Jkx@home » sysadmin

Media Player (Dvico 3100) + Netgear WGT634U = Cheap Wifi Media Player

admin — Thu, 05 Apr 2007 21:10:58 +0000

This year, for my birthday I have a very nice Media Player M3100. This stuff is really usefull, no need to use a noisy computer to watch recorded Divx. It’s pretty kool to watch films from beds you know..

The only issue: I need to take it back to my computer when I want to upload a new film, that’s it .. When I first received this gift, I went back to the shop to exchange it against a networked one. But 1) they cost a lot more money, 2) not available at the shop. (even if it’s a really big one).

Last week, somebody sent me a mail. He found some cheap wireless access point with a USB port: Netgear WGT634U. (50Euro) Hum, ok let’s give it a try. First test, plug a Media Player to this USB port… ok It’s working fine. But you know, I don’t have a network cable near my bed, so I decided to transform the Access Point in a Wireless client. By this way, I can simply plug the Media Player on the WGT634U and remotely put some Divx via FTP, without any wire.

Step 1 / Install OpenWRT

The default firmware on the WGT634 doesn’t support wireless client mode (It’s a AP). So I switched it to OpenWRT Kamikaze. I build the firmware from source, but the kamikaze snapshot shoud work too. I followed the OpenWRT guide step by step with a external serial plug. You can find the complete howto for the serial connection here

# hit Ctrl-C on the bootloader
CFE> ifconfig eth0 -auto
CFE> flash -noheader tftp_host:openwrt-wgt634u.bin flash0.os
CFE> reboot

The first boot is a bit long, but all is fine…

Step 2 / Install tools

Here the short list of needed tools:

kmod-usb2
kmod-usb-storage
kmod-vfat
kmod-nls-base, kmod-nls-cp437, kmod-nls-iso8859-1
pure-ftpd

with a simple ipkg install via the serial console

Step 3 / Configure OpenWRT in wireless client

This is really simple in kamikaze, only change some files:

The wireless config file need to be tweaked, as I want it to join my MyDummySSID network

/etc/config/wireless

config wifi-iface
option device   wifi0
option network  lan
option mode     sta
option ssid     MyDummySSID
option hidden   0
option encryption none

Let’s go for the network config: MyDummySSID Access Point is 192.168.3.0/24, gateway in 3.1 and local DNS server is 1.254

/etc/config/network

#### LAN configuration
config interface lan
option type     bridge
option ifname   "eth0.0"
option proto    'static'
option ipaddr   '192.168.3.2'
option netmask  '255.255.255.0'
option gateway  '192.168.3.1'
option dns      '192.168.1.254'

First test: ifdown wan (switch off network) / ifdown br-lan / ifup br-lan

Step 4 / Firewall

Ok that’s fine, but I want to restrict the access to my local network only.. so I need to hack the firewall a little to avoid remote access from other wireless clients (my wireless network is open you know..). Simply linked this little script in /etc/rc.d/

/opt/ftp-firewall

#!/bin/sh

# clear all firewall rules
for T in filter nat mangle ; do
iptables -t $T -F
iptables -t $T -X
done

# drop incomming packet
iptables -P FORWARD ACCEPT
iptables -P OUTPUT  ACCEPT
iptables -P INPUT   DROP

# accept traffic on localhost
iptables -A INPUT -p tcp -i lo -j ACCEPT
iptables -A INPUT -p udp -i lo -j ACCEPT

# accept ftp only from my home network
iptables -A INPUT -s 192.168.1.0/24 -p tcp -i br-lan --dport 21 -j ACCEPT

# accept incoming http / ssh
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -j ACCEPT

# finaly accept already open Cnx
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

Step 5 / Misc

After some tests, I discover that I need a way to know if the WGT634U managed to join the wireless network or no. So I added this little script, that check for the wireless BSSID, and turn the power led in yellow if something goes wrong .. this is really usefull in fact.

/opt/led-daemon

#!/bin/sh

while true
do
{
STATE=$(iwconfig ath0 |grep  00:13:13:53:DA:D1 | wc -l)
[ $STATE -eq 1 ] && echo 0 > /proc/diag/led/power
[ $STATE -eq 0 ] && echo 1 > /proc/diag/led/power
sleep 20
}
done

Foo

Step 6 / Finally

Here the result:

The finished product (grrr) works really fine and managed to achieve something like 850Ko/sec, I mean full speed ;) (11Mbs network) I need to remove the serial port right now, and close the box..

Important update

I read on Engadget that I use this to stream video to my TV, (like the Apple TV do), but this is absolutely wrong. This media player has a 320Go hard-drive. Why would stream film on this ? I just put it on that’s it :)

This is really amazing how people doesn’t read the article to see what I’ve done. It’s not the first time this happen in fact.

Here in France, most advanded users have some network TV from a long time, and this little boxes can play network stream (like the Apple TV) for a long time now. Beside you don’t pay for this service (rent for the boxes are included in DSL bill), the only issue is that you must have another computer to stream.

I guess nobody here (in France) would by a Apple TV, since we already have this kind of products for free for a long time. Look at a Freebox for example.

It’s time to watch a film :)

Arpwatch on WRT54G

admin — Thu, 12 May 2005 15:22:32 +0000

While running my access point in public mode, i want to know when people log in. This can be a good way to find intruders too, but not my purpose.
I decided to run arpwatch on my linksys access point, but this is not so easy ..

1) Mail

First you need to have sendmail on the WRT. So install mini_sendmail. Add a file /usr/sbin/sendmail that contains:

#!/bin/sh
/usr/sbin/mini_sendmail -t -sIP_of_your_mail_relay

Check that it ‘s working..

2) Arpwatch

Run arpwatch on the WRT throught this script:

#!/bin/sh
IFNAME=$(nvram get wifi_ifname)

case $1 in
start)
touch /tmp/arpwatch.dat
arpwatch -f /tmp/arpwatch.dat -i $IFNAME
;;
stop)
killall arpwatch
;;
*)
echo "usage: $0 (start|stop)"
exit 1
esac

exit $?

3) Check

Wait a bit, connect to your wifi, look at your email on the gateway. (root@gw) you will see something like this:

From: root@openwrt.local.net
Subject: new station

hostname: 
ip address: 192.168.2.1
ethernet address: 0:f:66:c7:b5:b1
ethernet vendor: 
timestamp: Tuesday, January 18, 2000 14:34:01 +0000

Enjoy :)

Tcpdump rules !

admin — Sun, 06 Feb 2005 10:44:12 +0000

Tcpdump is clearly one of my favorite tool. Here a little example to filter the traffic of my OSPF router.

tcpdump -i eth0 ip[9] == 89

And the result:

12:43:48.219432 IP p2b.soif.fr > OSPF-ALL.MCAST.NET: OSPFv2, Hello (1), length: 48
12:43:48.560817 IP wrt.soif.fr > OSPF-ALL.MCAST.NET: OSPFv2, Hello (1), length: 48

Wonderfull no ? :)

Full featured SMTP in Python ?

admin — Wed, 01 Sep 2004 21:34:23 +0000

In a recent post Ian explain he get a lot of trouble w/ the configuration of his mail system. I ran into the same issues a little time ago. Now i’m using postfix and courier-imap and maildrop to dispatch the mail between. This setup is really easy because Postfix just accept incomming mail, and maildrop deliver it in the right imap folders. By this way, i only have to tweak maildrop to add some users. And works fine with virtualhost. In my current setup, i’m using a home-made spambayes deamon (sb_global_server), to spam-tag all incomming mail. (even for virtual host users)

Now, i need to setup a mailing list manager… and issues are back again :( I read the mailman howto, and no, it doesn’t support virtual-hosting out-of-the-box. Play with a bunch of alias? no thanks… I can use another one of course, but intregation w/ postfix is not so-trivial for most of them.

So why not write a full featured SMTP daemon in Py? We will get:

a system that can scale easily ..
support for most of db-backend without a pain
can embed spambayes .. or any other filtering system in only one piece of code ..
only one users configuration (not to use LDAP or others to glue..)

Right now, if you want to have a good mail system you need to use a bunch of stuffs, written in a bunch of langage .. and use a bunch of tricks to glue each others… But everybody wants a nice/simple mail system ?

Blog post / Mutt IMAP Cache Vs Courier-Cone ?

admin — Sat, 31 Jul 2004 04:02:31 +0000

The thing every blogger likes: Comments ? No ? Really ?

Anyways, i just added a RSS comment Feed to this blog. (No I won’t put the url somewhere since NewsAggregators eat a bunch of bandwith only to see nobody post, i will only give it to friends .. :)

But, this is not the main stuff, while browsing this RSS feed i discover one interesting comment about Mutt and IMAP cache. I now use courier-cone (no-url-yet) and it pretty cool and happy w/ IMAP. I like the IMAP Adressbook system which is really pleasant to use. Anyway check out this post if you want to test the new imap cache for mutt, and thanks Glanzmann for the post :)

For lazy readers the patch is here

SpamBayes server compliant w/ spamassassin

admin — Sat, 24 Apr 2004 20:10:04 +0000

I’m using spambayes for a long time now. But when i decide to install it for all the curent users of my setup (w/ some virtual domains..), i just discover that spambayes don’t have a system-wide deamon like spamassasin (spamd).

So the first try:

install spamassassin :) .. This mail filtering is just a bulshit ! Even w/ the training done on a mail, it achieve to deliver it as ‘unsure spam’ !!
put spamassin away .. but keep piece :)

I first decided to write another client / server for spambayes. but looking at all the stuff writen in spamc (spamassassin client) i discover i will need a lot of nights (i’m not a C guru . even if the little try i wrote works perferctly )

Nice try, but why i shouldn’t simply write a server that use spamc as client ? .. could be really easy and efficient too (spamc is really efficient) ..

i just finish to write this and submit to the dev list

Mail Archives / mdirarchive.py

admin — Mon, 19 Apr 2004 13:06:34 +0000

Since i totally switched my mail system to imap, i’m looking for a way to keep the folders ‘small as possible’. I talked w/ Phil about this, and he (http://base-art.net/wk/Article/3.html) hacked a existing python script. The main difference between his hack and the orginal one, is that now the folder are archived in a ‘normal’ way.

This should only work w/ courier-imap server but this is the one i use :) . I can now read mailing archive without too much pain !

Securing courier-imap

admin — Sun, 29 Feb 2004 13:40:09 +0000

I spent part of the day to install a virtual mail server, and i discover that there is a really simple way to secure courier-imap. By defaut when you use this kind of server the auth is made against the standard pam module. This is really simple, but what happend if someone is able to read your imap password. Yes he get the account password.

Courier imap can do the auth against a lot of stuff. Simply change the authmodulelist=authpam to authmodulelist=authuserdb. This will use the file /etc/courier/userdb.

userdb "username" set home=/home/username
                      mail=/home/username/Maildir
                      uid=UID gid=GID
userdbpw | userdb "username" set imappw
makeuserdb

So now you can use a different password for your account and your imap, and you can choose who can access to imap server.

Enjoy Mutt

admin — Wed, 18 Feb 2004 21:50:55 +0000

I get it! I managed to use mutt w/ my imap folders, with hooks and everything fine. This is not really hard, but :

libsas-modules break the SSL certification (without any error message)
mutt really lack of header cache for imap (there is a patch for Maildir but no for imap)

### IMAP ########################################
set imap_user="jkx"
set spoolfile=imaps://mail.larsen-b.com/
set folder=imaps://mail.larsen-b.com/INBOX
set record=imaps://mail.larsen-b.com/INBOX.Sent
mailboxes  imaps://mail.larsen-b.com/

### Hooks #######################################
folder-hook INBOX.Sent 'set index_format="%4C %Z %{%b %d} %-20.20t (%41) %s"'
folder-hook INBOX.JOB my_hdr From: XXXXX

Pam_USB

admin — Fri, 19 Dec 2003 06:13:05 +0000

Pam_USB is a pam_module that allow you to log in w/ a usb-key (or a cdrom/ floppy .. any removable device w/ a serial number or a free space to hold DSA keys.)

This is pretty kool since, this kind of stuff can be usefull. I think about:

security of course ( using Additional directive )
or usefull ( for example in POS …)

Anyway i will install this on my notebook since I use it a lot and I can’t always trust the potential users. ( I usually leave it w/ xlock at my work. )