Junio 23

Turn an old laptop into an AirPlay receiver with Shairport and Ubuntu Server

The steps in this tutorial are designed to allow an old laptop with Ubuntu server – without any desktop environment installed – to output audio through the headphone jack, while acting as an AirPlay receiver for iPhones, iPads, and Macs.

The steps in this tutorial work with newer versions of Ubuntu server, all the way back to the 10.04.4 LTS release. The 10.04.4 release may be a good choice if your laptop is very old, since it’s lightweight and runs well on older hardware with little RAM. However, be aware that support for this version will be dropped in 2015.

You don’t need to select any additional packages during the installation, such as server or desktop – all the following commands work no matter how you configured your installation.

You’ll need to have an Ethernet cable connected to the laptop during the initial installation steps. If you would like to use the laptop with WiFi once the initial configuration is done, there are additional steps at the end of this tutorial describing how to enable the WiFi adapter to automatically connect to your WiFi network upon startup.

First, download a server version of Ubuntu from the Ubuntu website.

ENABLE THE AUDIO HARDWARE

To get audio working, the Alsa libraries have to be installed, and then PulseAudio has to be installed and configured.

Alsa:

sudo apt-get install alsa-utils alsa-oss libasound2 libasound2-plugins alsamixer

PulseAudio:

sudo apt-get install pulseaudio pulseaudio-utils

Configure PulseAudio to run as a service, so that local logon is not required:

Edit /etc/default/pulseaudio:

sudo nano /etc/default/pulseaudio

 

Add/change the following two settings in /etc/default/pulseaudio:

PULSEAUDIO_SYSTEM_START=1
DISALLOW_MODULE_LOADING=0

Start the PulseAudio service (or reboot):

sudo service pulseaudio start

 Run the following command to set the volume levels for the sound devices in the system:

alsamixer

Test that playback is working with the following command:

sudo aplay /usr/share/sounds/alsa/Front_Center.wav

INSTALL SHAIRPORT

Install git:

sudo apt-get install git-core

OR

sudo apt-get install git

Install the perl libraries in order to build perl SDP extensions:

sudo apt-get install avahi-utils libmodule-build-perl libio-socket-inet6-perl libao-dev libssl-dev libcrypt-openssl-rsa-perl libwww-perl pkg-config

Use git to clone the perl-net-sdp project:

git clone https://github.com/njh/perl-net-sdp.git perl-net-sdp

perl perl-net-sdp/Build.PL

sudo perl-net-sdp/Build

sudo perl-net-sdp/Build test

sudo perl-net-sdp/Build install

 Use git to clone the Shairport project:

git clone https://github.com/hendrikw82/shairport.git
cd shairport
sudo make install
sudo cp shairport.init.sample /etc/init.d/shairport
sudo chmod a+x /etc/init.d/shairport
sudo update-rc.d shairport defaults

 

Edit the /etc/init.d/shairport file with the name you want your AirPlay receiver to have:

sudo nano /etc/init.d/shairport

Find the following line in /etc/init.d/shairport and add -a name:

DAEMON_ARGS=”-w $PIDFILE -a AirPlayName”

Start the Shairport service with the following command (or simply restart):

sudo service shairport start

Check your AirPlay options on your iPhone, iPad, or Mac. You should see your laptop listed!

If you have any trouble getting the sound to work, check the Ubuntu documentation pages here (older versions) and here (newer versions).

OPTIONAL: WIFI NETWORK CONFIGURATION FOR UBUNTU SERVER

These steps configure your laptop to connect to your WiFi network at boot, so that you don’t have to have an Ethernet cable connected for AirPlay functionality.

You will need to have drivers installed for your WiFi card. They may already be included in Ubuntu, but if necessary, more information is available in the Ubuntu documentation.

Install wifi tools, wavemon, and the wpa_supplicant package:

sudo apt-get install wpasupplicant wireless-tools wavemon

Create the wpa_supplicant.conf file containing a hashed version of your WiFi network password:

sudo wpa_passphrase <NetworkNameSSID> <Password> >> /etc/wpa_supplicant/wpa_supplicant.conf

Edit the /etc/wpa_supplicant/wpa_supplicant.conf file:

sudo nano /etc/wpa_supplicant/wpa_supplicant.conf

It should look something like the following – the values below are for a WPA2 network. Check thewpa_supplicant.conf documentation for connections to other kinds of WiFi networks:

ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=netdev

network={
    ssid="YourSSID"
    scan_ssid=1
    proto=WPA2
    key_mgmt=WPA-PSK
    pairwise=CCMP TKIP
    group=CCMP TKIP
    priority=5
    psk=ThisIsTheHashedPasswordGeneratedEarlier
}

Edit /etc/network/interfaces with values for your WiFi adapter. The example below uses wlan0 – if you have more than one WiFi adapter, you may have to specify wlan1 or wlan2 instead of wlan0.

# The wireless network interface
auto wlan0
iface wlan0 inet manual
wpa-roam /etc/wpa_supplicant/wpa_supplicant.conf
iface default inet dhcp

Issue the following command to bring up the WiFi adapter:

ifup wlan0

Check to see if you’ve connected and received an IP address with the following command:

ifconfig

Use wavemon and iwconfig to view information about your WiFi connection:

wavemon
iwconfig

If everything is correct, restart your computer, and make sure that the WiFi network started automatically.

Category: ENTERTAINMENT | Los comentarios están deshabilitados en Turn an old laptop into an AirPlay receiver with Shairport and Ubuntu Server
Junio 9

CISCO ASA TCP SYN CHECKS

In certain circumstances you may wish an ASA not to inspect the TCP SYN flags of packets. This is usually the case if the device will not see the return traffic, such as in the following example:

TCP State Bypass ASA

To do this, we need to first of all create an access-list containing the destination IP range we’e going to exclude from TCP SYN checks. This is an extended acl that you’ll likely have plenty of:

same-security-interface permit intra-interface
sysopt noproxyarp inside

access-list NoSYNChecksACL extended permit tcp 172.16.0.0 255.240.0.0 172.16.0.0 255.240.0.0 log disable

Next up we create a class map to identify packets based on the ACL we’ve created:

class-map NoSYNChecksCM
 match access-list NoSYNChecksACL

With our ACL and Class Map created we now need to decide what should happen to these packets to which we don’t see the return traffic. We’re going to tell the ASA to bypass TCP state checks ( SYN / ACK ) for traffic matching our class map.

policy-map NoSYNChecksPM
 class NoSYNChecksCM
 set connection timeout idle 0:15:00
 set connection advanced-options tcp-state-bypass

With that done, all we need to do is apply the policy to an interface:

service-policy NoSYNChecksPM interface Inside

Any traffic sourced from the inside interface, destined for addresses matched by our ACL will now not be subject to TCP state checks.

Category: CISCO | Los comentarios están deshabilitados en CISCO ASA TCP SYN CHECKS
Junio 5

Cisco ASA to Play Nice with Asymmetric RoutingPrint

Some day you might find yourself in a situation where you have an ASA device protecting an asymmetric network. This is a problem for ASA as it can only see one half of the connection, the other half being routed to the destination through a path that doesn’t involve the ASA. Now, this is not a recommended practice, but in 8.2(1) you can bypass the connection state check that the ASA performs to get asymmetric traffic through the firewall.

Below is an example of a policy that enables TCP State by-pass for an internal network, 10.1.1.0/24.

ASA(config)#access-list STATE_BYPASS_ACL extended permit tcp 10.1.1.0 255.255.255.0 any
ASA(config)#class-map STATE_BYPASS_CMAP
ASA(config-cmap)#match access-list STATE_BYPASS_ACL
ASA(config-cmap)#description "TCP traffic that bypasses stateful firewall"
ASA(config-cmap)#exit
ASA(config)#policy-map STATE_BYPASS_PMAP
ASA(config-pmap)#class STATE_BYPASS_CMAP
ASA(config-pmap-c)#set connection advanced-options tcp-state-bypass
ASA(config-pmap-c)#exit
ASA(config)#service-policy STATE_BYPASS_PMAP interface inside
ASA(config)#object network OBJ-10.1.1.6
ASA(config-network-object)#host 10.1.1.6     
ASA(config-network-object)#nat (inside,outside) static 192.168.1.6

 

Category: CISCO | Los comentarios están deshabilitados en Cisco ASA to Play Nice with Asymmetric RoutingPrint
Junio 5

TESTING

There are 2 ways to make it work:

1.  Easy way:
Point the gateway of all Local PCs to 192.168.1.2 (Local Router) instead of 192.168.1.1 (ASA5505)
Then add :” ip toute 0.0.0.0 0.0.0.0 192.168.1.1″ on Local Router (for Internet browsing).
2.  Fun way:
asa(config)#same-security-traffic permit intra-interface
asa(config)#static (inside,inside) 192.168.1.0 192.168.1.0 netmask 255.255.255.0 norandomseq nailed
asa(config)#static (inside,inside) 192.168.2.0 192.168.2.0 netmask 255.255.255.0 norandomseq nailed
asa(config)#no sysopt noproxyarp inside
asa(config)#failover timeout -1

Category: CISCO | Los comentarios están deshabilitados en TESTING
Junio 5

Cisco ASA Asymmetric Routing Configuration


When an interface that is not in an ASR group receives a packet that it does not have an established connection for, it will normally drop it. However, when an interface is in an ASR group, the ASA checks the connection information for all other interfaces in the same group. If the ASA finds another context that has connection information that would match the received packet, the Layer 2 header information is rewritten and the packet is redirected to the appropriate context for processing.

 

TCP State Bypass

Specifically for TCP-based connections, disabling stateful TCP checks can help mitigate asymmetric routing. When TCP state checks are disabled, the ASA can allow packets in a TCP connection even if the ASA didn’t see the entire TCP 3-way handshake. This feature is called TCP State Bypass (introduced in ASA 8.2).

ASA(config)# access-list tcp_bypass extended permit tcp 192.168.1.0 255.255.255.0 any
ASA(config)# class-map tcp_bypass
ASA(config-cmap)# match access-list tcp_bypass
ASA(config-cmap)# policy-map tcp_bypass_policy
ASA(config-pmap)# class tcp_bypass
ASA(config-pmap-c)# set connection advanced-options tcp-state-bypass
ASA(config-pmap-c)# set connection timeout idle 0:10:00
ASA(config-pmap-c)# service-policy tcp_bypass_policy inside

Category: CISCO | Los comentarios están deshabilitados en Cisco ASA Asymmetric Routing Configuration