Happy new year! :-)
(I upgraded my camera to Canon EOS 5D Mk 2 recently. I got the EF 24-105 f/4 L with it as the “kit objective”. Here is one of the few outdoors photos I have had time to take with the combo.)
Happy 2011!
Saunalahti Mobiililaajakaista with ZTE MF688 on Mac OS X: error 5370
Strange are the ways modern computers work.
I upgraded my mobile broadband about a month ago. I got a Saunalahti Nopsa (unlimited speed, unlimited data) subscription with a ZTE MF688 USB modem. I installed it to my home MacBook without any problems. Last weekend I was traveling with my work laptop (MacBook Pro), and I thought I would do the same thing, just plug in the stick and let it install the drivers and software. Well, NOT SO SIMPLE! I had plugged in the ZTE to an Edimax 3G-WLAN router, and that had most likely erased the flash drive on the stick. After Googling and calling Saunalahti helpdesk I found out that the software (*) can be downloaded from Elisa’s web site. I thought the problem was solved. Well, NOT SO SIMPLE! Elisa’s “Mobiililaajakaista” -installer for Mac OS X didn’t seem to have drivers for ZTE, only Huawei-something.
Then I went to an Elisa Shop to physically swap the stick to a brand new one, to stop the hassle. I got a new one without too much explaining. I just told it didn’t work. Good service. Plugged in the new ZTE. Now the flash drive mounted and I got my hands on a software that had the drivers for this ZTE stick. The main software installed, then it started the “setup assistant” which sets all the modem stuff etc. Well, NOT SO SIMPLE. I hit the “error 5370”. Luckily with that keyword it was possible to Google for a solution. The problem seems to be with that I have my home directory protected with FileVault?! At least some blogs claim so. That explains the difference between my home MacBook (no FileVault) and my MacBook Pro (yes FileVault). The solution is to run the setup assistant as ‘root’:
cd /Applications/Elisa/Mobiililaajakaista opastettu asennus.app/Contents/MacOS
sudo MobileManager\ Setup\ Assistant
After that, I could finally enjoy the mobile broadband. It only took something like half a day for all of this including driving back and forth to an Elisa Shop.
This software seems to be widely used by other operators too so the instructions apply to them as well. Just find the “MobileManager Setup Assistant” from
somewhere under the /Applications -folder. It may be under /Applications/Elisa, /Applications/3Connect, etc. depending on your operator.
(*) The software from Elisa is actually not the same as on the ZTE flash drive, where there’s a Saunalahti version, which has more features. Here’s the Saunalahti version from the USB stick in case you can’t find it anywhere else.
My OpenBSD firewall: pf + single ISP + multiple dynamic IPs
This is about a setting up an OpenBSD firewall, which retrieves multiple IP addresses from a single ISP, and then does “1:1 natting” or “binatting” on some of the external interfaces for certain hosts while using one interface to do “standard NAT” for the rest of the hosts. I did not find instructions on how to do exactly this, so once I have had it running for a while, I decided to share it. Hopefully you find it helpful. Thanks to other people who wrote blogs and e-mails which helped me solve some of the subproblems, the URLs of which I have already forgotten.
I am running a PC on my home network which is a dedicated firewall (including a DNS server, a DynDNS client, a DHCP server, etc.). I used to run NetBSD for years, and during the past few years I was running an OpenBSD-originated pf (Packet Filter) as the firewall code. However, I was thinking for quite some time of switching from NetBSD to OpenBSD, as the machine is primarily a firewall, and with OpenBSD I could have the latest and most likely better integrated pf, and probably even more secure OS anyway. I also wanted to see how OpenBSD differs from FreeBSD and NetBSD. So far, I have been happy.
Besides moving to OpenBSD, I updated my old 600 MHz VIA-based Mini-ITX machine to a “more standard” Intel Atom -based one. I also got four gigabit interfaces instead of two 100 Mbps on the old one. My ISP lets me have five IP addresses, but I only needed one as I run NAT. Sometimes, however, it would be good to have 1:1 mapping between an internal IP address and an external one, to get rid of port mapping of NAT. This would help e.g. playing network games with PS3 which use direct connections from peers — I could then dedicate an external address to the PS3 and do “1:1 port mapping”, yet still have the PS3 behind my firewall using an internal address only.
Besides writing out the PF configuration some patches were needed to support multiple default routes which are configured to the routing table by DHCP client. The solution is that the dhclient writes the addresses of default routers to pfs tables. The only drawback with this approach is that every time pf is restarted, dhclient needs to be restarted too to populate the tables, as the tables are flushed. But this happens so rarely elsewhere than during booting, that even I don’t care to seek for a solution to that one..
The most time consuming part was writing a proper pf.conf, so that all the rules are in correct order, and that all rules have correct options, so that all protocols work in and out, including FTP in active and passive mode. I will post my pf.conf here, with some inline comments (some of the IP addresses are changed to fake ones, however the logic is not broken). The configuration and patches have been used with OpenBSD versions 4.7 and 4.8. I have tested the configuration with Nessus and there were no security problems. So, feel free to copy them and modify to your needs.
/etc/pf.conf
Patch for /etc/rc
Patch for /sbin/dhclient.c
Patch for /sbin/dhclient-script