FreeBSD: virtualized acestream


Linux binary sopcast runs smoothly in FreeBSD but nowadays acestream transmissions are much more common. And there’s no binary acestream for FreeBSD. I have been unsuccessful in trying to run linux binary acestream in FreeBSD. The only way to get it running was with a virtualized (VirtualBox) linux running the acestream engine, the ValdikSS aceproxy running in FreeBSD and VLC for watching.

Steps:

acestream in a virtualized linux

With VirtualBox install a linux able to run acestream. My choice was Debian 8 Jessie i386.In order to be able to talk with the acestreamengine from FreeBSD Host the virtual machine run in Host-Only Adapter mode. Check my previous post https://nixbsd.wordpress.com/2016/09/03/freebsd-pf-and-nat-for-internal-network/.

The virtual machine has the address 192.168.56.101. The FreeBSD host has the address 192.168.56.1

After this install acestream engine from:

http://wiki.acestream.org/wiki/index.php/AceStream_3.0/en

In a terminal launch acestream with:

acestreamengine --client-console --bind-all

‘–bind-all’ parameter permit to the acestreamengine accept connections not only from 127.0.0.1. It’s needed in order to get the ValdikSS aceproxy working.

redirect port 8621 to the linux virtual machine

acestreamengine use by default the 8621 port to communicate with internet. So this port has to be redirected. In my pf.conf:

rdr pass on wlan0 inet proto udp from any to any port = 8621 -> 192.168.56.101
rdr pass on wlan0 inet proto tcp from any to any port = 8621 -> 192.168.56.101
rdr pass on em0 inet proto udp from any to any port = 8621 -> 192.168.56.101
rdr pass on em0 inet proto tcp from any to any port = 8621 -> 192.168.56.101

 

There are duplicated rules to cover when my computer is working with wifi and cable. 192.168.56.101, as I said before, is the linux guest running acestreamengine.

ValdikSS aceproxy in the FreeBSD Host

Get the software:

git clone https://github.com/ValdikSS/aceproxy.git

Follow the instructions at https://github.com/ValdikSS/aceproxy/wiki/Installation-and-configuration-(Linux)

Modify aceconfig.py to configure the acestreamengine address and to permit connections from the network 192.168.56.0/24:

acehost = '192.168.56.101'

. . .

firewallnetranges = (
'127.0.0.1',
'192.168.0.0/16',
'192.168.56.0/24',
)

Next you’ll need:

  • in a terminal launch:

vlc -I telnet --telnet-password admin

  • in another terminal:

python acehttp.py

It only rests test the configuration. Open a VLC instance pointing to:

http://127.0.0.1:8000/pid/CID/stream.mp4

where CID is the 40-digit Ace Stream ID.

 

KODI and Plexus

The other way to watch Ace Streams is with KODI and the plexus plugin (maybe P2Pstreams too). After install kodi and plexus (find the internet to know how) configure plexus with acestream in mode server remote engine and the AceStream engine IP address 192.168.56.101.

In my Thinkpad T420s watching a stream in HD VirtualBox consumes about 45% CPU in one core and VLC about 15%-20% in another one. The temperature is about 60-66ºC. It’s pretty acceptable.

 

 

 

Posted in FreeBSD, Linux | Leave a comment

FreeBSD: PF and NAT for internal network


Recently I’ve needed to install another Linux OS in a virtualbox machine (FreeBSD as host) with a Host-Only Adapter network configuration. This permits to have connectivity between the host and the guest as two single machines in a network. As an example, one of the machines can act as a server (apache, mysql, etc.) and the other one as a client. This article explains my configuration.

VBox Host: FreeBSD

Outside Network: 192.168.0.0 / 24 (wlan0 or em0 ->wifi router->internet)

IP: 192.168.0.19

GW: 192.168.0.1 (wifi router)

Internal Network (virtualbox Network): 192.168.56.0/24

IP: 192.168.56.1 (this is assigned by VirtualBox: File->Preferences->Network->Host-only Networks and add a new one, named as vboxnet0)

Vbox loaded kernel modules in /boot/loader.conf :

vboxdrv_load=”YES”

 

And in /etc/rc.conf:

vboxnet_enable=”YES”

Guest: Linux

From virtual machine settings I added to interfaces, one with NAT and cable disconnected (to avoid use it) and the other one as Host-Only Adapter connected to the previously created network vboxnet.

IP: 192.168.56.101 (VirtualBox acts as DHCP server and automatically assigns this address)

GW: 192.168.56.1 (static route)

In this situation there is only connectivity between machines host and guests through shared network 192.168.56.0/24.

Target: connectivity from guest machine to outer space and beyond.

My FreeBSD runs PF Firewall. Complete configuration can be grabbed at the end, but relevant settings are:

To permit routing in /etc/sysctl.conf :

net.inet.ip.forwarding=1
net.inet.ip6.forwarding=1

To permit traffic through firewall, in /etc/pf.conf :

#external interfaces:

ext_if  = “wlan0”
ext_if2 = “em0”

#My Networks:

internal_network = “{192.168.0.0/24}”
vbox_network = “{192.168.56.0/24}”

#NAT on external interfaces for traffic from virtualbox network

nat on $ext_if from $vbox_network to any -> ($ext_if)
nat on $ext_if2 from $vbox_network to any -> ($ext_if2)

# permit ping from virtualbox network
pass in quick proto icmp from $vbox_network to any keep state

#traffic from virtualbox networkvbox=>out
pass inet proto { tcp, udp } from $vbox_network to any flags S/SA keep state

Finally my complete /etc/pf.conf:

————————

tcp_services = “{ ssh  137 138 139 445  51413               4662:4672  54662:54672   21  3900:3920  }”
udp_services = “{ ssh  137 138 139 445  51413   7881 51414  4662:4672  54662:54672   21  3900:3920  }”
icmp_types = “{ echoreq, unreach }”

#NAT purposes
#(for VirtualBox y Host-Only)
ext_if  = “wlan0”
ext_if2 = “em0”

#Allowed services in internal network
#                          rsync_daemon
tcp_services_internal = “{ 873           }”
udp_services_internal = “{ 873           }”


internal_network = “{192.168.0.0/24}”
vbox_network = “{192.168.56.0/24}”

# Don’t send rejections. Just drop.
set block-policy drop

# Exempt the loopback interface to prevent services utilizing the
# local loop from being blocked accidentally.
set skip on lo

# all incoming traffic on external interface is normalized and fragmented
# packets are reassembled.
scrub in on $ext_if all fragment reassemble
scrub in on $ext_if2 all fragment reassemble

########################################
#NAT
#NAT for VirtualBox Network Host-Only
#Nat before filtering
#Rules must be in order: options, normalization, queueing, translation, filtering
nat on $ext_if from $vbox_network to any -> ($ext_if)
nat on $ext_if2 from $vbox_network to any -> ($ext_if2)
########################################

pass            # to establish keep-state

# By default, do not permit remote connections to X11
block in on ! lo0 proto tcp to port 6000:6010

#Block all
block all

# permit ping
pass in quick proto icmp from $internal_network to $internal_network keep state

# permit ping from virtualbox network
pass in quick proto icmp from $vbox_network to any keep state

#To/From anywhere
pass in proto tcp from any to any port $tcp_services
pass in proto udp from any to any port $udp_services

#To/From internal network
#pass in quick tcp from $internal_network to $internal_network port $tcp_services_internal
#pass in quick udp from $internal_network to $internal_network port $udp_services_internal

#All all from and to internal network due to random ports in mountd for NFS
pass in quick proto {tcp, udp} from $internal_network to $internal_network

#traffic from virtualbox networkvbox=>out
#remember “sysctl net.inet.ip.forwarding=1”
pass inet proto { tcp, udp } from $vbox_network to any flags S/SA keep state

#for upnp
pass in quick proto igmp from $internal_network to $internal_network
pass in quick proto igmp from $vbox_network to $vbox_network

#Web Server
pass in proto tcp from any to any port 8000:8002 flags S/SA keep state

##################
#FreeBSD fail2ban
table <fail2ban> persist
block quick proto tcp from <fail2ban> to any port ssh

#to list current banned IPs:
#pfctl -t fail2ban -T show
##################

pass from lo0 to lo0 keep state

pass out all keep state
————————

Hope you find it interesting.

Posted in BSD, FreeBSD | 1 Comment

FreeBSD: no booting GPT slices with buggy bios laptops


It seems there is a problem with some bios that refuse to boot when the disk is partitioned with GPT. My laptop is a Lenovo T420s and FreeBSD (indeed PCBSD) is installed in second disk (ultrabay), gpt style partitions and the following partitions:

1) bios boot

2) freebsd-zfs

3) freebsd-swap

Other Lenovo models as T420, T520 or E520 seem to be affected too.

I found a solution in this post:

 

https://lists.freebsd.org/pipermail/freebsd-i386/2013-March/010437.html

 

Basically booting from other disk or a live cd/usb is needed in order to be able to modify the protective MBR in the disk. I have another freebsd in /dev/ada0, so I booted from it.

After booting from other OS, then dump the protective MBR in the freebsd disk with want to ‘fix’:

fdisk -p ada1 > ada1.txt

This file contains:

cat ada1.txt

# /dev/ada1
g c7752336 h1 s63
p 1 0xee 1 488397167

Then I modified ada1.txt as follows:

# /dev/ada1
g c7752336 h1 s63
p 1 0x00 1 488397167
a 1
p 2 0xee 1 488397167

Next, install this MBR to the disk:

fdisk -f ada1.txt    /dev/ada1

 

Finally reboot and cross fingers.

 

Posted in BSD, FreeBSD | Leave a comment

FreeBSD: Replace syscons with vt and get compositing working in KDE after suspend/resume


In my case it was necessary to recompile a kernel with the following options:

#device vga # VGA video card driver
#
#device splash # Splash screen and screen saver support
#
# syscons is the default console driver, resembling an SCO console
#device sc
#options SC_PIXEL_MODE # add support for the raster text mode
#
device vt
device vt_vga

Next, in /boot/loader.conf:

kern.vty=vt
hw.vga.textmode="1"

and in /etc/rc.conf:

#syscons
#keymap="spanish.iso15.acc.kbd"
#vt
keymap="es.kbd"

I modified as well the rc.suspend/rc.resume scripts to be able to get compositing working in KDE after resume (in KDE with integrated intel video, after resume KDE menus and are displayed as black frames). The trick consist of going to console (vt) before suspend and go to graphics after resume (when all other tasks are done).

So in /etc/rc.suspend:

###########################
#go to console before suspend
vidcontrol -s 1 < /dev/console &

/usr/bin/logger -t $subsystem suspend at `/bin/date +'%Y%m%d %H:%M:%S'`
/bin/sync && /bin/sync && /bin/sync
/bin/sleep 3

and in /etc/rc.resume:

/usr/bin/logger -t $subsystem resumed at `/bin/date +'%Y%m%d %H:%M:%S'`
/bin/sync && /bin/sync && /bin/sync


###########################
#go to graphic
vidcontrol -s 9 < /dev/console &

exit 0
Posted in Uncategorized | Tagged , | Leave a comment

FreeBSD: SSL: CERTIFICATE_VERIFY_FAILED


Sometimes, when installing some python module with pip or easy_install the following error arises:

 

[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed

In FreeBSD 10.1 it can be quickly fixed doing:

pkg install ca_root_nss-3.17.3_1

ln -s /usr/local/share/certs/ca-root-nss.crt /etc/ssl/cert.pem

Posted in BSD, FreeBSD | 1 Comment

FreeBSD: Calibre Patch for Sony Ebook Reader PRS-T3


Probably this patch works for others ebook readers, but only has been tested with Sony PRS-T3.

There is a thread about a hacking Calibre for a Kobo Aura HD in:

http://www.mobileread.com/forums/archive/index.php/t-244555.html

but this method didn’t work with my device.

My solution is to modify this file:

/usr/local/lib/calibre/calibre/devices/usbms/device.py

with the following patch:

http://pastebin.com/embed_iframe.php?i=uv2JNP1P

Unfortunately, Calibre in FreeBSD rarely is able to unmount the device (mine is mounted as /media/Calibre-READER). This produce a failure mounting the PRS-T3 next time it’s attached. My ugly solution is to add a rule to devd.conf to umount the device and delete the mount point directory in order to prepare a clean mounting next time the device is attached.

So, add the following rule to /etc/devd.conf:

notify 100 {
        match “system”          “USB”;
        match “subsystem”       “DEVICE”;
        match “type”            “DETACH”;
        match “vendor”          “0x054c”;
        match “product”         “0x05c2”;
        #match “release”         “0x0100”;
        action  “logger Unmount vendor:$vendor product:$product ; /sbin/umount -f /media/Calibre* ; rm -fR /media/Calibre*”;
};

Obviosly, replace vendor and product if needed.

Then restart devd and test it.

/etc/devd restart

If someone finds out a more elegant way to mount/umount a Sony PRS-T1/2/3 in Calibre, please, let me know.

Posted in BSD, FreeBSD | Leave a comment

FreeBSD: NFS automount with AutoFS


This applies only to FreeBSD 10.1 and newer. Previous FreeBSD releases must use amd.

Personally, I dislike ‘amd’. Its configuration is a bit complex. Autofs configuration is pretty simple.

I want to automount 2 folders from my ReadyNas Duo:

192.168.0.14:/media
192.168.0.14:/backup

First, enable autofs:

/etc/rc.conf:

#AUTOFS
autofs_enable=”YES”

Next, edit /etc/auto_master pointing to the map file with the folders to automount:

/etc/auto_master:

#NFS
/mnt/nas        /etc/auto.nas

Take note ‘/mnt/nas’ is the point where the folders will be mounted.

Then create a file with the map:

/etc/auto.nas:

media -intr,nfsv3 192.168.0.14:/media
backup -intr,nfsv3 192.168.0.14:/backup

Finally start autofs:

service start automount

service start automountd

service start autounmountd

In a terminal or file browser go to /mnt/nas/media and /mnt/nas/backup to check if autofs works.

Posted in BSD, FreeBSD | Leave a comment