Transparent Squid Proxy

Over the holidays, I had a user experience and attempted browser hijacking.  It appeared to have bypassed my squid proxy.   My updated configuration now sends all web access via squid.  The old firewall rules, that allowed direct access to the Internet, have been replaced with a transparent Squid proxy.  This runs on my existing Squid […]

Implementing IPv6 6to4 on OpenWRT

As the IPv4 addresses begins to run out I finally invested the time to investigate and implement IPV6. As my ISP has not yet announced availability of IPV6 addresses I chose to implement a 6to4 tunnel. This is simple to implement, and currently well supported. My external firewall is an ASUS wireless router running OpenWRT.  […]

Manual networking for KVM

I found the networking configured by libvirt (KVM) did not allow me to firewall the network as I desired.  I use Shorewall for firewalling, and DNSMasq for internal DNS and DHCP.  After a little experimentation, I found that I could configure Ubuntu to create the network.  This allows me to get a reliable firewall configuration […]

Remote Desktops with VNC and RDP

I find it useful to have a remote desktop to my Ubuntu systems.   On secure connections I have been using VNC via xinetd.  Connections with xrdp where possible, but it wasn’t launching the desktop for the connection.  For secure terminal connections, I stick with with ssh.  All these connection have a login at the start […]

Implementing DKIM with Exim

This article was updated in February 2014 to reflect changes policy and reporting options. The earlier ADSP (Author Domain Signing Practices) information has been removed. DomainKeys Identified Mail (DKIM) provides a method to confirm the origin of an e-mail. DKIM also provides some protection against tampering. Unlike SPF, this validation applies to the contents of […]

Signing Return Path Addresses with Exim

I have been receiving a fair amount of Spam from an e-mail forwarder.  They are unwilling to correct their problems.  Much of the Spam they forward is the form of bounce notifications.  Attempting to reject other Spam resulted in more notifications.  To control this Spam I implemented signed return path addresses.  As a side benefit, […]