At home there are usually a lot of devices using the internet. Unwanted advertisments Unerwünschte Werbung kann man mit diversen Browserplugins in einem can be suppressed with browser plugins but this requires to install a pugin on every device - multiple tablets, multiple smartphones, multiple laptops and multiple desktops.

Everybody running a server on a Raspberry with an open internet connection should protect against unauthorized access. There are various ways to protect. An additional protection is to restrict access to the Raspberry to specific IP ranges. The easiest way to do this is by using geoip and iptables and allow access from IPs from your country only. Actually this makes sense only if the server is used by you only and is no open server for everybody (owncloud, seafile, ...).

Just execute following steps in order to install geoip on Raspbian Stretch:

1) Install the xtables-addons

sudo apt-get install raspberrypi-kernel-headers

wget http://downloads.sourceforge.net/project/xtables-addons/Xtables-addons/xtables-addons-2.14.tar.xz
tar xf xtables-addons-2.14.tar.xz
cd xtables-addons-2.14
./configure
make
make install

2) Create a file /usr/local/bin/installGeoIP.sh and insert following code

#!/bin/bash
set -euo pipefail

set +e
if ! dpkg -l xtables-addons-common >/dev/null ; then
        apt install xtables-addons-common
fi
if ! dpkg -l libtext-csv-xs-perl >/dev/null ; then
        apt install libtext-csv-xs-perl
fi
set -e

if [ ! -d /usr/share/xt_geoip ]; then
        mkdir /usr/share/xt_geoip
fi

geotmpdir=$(mktemp -d)
csv_files="${geotmpdir}/GeoIPCountryWhois.csv ${geotmpdir}/GeoIPv6.csv"
OLDPWD="${PWD}"
cd "${geotmpdir}"
/usr/lib/xtables-addons/xt_geoip_dl
/usr/lib/xtables-addons/xt_geoip_build -D /usr/share/xt_geoip ${csv_files}
cd "${OLDPWD}"
rm -r "${geotmpdir}"
exit 0

3) Make this file executable and invoke it

chmod +x /usr/local/bin/installGeoIP.sh

installGeoIP.sh

4) Add iptables rules to accept IPs from US and Germany

Example:

iptables -A INPUT -m geoip --src-cc DE,US -m conntrack --ctstate NEW -j ACCEPT

 

Issues

If you get iptables: No chain/target/match by that name. error messages test whether the xtables_addons are installed correctly

modprobe -c | grep x_tab

should display a long list of modules.

modprobe xt_geoip

Should succeed.

depdmode -a

may also help to fix the issue.

 

References

Maxmind geoip

GeoIP based filtering with iptables

Linoxide: Block IP from countries using Geoip

Netfilter: geoip howto

Xtables-addons (source code)

Blocklist ipsets

How to install kernel headers

Linxu headers rpi from mhieenka
Solved: iptables & geoip

rpi-source wiki

Every Raspberry beginner starts with a NOOBS image, which is listed by raspberry.org first as the suggested image to use (See https://www.raspberrypi.org/downloads/)

NOOBS allows to start different operating systems which is useful when you want to evaluate the different alternatives to decide which is the right one for you. Unfortunately most of the people continue to use NOOBS when they have decided which OS to use. But that's the point to setup a new image with only one operating system.

Why?

NOOBS is no normal Linux system and has various quirks which causes a lot of headache sooner or later. If you ask for help if you have issues with NOOBS there is low probability you will get any responses. All experienced Raspberry users don't use NOOBS. As soon as you have decided which OS to use setup a new image and don't use NOOBS any more. This will make your life much easier when using your Raspberry.

raspiBackup supports NOOBS images in partitionorientierted backupmode . For production like systems it's suggested to create a single operating system image and backup this with raspiBackup in normal backup mode. the normal backup mode is also able to save an external root partition.

I just wanted to get nfs up and running on my Raspberry Jessie and got the uggly error message. Root cause is the nfs-server starts before rpcbind. If you restart the nfs-server after boot it will work. But will not work again after reboot. Following page describes how to get this fixed.

There are various reasons (performance, space, ..) why you want to move your root partition from your Raspberry sd card to an external device like an USB disk or USB stick. You can do it manually or use a small script to achieve this.

If you want to clone a SD image which was created on a Raspberry Pi and use the cloned SD on another Raspberry you have to execute one important additional step. Otherwise the Raspberry starting with the cloned SD card will not get a network connection.

To learn to use threading in Python you have to have a concrete problem to solve. Just use Raspberry Pi to connet 6 LEDs and manage them via GIO. On the following pages I describe how to customize my sample program to simulate tarffic lights. You also find a video which shows the program in action and a download link for the sample program.

 

The Raspberry Pi is a nice system which is used a lot of time to provide server services to be accessible from worldwide. That's Owncloud, a HTTP server, seafile or other services..

A VPN is the right way to access the server in a secure way. But if you want to give a lot of people access there is no way other than to allow access direct from the internet. Usually you use a DMZ for this but that's a feature a normal home router doesn't have. But now you should protect the Raspberry from internet access as far as you can and also protect your home network from access from the pi server when an intruder managed to get access to the pi. But note: If an the intruder managed to get root access then the iptables firewall can be turned off very quickly. So it's very important to get SW updates on a regular base.

Following article describes how to configure an iptables firewall to protect it from unauthorized access from the internet and to protect a local home network to be attacked from the server - just in case.

Owncloud has a very poor performance on Raspberry Pi. But seafile runs very fast if running on nginx. There exist already a lot of instructions how to install seafile on raspberry so you will find links to these website on the following page which I used to install seafile. In addition I wrote down the sequence of steps I executed. It's primaily a combination of the various installation instructions which I found. My config files of seafile running with nginx can be downloaded as sample config files for your convenience. In addition there is a startscript for /etc/init.d available which starts seafile all the time when Linux ist started and and stops it when it's shut down. 

Characteristics of the seafileserver: foo.no-ip.org is used as external dns name, nginx (no apache), runs on secure https port and offers webdav services.

Raspberry Pi usually runs Linux (raspbian oder raspbmc). Linux allows to mount various external data sources. Following protocols are used commonly: SAMBA: smbfs/cifs, NFS: nfs, SSH: sshfs, FTP: cupsftp and Cloudspace: webdav/davfs. Following article explains with sample config files how to get access to these different datasourecs on the Raspberry Pi.

Raspberry Pi runs with Raspian, a Debian compiled for ARM architecture. Pi has an ethernet adapter and usually also an USB WLAN adapter is attached in order to be able to access Pi wireless. Given this hardware you can use the Raspberry Pi as an ethernet to WLAN bridge and/or as an access point with a cable connection. The following article explains how to create an ethernet to WLAN bridge on Debian and Raspberry Pi running Raspbian but will work also on other Linux distributions.

Subcategories