May 022013
 

What is this about?

This is a small tutorial, which will show you how to set up a local Raspberry to serve as a so-called SOCKS 5 proxy-server for your local network. The Raspberry itself will connect to a remote server, which will then make the requests to other Internet servers with it’s own IP, thus masquerading the original requestor’s.

All computers on your local network can be configured to connect to the Raspberry, so they all can share the same connection to the remote server.

plug-in-raspberry-socks

Usage #1: Unblocking

As we all know, many sites ban IPs outside of certain contries (* cough Hulu YouTube Pandora Grooveshark cough*) or severely limit the usage. YouTube for instance will block most (> 60 %) “copyrighted” content here in Germany … also Google will index some pages, according to German laws, etc. Other examples will be easily found by the astute reader.

Well what about the obvious case of a US citizen being abroad and wanting to access these and other services? Or a British citizen trying to access the BBC iPlayer?

All you need is a US / British IP address. If you also happen to own a US / British VPN (if not, we recommend Hostigation for US VPSes – affiliate link), then you’re set. If you happen to be a US citizen, that is. If not, well … probably you should not read on Winking smile

 

Usage #2: Security & privacy

If you don’t trust your direct upstream connection, i.e. unsecure WiFi hotspot / sharing Internet through the neigbour’s connection, you might want to forward all traffic from your browser through a safe tunnel.

 

Usage #3: Advanced filtering

If you want to do some advanced filtering on your Internet traffic, i.e. rewriting some JavaScripts / CSS on the fly, logging and analysing the traffic, injecting automatic commands, for instance to log you in automatically and securely on some websites, etc., this solution might also work for you (with an additional “proxy” application on the Raspberry between the actual SOCKS proxy port and the browsers / apps you are serving). The Raspberry then could forward the traffic on through localhost, i.e. your regular Internet upstream service. We will not discuss advanced filtering in this post, but maybe in some upcoming posts.

Set up remote server

On your server / VPS in the remote location (i.e. USA), we recommend to add a new user for SOCKS / SSH forwarding with regular (i.e. non-root) privileges. This is done for security measures, should someone obtain control of your Raspberry. (Many Raspberries are left with the pi / raspberry default login).

adduser socks-foo

Linux will ask you for a password for this new user (in our example the username is “socks-foo”, pick your own), and some other questions, which can be safely accepted in their default values.

If you have OpenSSH server running, which you would need to log (“SSH”) into the remote location in the first place, -that’s it – you’re finished with the server.

If you access your “remote” machine directly or via some other means, please set up the OpenSSH server for this tutorial to work.

Consider setting up private key authentication and taking other security precautions which may be necessary, but outside the scope of this article. Please have a look at this article, for instance.

Set up Raspberry

We will have a Raspberry local server forwarding to the remote server(s). If in doubt, use the commands as root user / sudo them.

We will introduce you to an “instant on” solution first, and discuss in some more depth how it can be made more permanent in another article in this blog (coming soon).

Easy setup / test

In the easiest setup, you could start your SOCKS server simply by the following command

ssh -o ServerAliveInterval=60 -D0.0.0.0:8888 socks-foo@example.com

This will connect to the server example.com (you can also simply use it’s IP), with the user socks-foo, and set up dynamic forwarding on the port 8888 for all network interfaces on the Raspberry Pi. The ssh client will log into your example.com machine at this point, if you close the connection (exit), then the SOCKS proxy obviously will also stop working.

The 0.0.0.0 is important – without it, the Raspberry will open the port, but only on localhost – you will not be able to connect from other computers on your network to it.

You can verify that the port is indeed open (from another console) by

netstat -tlnp

This will show you a list of opened ports, and which IP adresses and services they are bound to.image

Also you can try to use curl to fetch content through socks (on another console logged into your Pi):

curl --socks5 localhost:8888 blog.pi3g.com

This should show you some HTML code.

 

Advanced Setup

In this simple test setup above, you need to connect to the Raspberry and enter the password to the remote server every time you want to use it. We will be looking at setting up a private / public key authentication method and installing the SOCKS proxy as a service in a future post.

Setting up your browser

Next, you can set up your browser to use the new SOCKS 5 proxy. We will demonstrate this with Firefox. A good idea is maybe to use a special browser just for connecting to the proxy, especially if the traffic on the remote server you are using is metered.

Open Firefox’ connection preferences:

Firefox > Options > Options > Advanced > Network > Settings …

image

Set up the IP of your Raspberry as SOCKS Host, the port you opened on the Raspberry Pi as SOCKS proxy port. Choose SOCKS v5, click OK.

DNS Setup

To direct DNS requests through the SOCKS proxy, we will have to modify another value:

Enter about:config as URL in Firefox, and press enter to navigate to the page.

image

Click on “I’ll be careful, I promise!”, and find the setting network.proxy.socks_remote_dns and set it to true.

image

You can use the search to find this advanced setting more easily.

That’s it! Your browser will now use the new SOCKS 5 proxy you just set up on your Raspberry Pi.

Browser-Plugins, like Flash, will automatically use the new SOCKS 5 proxy.

Please note, that your console to the Raspberry Pi has to be open for the connection to work (if you close it, the connection to the remote server will be disconnected and your proxy will be defunct.) We will show you in an upcoming article how to make it permanent.

 

References

Apr 182013
 

Kein Scherz – die Jungs von pcextreme bieten kostenlose Raspberry Pi Colocation Services an. D.h. man schickt an sie sein Raspberry Pi samt Zubehör (SD Karte z.B.), und sie schließen es ans Internet an. Man erhält sogar eine IPv6 Adresse zusätzlich!

500 GB fair use traffic sind in dem fabelhaften Preis von 0,00 € enthalten.

Wenn man das Raspberry Pi zurückhaben möchte, muss man ca. 7 € für den Versand zurück zahlen. Raspberry Colocation bietet an, ein Raspberry bei ihnen direkt zu kaufen (für die Colocation). Natürlich ist es aber auch möglich, ein pi3g Raspberry Pi zur Colocation zu schicken. Just saying Smile

Apr 072013
 

For our production process (for the upcoming Raspberry Pi media centre edition in a nifty transparent red case) we need to mass-extract the Broadcom SoC’s serial numbers. Doing this manually would be a chore for 50 Raspberry Pis, so we came up with a quick & dirty solution in Ruby.

We’d like to share that with you guys – the code is released into the public domain. 

Download the script:

Setup

karthikeyan_ruby_flatmix

The script is supposed to be run on a master Raspberry Pi. You need to install some prerequisites (nmap, Ruby, Ruby gems) for it to be able to run:

aptitude install ruby
aptitude install nmap

gem install nmap-parser
gem install net-ssh

The script is written in Ruby. Other languages (e.g. Python) could be used, too, of course. I just feel really at home with Ruby. nmap is used to scan the network (you can even scan for ports, etc.). Have a look at this site for some further information about nmap usage to scan a network.

The gems are Ruby extension packages. Ruby has its own package manager “gem” which will download and setup the packages for you. nmap-parser is a wrapper and interface for nmap, net-ssh is an interface to SSH.

Unzip the script, put it into a new folder and make it executable ( chmod +x getips-v1.rb ).

Edit the script to reflect your network (line 35 – replace 192.168.1.0/24 with the network range you want to scan), the expected amount of Raspberry Pis per batch (line 8) you will be processing.

Edit the SSH part to reflect the password setup of your Raspberry Pis (here defaulting to “pi” / “raspberry”) and what should be done on them (line 62 ff).

If you really want to, you could uncomment the “espeak” line (line 12) to enable speech output from your Raspberry as a prompt to setup the next batch, etc. I have disabled it after some experimenting – the script uses a mix of straight “puts” and “speak” (which in turn will also use puts to output to the default output) – you would need to do some more editing for this to be really consistent.

Usage

Start the script ( ./getips-v1.rb ) – it uses the shebang notation, so ruby will be called automagically to parse and execute the script.

The script will show you your master Raspberry’s serial and IP adress – it’s IP and serial will be ignored from now on (no processing done on it).

Afterwards it will enter into an infinite loop (which you can terminate by entering q or x + enter when prompted, or Ctrl + C at any point). It will scan your network for Raspberry Pis (determined by the MAC vendor – so be sure to attach your Raspberrys via their own LAN port, not WiFi – or modify it to work!). If less Pis are found than expected (default is 7), it offers you to rescan the network – allowing for additional Raspberrys to come up if they did not boot fast enough during the first scan. If you want, you can skip the rescan by entering n + enter when prompted.

After the scan, it will connect to every Raspberry in turn, login via SSH with the default password and user (pi / raspberry), get the SoC serial, halt the Raspberry and disconnect.

The serials will be written to a file which will be saved to the same directory.

The serial extraction is just a sample use, of course. You could use it to install packages, modify configuration files, and much, much more.

After having finished the tasks you requested, it will offer you to quit the script (q or x + enter) or read another batch. It will loop forever if you want to.

For more sophisticated requirements

We recommend you to look into Capistrano or similar tools for batch automation. Capistrano is also Ruby based, and uses a “DSL” to describe the automation tasks.

Feel free to contact us, if you need it custom tailored to your requirements – we charge fair rates, especially if the result can be released as open source.

Optimization WordPress Plugins & Solutions by W3 EDGE