With my subscription to XS4ALL, I received a Thomson Speedtouch 716 ADSL/Wifi router, currently running software release 6.1.9.6. Behind that router, I have a Linux server which serves as the webserver for the blog you’re reading right now, as well as my mailserver and a few other things. The Linux server also acts as a firewall for the rest of my network:

As you can see, the ADSL router and anything connected to it through the WiFi is considered untrusted: the real access point to my internal network is the Linux machine.

Among other things, the Speedtouch has the ability to support Voice-Over-IP by attaching an analog phone. Unfortunately, this functionality does not work in combination with the “assign public IP to a machine on the local network” setting. Which is a pity, because behind the router is my Linux server, running a web- and mailserver among other things, and I really want that server to have my public IP address. Partly because having the server NATted could cause problems with mail, in particular, in the sense that when I send out mail to another server, some suspicious spamblocker software may take offense if the address reported in the headers of my outgoing mail does not match my actual IP. But mostly because having a web/mail/FTP/whatever server hidden behind a NAT, just feels wrong.

(more…)

My shiny new Nokia N810 Internet Tablet arrived this week, and I like it!

(Bias alert: my friend Dirk-Jan works for Nokia in Finland as a project manager on the N810, so that made me a little more interested in this gadget than I would otherwise have been.)

(more…)

This post is not going to contain any original insights into the spam problem, but I need to vent a bit. And, as the title suggests, apparently the news still hasn’t reached all the people it needs to reach, so maybe it won’t hurt to repeat it again.

So yesterday, as happens every couple of months, a spammer somewhere in Pakistan decided to randomly pick the mwolf.net domain as the fake ‘from’ address for his various unsavoury commercial offerings. Which means, of course, that I get a few hundred bounces from well-meaning but naive mailservers, configured by well-meaning but naive admins. (more…)

In response to my article about using the recent IPTables module to fight brute-force password attacks, based on an idea from Andrew Pollock, a reader worked out the idea into a complete firewall script, with configurable whitelisting, the ability to block multiple ports, and several other enhancements. Read his post for the details.

You can download his firewall script here. You can contact the author at the address meetscott at the domain netscape.net.

It took me a while, but I got my XS4ALL UMTS subscription through their “mobile connect card”, working under Linux.

I started out, of course, with the procedure described here. That worked to the point that I was succesfully authenticated and connected to the network, but then PPPD immediately complained that the modem hung up.

(more…)

After I left my previous job I was in the market for a new laptop, so after a bit of searching I purchased a Sony VAIO SZ2XP. I’m very happy with it, although every now and then I get some doubts over whether I should have bought the TX model instead. Either way, it’s a beautiful machine, very lightweight (1.65kg) but it feels sturdier than most laptops I’m familiar with (not including those 17″, 4kg desktop replacement beasts). Very good specs, and it’s pretty much the only laptop I could find with both a PCMCIA and a PC-Express slot, which was an important criterion for me.

(more…)