Monday, March 29, 2010

Enabling IPv6 on BSD with v4 only Internet Access

Background
For those working in the ICT industry, IPv4 exhaustion is not a new issue. Google search returns a wiki page discussing this topic in lengthshttp://en.wikipedia.org/wiki/IPv4_address_exhaustion. There is even an online counter displaying the remaining IPv4 addresses available. http://www.potaroo.net/tools/ipv4/

The only formal solution to IPv4 address shortage is using IPv6, by expanding the address space from 32bits to 128bits (along with other protocol details such as fixed header length replacing options, which I shall avoid going into details).

However, the protocol was not designed to directly interwork with IPv4 (hosts and routers). This means, IPv6 is and will exist as a "parallel universe" to the IPv4 internet the majority of us as using.

I would like to setup my BSD gateway as a IPv6 router. It establishes an IPv6 tunnel over IPv4 internet, terminating at a public Tunnel Broker. The default IPv6 route on BSD is this v6 tunnel. Its NAT clients can access IPv6 contents by routing through this machine.

Finding the Program
I did a search through BSD port tree (key word "IPv6") and found several interesting programs...
- 6tunnel http://toxygen.net/6tunnel/ 2005-08-18, Allow for non-v6 hosts (v4) to communicate with v6 hosts and vice versa
"the host computer to connect to a tunnel broker using the TSP protocol and to get the information for its tunnel"
"setup IPv6 on home machine and network for exploring IPv6 without any registration".
- Sixxs http://www.freebsd.org/cgi/cvsweb.cgi/ports/net/sixxs-aiccu/pkg-descr. Released in 2005 "This is the TIC+ heartbeart client for the public dynamic-IPv4 IPv6 tunnel beta test from the SixXS tunnel service provider."
Tunneling IPv6 over UDP through NATs, RFC 4380.

There is also a great chapter in FreeBSD handbook on getting started with IPv6.http://www.freebsd.org/doc/en/books/handbook/network-ipv6.html


Being an IPv4 user, the easiest way to access IPv6 webpages is visitinghttp://www.sixxs.net/tools/gateway/, which provides "IPv4 Gateways" to access IPv6 only sites using HTTP1.1. However, I wish to bring IPv6 directly onto my laptop and netbook connected over WiFi.

Referencing the handbook again, it suggests "Use the net/freenet6 port if you are on a dial-up connection"...which will be referred to as "gogoClient" http://www.freebsd.org/cgi/url.cgi?ports/net/freenet6/pkg-descr

Reading the ports description, this program aims at assigning IPv6 address to IPv4 end-users including hosts residing behind NAT. So, I signed up for an accounthttp://gogonet.gogo6.com/page/freenet6-services. This is required to obtain the gogoClient userguide and register for tunnel credentials (required).

In gogoClient's user-guide, there are four scenarios. Scenario three interest me most as it establishes BSD as IPv6 router on IPv4 network with delegated IPv6 prefix.

Afterwards, install the program through ports:
cd /usr/ports/net/freenet6/
make; make install
The program's configuration file is "/usr/local/etc/freenet6/gw6c.conf", herewith my configuration:
template freebsd # FreeBSD Specific
server broker.freenet6.net # default value
auth_method=any
userid=your_username # Different from gogonet web login.
passwd=your_passwd
host_type=router
if_prefix=wlan0 # internal interface routing with IPv6 tunnel interface.
prefixlen=64 # value could be 48 or 60 depending on gogoServer.
tunnel_mode v6anyv4 # v6anyv4 - gogoSERVER suggest correct encapsulation to client
log_file=3 # Set maximum verbosity option for "file" log option.
log_filename=/var/log/gw6c.log # Define full path
last_server Tsp-last-server.txt # (info) last gogoSERVER with successful connection
broker_list tsp-broker-list.txt # (info) gogoSERVER list

gogoClient program is invoked through CLI "gw6c", invoked in the directory where configuration file resides.

I live in Melbourne, Australia. Invoking gw6c returns the following message:
The Gateway6 redirection list is [ taipei.freenet6.net, sydney.freenet6.net, amsterdam.freenet6.net, montreal.freenet6.net ].
The optimized Gateway6 redirection list is [ sydney.freenet6.net, montreal.freenet6.net, taipei.freenet6.net, amsterdam.freenet6.net ].
So I updated the configuration file's "server" parameter accordingly.

I initiate the program again, and looking at the log-file "/var/log/gw6c.log". I have added some comments to the excerpt of my logs:

# gogClient version is v6.0-Release
2010/03/26 23:51:44 I gw6c: Gateway6 Client v6.0-RELEASE build Mar 16 2010-22:51:10
2010/03/26 23:51:44 I gw6c: Built on ///FreeBSD HomeFreeBSD 8.0-RELEASE FreeBSD 8.0-RELEASE #0: Mon Feb 15 20:33:54 EST 2010 root@HomeFreeBSD:/usr/obj/usr/src/sys/HomeFreeBSD i386///
2010/03/26 23:51:44 I gw6c: Establishing connection to Gateway6 sydney.freenet6.net using reliable UDP.

# Negotiating tunnel parameters. Host requested to be "router" mode with /64 prefix, but received a /56 prefix.
2010/03/26 23:51:48 I gw6c: Sending: 'Content-length: 269(tunnel action="create" type="v6anyv4" proxy="no") (client) (address type="ipv4")local-public-ipv4(/address) (keepalive interval="30") (address type="ipv6")::(/address) (/keepalive) (router) (prefix length="64"/) (/router) (/client)(/tunnel)'

2010/03/26 23:51:48 I gw6c: Received: '200 Success(tunnel action="info" type="v6v4" lifetime="604800") (server) (address type="ipv4")(ipv4-address)(/address) (address type="ipv6")(ipv6-address)(/address) (/server) (client) (address type="ipv4")(ipv4-address)(/address) (address type="ipv6")(ipv6-address)(/address) (address type="dn")your_username.broker.freenet6.net(/address) (router) (prefix length="56")(local-ipv6-address)(/prefix) (/router) (keepalive interval="30") (address type="ipv6")(ipv6-address)(/address) (/keepalive) (/client)(/tunnel)'

# IPv6 interface, gif0, being created and configured locally. Sysctl parameters and wlan0 interface updated:
2010/03/26 23:51:48 I gw6c: /sbin/ifconfig gif0 create
2010/03/26 23:51:48 I gw6c: /sbin/ifconfig gif0 tunnel (local ipv4) (remote ipv4)
2010/03/26 23:51:48 I gw6c: /sbin/ifconfig gif0 inet6(ipv6-address) prefixlen 128 alias
2010/03/26 23:51:48 I gw6c: /sbin/ifconfig gif0 mtu 1280
2010/03/26 23:51:48 I gw6c: /sbin/route add -inet6 default (ipv6-address)
2010/03/26 23:51:48 I gw6c: /sbin/sysctl -w net.inet6.ip6.forwarding=1
2010/03/26 23:51:48 I gw6c: net.inet6.ip6.forwarding: 1 -> 1
2010/03/26 23:51:48 I gw6c: /sbin/sysctl -w net.inet6.ip6.accept_rtadv=0
2010/03/26 23:51:48 I gw6c: net.inet6.ip6.accept_rtadv: 0 -> 0
2010/03/26 23:51:48 I gw6c: /sbin/ifconfig wlan0 inet6 (local-ipv6-address) prefixlen 64

# Tunnel Creation success message...
2010/03/26 23:51:48 I gw6c: The host type is 'router'.
2010/03/26 23:51:48 I gw6c: The tunnel type is v6v4.
2010/03/26 23:51:48 I gw6c: Your IPv6 address is (ipv6-address).
2010/03/26 23:51:48 I gw6c: Your IPv6 prefix is (local-ipv6-address)/56.

Also note the gw6c script pushes the IPv6 default route onto BSD system. To check, use "netstat -rn".

I have not been able to find a startup configuration for gw6c program. However, I have enabled both IPv6 and IPv6 Gateway parameters in "/etc/rc.conf":
ipv6_enable="YES"
ipv6_gateway_enable="YES"

I use a Windows laptop as an IPv6 client, residing in the WiFi blanket. Its IPv6 address is set to match BSD's Wifi adapter (wlan0) IP subnet.

Now, I can access IPv6 webpages from my laptop... e.g. ipv6.google.com





Converting WiFi Adapter into 802.11g Access Point (WPA2-PSK) on FreeBSD

I originally had an ASUS WL500g Premium running on DD-WRT (released back in 2006), configured as Access Point with DHCP forwarding enabled. This allowed my laptops and iPhone at home to connect to this AP and automatically connect to the internet through BSD gateway.

I bricked this WiFi router when I did a software upgrade. At the same time, I also have two other WiFi routers at home - NetGear WNR2000 and TP-Link TL-WR740N. Both cannot be configured as WiFi Ethernet Bridge, nor have DHCP forwarding options. Also, there's no DD-WRT support.

I do not wish to add another layer of NAT for my home network, so I purchased the most economical WiFi Adapter I could find and convert it into a WiFi access point. The Adapter is TP-Link TL-WN851N (onboard PCI), running on Atheros 9280 chipset.


Configuring WiFi Access Point
From memory, the necessary kernel options for Atheros driver are already present in GENERIC file by default, so probably no further work was required... there is a chapter in FreeBSD handbook on "Wireless Network" for reference. http://www.freebsd.org/doc/handbook/network-wireless.html


Afterwards, I installed the hardware, startup BSD and the WiFi adapter was correctly recognized as "ath0":
ath0: (Atheros 9280) mem 0xfc500000-0xfc50ffff irq 5 at device 4.0 on pci5
ath0: [ITHREAD]
ath0: AR9280 mac 128.2 RF5133 phy 13.0

Then I proceeded to configure it. It was when I noted the system wouldn't allow me to provision any parameters using "ifconfig ath0". Did some research online and noted in FreeBSD 8.0, a virtual device (wlan0) has to be created prior to provisioning any WiFi configuration... which is different from previous BSD releases [http://forums.freebsd.org/showthread.php?t=11978].

Here is how I created my pseudo wireless device, wlan0. I also needed to set the option "wlanmode hostap" for it to be created as access point:
# ifconfig wlan0 create wlandev ath0 wlanmode hostap

Setting the AP to be WPA-PSK mode requires hostapd. There is an rc.d script to start this. My configuration file "/etc/hostapd.conf" is as follows:
interface=wlan0
debug=1
ctrl_interface=/var/run/hostapd
ctrl_interface_group=0
ssid=(your-ssid)
country_code=AU
hw_mode=g # I tried setting this to 802.11n, but encountered some error.
channel=0
basic_rates=60 120 240
wpa=1
wpa_passphrase=(wifi-passphrase)
wpa_key_mgmt=WPA-PSK
wpa_pairwise=TKIP CCMP

Finally, set IP interface on wlan0 and update DHCP daemon, along with other services to listen on this interface.

To startup this service when system boots, add the following to "/etc/rc.conf" file
wlans_ath0="wlan0"
create_args_wlan0="wlanmode hostap"
hostapd_enable="YES"
ifconfig_wlan0="inet 192.168.2.1 netmask 255.255.255.0 up" # Gateway

So this is how to set your WiFi adapter to become a Wireless Access Point.


After Thoughts - Usage Notes
Having used this for awhile, I must admit it is not as stable as having a dedicated Wireless router. The wireless connection would drop occassionally while "dmesg" kept displaying the message "ath0: stuck beacon; resetting (bmiss count 4)".

I found this wikipage dedicated to the stuck beacon issue. [http://madwifi-project.org/wiki/StuckBeacon]. While I have not resolved the root cause, the issue has been mitigated through running the sysctl variable: net.wlan.0.bmiss_max: 2 -> 10

Here with my setup today... 












[Jan 2012] An additional note: this wireless setting supports WPA authentication, but not WPA2 authentication. 



Thursday, March 25, 2010

Internet Connection Failover with PPPoE (DSL) and 3G USB Wireless

Prior to signing up my DSL connection, I also have 3g wireless internet access, which comes with a Huawei E220 dongle. "dmesg" confirms the BSD system can detect this dongle correctly:

ugen1.2: HUAWEI Technologies at usbus1
umass0: HUAWEI Technologies HUAWEI Mobile, class 0/0, rev 1.10/0.00, addr 2 on usbus1
cd0: HUAWEI Mass Storage 2.31 Removable CD-ROM SCSI-2 device

In addition, I have also purchased a TP-Link TD8810, 1 port DSL modem to replace the D-Link DSL modem which bricked. TP-Link modem is cheap ($39 from MSY I last checked), and is configured as an DSL bridge.

Hence, I have created two profiles in the ppp daemon configuration (/etc/ppp/ppp.conf) respectively:

dsl:
set device PPPoE:fxp0 # interface where PPPoE session is dialed out.
set authname
set authkey
set dial
set login
add default HISADDR

3g:
set device /dev/cuaU0.0
set speed 57600
set phone *99\#
set authname
set authkey
set ifaddr 10.0.0.1/0 10.0.0.2/0 255.255.255.0
set vj slotcomp off
add default HISADDR

Choose any name you like for both dsl and 3g. Note that for the 3g profile, the line "set ifaddr" is required otherwise dialing ppp gives you an "unable to create IPCP interface" error.

The ppp connection is invoked through "ppp -nat -ddial DSL/3g". Upon successful establishment, "ifconfig" would display a "tun0" interface with two IP addresses (lo0 and public IP).

Add the following to "/etc/rc.conf" so that everytime BSD starts up, it dials PPPoE out of the DSL link:
router_enable="NO" # So BSD does not removes ppp learnt default route
ppp_enable="YES"
ppp_mode="ddial"
ppp_nat="YES" # Original "natd" has been disabled.
ppp_profile="DSL"

I also wished to implement some failover feature. In case if the PPPoE session over DSL gets disconnected, the system would automatically dial out of USB dongle.

By googling failover scripts, I found a very simple script and modified it slightly to suit my needs:

#!/bin/sh
# 1. ping "www.google.com.au" five times. Count the successful pings by grepping the words "bytes from".
count=$(/sbin/ping -c 5 www.google.com.au | grep -c 'bytes from' )

# 2. if ping failed, then stop VoIP and remove "tun0" ppp interface.
# Re-dial ppp session using 3g profile, with "nat" option.
if [ $count -eq 0 ]; then
/usr/local/etc/rc.d/asterisk stop
/etc/rc.d/ppp stop
/sbin/ifconfig tun0 destroy
/usr/sbin/ppp -nat -ddial 3g
fi

I placed this into crontab and runs it once every minute or so. Not the most sophisticated script I admit, although it certainly does the job.


P.S. I have also read about "mpd" multi-protocol daemon being a good choice in implementing what I wish to achieve, and BSD has some firewall packages supporting connection failover or even load sharing (per TCP session, I suppose?). I must admit I have not look deeply into them, so any comments or ideas to improve this implementation is much welcomed.

Sunday, March 21, 2010

VoIP - Asterisk on BSD as ATA

My DSL service comes with a free SIP account as the DSL link is dedicated to data transfer. In another words, the line carries no POTS signal and I cannot plug a PSTN phone into it.

While there are lots of VoIP phones in the market costing around several hundred dollars, I decided to make use of my PSTN cordless phone sitting idle for afew years by converting my BSD system into an ATA box using Asterisk.Initially, I thought getting a modem card with a phone port would be sufficient. It just won't work, because the PSTN phone requires connection to an FXS port that feeds dial-tone and power.

PCI Card with FXS Port
I searched through some user forums and came across this china-based company called OpenVox www.openvox.cn. Openvox clones Digium (Asterisk's official telephony hardware) but is cheaper. According to their webpage, their hardware is A-tick certified hence it shouldn't be a problem using them in Australia's. Besides, I am not plugging it into PSTN, just using it to interface my own PSTN phone.

I placed my order online and received the product within a week through DHL.



















I purchased a A400P card (4 FXO/FXS PCI card) with one-port FXS (also known as TDM10B) requiring a power feed. So, I had to disconnect that from the DVD drive. Starting up BSD shows the hardware is correctly recognized:

Zapata Telephony Interface Registered on major 196
Zaptel Echo Canceller: MG2
Zaptel Version: zaptel-bsd-ng v0.0.1
wctdm0 port 0x1000-0x10ff mem 0xfc501000-0xfc501fff irq 10 at device 9.0 on pci5
wctdm0: [FILTER]
Freshmaker version: 71
Freshmaker passed register test
Module 0: Installed -- AUTO FXS/DPO
Found a Wildcard TDM: Wildcard TDM400P REV E/F (1 modules)
Registered tone zone 1 (Australia)

Afterwards I setup the hardware referencing Openvox's user manual (for Linux...). The zaptel driver was installed through ports under the directory "/usr/ports/misc/zaptel/" and I updated zaptel.conf as follows:
fxoks=1
loadzone = au
defaultzone=au # The zone list for different countries is located in zaptel/zonedata.c

Using the command "ztcfg -vvv" displayed no errors.
Zaptel Version: zaptel-bsd-ng v0.0.1
Echo Canceller: MG2
Configuration
======================
Channel map:
Channel 01: FXO Kewlstart (Default) (Slaves: 01)
1 channels to configure.

As you may notice, the zaptel output indicates a FXO port while dmesg indicated otherwise. I emailed the OpenVox support team, whom, to their credit, promptly replied and informed me this is the correct output.

Getting Zaptel/ Dahdi to work on Asterisk
I then proceeded to install Asterisk under /usr/ports/net/asterisk, version 1.4.x. Upon installation, I noted the "zap show channels" command not found.

I searched through several forums. One suggested ensuring zaptel driver is installed prior to installing Asterisk, and ensuring "zaptel driver" option is included during Asterisk installation. The other suggested the error was caused by chan_zap.so was built without support for libpri. I then installed "asterisk-bristuff" port. These resolutions seem to take care of the problem.

Another point of interest is, as of Asterisk 1.4, the zaptel driver is renamed to dahdi due to copyright reasons. http://blogs.digium.com/2008/05/19/zaptel-project-being-renamed-to-dahdi/. While Asterisk 1.4 still supports zaptel transparently, its support will be completely removed in Asterisk 1.6. Currently, dahdi port is unavailable on FreeBSD and so I recommend avoiding 1.6 until dahdi port becomes available, unless you are building a pure IP PBX. http://www.freebsd.org/news/status/report-2009-10-2009-12.html#DAHDI-(Zaptel)-support-for-FreeBSD


Having reinstalled Asterisk, I entered into its CLI console. This time, dahdi displayed no channels:
CLI>; dahdi show channels
Chan Extension Context Language MOH Interpret

So I reload the "chan_dahdi.so" module, and noted the following:
CLI > ; reload chan_dahdi.so
-- Reloading module 'chan_dahdi.so' (DAHDI Telephony w/PRI)
[Mar 22 20:49:45] ERROR[1275]: chan_dahdi.c:12040 setup_dahdi: Unable to load zapata.conf

So I copied my chan_dahdi.conf file to zapata.conf. By the way, I added the following to my zapata.conf/ zapata.conf:
[channels]
signalling=fxo_ks
adsi=yes
pulse=yes
context=outbound-local # as defined in "extensions.conf"
channel = > ; 1 # as defined in "zaptel.conf" channel 1. check with "dahdi show channels"

I used the rc.d asterisk script to restart Asterisk. Finally, "dahdi show channels" confirms the channel is up.
Chan Extension Context Language MOH Interpret
pseudo default default
1 outbound-local default


Configuring Asterisk files
There is a community forum for Australian Broadband users where a greate user guide is posted, on setting up Asterisk for iiNet VoIP service. http://whirlpool.net.au/wiki/?tag=iiNetPhone_asterisk. I referenced this guide for most of my configurations (sip.conf and extension.conf) with the following (minor) exceptions:

- sip.conf

; iiNet configuration
register => 0380601093@iinetphone.iinet.net.au:t7hzfxi6l:0380601093@iiNet-out/0380601093

[iiNet-out]
;allow=g729 # I had to disable g729 codec otherwise it led to error when I used my phone. I only have alaw and ulaw enabled.
;;; there are also other configurations, such as type=friend, which are not shown here

- modules.conf
noload = > ; res_musiconhold.so # High CPU issue, disable module

- extensions.conf.
[inbound]
exten = > ; 03,1,Dial(DAHDI/1-1,10) # "DAHDI/1-1" refers to PSTN cordless phone. "10" - rings for 10 seconds


[outbound-local]
exten => _00XXXXXXXXX,1,Dial(iiNet-out/${EXTEN:1})



Having completed the Asterisk's configurations, Asterisk can be invoked through:
# /usr/local/etc/rc.d/asterisk {start | stop}

And to access the Asterisk's console:
# asterisk -rvvvgc - Asterisk terminal with debug
>; sip show register - "iiNet-out" successfully registered to iiNet SIP Server
>; show modules - check for "chan_dahdi.so" (zaptel driver). If not, "load module chan_dahdi.so".
>; dahdi show channels - show zaptel driver channels. See WorkNotes above for troubleshoot...
>; reload - reload Asterisk after all configuration changes.

If you would like to start Asterisk when system starts up, add asterisk_enable="YES" to /etc/rc.conf.


Note: During one of the many reinstallations I had, asterisk simply refused to start up. Console connection caused a "/var/run/asterisk.ctl connection refuse" error. My resolution was to completely remove the entire port (make clean deinstall), and then manually removed the following directories:
/usr/local/lib/asterisk
/usr/local/etc/asterisk
/var/spool/asterisk
/var/log/asterisk
Afterwards, I performed a "make clean depend install" (include zaptel option) and Asterisk works fine again.


I restarted the system, and Asterisk is working fine. The sip account is registered successfully and I was getting a dial-tone on my PSTN phone. I could dial voice calls successfully but couldn't hear any sound for incoming calls. It turned out the D-Link DSL modem (NAT) was blocking incoming voice traffic.

First, I reconfigured "rtp.conf" file's "rtpstart" and "rtpend" parameters to define the RTP port range. Then I proceeded to reconfigure the D-Link DSL modem, but it "bricked" and I had to replace this modem. (And that's definitely a different post).










As of today, I am using a TP-Link 8810 DSL modem, bridge mode with PPPoE and NAT terminating on BSD system. Other than the CPU usage reaching 50%, the VoIP phone works perfectly fine.

Saturday, March 20, 2010

Streaming DVD over Wifi with VLC

As you maybe aware, my original intention was to build a centralized media/communication centre for home uses. I actually wanted to stream digital TV over Wifi originally until I got totally bogged down by searching for the correct TV Tuner with drivers support on BSD system. I decided to offload this task onto an Ubuntu system and work is still in progress...

That being said, readers who are interested in FreeBSD DVB-T drivers are recommended to take a look at /usr/ports/multimedia/cx88 as its pkg-descr reads:
cx88 provides drivers for PCI and PCI-e TV/radio capture cards based on the Conexant CX23880/1/2/3 and CX23885/7/8 chip families.

My second-hand Compaq comes with a Sony DVD-Rom, so instead of streaming digital TV I decided to use it for streaming DVD over Wifi as it was more easily achievable, and a quite fun experience.


















VLC is a powerful open-source media player which opens pretty much every multimedia filetypes. It runs on several OS (Windows, Linux/Unix and Mac OS) and can be configured as either a streaming server and client. http://www.videolan.org/vlc/. In fact, I had experiences of using VLC to run a corrupted media file. The player tries to compensate for the corruption so the file still plays at a lower quality...

Installing VLC
On FreeBSD, the VLC installation was actually more difficult than running the software.

While VLC website has several documents, I could not find VLC installation notes on FreeBSD system other than recommending using ports - so I went ahead with port installation only to realise there were several dependencies...

My suggested steps of VLC port installation is summarized as follows:
1. Update port collection to the latest release. (portsnap fetch extract update)
2. Prior to installing VLC, install the "libdvdcss", "libdvdnav" and "libdvdread" software packages. They are located under /usr/ports/multimedia directory.
3. Install VLC from /usr/ports/multimedia/vlc with "make clean install".

As a side note, VLC source code compilation uses "gmake" instead of "make". Source code compilation adds flexibility when it comes to configuring VLC options, for example, there is an option allowing VLC to be run by root (#./configure --enable-run-as-root). I didn't note this option was available when I did a "make config" under vlc port directory.


Streaming DVD
Having successfuly installed the vlc program, there are two steps to stream dvd. First, mount the DVD drive onto system as root user, using the following commands:
# /bin/ln -sf /dev/acd0 /dev/dvd
# /bin/chmod 666 /dev/dvd # Such that non-root user can "execute" (access) the DVD rom

Secondly, invoke VLC through CLI as non-root user:
/usr/local/bin/cvlc dvd:///dev/dvd --sout '#standard{access=http,mux=ts,dst=192.168.2.252:8080}'
In my example, I used clvc (VLC without command line) to stream DVD to 192.168.2.252:8080.

VLC comes with a http control interface. To enable this add the following to the command liine:
\ -I http --http-host 192.168.2.252:8081

Finally, if you would like to authenticate the client machine:
\ --sout-http-user user --sout-http-pwd password


For the wireless client machine, I used a HP-mini Netbook. It was running on XP with VLC installed and was connected to the AP residing on the 192.168.2/24 subnet.

The video stream was received by setting VLC player to open "network stream", protocol to "http" and entering the URL above (192.168.2.252:8080). The control interface (play, pause, fast-forward) was accessible through web-browser at the corresponding ip/port (192.168.2.252:8081).


Setting DVD Region Code
At first, when I started streaming DVD the quality was very choppy. VLC player displayed an error about unable to crack the css key. It turned out to be related to the dvd-rom's region setting. http://en.wikipedia.org/wiki/DVD_region_code
There are several small programs which can be found when googling "regionset" and "regionget" which comes as source code. These programs can read and modify the region setting of the DVD drive.
In my case, I set my dvd-rom's region to 4 (Australia) and didn't experience any video quality problem afterwards.


A note that on VLC distribution... the overall attitude of VLC developers towards distribution of their software is actually very supportive base on what I've read. However, the distribution of libdvdcss package comes with a legal warning because this software cracks the DVD encryption of region code, for more details please look at their FAQ http://www.videolan.org/support/faq.html


While it was a fun experience, in my setting today the DVD-Rom was removed because its D-style power supply cable is plugged into a T10B PCI to power my analog phone. In a separate occasion I also found a second-hand original Microsoft XBox for <$50 and now it is running XBMC. More details on these in future posts.

VLC logo's copyright note: Copyright © 1996-2009 VideoLAN. This logo or a modified version may be used or modified by anyone to refer to the VideoLAN project or any product developed by the VideoLAN team, but does not indicate endorsement by the project.



Internetworking - Day One

The original setup of my home network's gateway was as follows:









For internet access, the BSD system was connected to D-Link 502T configured as a NAT. I used an old 3Com 10/100 NIC PCI (xl0) for this purpose. For internal network, I connected the onboard Intel NIC (fxp0) to an old ASUS WL-500g Premium running on DD-WRT v23 SP2 (09/15/06). The firmware was quite dated but it worked as a WiFi Ethernet Bridge. I configured the ASUS as G-only, AP mode and enabled DHCP forwarder to BSD's internal interface IP address (DHCP listening).

WiFi Ethernet Bridge would be much better than having yet another layer of NAT. It also meant I could ssh into the BSD system through WiFi without setting port forwarding. The BSD system was configured as a NAT device itself to route traffic between internal network and internet access interface.

Diving into more details of BSD's configuration:

In summary, the /etc/rc.conf file included:
- enable BSD as gateway
- set "dhcp" to xl0 interface (internet access)
- set static ip to fxp0 interface (dhcp server address)
- enable nat and ipfw
- enable dhcpd
- enable named

"natd" came with 8.0 installation, and invoking it was as simple as adding afew lines to /etc/rc.conf file. Note the "natd_interface" refers to internet access interface, not the internal facing one.
"firewall_enable" requires kernel to be configured and compiled.

options IPFIREWALL ### NAT Service
options IPFIREWALL_VERBOSE ### Syslog logging
options IPDIVERT ### Socket Divert


In regards to the DHCP server, I did a "make; make install" under /usr/ports/net/isc-dhcp31-server directory for installation. After that, modify the /usr/local/etc/dhcpd.conf file to define DHCP listen interface and other related parameters.
# DHCP Listen interface
DHCPDARGS=fxp0; # Internal network.

Lastly, I installed DNS server (/usr/ports/dns/bind97), and configured the named.conf file. "forwarder" to localhost was configured:
forwarders { 127.0.0.1; };

This meant all DNS queries coming from internal network were consulted by /etc/resolv.conf as populated by upstream (D-Link) NAT gateway.

Restart the system "shutdown -r now". Congratulations, now you have your own Open Source NAT gateway.


There were many guidelines posted by the community on setting up BSD as NAT gateway, I referenced some of them and apologies for the lack of references in this post. However, I must say the settings are more or less the same for everybody...
Please feel free to contact me if you would like to see any of the configuration files, I am happy to share the setup in more details. (although today the setup is quite different from the "day one" configuration, I have the configuration backup).