Set up Asus router network printing on Ubuntu

Certain routers like the Asus RT-N66U have built-in network print server capability, which is an under-appreciated feature IMHO. But the settings > add printer dialog in Ubuntu 14.04 left much to be desired when it could not add the printer running behind the Asus router.

As a workaround, run the following command to get a better add-printer facility:

system-config-printer

Select Add.

Select Network Printer.

Select LPD/LPR Host or Printer.

Enter router IP (commonly 192.168.1.1) in “Host”, and LPRServer in “Queue”, and select Forward.

Choose the driver that matches the printer to add it to the system. You can now print from other applications.

 

ASUSTeK Computer Inc.-Forum- How to setup network printer in Ubuntu 12.04

 

Static routing on windows network using consumer router

I never really understood the presence of static routing on consumer grade routers. But recently, I got the opportunity to try out that functionality in office and tearing out my hair at the same time (read: networking n00b). Documenting the steps here to prevent further hair-loss.

Setup:

ISP <—> Router A [192.168.0.0/20] <—> Router B [192.168.16.0/24]

Router A
WAN IP: DHCP-assigned by ISP
Gateway: DHCP-assigned by ISP
LAN IP: 192.168.0.1
Static route: (Destination) 192.168.16.0, (Netmask) 255.255.255.0, (Gateway) 192.168.0.2, (Interface) LAN

Router B
WAN IP: 192.168.0.2
Gateway: 192.168.0.1
LAN IP: 192.168.16.1

Basically that is all for configuration on both routers for the illustrated setup. For windows machines that are directly connected to Router A [192.168.0.0/20], an incoming rule has to be added to the hosts’ firewall to allow incoming ICMP redirect packets from the Router A, assuming the firewall is enabled.

On Windows Vista and above, the following command (run as administrator) will add the rule:

netsh advfirewall firewall add rule name="enable static routing" dir=in action=allow enable=yes profile=private remoteip=defaultgateway protocol=icmpv4:5,any

In English, the command “adds a rule with name ‘enable static routing’, for the incoming direction, that allows traffic to pass, at the same time enabling the rule, for the private profile, only from the default gateway, with ICMP v4 redirect packets”. Tweak as needed.

Yes, it potentially requires configuration on the clients. A more transparent alternative is to dish out static routes to clients via DHCP server and eliminating the need to configure the firewall, but that is out of the scope of this post. Which brings me back to my original thought: if a user need to configure so many items, on both routers and clients, will it be better to provide an option to serve routes via DHCP? Without which, is this whole static routing even suitable for a home user on a home router?

Netsh Commands for Windows Firewall

DHCP option 121

Scaling the Great Firewall of China

It’s not news: China blocks a myriad of web sites which are deemed unsuitable for its citizen. But I’m not its citizen. On the occasional trips to China I suffer withdrawal symptoms from the lack of facebook, youtube and other random sites. Not to mention the epic distress suffered from keywords/URL filtering and strange results for things related to Tibet/Tiananmen (oops!).

VPN is a fine solution, but me being lazy, I prefer using softwares already present on my systems. SSH tunneling seems to fit the bill just nice. OpenSSH outside China (checked), Putty on laptop (checked), ready!

Putty

  1. Under Session, enter hostname.
  2. Under Connection > SSH > Tunnels, enter source port, select ‘Dynamic’ and click ‘Add’.
  3. Select ‘Open’ and log in with username and password.
  4. Halfway done; leave the window open.

OpenSSH (for *nix only)

    ssh -C2qTnN -D source_port_number username@remote_host.com

Browser (edit: only Firefox at the moment)

  1. Generally, look under options/preference > network > proxy to enter the address ‘localhost’ for SOCKS5 proxy using the source port number chosen.
  2. edit: (For Firefox) Enter about:config in the address bar, go (and promise you’ll be careful), enter network.proxy.socks_remote_dns in the filter bar and set the value to true.
  3. Surf on past the Great Firewall of China!

China happens to be the unfortunate example; insert country-that-does-funky-things-to-network-traffic here.

edit: Among the mainstream browsers, only Firefox allows remote DNS resolution via SOCKS proxy right now.

edit: Empirically, setting keepalive to 2 seconds on client-side seems to improve connectivity (China).

Realtek 8168 module issue

My cute little dual-core atom system (D945GCLF2) had a small hiccup with Debian. The kernel kept loading on boot the r8169 (incorrect) module for the onboard network device, which caused all sorts of weird phenomenon including, but not limited to, strange tasting coffee, distracted cats, ifconfig showing seemingly random numbers for dropped frames every time and not obtaining IP from DHCP servers occasionally.

The high-level solution is to replace the incorrect module with the appropriate one. Here goes:

  • Obtain the correct module (r8168)

Go to Realtek website and download the source for the latest driver.

Extract the archive:

tar -jxf r8168-x.y.z.tar.bz2

Prepare build environment:

apt-get install build-essential linux-headers-`uname -r`

Compile the driver source:

cd r8168-x.y.z
make clean modules && make install
  • Replace using the correct module

Before moving on, take note that removing the module for networking will disable the network interface. Which means any remote session running on the interface will be terminated.

Unload the current (incorrect) module:

rmmod r8169

Generate module dependency:

depmod

Load the correct module:

modprobe r8168

Update existing initramfs:

update-initramfs -u

If the kernel insists on loading the r8169 module, add the line blacklist r8169 into /etc/modprobe.d/blacklist:

echo blacklist r8169 >> /etc/modprobe.d/blacklist

(edited 18-07-2012, thanks to x in comments)
or, for newer distros:

echo blacklist r8169 >> /etc/modprobe.d/blacklist.conf

Hopefully all is good after going through the troubles.

p/s: My r8168.ko (Compiled for Lenny, 2.6.26-2-686) can be found under Resources.

Endpoint hinders windbg

Was playing around with symantec endpoint’s network threat protection just now. It is quite a mouthful but nothing really spectacular. In fact, certain settings actually broke compatibility with other apps. An example is the stealth mode web browsing, which broke windbg’s functionality of retrieving symbols from microsoft’s symbol servers (and probably mozilla’s).

Blames myself for being overzealous on enabling those features; should have known better. Wonder what will break next lol.

Of Jaunty and IPv6

IPv6 used to be loaded as a module prior to jaunty but is now part of the kernel (probably since somewhere in 2.6.28), so disabling it via /etc/modprobe.d/aliases doesn’t work anymore. To check if IPv6 is disabled:

cat /proc/sys/net/ipv6/conf/all/disable_ipv6

0 means IPv6 is enabled; 1 means disabled. So to disable:

echo 1 > /proc/sys/net/ipv6/conf/all/disable_ipv6

Reboot and good to go!

Nope it doesn’t work. Thanks to the heads up by jimmyjava, I proceed to verify and ipv6 continues its business as usual, regardless of /proc/sys/net/ipv6/conf/all/disable_ipv6. Gonna sit out and wait for some (kernel) updates for now…