Archive for the ‘network’ Category

Use Your SSH Server as a Proxy

February 14, 2020 Leave a comment

See . The section entitled “Dynamic Port Forwarding: Use Your SSH Server as a Proxy” did the trick for me.

Categories: network Tags: ,

Outgoing port tester

August 31, 2017 Leave a comment

If you want to test if you can make outgoing port connections, use this web service: . To specify a port (e.g. 8080), use the address . If the page does not load and your request eventually times out, outgoing traffic to the specified port is probably blocked on your local network (check your firewall).

Categories: network Tags: , ,

file sharing on your home network with Samba

October 24, 2015 Leave a comment

I have several machines at home and an old laptop is connected to our TV with a VGA cable. When I download something on my main machine and I want to watch it, I need to copy it on a USB or an external HDD to take it over to the old laptop. A few days ago I came up with the idea to use file sharing at home. My main machine is almost always switched on, so it could be the file server, and my old laptop connected to the TV would be the client.

There are several solutions for this, e.g. NFS and Samba, just to mention the most well-known ones. First I tried NFS but I ran into some problems. First, I had to create one subnet at home. When I had two, the machines in different subnets couldn’t ping each other (refer to this post to see how to create one subnet with two routers). Once I had one subnet, I couldn’t always make NFS work. Sometimes it worked, sometimes it didn’t. And very often I got “permission denied” error when I wanted to connect to the server.

I talked to a friend of mine about it, Todi, and he suggested that I should try Samba instead. I did and it worked like a charm :) So here I sum up the steps for sharing directories at home with Samba between two Linux machines. Samba also works with other operating systems (Windows, Mac), but I will try that later.

I used the excellent Arch wiki as a starting point. I tried this method on two Manjaro machines but Ubuntu should be the same.

Server configuration

This is the machine that contains files that you want to access on other machines. Install the “samba” package and create the config file:

# cp /etc/samba/smb.conf.default /etc/samba/smb.conf

To provide basic file sharing, enable and start these services: “smbd.service” and/or “nmbd.service“. I’m not sure if “nmbd.service” is needed.

I like to see my shared folders in one place. Create the “/srv/samba” folder and mount here the folders you want to share. I added the following lines to my “/etc/fstab“:

/mnt/ext1/movies      /srv/samba/movies       none   bind   0   0
/mnt/ext1/torrent     /srv/samba/torrent      none   bind   0   0
/mnt/ext1/tutorial    /srv/samba/tutorial     none   bind   0   0

Of course, in the “/srv/samba” folder I created three empty folders first (movies, torrent and tutorial).

When ready, run the command “sudo mount -a” to mount these new folders. Verify if they are correctly mounted.

Now, it’s time to edit the /etc/samba/smb.conf file. My global part looks like this:

   workgroup = MYGROUP
   hosts allow = 192.168.0. 127.

It means that all machines on my home network and my localhost can connect to the server. The abbreviations mean 192.168.0.* and 127.* .

The next thing is to create a share. Add these lines to the bottom of the config file:

   comment = Jabba's stuff
   path = /srv/samba
   available = yes
   valid users = jabba
   browsable = yes
   public = yes
   read only = no
   writable = yes
   create mask = 0777
   directory mask = 0776

It means: the folder “/srv/samba” is served on the server (recursively); the client will need to authenticate itself (see later), and the client will have write permission too.

Note: I could set up Samba quickly but the client couldn’t do any modifications. The shared folder was read-only. The trick is to create a Samba user. On the server allow this user to connect, and on the client use the credentials of this user when connecting to the server. Let’s see how to do that.

On the server create a Samba user:

sudo smbpasswd -a 

For the sake of simplicity here I chose the same username that is my account’s name on Linux. Provide a password for this user and add this user in the “valid users = …” line (as seen above).

After editing the config file, always run the command “testparm -s”, which checks for syntax errors. Restart the “smbd.service” and you are done with the server side.

Client configuration

Install the package “smbclient“, that’s all you need. To see public shares on a server, run this command:

smbclient -L <server> -U%

I like to see my mounted Samba directories in one place, so I created the directory “/smb”:

# mkdir /smb

Then mount the shared folder of the server. Don’t forget to use the credentials of the Samba user that was created before:

#!/usr/bin/env bash

sudo mount -t cifs //hq/share/ /smb/ -v -o username=jabba,password=***

Here “hq” is the name of my server and “share” is the name of my share that comes from the Samba config file (it’s under the section name “[share]“, so this is its name). The username and password belong to the previously created Samba user.

If everything went well, then you should see the shared folders under “/smb“. The shared folders are writable on the client side.

File manager configuration

If you want to access Samba shares from Thunar, Nautilus, etc., then install the package “gvfs-smb“. Then in the location bar (CTRL+L jumps there) simply write “smb://hq/share” (in this example). Provide the Samba username and password and you are good to go.

On my home network the speed of Samba is not very fast. From the server I can copy with a speed of 1.5 MB/sec. When NFS worked, its speed was 1.7 MB/sec. So NFS was a bit faster, but there is no big difference. And Samba was easier to configure. However, for watching movies on a client, this speed is enough.

Windows client

The Windows client must be in the same workgroup with the server. As seen above in the “[global]” part, the server is in the workgroup called “MYGROUP“. Here is a help that explains how to join a workgroup. Here are some screenshots (sorry for the Hungarian version but that’s what I have at home). Click on the images to enlarge them:


After changing the workgroup’s name, you must restart the computer (yeah, it’s Windows). Then open the Explorer, go to the networks and you should see the Samba server. Connect with your credentials.

Ubuntu client

Install the package “cifs-utils” and proceed as described above.

Categories: network Tags: , , ,

home network with two routers but with one subnet

October 22, 2015 Leave a comment

When we moved to our new home, we had just one router. However, the wifi was very weak at places that were far from the router. So I added a second router that was another wifi spot with a different SSID. It was good, because we had strong wifi connection everywhere. Today I had the idea to set up NFS (network file system) and thus I could access all the movies on my main machine. However, I ran into a problem. As it turned out, I had two subnets at home: each router had its own subnet, and I didn’t manage to link two computers with NFS in different subnets. I made some study and actually you can create one subnet with two routers and the two routers can have the same SSID. Below I present the two approaches.

From now on, I will use the following terms. The router that receives internet in its WAN port is the “primary router”. The other router that is connected to it via a network cable is the “secondary router”.

(1) Old way: two routers, two subnets, two different SSIDs
This method was also good, the secondary router shared Internet (wired and wireless). However, it created a different subnet.

The IP address of my primary router was . A network cable connected it to the secondary router, and this cable went into the WAN port of the secondary router. The default IP of the secondary router was . The secondary router also had DHCP, and all machines connected to the secondary router had Internet. Machines connected to the primary router received an IP address of the form 192.168.0.* , while the secondary router distributed addresses of the form 192.168.1.* . It resulted in two different subnets. Both routers had DHCP enabled. Wifi was enabled on the secondary router too and it had a different SSID. Thus at home we had two different wifi networks with two different SSIDs.

It worked well until I wanted to have NFS…

(2) New way: two routers, one subnet, one SSID
I found the solution here. A big thanks to Scott Hanselman because following his blog post I could set up my home network correctly.

Here I just want to sum up the steps for future references.

The primary router is OK. Its IP is and it has DHCP enabled. In the DHCP settings make sure that the distributed IP addresses start with at least . Why? Because we will want to set the IP of the secondary router to be . In my router the starting IP address was, so I left it like that. Wifi is configured.

As the secondary router will also have wifi, set different channels in the routers. The channels should be far from one another. For instance channels 6 and 11 are good. So in the primary router set the channel to be 11.

Now switch off the primary router. We want to modify the IP of the secondary router but if the primary is running (and they are connected), then you can’t modify the secondary. So, the primary is switched off. Log in to the web interface of the secondary (in my case its IP was and modify its IP address to be . Save it and visit the new address, . In the secondary router disable the DHCP server. It has nothing to do with IP addresses; the primary router will distribute the IPs in our whole network. Enable the wifi and set the same as in the primary router: same SSID, same authentication method, same encryption, same password, etc. However, set the channel to be 6 for instance (it should be different from the primary router’s channel). Save everything.

The network cable comes out of a LAN port in the primary router and goes in to a LAN port of the secondary router. Warning! This time we use the LAN port on the secondary router, while in the previous method it was the WAN port! Switch on both routers, and the network should work with the secondary router too.

My wifi settings of the primary router:

My wifi settings of the secondary router:

Categories: network Tags: , , , , , ,

set up a proxy server for yourself

January 5, 2015 Leave a comment

You want to have a US proxy for yourself. For instance, you want to listen to Pandora Radio, but its home page tells you “sorry peasant, you don’t live on the holy US soil“.

Here I explain one possible way. Create a droplet at Digital Ocean (it costs $5 a month). When you create the droplet, select a US location.

Create the droplet, configure the SSH access.

Then, install squid, which is a full featured web proxy cache server.

To start using your proxy, install the FoxyProxy Firefox add-on and configure it.

Now, if you visit, you will notice that behind the proxy your real IP is still visible! You are not anonymous (yet).

To hide behind your proxy, we need some more configurations. Edit “/etc/squid3/squid.conf” and add these lines:

via off
forwarded_for off

request_header_access Allow allow all 
request_header_access Authorization allow all 
request_header_access WWW-Authenticate allow all 
request_header_access Proxy-Authorization allow all 
request_header_access Proxy-Authenticate allow all 
request_header_access Cache-Control allow all 
request_header_access Content-Encoding allow all 
request_header_access Content-Length allow all 
request_header_access Content-Type allow all 
request_header_access Date allow all 
request_header_access Expires allow all 
request_header_access Host allow all 
request_header_access If-Modified-Since allow all 
request_header_access Last-Modified allow all 
request_header_access Location allow all 
request_header_access Pragma allow all 
request_header_access Accept allow all 
request_header_access Accept-Charset allow all 
request_header_access Accept-Encoding allow all 
request_header_access Accept-Language allow all 
request_header_access Content-Language allow all 
request_header_access Mime-Version allow all 
request_header_access Retry-After allow all 
request_header_access Title allow all 
request_header_access Connection allow all 
request_header_access Proxy-Connection allow all 
request_header_access User-Agent allow all 
request_header_access Cookie allow all 
request_header_access All deny all

Restart the squid server:

sudo service squid3 start

Visit again. It will indicate your proxy’s IP, stating that no proxy is detected :) Cool.

At the moment anybody can use your proxy if they find out your IP:port combination. I tried to add username / password HTTP authentication but it didn’t work. If someone has a step-by-step guide for that, let me know.

Categories: network Tags: , ,

don’t use free proxy servers

January 4, 2015 Leave a comment

Why are free proxies free?

because it’s an easy way to infect thousands of users and collect their data

When you download a page via a proxy server, there is no guarantee that you get the original page… There is a high risk that the proxy server sent you back a modified page. Read the article above for more details.

Categories: network, security Tags: , ,

copy large files between computers at home over the network

January 2, 2015 Leave a comment

I have a desktop machine at home with a Windows 2007 virtual machine. I mainly have it because of Powerpoint. Recently I prefer to work on my laptop in the living room. Today I needed Powerpoint, so I decided to copy the whole Windows virtual machine and put it on my laptop. The only problem is that it was 67 GB and I didn’t have that much space on my external HDDs :(

Don’t panic. On my desktop machine I entered the folder that I wanted to copy and started a web server:

python -m SimpleHTTPServer

With “ifconfig” I checked the local IP address of the machine, it was

On my laptop I opened a browser and navigated to ““. All the files I needed were there. Since I’m lazy and I didn’t want to click on each link one by one, I issued the following command (tip from here):

wget -r --no-parent

The download speed was about 10 MB/sec, so it took almost 2 hours.

Categories: network, python Tags: , ,