Mikeri's tech-babble

2011-09-03

How to disable click to raise in Ubuntu Linux using Compiz

One thing I have missed greatly from my days with AmigaOS back in the day is working with overlapping windows without the active window popping to front all the time. One example would be a maximizied web browser and a small window un top of it. Whenever you click on the web browser the small window will dissapear.

Under General compiz options/Focus & Raise Behaviour you can uncheck "raise on click" to get AmigaOS-like behaviour, windows will not move to front when clicking on them. To move a window to front, simply click the title bar.

Something simular would be possible with the focus on hover option but most people find that one annoying.

Labels: , , , , , , ,

2009-03-22

IPv6 with 6to4 tunneling in Debian made easy

I tried to find an easy way to implement IPv6 via 6to4 on my Debian server, but everything I found required some sort of manual intervention in the case of reboots/new IP addresses from my ISP, etc.

So I made this little init.d script using snippets from all around:

#!/bin/sh
# $Id: tun6to4 init.d script v0.1

#Change "eth1" in the following line to your own public interface:
IPV4=$(ifconfig -a | awk '/eth1/{p=1}p&&/inet addr/{sub(".*:", "", $2);print $2;exit}')

STFADDRESS=$(printf "2002:%02x%02x:%02x%02x::1" `echo $IPV4 | tr "." " "`)

case "$1" in
start)
echo -n "Starting 6to4 tunnel: "
/sbin/ip tunnel add tun6to4 mode sit ttl 64 remote any local $IPV4
/sbin/ip link set dev tun6to4 up
/sbin/ip -6 addr add $STFADDRESS/16 dev tun6to4
/sbin/ip -6 route add 2000::/3 via ::192.88.99.1 dev tun6to4 metric 1
#The following line enables forwarding from eth0
# /sbin/ip -6 addr add dev eth0 $STFADDRESS/64
echo "."
;;
stop)
echo -n "Stopping 6to4 tunnel: "
/sbin/ip -6 route flush dev tun6to4
/sbin/ip link set dev tun6to4 down
/sbin/ip tunnel del tun6to4
echo "."
;;
restart | force-reload)
$0 stop
sleep 2
$0 start
;;
*)
echo "Usage: /etc/init.d/tun6to4 {start|stop|restart|force-reload}"
exit 1
esac
exit 0

Modify the first uncommented line with your own lan interface, save the file as /etc/init.d/tun6to4 , then do a:
$ update-rc.d tun6to4 defaults
And you should have IPv6 connectivity up and running automatically. On reboots, the script should find your DHCP assigned IP-address and use it accordingly.

If you want to forward from your LAN, uncomment the commented /sbin/ip line and change eth0 to your LAN interface.

If you get a new IP address you'll have to rerun the script. Oh, and the ipv4-extractor uses awk.

Labels: , , , , , ,

2009-03-01

Blocking a user group from your internal network in Linux

I recently found out that IPtables features owner matching for TCP packets. This means you can block out packets from certain groups from accessing your local network.

In my scenario, I have a Debian server beeing a physical gateway between my local network and the outside world. Now, some of my friends also has shell accounts on this box. And while I do trust them, it's nice to know they can't access all my stuff (like open smb shares) on the local network.

So how is this done? It's dead simple when you know how. Add the following iptables rule:

iptables -A OUTPUT -m owner --gid-owner 2000 -d 192.168.0.0/24 -j REJECT

This will block gid 2000 from accessing the 192.168.0.* network. Obviously, change this for your own needs. Then add a group called guests or something with a matchind gid, I just added the following to /etc/group:

guests:x:2000:

And ofcourse link the guest users to the guest groups. You can edit /etc/group by hand or use the following command for each of the users:

usermod -g 2000 guestusername

Labels: , , , ,