Send Bristol mailing list submissions to
bristol@mailman.lug.org.uk
To subscribe or unsubscribe via the World Wide Web, visit
https://mailman.lug.org.uk/mailman/listinfo/bristol
or, via email, send a message with subject or body 'help' to
bristol-request@mailman.lug.org.uk
You can reach the person managing the list at
bristol-owner@mailman.lug.org.uk
When replying, please edit your Subject line so it is more specific
than "Re: Contents of Bristol digest..."
Today's Topics:
1. The DNS Mystery is (re)solved! (Y Martin)
----------------------------------------------------------------------
Message: 1
Date: Fri, 31 Oct 2014 06:54:10 +0000
From: Y Martin <ym2013@riseup.net>
To: Bristol and Bath Linux User Group <bristol@mailman.lug.org.uk>
Subject: [bristol] The DNS Mystery is (re)solved!
Message-ID: <54533212.3040703@riseup.net>
Content-Type: text/plain; charset=ISO-8859-1
Hi
I know youre probably all bored of my DNS mystery by now, but I've
REALLY unveiled the mystery now. Honest! The DNS redirects to 10.42.0.1
were due to iptables NAT rules. Network Address Translation, ofcause! It
always seems so obvious when you know how! See below:
$ sudo iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
bitmask all -- anywhere anywhere
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
bitmask_postrouting all -- anywhere anywhere
Chain bitmask (1 references)
target prot opt source destination
ACCEPT udp -- anywhere if udp dpt:domain
ACCEPT udp -- anywhere localhost udp dpt:domain
DNAT udp -- anywhere anywhere udp
dpt:domain to:10.42.0.1:53
DNAT tcp -- anywhere anywhere tcp
dpt:domain to:10.42.0.1:53
Chain bitmask_postrouting (1 references)
target prot opt source destination
MASQUERADE udp -- anywhere anywhere udp
dpt:domain
MASQUERADE tcp -- anywhere anywhere tcp
dpt:domain
So when I would restart my computer, my PC would still revert to the old
DNS problem unless I would always run this command at startup:
$ sudo bitmask-root firewall stop
But now Ive run bitmask-root and then saved my iptables rules upon
reboot and its REALLY all back to working well again :-D
$ sudo dpkg-reconfigure iptables-persistent
Best wishes,
Yousef
-------- Original Message --------
Subject: The DNS Mystery is (re)solved!
Date: Mon, 27 Oct 2014 16:40:30 +0000
From: Y Martin <ym2013@riseup.net>
To: Bristol and Bath Linux User Group <bristol@mailman.lug.org.uk>
Hi everyone
It was nice to meet some of you AFK at the meetup last Saturday.
Because of no DNS, apt-get didnt work, so I was dreading manually
sorting all the dependencies bitmask required and then installing
bitmask itself. Even worse, a full OS reinstallation was also on the
cards! :-(
But then.. I noticed that bitmask has a standalone bundle:
https://dl.bitmask.net/linux/#install-stand-alone-bundle
I downloaded that and was excited to see the "bitmask-root firewall
stop" command was available which was said to fix internet woes. Next
thing I was dancing to the screen of successful pings to www.google.com!
Never have I been happier to see the word "google" on my screen!
What it was that it did actually remains a mystery...
Anyway, thank you all for your support and help over the past week :-)
Best wishes,
Yousef
P.S.
$ sudo pkexec /tmp/Bitmask-linux64-0.6.1-4/apps/eip/files/bitmask-root
firewall stop
bitmask-root: done
$ ping www.google.com
PING www.google.com (74.125.230.146) 56(84) bytes of data.
...
...
64 bytes from lhr08s05-in-f18.1e100.net (74.125.230.146): icmp_req=7
ttl=55 time=53.0 ms
^C
--- www.google.com ping statistics ---
508 packets transmitted, 508 received, 0% packet loss, time 507727ms
rtt min/avg/max/mdev = 24.913/43.983/55.628/6.687 ms
P.P.S
Please excuse the "DNS (re)solved" pun
Y Martin:
> There was a bitmask chain remaining but it was empty. Just to be safe I ran:
> $ iptables -X bitmask
> $ iptables -L -v
>
> This now shows that the bitmask chain has been removed but DNS still
> doesnt work :-( I wonder if I'm missing anything..
>
> But perhaps youre right and I should reinstall bitmask to make use of:
> $ bitmask-root firewall stop
>
> What is it they say about the old cure?.. 'Hair of the dog that bit you'!
>
> Dave Addison:
>> On Sunday 19 Oct 2014 12:46:52 Y Martin wrote:
>>> Hi Ian
>>>
>>> Thank you for your reply. Yes bitmask is a better implemention of
>>> encrypted communication because I believe in giving our Article 12 Human
>>> Right to privacy a healthy exercise (use 'em or lose 'em!)
>>>
>>> Sorry, I should have mentioned that I have uninstalled bitmask but the
>>> problem persists.
>>>
>>> So I am trying to find out what bitmask has changed in my DNS
>>> configuration and how to undo it :-(
>>>
>>> ohh dear, the price we pay for privacy!!!
>>>
>>> Sincerely,
>>>
>>> Yousef
>>>
>> Hi Yousef,
>>
>> Reading the web page Ian linked to, it would appear that bitmask install rules
>> into the firewall to redirect DNS queries. The web page also lists the command
>> to disable this for debugging so it should be possible to check if this is the
>> problem
>>
>> sudo bitmask-root firewall stop
>>
>> Regards
>> Dave
>>
>> _______________________________________________
>> Bristol mailing list
>> Bristol@mailman.lug.org.uk
>> https://mailman.lug.org.uk/mailman/listinfo/bristol
>>
>
------------------------------
_______________________________________________
Bristol mailing list
Bristol@mailman.lug.org.uk
https://mailman.lug.org.uk/mailman/listinfo/bristol
End of Bristol Digest, Vol 574, Issue 5
***************************************
Tidak ada komentar:
Posting Komentar