Rant: IRS Scam Phone Calls

Normally I ignore these calls as they are the scum of the earth and don’t deserve my time.  Today however I am expecting a call from a service tech from any possible phone number and thus I have to listen to any calls that come in today to make sure I don’t miss the call.  Sadly this has me trolling through the voicemails that I just ignored entirely.  I am just amazed that people fall for these types of calls all the time that makes these scams popular.

Here are some scam calls that hit my voicemail, so those that like to take revenge on them. Light them up on the phone system if they are still active.

Continue reading

Hits: 8

Follow up: Docker + Synology

As a follow up to my previous post as curiosity got the better of me.  I decided to see how difficult it would be to set up MariaDB/Grafana/NodeRED on my Synology 1815+.  Come to find out it is not that difficult to do so once you figure out the quirks of the UI you have to use.

Here is how to setup docker like I have but in a Synology system.

Continue reading

Hits: 36

Monitoring my cable modem signal levels for problems

Screenshot of grafana showing modem stats for past 7 days (2020/09/11)Recently I got the itch to learn something new and I chose to explore Grafana. Of course, I needed something to graph or make a dashboard out of. So I pondered for a while and during that time I had some trouble with my internet connection. This of course had me looking at my cable modem stats page and that’s where I found my inspiration. So many numbers that are a point in time snapshot that I wished I had a historical graph of. So I set about figuring out how to install Grafana in docker and pull the data in. I quickly found that grafana is a display thing and not a collector and display. This meant that I had to collect the data and store it so that grafana could display it. For this, I figured I could store it in MariaDB, as using that in grafana looked simple enough. The problem I had was getting the data off of the modems stats page. I plinked around with a bash script and a python script, neither did that great for me. About this time I remembered that nodered has some power to it and tried that. I managed to pull the data and store it into MariaDB via nodered. I then managed to display the data via grafana and was rather satisfied with myself.

I have written instructions on how to do this for an SB6183, it might work on an SB6190 with a bit of editing to support the extra channels in grafana.  Any other modem you will have to figure out the HTML and how to slice it up and make possibly major changes to the NodeRED flow and possibly the database.

Continue reading

Hits: 34

SELinux – From Disabled to Enforcing and fixing the headache with it

I ran into an issue re-enabling SELinux on my little fleet of CentOS 7 boxes in my home lab.  Basically when I installed them I had disabled SELinux at install and thus enabling SELinux was causing all the systems to freeze up after a reboot.

A little googling/digging around mailing lists.  I stumbled upon a post that gave a perfect answer to fix the problem I was having.

# setenforce 0
# yum remove selinux-policy\*
# rm -rf /etc/selinux/targeted /etc/selinux/config
# yum install selinux-policy-targeted
# yum install selinux-policy-devel policycoreutils-gui  *** Only if these were removed byt the yum remove.
# touch /.autorelabel; reboot

Basically temporary disable SELinux, remove selinux-policy*, remove the old targeted dir and config file, and re-install selinux.  Followed by the usualy autorelabel and reboot.

The only thing I would add would be to check your network and ifup the interface after setenforce 0.

Hits: 19

Part 5: Bonus! Use ZeroTier as mobile VPN.

Here is a bonus post. I am not going to go into deep details but should be enough to give a good idea on how to do this.

First thing I would suggest creating a second zerotier network from the routed LAN for all the mobile devices.  I would make sure the IP subnet is different than anything else, so following example, 10.10.0.0/24 for example.  Next set the range to .10-250 of the last octet under advanced.  The reason for this is we are going to set a bit on the routervms and turn them into nat routers on their own IPs.  Also use one of the higher ips (say .254 perhaps?) as floating IP between the VMs.  This way when we route, we route to the .254 and if something having problems, just move the .254 to another host and count to 30 and things should work again.

Now what will make this work for the clients.  You need to add routes in the zerotier network.  You can do two options and I will give comments on each.

  1. Add
    • 0.0.0.0/0 via 10.10.0.254
    • This is the most common most people would use.  It is a simple common route to push for default route to send everything.  The problem I ran into is not everything can take a default route like this out of the box.  So I gamed the system with the next one.
  2. Or Add
    • 0.0.0.0/1 via 10.10.0.254
    • 128.0.0.0/1 via 10.10.0.254
    • The reason this works is we can push two routes and neither is technically default.  The reason why this works is that they are more specific.  This means these routes would be picked over the default in most cases.

At this point it is time to edit all the routervms to enable nat routing and put the IPs on them.

      1. Join the routervms to the new VPN network
      2. Run the following to disable routes pushing to the routervms (that would cause some problems for routing).
        • sudo zerotier-cli set <network> allowManaged=false
          sudo zerotier-cli set <network> allowGlobal=false
          sudo zerotier-cli set <network> allowDefault=false
      3. Edit /etc/sysctl.conf and add the following to the bottom
        • net.ipv4.ip_forward = 1
      4. Edit /etc/sysconfig/iptables
        • *nat
          :PREROUTING ACCEPT [0:0]
          :INPUT ACCEPT [0:0]
          :OUTPUT ACCEPT [0:0]
          :POSTROUTING ACCEPT [0:0]
          -A POSTROUTING -o eth0 -s 10.10.0.0/24 -j SNAT --to-source eth.ip.goes.here
          COMMIT
          *filter
          :INPUT ACCEPT [0:0]
          :FORWARD DROP [0:0]
          -A FORWARD -i zt+ -s 10.10.0.0/24 -d 0.0.0.0/0 -j ACCEPT
          -A FORWARD -i eth0 -s 0.0.0.0/0 -d 10.10.0.0/24 -j ACCEPT
          :OUTPUT ACCEPT [0:0]
          COMMIT
      5. Now add .1-? to the routervms network configs.  So one gets .1 and another gets .2 and so on.  This way when they get rebooted they at least show up on the network.
      6. Now add .254 to only one of the routervms via,
        • ip addr add 10.10.0.254/24 dev <gobblygook network interface>

If everything was done right (and I did not skip a step) you should now be able to join a new device and approve it for your network.  It should then start sending all its traffic to the designated routervm and hopefully have interent connectivity.

Now the real reason for sending all traffic to the .254 and having it as a secondary ip.  I have yet to try to configure this but it should be possible to setup heartbeat or pacemaker to control the .254 address.  So that it auto moves for you between the hosts as the fail on the network.  Thus ensuring you will always have access across the “VPN”.

Hits: 45