Annoying By marco, July 26 2005

I've just had, for the first time ever, a computer call me and tell me that I've won a free caribbean cruise. While I was watching an episode of Coupling. How rude. Usually I at least get a person talking to me. Anyway, the message went something like this:

Congratulations! You've won a free caribbean cruise. To reclaim your prize, press 9. That's the nine-key on your telephone.

In English, yes. Note that I live in the Netherlands. I wonder if they were calling from the US. If so, I suppose I should have just let the thing talk while I continued watching television. Unfortunately I only thought of that after hanging up immediately.

Life By marco, July 21 2005

Sony busts out version 2.0 of PSP firmware + new ceramic white PSP:  

White PSP

I want one. This is so much cooler than the (already infinitely cool) black one. Shame they aren't officially available in europe yet, at least as far as I know. Sony needs to get with the program and release these things at the same time, or nearly so, worldwide.

(Via Engadget.)

General By marco, July 02 2005

... if I took the cookie dough out of the Ben & Jerry's 'Chocolate Chip Cookie Dough' icecream and baked it.

Would the cookies be any good?

Tech By marco, June 30 2005

We all know the trouble: today's stupid ISPs will only give you one IP-address so to connect more than one computer, we need to use RFC 1918 IP-addresses, also known as private IP-addresses. This is all nice and dandy when all you're doing is accessing servers on the internet from behind your router, which will inevitably use Network Address Translation (NAT) to allow you to do so. It's an incredible headache if you want to go the other way around: set up a service on one of your machines that people on the internet will be able to access.

Luckily, we can forward ports. You can only forward a single port once though, so take into consideration what machine you're forwarding to. You can't have two forwards for port 25, for instance, unless they are on different IP addresses. (On a side note, if you're forwarding webservers, use apache's reverse proxy feature for that to allow multiple servers based on the URL).

In Linux, I would use iptables for this. Unfortunately the machine I want to forward a port on doesn't run linux. It runs Mac OS X server. Given my knowledge of how this is done with the same tool as setting up a firewall in linux, I set out to do the same on osx and found that ipfw (the tool that manipulates firewall rules in BSDs and OSX) knows an action called 'forward'. Hold it, that's not it. That does forward, like it says. But it doesn't do NAT. Which we want, because otherwise.. Well it just won't work properly.

Connection sharing in BSD is handled using a userland process called 'natd'. Incidentally, natd is also capable of properly forwarding ports to other machines. Great. Now let's find out how. There isn't much documentation on this, but I did figure it out eventually. This is OSX-specific, I must add.

Apple stores the configuration for natd in /etc/nat/natd.conf.apple. Don't change that though, it's generated every time natd starts. The basis for the generated file is in /etc/natd/natd.plist. Open that up. It's a fairly standard XML file with some settings in it. Add the following to the end of it, just before the two last closing tags:

        <key>redirect_port</key>
        <array>
                <dict>
                        <key>aliasIP</key>
                        <string>INCOMING IP</string>
                        <key>aliasPortRange</key>
                        <string>INCOMING PORT</string>
                        <key>proto</key>
                        <string>tcp</string>
                        <key>targetIP</key>
                        <string>OUTGOING IP</string>
                        <key>targetPortRange</key>
                        <string>OUTGOING PORT</string>
                </dict>
        </array>

Replace the incoming and outgoing ips and ports with whatever your network requires. Incoming is the ip address on your server, target is the ip address of the machine you're forwarding to.

You can now restart natd, for example by stopping and starting internet sharing. If all went well, your machine now forwards the port(s) you listed. Don't forget to allow it in your firewall!

As a last note: this was tested and verified to work on MacOS X Server 10.3. It should also work on MacOS X Server 10.4. However, the configuration files do not seem to exist on the non-server version.

Tech By marco, June 26 2005

It apparently threw a tantrum over how hot it got in my room and refused to work. After a while of trying to get my dear data off it (after installing osx on a firewire disk and booting that, of course), the mini wouldn't even recognise it anymore. I then decided to let the entire thing cool off for half an hour. This made it work again to at least the point where I could make a disk image of it. I didn't trust it anymore though, so I opted to just go out and get a new drive. So now my Mac mini is fitted with a Western Digital Scorpio 80G drive instead of the usual Toshiba 80G. It's a little faster, too.