Thursday, 27 October 2011

Netgear WNDR4500 (N900) review

Update (October 29th, 2011): See my update at the bottom.

I thought I'd put my comments on the Netgear WNDR4500 that I just bought. My old setup was an old Netgear ProSafe router (wired) and a Linksys WRT54G plugged in it and used only has an access point. This was plugged into cable Internet at a theoretical speed of 60Mbits/s.

The wired router couldn’t handle more than 30Mbits/s and it went down to 20Mbits/s going through the Linksys (I never dreamt of seeing those speeds when I bought the Linksys). If I plugged in a computer directly on the cable modem, I got a speed of 63.5Mbits/s. So since I didn’t need the small business features of ProSafe anymore and that I was starting to have some 802.11n equipment now I thought it would be good to upgrade. My only fear was to loose my wireless coverage. I have a medium sized home with a basement, a main floor and the master bedroom on the second floor. Everything was setup in the basement and I had good to excellent reception everywhere in the house which seems to be exceptional at the time. Today I know that routers offer much more speed but I wasn’t sure in terms of coverage/distance.

I had another issue that I hoped the new router could fix: I also have a NAS on my network where my movies reside. Maybe 10 times in a 2hrs movie, everything would freeze for 10-20 seconds. I tried different reader (Quicktime and VLC) that was not the issue. I thought it was the wi-fi connection so I managed to wire my computer, the issue remained. So to me it was either the router which couldn’t handle the load/speed or the NAS (or it’s drive) that sometimes freezes up. Or could it be my Macmini?

Now on to the Netgear WNDR4500 (N900). I won’t go into the technical details as this is not a review site and you can find all the info you want googling around. Starting with the positive, just by swaping this router in place of the old one I got the following results (which I just take with speedtest.net by the way): Wired I get the full 63.5Mbits/s. Which I expected since looking at review sites it looks to be over 13 times faster in terms of routing data to and from the Internet and my local Network than my old ProSafe router. It's just nice to see that there is no overhead at all, I get the full speed of my modem. The WNDR4500 offers wireless on two bands, 2.4Ghz and 5Ghz, both offer 802.11g and 802.11n signals. 5Ghz is newer and not all equipment support it and certainly not 802.11g devices. It seems that 5Ghz could be faster and 2.4Ghz could cover more distance. In my case, my mac mini has an 802.11n adapter and supports both bands. I tried both bands and I got the full 63.5Mbits/s speed on the 5Ghz and a very good 59.5Mbits/s on the 2.4Ghz. By default the 2.4Ghz setup is not set to emit at the maximum speed so those numbers are at the default settings.

Now the bad: I also have an old laptop that has a 802.11g adapter (using the 2.4Ghz band). Since the speed limitation of the technology I didn’t really expected to get much more than the 20Mbits/s. But instead I dropped down to 15-16Mbits/s. Both computers are in very different locations but both about the same distance from the router (the mac in the master bedroom and the laptop at the other end of the house on the main floor). Signal quality was good (not excellent) which is what I had before in that room.
Also I have a wireless printer that hooked up fine to the new network and a kobo e-reader that seems to connect just fine but I can get to the Internet with it so far. I admit that I never used the browser before so it may have had a problem since before my router exchange but the wireless software update always worked fine. The other thing that bothers me a bit is that the router seems a very touchy piece of equipment. Each time I changed a setting on it, it would seem to drop the Internet connect, I couldn’t even connect to it’s internal web page. If you reboot it, it wouldn’t get the Internet connection back up again. I always had to power it off and on again. When you have to go down 2 flights of stairs and into a cramped corner to get to it, it’s a bit of a pain. At first I thought it had stability issues but now it’s been on for 24 hours without any connection issue. So once it’s setup I think it’s ok. Note that I upgraded it to 1.0.0.58 right after some initial test and downgraded it to 1.0.0.50 when I was starting to have all those stability issues, I don’t think it was the firmware fault now but I’m leaving it like that until I see a more compelling reason to upgrade.

For my movie issue, I only watch about 15 min into a movie without getting any freeze. I’ll have to go through more testing to see if it’s really fixed.

I’ll continue my testing and post more updates directly here. But my first tough is that if you have 802.11g devices this is probably not a good router for you and there seems to be lots of complaints about its 2.4Ghz performance but that I can't confirm since it got almost the same speed as the 5Ghz band on the mac mini.

Update 1:
Ok, so I had time to watch a full movie and no glitch no freeze. I'm really glad that my problem is fixed. Copying a large file in between my NAS and my computer (all gigabit wired connections) is still a bit slow and it seems to stutter a little.

I also fixed my issue with the Kobo reader. For some reason the router did not send the DNS servers to the connected computers/devices so I didn't have access to the Internet. I decided to try to reboot the router through it's web interface and ... it actually worked. First the DNS issue was fixed but more importantly by doing this I didn't loose the Internet connection. Seems to contradict my experience of the first day.

I would say that once it's setup properly it seems to be stable. At least I didn't lost my Internet connection in the last days. I'll start playing a bit more with it's configuration in the next days and I let you know my findings.

Monday, 31 January 2011

Creating server and user certificates

I went through Hell to find out how to create server and especially proper client certificates that would work correctly with all browsers, svn and https on Apache2. I went through the Apache site, OpenSSL documentation, Google, no where did I found exactly what I was looking for, even the man pages had errors. I hope there's a better way to do that but if not, here you are for all those who are looking to do the same thing:

Create a server certificate
(for use with your HTTPS server, for example):
sudo mkdir /etc/apache2/ssl
cd /etc/apache2/ssl

Just make sure to use a password everywhere it asks for one. This seems to be necessary at least for the client certificate we'll create below if you use it in OS X.

Create the server key:
sudo openssl genrsa -out server.key 2048

Create the server's certificate request. You would send this to an official Certificate Authority (CA) if you wanted to have an official certificate instead of the self-signed certificate that we will generate here.
sudo openssl req -new -key server.key -out server.csr

Create the server certificate itself. You can use this one for your HTTPS site.
sudo openssl x509 -req -days 3652 -in server.csr -signkey server.key -out server.crt

Create a 'CA' certificate. We'll need this one to create a properly signed client certificate.
sudo openssl x509 -req -in server.csr -extfile /etc/ssl/openssl.cnf -extensions v3_ca -signkey server.key -out CAserver.crt

Create a client certificate
Create the client key:
sudo openssl genrsa -out user.key 2048

Create the server's certificate request.
sudo openssl req -new -key user.key -out user.csr

Create the client certificate signed with the 'CA' certificate we created above.
sudo openssl x509 -req -days 3652 -in user.csr -extfile /etc/ssl/openssl.cnf -extensions usr_cert -CA CAserver.crt -CAkey server.key -CAcreateserial -out user.crt

Create a PKCS#12 version of the certificate for use on the user system.
sudo openssl pkcs12 -export -in user.crt -inkey user.key -out user.p12

Just import this p12 file in your certificate manager (Key Chain in OS X).

Saturday, 15 January 2011

Get rid of the startup sound of your Mac

I love Macs but the startup sound when you open the computer and specially the fact that you can't turn it off just looks so 1990… and it drives me crazy. The sound comes from the internal speaker so there's nothing you can do to minimize the volume or shut it down.

My office is in the corner of our bedroom so if I decide to work after my wife is already asleep, sure thing the startup sound will wake her up.

Gladly I found this little utility that let's you control that. I now install it as one of the first add-on to my Macs.

And it's free!

Basic iptables

Here are the basics of using iptables on your system:

Create /etc/iptables.new.rules with the following content:

( You can use sudo nano /etc/iptables.new.rules)
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -i lo -j ACCEPT
-A INPUT -d 127.0.0.0/8 -i ! lo -j REJECT --reject-with icmp-port-unreachable
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
# For SSH
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
# For SMTP
-A INPUT -p tcp -m tcp --dport 25 -j ACCEPT
# For HTTP
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
# For HTTPS
-A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7
-A INPUT -j REJECT --reject-with icmp-port-unreachable
-A FORWARD -j REJECT --reject-with icmp-port-unreachable
-A OUTPUT -j ACCEPT
COMMIT
Add/delete ports depending on your own server setup.

Just to be on the safe side, let's backup the old rules:
sudo -i
iptables-save > /etc/iptables.old.rules
iptables-restore < /etc/iptables.new.rules

Check it:
iptables -L

If all is good, put it in a file for next time the server starts:
iptables-save > /etc/iptables.up.rules

Make sure these rules will get loaded again if you reboot the server:
nano /etc/network/interfaces

Add the iptable line below:
...
auto lo
iface lo inet loopback
pre-up iptables-restore < /etc/iptables.up.rules

Important note: If you access your server remotely, make sure to keep the current session open and try your new rules by opening a new connection to your server. If you can't connect, go back to your first connection and do:
sudo iptables-restore < /etc/iptables.old.rules
You should be good until you figure out your problem.

Convert AVI to DVD on OS X

One of the beauty of OS X is that it offers a plethora of tools to do almost everything you could want. Here's another great example: by using the tools that come out of the box (or almost) with OS X you can convert an AVI movie file to a DVD to watch on your TV.

1) Open the AVI with QuickTime Player. If you can't open it, you may need additional codecs. I suggest you get Perian which include almost every codec you may ever need. (That's the only piece you'll need).

2) From QuickTime, save the movie in .mov format.

3) Copy the .mov file to your iTunes Library. Open iTunes and just drag the files to the Library section.

4) Open iDVD, (you can create your DVD in multiple ways but here's one). Choose Magic iDVD, in the right pane, choose the Films tab, choose iTunes and select/drag the film in the left pane. Click the Burn icon on the bottom right corner. You'll probably need to adapt the Project/Properties and voilà! Pop in a blank DVD and have a good movie night.

Friday, 14 January 2011

Accessing MySQL from an other server

On Debian (and possibly other OS) the default installation of MySQL will not allow connections from other IP than the local one (127.0.0.1). This a good security measure but if you really need access from outside, follow this:

1) Make sure the port (default MySQL port is 3306) is open  in your firewall (iptables). Add the following line to your iptables rules:

-A INPUT -p tcp -m tcp --dport 3306 -j ACCEPT

2) Edit /etc/mysql/my.cnf. Comment the following line:

bind-address = 127.0.0.1

3) You’ll also need to use a login that can connect from any server.

*EDIT: You have a much more detailed walkthrough here.