CloudFlare Dynamic DNS using OpenWRT

I use dynamic DNS for my home internet connection so that I can access the machines from anywhere on the internet. And I use OpenWRT on my router. Earlier I was using Namecheap for managing DNS but I switched to CloudFlare for performance and security reasons of the website.

Unfortunately CloudFlare doesn’t support updating IP via shell script — well, it sort of does but the JSON stuff gets very messy with quoting in shell scripts, so I wrote a Lua script to update my IP whenever my PPPoE connection starts up; I have dropped the script in /etc/ppp/ip-up.d  so it gets executed by pppd whenever my connection comes up. You can run this script via cron or put it /etc/hotplug  if you wish to. This script uses LuaSocket, LuaSec, JSON4Lua and libubus-lua libraries that are easily installable on an OpenWRT router with 4 MB flash memory.

Now I can have the benefits of CloudFlare without losing out on DDNS :D. Here’s the code:

Suggestions? Post in comments or fork on GitHub.

September 23rd, 2015|Linux, Programming|0 Comments

The Proxy ARP method of routing subnets to solve the docker networking problem

Recently I discovered something called Proxy ARP. I had seen this earlier in sysctl options but never understood it and why would someone need it, until one day I worked in a networking setup which used this to route traffic from the machine to the Internet. It’s an interesting technique and can solve a big problem when you want to use the currently popular tool, docker in your LAN subnet that has DHCP without having to do some other stuff like port forwarding when trying to give access to others.


June 29th, 2015|Linux|2 Comments

The PC reset problem with Active PFC SMPS and UPS

I have a desktop machine with a Corsair SMPS which has active power factor correction. I had a Luminous 675 VA UPS before buying my new desktop machine with this SMPS. The cheapo power supplies available in India (which cost a fourth of the cost of branded ones like Corsair, etc) do not employ power factor correction.

When I was deciding on the configuration of my machine, I decided to buy the latest Intel i5 (i5-4670). The processor had been launched just around a month or two ago. I also bought Gigabyte motherboard and Corsair cabinet after recommendations from many geeky friends I know online who have built their own desktops. They also suggested me that since I was already spending a lot on the machine, I should definitely go for a branded SMPS in order to protect the components instead of going for a cheap one and risk the components.

I did not know that there were compatibility issues with UPSes and Active PFC power supplies. This came to light when my computer started restarting whenever there was a power changeover by the UPS because of high voltage in the input or a general power failure. Because this wasn’t happening for almost 1 year after I bought my computer, I thought something was wrong with my UPS. So I called up Luminous support and they sent an engineer for inspection. He found that the battery terminals had corroded. The Luminous UPS I have supports those big batteries (12V / 100 Ah is the battery I was using) and it claims to be sine wave UPS. He then cleaned them up and things seemed to be back to normal (they just seemed, also known as placebo effect :P). The problem returned back after a few days.

I even tried giving my SMPS for a warranty repair to be sure that the issue is with my UPS and not with the SMPS. Then I started researching about this. I found that this was a known problem (involving big brands like APC!) and the reason was certain PSUs expected pure sine wave at the input but the UPS available in market were outputting modified sine wave, and that’s apparently the oscillator circuit for which is far cheaper and easier to design compared to pure sine wave (Pure sine wave is what you get from the power supply company at homes). I still don’t know if the real cause of the PC getting reset during a changeover is because of the sine wave / square wave thing or it’s because the switch time of the UPS is higher. But if it was a delay, it should happen every time there is a changeover which wasn’t the case.

This clearly indicated that whenever the power waveform at the UPS had an unexpected form, the SMPS was cutting supply to my PC. During the research, I came to know about the kinds of UPS. There are basically two kinds of UPS, one is line interactive UPS and another is online UPS. The difference between the two is that a line interactive UPS will supply AC power directly from the power socket it is connected to as long as there is power and a relay like mechanism is used to switch to battery when there’s an input power failure whereas an online UPS supplies power from the battery all the time. Whenever there is input power available, it will charge the battery. There’s zero switch over time in case of online UPS, while for line-interactive UPS it’s 10-15 ms.

I asked my inverter vendor if he had online UPS and I got shocked when he told me the price for a 600 VA online UPS: ₹25000. That’s way too much for me. Line interactive UPS of the same size costs less than half of that price. So I started manually using the UPS in battery mode whenever I was working on my computer. But this problem needed a solution. So yesterday, I bought a second-hand UPS for ₹250 (yes, that cheap. New ones cost around ₹2000) which supported 600 VA load at output, but the charger inside it cannot charge big batteries. I decided to use my bigger line-interactive UPS as a charger for the battery while this thing will power my computer.

I just bought two wires for connecting the battery and this new UPS. I also added a fan to inside the new UPS’s enclosure to keep the transformer cool as I had the experience of cooking up the transformer during this experiment in another 15-year-old UPS I had. Now things are smooth. Apparently 12V battery chargers are available for ₹4000 on eBay. So why is an online UPS so expensive?! That remains a mystery to me.


March 22nd, 2015|Random Noise|4 Comments

Remote desktop server (XRDP) on Linux Mint 17.1 or Ubuntu 14.04

If you’d like to access your Linux desktop over the network from anywhere in the world, or just want to share your computer’s resources on the LAN by giving all users accounts on your computer, you can set up a remote desktop server. It is quite easy to do so, and the best part is that it is compatible with the remote desktop client on Windows too, thanks to the software called XRDP which talks Remote Desktop Protocol (RDP).

Are you surprised that a blog that usually used to talk about Gentoo, is now posting about Ubuntu? Well, I made switch on my personal machine to Linux Mint Cinnamon because I was bored with Gentoo. I have nothing against Gentoo, and I still love it. It’s the perfect distribution if you want to customize your OS to the core.

If you are going with Linux Mint, I’d highly recommend the MATE desktop. MATE is basically a fork of the original GNOME 2 project. GNOME 3 / Cinnamon / Unity won’t work with XRDP because they rely on 3D graphics which is not possible (yet) on X11RDP or Xvnc (correct me if I’m wrong). You could also go with the other desktop environments like XFCE or LXDE if you prefer. Even KDE works fine in the remote desktop environment because it does not solely rely on 3D graphics.


February 9th, 2015|Linux|15 Comments

FreeBSD IPFW NAT and Jails

IPFW in FreeBSD has built-in support for NATing and the configuration syntax is same as that of natd. It took me quite some time to figure out how to NAT for jails while ensuring that certain jails can have public IPs.

Configure the nat on one of the IP addresses:

When using stateful firewall, the NAT rule for incoming traffic must appear before check-state:

Other rules (service ports) can be placed below this:

Then the NAT rule for outgoing traffic:

Notice above, I am NATing only traffic that comes from . I allocate jails an IP on that subnet (unless I need a public IP for the jail). If the source is not mentioned in the rule, it will NAT even public IPs!

And finally, the outgoing ports:

The catch here is that we jump to the NAT rule only if the traffic comes from . If the traffic is coming from somewhere else (for example, a public IP allocated to one of the jails), it will hit the second rule and directly allow it.

Make sure you have the rule to allow loX traffic if you have separate clone interfaces for each jail.

Final touches:

The firewall script ipfw.rules must to contain other rules for services, icmp, etc not mentioned here.
Everything working smoothly now – ip4 from private jails, ip4 and ip6 from others 😀

December 7th, 2014|FreeBSD|2 Comments