Router Authentication

WAN Configuration

We will be using the 24.187.228.122/29 subnet for the WAN, with 24.187.228.122 as the local WAN IP address.

Security with ACL’s

LAN and NAT Configuration

We will need to configure NAT to allow internet users to access the internet. Internal users will be set up with the 10.0.0.0/24 subnet.

IPSec VPN

Default Route

Save your work!

Please leave some comments and let me know how this worked out for you.

Jailbreaking your iPad

Before you begin, I strongly recommend restoring your iPad to factory settings. This jailbreak requires your device to be at iOS version 4.3.3 or below. If possible, do not upgrade your device to 4.3.4, as the primary purpose of this update would be to patch the possibility of jailbreaking. Once your iPad has been restored, open up safari and navigate to jailbreakme.com.

Tap on Free

…and Cydia will begin installing on your iPad.

Cydia is like the App Store app on your iPad. Its your hub for all jailbreak apps. Next, tap the Cydia app when it finishes installing and you will be asked if you are a User, Hacker, or Developer. Whichever option you select determines which apps you will be able to install. I tend to go for Hacker, as it provides you with a greater selection of apps than User, and they're generally more stable than Developer apps.

After that, you will be taken to the Home layout of Cydia. Your iPad is officially Jailbroken!

Now it is important to note that it was possible to jailbreak your iPad due to a vulnerability in the way PDF's are viewed. This, if exploited maliciously, can cause some serious damage, and should be patched immediately. While in Cydia, tap on the Search icon on the bottom menu bar and search for PDF Patcher 2. Installing this will fix this vulnerability for you.

App Suggestions

SBSettings

The first jailbreak app I installed on my iPhone and iPad is SBSettings. It gives you a little menu on the top of your iPad to control the various services you have running. You can quickly enable/disable wifi, 3g, Edge, GPS, Bluetooth, SSH, and more (adjust brightness, kill running processes, etc.). I also like it because it allows you to show/hide your applications. This can be useful with the apps like Calendar and Maps that come preloaded and cannot be removed, and also with jailbreak apps that serve a simple purpose, yet [for whatever reason] place an app on you iPad (e.g.: MakeItMine - described later). To get into these other settings, open up SBSettings by swiping the top of the top bar on your iPad, a tapping More.

One other cool feature with SBSettings is your quick access to rebooting, powering off, and locking your iPad. Bring SBSettings up and tap the little icon for Power. You will be presented with this popup:

OpenSSH

This is for you geeks out there. If you don't know what SSH is, skip down to the next app. OpenSSH turns your iPad into an SSH server. It even adds a toggle switch to SBSettings. Pair this app up with iSSH app on the iTunes store, and you have a sweet little UNIX pad.

Open up iSSH and create a new connection for Localhost (your iPad). The user is root and the default password is alpine. Be sure the change the root password once you log in. You can also search for the other typical UNIX packages to install in your environment (e.g.: Vi iMproved).

...and make the connection:

iFile

iFile is pretty self explanatory. It's graphical interface to exploring your iPad's filesystem. When you locate a file and tap to open, you get prompted for the app you want to open it with. I haven't used this app much, as I prefer the command line method described above in the OpenSSH section.

MakeItMine

MakeItMine lets you modify your carrier name from AT&T or Verizon to whatever you like. It's pretty self explanatory. Once you set your name, the app is pretty useless, so hide it with SBSettings. No screenshot for this app. I'm sure you can imagine what it looks like.

Barrel

Barrel is purely a visual effects app. It lets you modify the effects you see when swiping between different pages of apps. I have my mode set to "Page Squeeze". No image for this guy since I wasn't able to take a screenshot while changing pages. Search YouTube for demos.

Graviboard

Another purely visual app. This one is more of something to woo your friends with. I thought it was cool when I first tried, but it really doesn't have a practical use. You set a toggle in your Activator to initialize the app (I set my iPad to toggle Graviboard by holding the Home button), and then watch all your apps loose bearing and drop down in disarray.

Suggestions

Although I just recently jailbroke my iPad 2, I've jailbroken other iPods and iPhones in the past. One of the biggest reasons people jailbreak is the ability to add themes to their iDevice. I love the themes, and messed around with many of them. However, I found nearly all of them to be really buggy and end up crashing my device. I also strongly recommend only downloading apps you see as Featured by Cydia, or other recommended online. The same goes for apps on Apple's App Store. Many developers aren't very good coders, and you can be stuck with an app that will consume all your system's resources and eventually crash.

Legality of Jailbreaking

U.S. declares jailbreaking legal, however Apple may void your warranty. Revert your iDevice back to factory settings if you ever have to turn it over to an Apple representative. Read the Wired article.

o
• Facebook owns ALL your data as specified in their Terms of Service. Even if you delete a picture you uploaded, it still exists in Facebook backup copies, which can potentially be sold to third parties. They claim they won’t sell your private data, but due to Mark Zuckerberg's unethical history, you never know.
o
• Many employers are now looking at Facebook profiles to get the "inside scoop" on potential candidates. Even "hidden" profiles can be discovered in a Google search.
o
• Nothing is deleted. Any wall post, comment, or picture is stored in Facebook forever. When you delete something from your wall, it is simply hidden from view.
o
• The average Facebook user has 130 friends. How many of these friends have you met with in the past year? When Facebook alerts you to a buddy's birthday, did you call them to wish them a happy birthday? Take them out for drinks? ...Or just post your wishes to their wall. As a social networking site, Facebook is killing many of our social lives — this was my primary reason for deleting my account.

One may argue that you can update your privacy settings to fix many of the aforementioned privacy issues, but the data you share is still on Facebook, and at Facebook's discretion.

So how do you delete your account? Facebook seems to make it incredibly difficult to do so; they only give you the option of deactivating your account, which is the same as not using your account for a while (as soon as you log in again, everything is restored — all friends, posts, pictures, apps, etc.). You will also see articles online telling you that an inactive account will be deleted after three weeks. These are false claims. To delete your account, click this link.

Click “Submit” to start the deletion process.

Enter your password and complete the Captcha.

Your account has been scheduled for deletion.

You will receive an email from the Facebook team, notifying you that your account will be deleted in 14 days. Does this mean all your private data is deleted too? I hope so, but who really knows for sure…

The OSI Model

The Open Systems Interconnection model (OSI model) is a way of dividing computer communications between layers. Each layer is a grouping of similar services that provides service to the layer above and requests service from the layer below. The OSI model, brought forth by the Internato, how does the Internet work?

The Internet is a global network of computers. Each computer connected to the Internet must have a unique address, called an IP address in the form of xxx.xxx.xxx.xxx. Just like your address may be 123 Main Ave., snabbr.com, at the time of writing, resides at 74.208.81.115.

If you are connected to the internet through an Internet Service Provider (ISP), you are usually assigned a temporary IP address. If you are connected to a router on an internet network, you may be dynamically assigned a temporary IP address via Dynamic Host Configuration Protocol (DHCP). Static IP addresses can also be assigned. In any case, IP addresses are used to identify hosts on a Layer 3 (refer to the OSI model) network.

IP addresses can sometimes have a domain name assigned to them. For example "snabbr.com" resolves to 74.208.81.115. The domain is a human-readable format. When you enter an address into your web browser, a series of Domain Name Service (DNS) servers are queried for an IP resolution to the domain. Once a domain is resolved, we have the address and your connection is initiated.

The global Internet is broken down into several sub-networks. This is done with the use of routers and switches in a network topology. Down at the base, an IP is a 32-bit address split up into four 8-bit blocks.

IP Subnetting

IP addresses were originally defined by one of five classes (A through E). This classful addressing was used to determine the potential size of a network, but is no longer commonplace as classless addressing now allows for any netmask to be assigned to any IP address range. Consider the following table for a list of these different address classes:

Classes A through C are used for normal IP addresses, class D is used for multicast groups, and class E is reserved for future use. Now consider a class C address: you are allowed 2,097,152 networks and 256 hosts. A subnet mask is used to define a block of IP addresses (subnet) and can be rewritten in the form a prefix - a class C address has a prefix of /24, meaning 8 (32 - 24 = 8) bits available for hosts.

A /24 prefix means that the first 24 bits of an IP segment are already used and can be written out like 11111111.11111111.11111111.00000000.

Refer to the cheat sheet below for a list of classless networks in an IP network:

Routing

A host with an IP address in one network can only communicate with other hosts in that same network. For example, a host at 10.24.32.19/8 can communicate with a server at 10.98.1.37/8, but has no route to a VoIP telephone on the 172.16.1.0/16 network - unless a router is present. Routing is the process of directing an IP data packet through a series of networks that stand between its source and destination.

A router can be used to define a set of rules for directing traffic between networks: To get to network B from network A, send traffic through router C. Router C, in this case, would have to have knowledge of both networks A and B. Routes can be configured as either static or dynamic routes. Static routes are more common in smaller networks and define a single next hop for a particular destination network, while dynamic routes are implemented with routing protocols like RIP, OSPF, EIGRP, IS-IS, BGP, etc. Routing protocols are beyond the scope of this article, as this is a network primer.

Switching

Just as a router routes packets by IP address at layer 3, switches switch packets by MAC address at layer 2. Some switches can process data at layer 3 or layer 4, but this is beyond the scope of this article. A switch operating at layer 2 connects multiple hosts in a particular network, and learns the MAC address of each connected device. Switches (also known as bridges) then forward data to their connected devices based on MAC address.

Networking Roundup

This article is a very brief overview of the vast world of networking and is intended for individuals who want to understand the very basics of how hosts are connected and how data traverses between networks in a very general manner.

Inspiration

I will start off with my favorite - one that has helped me a great deal - Smashing Magazine. Smashing Magazine is an all-around blog and a gold mine of information for the web developer of any stature. With daily articles on the latest web design trends, beautiful wallpaper for your Mac, PC, iPhone, iPad, Droid, etc., icons, graphics and more, you're bound to get a feel for your next great design.

Graphics

Another obstacle plaguing my professional web design was procuring relevant images for my project. That is, until I discovered Dreamstime. Dreamstime provides the consumer with countless images searchable by keyword or phrase, costing as little as $1/graphic. This will also give you full rights to the image to use in as many projects as you like. Go to dreamstine now and search for free.

Domain Names

OK, so you have a great idea for a web application, but you need a clever domain name for it. Shout Domains should do the trick. Even if you have a perfect name for your site, you will notice that everything is taken! - This can be incredibly frustrating, however there is no need to fall prey and spend $20,000 on the domain you wish you had. Shout Domains allows the user to select keywords from a dropdown, and even enter in his or her own, and watch all the possibilities scroll before his or her eyes. It will even give you pricing from various hosting companies. I have used this app a few times to generate domain names for previous project, and I love it!

Versions

Versions prides itself as being "the first easy to use Mac OS X Subversion client." and can be downloaded from their website. It costs about $53, but has a trial period so you can test before you buy. Once the app has been downloaded and installed, open it up and you will see something like the following:

The first thing you want to do here is create a new local repository. Click the "Create Local Repository" button, and fill out a name for it, as well as a location. In my case, I am calling my repository (repo) "snabbr", and placing it in my dropbox/SVN-Repositories directory in my home directory. Next, you will see your repo show up in the main window after you created it. Right click the name and navigate to "Import...".

An SVN import allows you to bring in existing code, which I have. When you select the source of the code you wish to import, you will be asked for Commit Message:

This can be anything you like; it's use is so that you can identify your changes when you need to roll back code in the future.

The last step, for now, is to "checkout" your code to a new directory (I store all my projects in the ~/Sites/ directory). You should still have your repo open in the main window of Versions. Right click the repository itself and select "Checkout". This will create your project in the location you specify. You should also notice that a ".svn" directory was created within your project (OS X hides files and folders starting with a "." by default, but it’s there). Coda will see this directory and will automatically kick in it’s SVN capabilities. Now that we have our repository set up, and code within it, lets jump over to Coda.

Coda

Coda is a "one-window web development" IDE provided by Panic. It will set you back about $99, but you have 14 days to decide if you like it or not. I personally love Coda. It’s got that great Mac OS X feel we all love. Get Coda here and install it like any other Mac app.

Open Coda up and you will see a navigation pane on the left, and display window on the right. Click the "Sites" icon above the main window and you should be greeted by a screen like this:

Click "Add Site..." and enter your information in the window that pops up. You will notice that once you've filled in the details in the "Site" section, your Repository URL will be filled in automatically. Coda read the ".svn" directories within your project's filesystem to procure this data.

Verify that all the information is correct and click the Save button. You shall now see a screen like the following:

Double-click on the site's image you have there and Coda will automatically bring forth that project's files. In the following example, I modifed my about.php page to show off how Coda's built-in SVN works.

As you can see, a little "M" shows up to the right of the filename indicating that this file was modified. You should also notice that a button to "Publish All" appears. This lets you upload any modified files into their perspective directories on the remote server. Cool, huh?

So now that you have a file that's been modified, flip over to the Remote tab in the left pane to connect to your remote server. On the bottom of the left pane, you will see an icon that looks like a black box. This brings up the Source Control Status window where you can update your code live on your production machine:

Congratulations! You are now all set up with an efficacious development environment on your Mac. For more information on Versions and how to properly manage your repositories, visit Versions – Support.]]> Sun, 13 Feb 2011 12:34:06 -0500 http://snabbr.com/articles/easy-web-development-with-coda-and-versions http://snabbr.com/articles/postfix-message-filtering-and-archiving This article outlines the information needed to set up content filtering and archiving of your emails, assuming you have a fully configured Postfix setup on your Linux server.

First off, open up the postfix master configuration file:

Look for this line and append the following text to it:

The first option line tells any smtp packets to pass through the "spamfilter" content filter which will be defined next. The second option is only really needed if your postfix is configured for virtual email aliases. The receive_override_options directive will prevent from duplicating emails. Now on to the spamfilter content filter. Add this somewhere in your master.cf file:

"spamfilter" is the content filter you issued before. Specify the script you want to run against every email coming in and out of the system, and the user to run. In this case, we will be running the mailfilter.sh file with the options "-f ${sender} -- ${recipient}" by the user "spamfilter".

Now create the mailfilter script:

I'll leave the creativity up to you, but you can really do whatever you want here. You can grep out specific strings in email messages and forward/archive/whatever, depending on specific rules. You need to make sure you forward the mail on with sendmail, or else your mail will just die there. I use spamassassin to handle all the tagging of my emails, and then i look for specific rules flagged by spamassassin in the header and work with my mail from there. For example, if there is a message that matches my profanity rule, I send it to a sideline directory, bounce the message back to sender, and CC it to the appropriate supervisor of said employee.

I uploaded a sample mailfilter script for you to analyze: mailfilter.sh

First, on the Cisco end, we need to enable NetFlow, and tell it where to send its flows.

Keep in mind that "snabbr" above is the SNMP community, and that the same must be configured for snmpd on your Linux server. The default community, I believe, is "public". Also assume that 10.0.0.2 is the IP address of your Linux server, and 2056 is the port you want the server to listen in on for the NetFlow packets. Now on to setting up NetFlow Analyzer on Debian Linux.

Here, we're binding on 0.0.0.0, and listening on the router's IP (10.0.0.1) on port 2056, as configured on the router earlier. Now restart flow-capture...

...and watch the flows being generated in the /var/flow/router/ directory. You can use the flow-print command to see them better:

If you see flows, great! If not, make sure your router is producing them. Try

...and verify that it is sending the data to the correct IP address. Also remember to check your logs.

This is a very simple setup. You'll need two files off the internet:

o
1. You will need software that is capable of talking to the router's console port: ZTerm does the trick well. Get ZTerm here.
o
2. Assuming you already have a console cable, and a USB to Serial adapter, you will need drivers for said adapter, or ZTerm won't be able to find the router. Get the PL2303 USB to Serial drivers here.
o

The installation procedure for both is like any other Mac app. Just drag to your applications, or follow the README/INSTALL files if they exist.

Once installed, open up ZTerm, and navigate to Settings->Connection in the menu bar. Click OK, and you can connect by navigating to Dial->Local.