Wednesday, December 11, 2013


                                                        "My Legs Are Weak"
我无法站立


I'm collecting people's tears they cried because they miss you,
They fill the seas and all the lakes,
With memories the wind blew,
I'd run out of jars before a second could pass,
Didn't have enough time with you to turn the hourglass.
人们因为想念你而哭泣,我收集了他们的泪花
微风吹拂着他们的记忆,填埋进了大海和湖泊
顷刻间我就用完了瓶子,来不及和你停转沙漏

Pictures in my head
Suddenly appear
Why d'you have to go away
It's all not very clear.
一幅幅画面突然间呈现,始终不知为何你要离去

Goodbye sweet angel
Sail away on teary seas
Tattooed the time we had
On my memory
My legs are weak.
再见!亲爱的天使!
在泪海中扬帆,在记忆中绣上我们一起的时光
我已经无法站立
When I close my eyes I see you,
The dimples in your cheeks,
I forgot to thank you for the things
Cause I didn't see you for weeks
Woke up this morning and hoped for a dream
But reality sat next to me and forced me to believe.
闭上双眼看见你的酒窝
几周不见让我忘了说声感谢
早上醒来希望我是在梦中
但现实就在我左右
让我不得不相信
Knocked down too soon
Like a skittle on the lanes
The man who took the wrong stop
From life's fast moving train.
陨落的太快
就像小道上的木桩
他在生命的快车上下错了站
Goodbye sweet angel
Sail away on teary seas
Tattooed the time we had
On my memory
My legs are weak.
再见!亲爱的天使!
在泪海中扬帆,在记忆中绣上我们一起的时光
我已经无法站立
Funeral Flowers
Won't make me believe
They can carry out the casket
And I'll still expect to see

You
You
葬礼上的鲜花
无法使我相信
人们带走你的骨灰盒
但我依然希望看到

Come round tomorrow and tell me all your news
明天过来吧,告诉我你的一切消息
I don't ask for much from you
Sleep to my lullaby
Only give me one more chance
To say a last goodbye
我没有太多要求,睡在我的摇篮
只求再给我一个机会,和你最后一次道别
So
那么
Goodbye sweet angel
Sail away on teary seas
Tattooed the time we had
On my memory
My legs are weak.
再见!亲爱的天使!
在泪海中扬帆
在记忆中纹上我们一起的时光
我已经无法站立

Sunday, July 28, 2013

openwrt 的 vpn passthrough

openwrt默认有个非常奇怪的问题,比如两台以上的设备同时连接openwrt路由,两台设备都配置好pptp的vpn客户端,但是同时只能其中一台能拨vpn,另外一台死活拨不了,一开始以为是vpn服务器的设置问题,后来我换个普通的路由器测试下,居然可以同时拨号,说明服务器没问题,是openwrt的问题,google了一下,找到这个解决方案:

http://wiki.openwrt.org/doc/howto/vpn.nat.pptp

简单来说就是装个:
opkg install kmod-ipt-nathelper-extra

如果以上导致所有客户端都不能拨号,尝试:
opkg install kmod-ipt-conntrack-extra kmod-nf-conntrack-netlink
opkg install libnetfilter-conntrack

 
非常奇怪的问题,我很郁闷,花了我很多时间找问题。

openwrt 配置 repeater的几个关键点

openwrt 版本

Linux OpenWrt 3.9.11 #1 Sat Jul 27 00:14:43 PDT 2013 mips GNU/Linux
Atheros的网卡

首先,要设置虚拟局域网
/etc/config/network
添加一个wwan,也就是wireless wan

config interface 'wwan'
        option proto 'dhcp'

其次,要设置防火墙
/etc/config/firewall
将刚才的wwan添加到wan这个zone里面去

 config zone
        option name             wan
        list   network          'wan'
        list   network          'wwan'
 最后,在设置sta的无线网络
/etc/config/wireless

config wifi-iface
        option device   radio0
        option network  wwan
        option mode     sta
        option ssid     wireless-ssid-xxxx
#       option encryption wep
#       option encryption none
        option encryption psk
        option key passwordxxxx

然后重启网络
/etc/init.d/network restart
这条命令会重启 核心网络,dhcp,firewall,无线网络,基本上等于重启系统了。

总结一下,我觉得原理是这样的,先要创建一个wwan的网络,这个名字可以随便写,写成wwan1,wwan2都行,只要在相应设置里面对应起来就可以,最关键的是,这个新建的网络要加入到防火墙的wan这个zone(区域)里面,防火墙定义了内网和外网怎么沟通,这些桥梁搭建好了之后,才是用无线网卡的sta(也就是station模式)做repeater中继。

接下来,有几个问题
现有的有线外网(wan)和无线外网(wwan)是否可以做流量合并?nwan?
是否可以创建多个无线外网(比如wwan1,wwan2),并且把它们都合并?

参考:https://forum.openwrt.org/viewtopic.php?id=39077



Wednesday, March 13, 2013

批量ping脚本

有时候为了确认局域网哪些机器是活动的,需要用到批量ping,下面是脚本:

#!/bin/bash
ip=$1
for i in `seq 1 255`
do
# set ping timeout to 1 sec
  ping $ip.$i -c1  |grep "64 bytes from"
 done


保存,命名为rangeping, 放到/usr/bin,然后
chmod +x /usr/bin/rangeping

这样只需要运行:
rangeping 192.168.1

就能把192.168.1.1~192.168.1.255 ping个遍历,并且只输出活动的设备,每行一个
输出结果如下:

64 bytes from 192.168.1.1: icmp_seq=0 ttl=64 time=15.533 ms
64 bytes from 192.168.1.4: icmp_seq=0 ttl=128 time=13.152 ms
64 bytes from 192.168.1.5: icmp_seq=0 ttl=128 time=14.160 ms
...

如果只想输出ip地址,那么:

rangeping 192.168.1 |  awk '{print $4}'

输出就是:

192.168.1.1
192.168.1.4
192.168.1.5

如需要将这些输出保存为文本,运行下面即可:

rangeping 192.168.1 >> report.txt


END.

Tuesday, January 22, 2013

Jailbreak iPhone,Linux, OS X, Shadowsocks-nodejs, PAC, GFW, 翻墙

My last blog talked about getting through the GFW with Shadowsocks python version on a jailbreak iPhone, this time, i'm going to talk about a better alternative, Shadowsocks-nodejs, here we go:


How does it work?


  • Create a Socks 5 proxy inside the iPhone with Shadowsocks-nodejs.
  • Create a PAC file inside the iPhone to tell which connection goes Proxy and which one goes Direct.
  • Create a bash script to add website to PAC file, so we don't need to edit the file maunally.
  • Assign the PAC file to WiFi and 3g/edge/gprs network.
  • PAC on iPhone is a system wide proxy, it will work for all apps.

How we gonna make it?

1 Create a Socks 5 proxy.


  • Go get the Shadowsocks-nodejs code and config it, see the project homepage.
  • on the server side, we need to get nodejs installed, find it at nodejs.org, and run:
nohup node server.js > /dev/null 2>&1 &
  • on the iPhone side, we  also need to install nodejs, find it in cydia store, the version should be 0.6.14, it works like a charm, after we got it, run inside iPhone:
nohup node local.js > /dev/null 2>&1 &
  • now we  have a running Socks 5 proxy inside iPhone, for example, 127.0.0.1:9090

2 Create a PAC file.


  • A basic PAC file is something like this:

function FindProxyForURL(url, host) {  // this is the beginning of PAC file

var XXGFW = "SOCKS 127.0.0.1:9090"; // this defines a variable to look clean and easy to modify

if (
isPlainHostName(host) ||
shExpMatch(host, "*.local") ||
isInNet(dnsResolve(host), "10.0.0.0", "255.0.0.0") ||
isInNet(dnsResolve(host), "172.16.0.0",  "255.240.0.0") ||
isInNet(dnsResolve(host), "192.168.0.0",  "255.255.0.0") ||
isInNet(dnsResolve(host), "127.0.0.0", "255.255.255.0")) {

return "DIRECT";

} // this tells all local site to go DIRECT

if (
//added by hand
dnsDomainIs(host, "gmail.com") ||
dnsDomainIs(host, "blogger.com") ||
dnsDomainIs(host, "blogspot.com") ||
dnsDomainIs(host, "appspot.com") ||
dnsDomainIs(host, "bit.ly") ||
dnsDomainIs(host, "wikipedia.org") ||
dnsDomainIs(host, "twitter.com") ||
dnsDomainIs(host, "facebook.com") ||
dnsDomainIs(host, "google.com.hk") ||
dnsDomainIs(host, "youtube.com")) {

return XXGFW;

} // this tells the listed websites to go our Socks 5 proxy, "||" means OR

else {

return "DIRECT";

} // this tells everything else to go DIRECT

} // this is the end of PAC file

  • Save the above code to autoproxy.pac (for example) and move it to /var/root/ inside the iPhone, and run:

sudo chown mobile:mobile /var/root/autoproxy.pac
sudo chmod 777 /var/root/autoproxy.pac


3 Create a bash script to add website to PAC file

  • Now we got a working PAC, next we need to create a bash script, so that we can add any GFWed website into this PAC file, the script is like this:
#!/bin/bash
domain=$1
ed -s /var/root/autoproxy.pac << EOF
/\/\/added by hand/a
dnsDomainIs(host, "${domain}") ||
.
w
EOF
  • Save it and name it as agfw, move it to /usr/bin and give it the ability to excute:
sudo chmod +x /usr/bin/agfw
  • To run this script, we need to install ed in cydia store, once we find a website that is blocked by GFW, take the newly GFWed github.com for example, we can add it to PAC file just by running:
agfw github.com
  • Go and check the autoproxy.pac, we'll see that github.com is in there. Now we can view github.com with any  iPhone apps. We can add any website we want to the PAC file with this script, just a single command, it's pretty awesome :)

4 Assign the PAC file to WiFi and 3G/EDGE/GPRS network


  • For WiFi, go to Settings > WiFi > Your connected WiFi > HTTP Proxy > Auto, fill it with:
file:///var/root/autoproxy.pac
  • For  3G/Edge/GPRS, we need to edit the following file with iFile:
/var/preferences/SystemConfiguration/preferences.plist
  • Add the following colored code to the correct position of the this file:
<string>com.apple.CommCenter (ip1)</string> 
</dict> 
<key>Proxies</key> 
<dict> 
<key>ProxyAutoConfigEnable</key>
 <integer>1</integer> 
<key>ProxyAutoConfigURLString</key> 
<string>file:///var/root/autoproxy.pac</string> 
</dict>
 <key>UserDefinedName</key> 
<string>com.apple.CommCenter (ip1)</string>
  • Save and reboot to make it work.


What we got?


  • The proxy will work 24/7 as long as our VPS server works 24/7, always online, no login needed (compared to ssh tunnel & VPN), it just forwards GFWed connection to the server and get feed back.
  • This is the best solution for iPhone to make us feel that GFW seems not existed.
  • Gmail Push goes normal (in seconds) after i put main google domains into the PAC file, even when iPhone is sleeping.
  • The PAC file, the Socks 5 proxy and the Bash script that is used to add website to PAC file are all inside iPhone, once we found a website we can't open, just open Mobileterminal.app (which can be found on cydia store), run agfw balabala.com, done! pretty simple.
  • This solution also works for Linux and OS X client, because iOS is a lite version of OS X :)
END
Follow me @cattyhouse