please read other posts in this section as well.
They may provide better options.

I just found back an old note about using iptables in combination with dyndns to open up access from a remote location. For instance, if you have a laptop that you take everywhere and you want to connect to your home or office. The script the other site suggested was broken, so let's write a new one.

Step 1: Create a new chain in the firewall

Create a new chain in the firewall where we can plug in the dynamic rules. On my Fedora machine, the firewall is located in /etc/sysconfig/iptables. I added the bold lines to this example.


*nat
:PREROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
COMMIT
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
<b>:DYNAMIC - [0:0]
-A INPUT -j DYNAMIC</b>
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT

Step 2: Write a script

#!/bin/bash
 
HOSTNAME=myname.dyndns.org
CHECK_INTERVAL=60 #once a minute
 
/sbin/iptables -F DYNAMIC #flush all existing rules
IP="" #initialize $IP
while [ true ]; do
    OIP=$IP
    IP=$(host $HOSTNAME | grep -iE "[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+" |cut -f4 -d' '|head -n 1)
    if [ "$OIP" != "$IP" -a "$IP" != "" ]; then
         echo "Changing ip to $IP"
         /sbin/iptables -F DYNAMIC #flush all old rules
         /sbin/iptables -I DYNAMIC -s $IP -j ACCEPT #the new rule
    fi
    sleep $CHECK_INTERVAL
done

In this case, the firewall accepts all traffic from $IP, but of course you could restrict it to 1 port. Also, I focussed on IPv4, but you could easily rewrite this script to IPv6 using ip6tables. I saved the file to /usr/local/bin/dynfirewall.sh

Step 3: Run the script

I'd prefer running the script from inittab, but since Fedora doesn't work like this anymore, I put the following line in /etc/rc.d/rc.local:

/usr/local/bin/dynfirewall.sh >>/var/log/dynfirewall 2>>/var/log/dynfirewall &

Please don't forget the ampersand at the end to fork the script!!

© GeekLabInfo iptables and dynamic DNS is a post from GeekLab.info. You are free to copy materials from GeekLab.info, but you are required to link back to http://www.geeklab.info

1 Star2 Stars3 Stars4 Stars5 Stars (2 votes, average: 5.00 out of 5)
Loading...

Transparent proxy with iptables and squid

Today, my dear wife asked me to help her with her facebook addiction. She wondered if I could block facebook, gmail, some news sites and more during her work hours. Sure, I can. And since she's running Linux as well, I could even do it on her own computer.

Step 1: Install squid

Squid is a FLOSS proxy server that runs on Linux and several other sytems. It's capable of filtering and behaving transparently. Just what we need.

yum -y install squid

Step 2: Configure squid

acl manager proto cache_object
acl localhost src 127.0.0.1/32 ::1
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1

# Example rule allowing access from your local networks.
# Adapt to list your (internal) IP networks from where browsing
# should be allowed
acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
acl localnet src fc00::/7 # RFC 4193 local private network range
acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines

acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT

# Here I define the times and what file contains the rules
acl playtime1 time SMTWHFA 8:30-9:30
acl playtime22 time SMTWHFA 16:00-17:00
acl addiction url_regex -i "/etc/squid/addiction"

# Only allow cachemgr access from localhost
http_access allow manager localhost
http_access deny manager

# Deny requests to certain unsafe ports
http_access deny !Safe_ports

# Deny CONNECT to other than secure SSL ports
http_access deny CONNECT !SSL_ports

# We strongly recommend the following be uncommented to protect innocent
# web applications running on the proxy server who think the only
# one who can access services on "localhost" is a local user
#http_access deny to_localhost

#
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
#

# The next few lines actually do the work
http_access allow playtime1 addiction
http_access allow playtime2 addiction
http_access deny addiction
# If this ACL is triggered, show the user the WORKONLY error message.
deny_info WORKONLY addiction

# Example rule allowing access from your local networks.
# Adapt localnet in the ACL section to list your (internal) IP networks
# from where browsing should be allowed
http_access allow localnet
http_access allow localhost

# And finally deny all other access to this proxy
http_access deny all

# Squid normally listens to port 3128
# I added the word "transparent", so squid behaves a little different:
# it makes itself transparent. NOTE TO SELF: This is the line you're
looking for. Used to be httpd_accel_uses_host_header in squid 2

http_port 3128 transparent

# We recommend you to use at least the following line.
hierarchy_stoplist cgi-bin ?

# Uncomment and adjust the following to add a disk cache directory.
#cache_dir ufs /var/spool/squid 100 16 256

# Leave coredumps in the first cache dir
coredump_dir /var/spool/squid

# Add any of your own refresh_pattern entries above these.
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320

# Don't show squid to the outside world
forwarded_for delete

# I don't need to log what she's doing
access_log none
# Nor do i need icap logs
icap_log none
# And i don't want to know what is stored in cache
cache_store_log none
# To not break web apps, I don't want caching either
cache deny all

Step 3: Define blocked sites

Type a list of blocked websites in /etc/squid/addiction. You can use complete urls, domains or even just words. Ie. "facebook" blocks http://www.facebook.com, but also http://wikipedia.org/wiki/facebook

Step 4: Leave a message

In the configuration, I put: deny_info WORKONLY addiction. This means that I can leave the user a message in /usr/share/squid/errors/templates/WORKONLY and /usr/share/squid/errors/en/WORKONLY. Since it's my wife's PC, I decided to leave her a sweet message :-D

Step 5: Route network traffic

I could configure her Firefox to use the proxy. But then she'd use Google Chrome or Konqueror to surf the web. And she could turn the proxy off. So I need to catch all http-traffic that did not pass squid. I used iptables:

#Allow user 'root' to surf the web, for yum update etc.
iptables -t nat -A OUTPUT -m tcp -p tcp --dport 80 -m owner --uid-owner root -j RETURN
# Allow user 'squid' to pass on http requests
iptables -t nat -A OUTPUT -m tcp -p tcp --dport 80 -m owner --uid-owner squid -j RETURN
# Redirect all other traffic to the proxy.
iptables -t nat -A OUTPUT -m tcp -p tcp --dport 80 -j REDIRECT --to-ports 3128
© GeekLabInfo Transparent proxy with iptables and squid is a post from GeekLab.info. You are free to copy materials from GeekLab.info, but you are required to link back to http://www.geeklab.info

1 Star2 Stars3 Stars4 Stars5 Stars (4 votes, average: 4.25 out of 5)
Loading...