Tuesday, November 20, 2012

Force an application to use VPN, using iptables in Linux

Enforcing an application, for example a torrent client like Transmission, to always use the VPN interface or any particular network interface for that matter, is trivially simple using iptables on Debian, Ubuntu or any other GNU/Linux distro.
Personally, I am running Debian Sid on the Raspberry Pi. Occasionally I use it for downloading files ( legal stuff, seriously, believe me :D  ) using Transmission Bittorrent client over a VPN connection. Sometimes it happens that the VPN connection fails and doesn't reconnect for whatever reason and Transmission continues pulling stuff directly over my internet connection, which I would like to avoid. Fortunately it is very straightforward to enforce rules based on application owner UID. Transmission runs under the owner debian-transmission in Debian (use htop to check this) and the following two lines of iptables ensures that any process with owner having UID, debian-transmission, will not use any other network interface apart from the OpenVPN tunnel interface tun0

pi@sam-berry ~ $ sudo iptables -A OUTPUT -m owner --uid-owner debian-transmission -d 192.168.0.100 -j ACCEPT
pi@sam-berry ~ $ sudo iptables -A OUTPUT -m owner --uid-owner debian-transmission \! -o tun0 -j REJECT

The first line ensures that, my Mac-mini having IP address 192.168.0.100 on the lan, can always access the web interface of transmission. The second line makes sure, no outgoing traffic can leave via anything other that tun0. 
Peace of mind restored, thanks to iptables.

Wednesday, November 7, 2012

Intel 520 SSD upgrade on unibody Mac Mini - mid 2011

With the SSD prices dropping significantly in last few weeks, I couldn't resist the temptation to open up my Intel Mac Mini (unibody mid 2011 model) and pop in one.
Although, Apple prohibits users to upgrade anything apart from the RAM, I love voiding warranties. Apple uses a proprietary connector to hook up the SATA disk. Fortunately the people at Other World Computing and iFixit are selling DIY second hard disk installation kit with nicely made video tutorials. iFixit, was showing out of stock, which made my task of choosing, whom to order from, much easier. For the SSD I went with 240 GB one from the trusted and reliable Intel 520 series.
Some, Mac users were cursing at SSDs from other brands at various forums, though it wasn't very clear whether the problem was with the competence of the SSD manufactures in making their products compatible with Apple (or vice versa) or with the incompetence of the users performing the DIY upgrades! Anyway, most were satisfied with this particulars series, so I just decided to play safe. 

 The video tutorials from both the sites are pretty comprehensive, so I am not bothering to add any more jabberings! Just dumping some pics that I had taken during the process!