Stupid Networking Tricks

So the office network has been lacking a VPN to the corporate network. We’ve got individual Cisco VPN clients we could use, but they suck because they disable local LAN access. Thus, while we are connected to headquarters, we can’t print to the printer sitting right next to us.

We were able to get by without this for a while, but now we’re expected to know what’s going on in corporate. With a permanent solution still weeks away, I decided to tackle the lame Cisco client head-on. I would try setting up the Cisco client as a gateway, so that the whole office could use it and still have access to the local network.

The VPN software seems to prohibit routing at the kernel level by installing itself as a module. The obvious solution of using the kernel to forward traffic between two interfaces doesn’t work. I would have to be creative.

Then I got inspired. Using tcpdump, I could see that traffic originating locally on my gateway box was being NATted to the VPN IP address. Traffic sent to the gateway from outside was not. Using some iptables-fu, I came up with a quick script which did the trick. I created a couple of IP-aliased interfaces. I then used SNAT and DNAT iptables rules to forward all traffic destined to these IPs to corresponding hosts on the corporate network.

Now the local office has “mirror” IPs for remote hosts and from the local users’ perspective it looks like they’re talking to the real server. The dumb VPN client doesn’t know that the traffic its forwarding did not originate locally. Everyone is happy.

Well, maybe not everyone. I’m not totally happy. As clever as my hack may be, it irks me that there isn’t yet an easier way to do this. I’ll continue to study the VPN client to see what other magic I can make it do.

I kind of surprised myself with how much of this stuff I still know how to do.

It Depends On What The Definition of “Last Throes” Is

Terry Moran, ABC News correspondent, can’t get a straight answer from Scott McClellan on the evidence that the insurgency is in its last throes.

Read how he squirms. McClellan should run for Congress after his stint as WH PR. He’s got this “talking without saying anything” stuff down pat.

Kill The Broadcast Flag! Do it Today!

The RIAA is trying to make it illegal for you to use your VCR or Tivo. That’s right, an amendment will be slipped into the appropriations bill today that will restore the broadcast flag, which limits what you’re legally allowed to record and watch on your Tivo or VCR.

If you live in the following states, you can call TODAY to help stop this end-run around the First Amendment: Alabama, Alaska, Hawaii, Iowa, Kansas, Kentucky, Maryland, Missouri, New Hampshire, New Mexico, North Dakota, Texas, Vermont, Washington, and Wisconsin

See the EFF’s Action Center for more details. MT.Net is proud to join JT.Net in standing up for our recording rights.
Continue reading →

S	M	T	W	T	F	S
			1	2	3	4
5	6	7	8	9	10	11
12	13	14	15	16	17	18
19	20	21	22	23	24	25
26	27	28	29	30