Peerbox-raspi-v0.23 discussion thread

Finally got some spare time to continue my hacking on Peerbox.

This release is collection of new features I've added since last release, it may not seem much but a lot of time was invested to make sure everything works properly. I would call it a minor release but some major architectural change were taken like replacing ufw with iptables for firewall and adding usb-automount feature to enable user-friendly backups.

I’ve done my best to scratch the itches you reported since last release.
It is very nice to see this project evolve, even if it’s step by step.
As always, please test and report any issues you encounter.

Changelog:

* Dropped ufw firewall for vanilla iptables

I had issues with configuring ufw to support upnp so I have replaced it with iptables. Ufw is just a front-end for iptables anyway.
This way it is harder to configure firewall but I get more flexibility and control. I have also hardened firewall, now it is far more strict.
Current iptables configuration may not be perfect, but it will get polished over the time.

* Upnp now works out of the box!

I have fixed issues with firewall and re-configured ppcoind package.
And I have tested it thoroughly. Please report if it does not work on your network.

* System updated

Standard updating of packages to newer versions/releases.

* Automounting of USB flash drives

This enables easy backups.
For more information see this guide: How to backup wallet.dat · peerchemist/Peerbox Wiki · GitHub

* Peerbox-info now has feature that will help checking of blockchain health

There were reports of Peerbox running on wrong chain, this should enable user to detect problem way faster.
Peerbox-info --health uses peerchain.co as reference.

Read more about peerbox-info: https://github.com/peerchemist/Peerbox/blob/master/PKGBLD/peerbox-info/README.md

New version of peerbox-info can also be used on older Peerbox versions, install it with:
“sudo pacman -Sy peerbox-info”

peerbox-info --health

* Root partition now has 600MB of free space

Downloads:

[size=8pt]sha256: 3784c5f6a8c213a9a6688c5cc305dff612deb45a4f012f40e40224b3a099d4c7[/size]

mirror1:
http://coinno.de/mirror/peerbox-raspi-v0.23.img.gz

European Mirror: http://peerbox-europe.servehttp.com/
Asian Mirror: http://peerbox-asia.servehttp.com/

[size=8pt]sha256: 3a9c3bcc692713850a8bdef01af5b98e8388a3dec0b44647bfff5e21291b9c03[/size]

Thanks again Peerchemist. Inspired by your ongoing work here, I’ve decided to finally breakdown and purchase my own Pi to try it out first-hand. I should be receiving it by next week, and if all goes well I’ll be posting proof of another successful Pi node on the bounty thread soon!

Mirror:

http://coinno.de/mirror/peerbox-raspi-v0.23.img.gz
(re-downloaded)

sha: 3784c5f6a8c213a9a6688c5cc305dff612deb45a4f012f40e40224b3a099d4c7

thx willy

I’m anxious to see Peercoin v0.5.0 to improve PeerBox
soon I’ll be using a Raspberry Pi as operating sitema Rasbian Peerunity and some settings to improve security, hopefully in the near future can use PeerBox
while my congratulations for the work you do in PeerBox

More mirrors - part 2

Updated with sha256sum: 3784c5f6a8c213a9a6688c5cc305dff612deb45a4f012f40e40224b3a099d4c7

Ver 0.23
European Mirror: http://peerbox-europe.servehttp.com/
Asian Mirror: http://peerbox-asia.servehttp.com/

[quote=“GLock, post:6, topic:2974”]More mirrors - part 2

Updated with sha256sum: 3784c5f6a8c213a9a6688c5cc305dff612deb45a4f012f40e40224b3a099d4c7

Ver 0.23
European Mirror: http://peerbox-europe.servehttp.com/
Asian Mirror: http://peerbox-asia.servehttp.com/[/quote]

thanks

[quote=“peerchemist, post:1, topic:2974”]Finally got some spare time to continue my hacking on Peerbox.

This release is collection of new features I've added since last release, it may not seem much but a lot of time was invested to make sure everything works properly. I would call it a minor release but some major architectural change were taken like replacing ufw with iptables for firewall and adding usb-automount feature to enable user-friendly backups.

I’ve done my best to scratch the itches you reported since last release.
It is very nice to see this project evolve, even if it’s step by step.
As always, please test and report any issues you encounter.

Changelog:

* Dropped ufw firewall for vanilla iptables

I had issues with configuring ufw to support upnp so I have replaced it with iptables. Ufw is just a front-end for iptables anyway.
This way it is harder to configure firewall but I get more flexibility and control. I have also hardened firewall, now it is far more strict.
Current iptables configuration may not be perfect, but it will get polished over the time.

* Upnp now works out of the box!

I have fixed issues with firewall and re-configured ppcoind package.
And I have tested it thoroughly. Please report if it does not work on your network.

* System updated

Standard updating of packages to newer versions/releases.

* Automounting of USB flash drives

This enables easy backups.
For more information see this guide: How to backup wallet.dat · peerchemist/Peerbox Wiki · GitHub

* Peerbox-info now has feature that will help checking of blockchain health

There were reports of Peerbox running on wrong chain, this should enable user to detect problem way faster.
Peerbox-info --health uses peerchain.co as reference.

Read more about peerbox-info: https://github.com/peerchemist/Peerbox/blob/master/PKGBLD/peerbox-info/README.md

New version of peerbox-info can also be used on older Peerbox versions, install it with:
“sudo pacman -Sy peerbox-info”

peerbox-info --health

* Root partition now has 600MB of free space

Downloads:

[size=8pt]sha256: 3784c5f6a8c213a9a6688c5cc305dff612deb45a4f012f40e40224b3a099d4c7[/size]

mirror1:
http://coinno.de/mirror/peerbox-raspi-v0.23.img.gz

European Mirror: http://peerbox-europe.servehttp.com/
Asian Mirror: http://peerbox-asia.servehttp.com/

[size=8pt]sha256: 3a9c3bcc692713850a8bdef01af5b98e8388a3dec0b44647bfff5e21291b9c03[/size][/quote]

http://inversepath.com/usbarmory
this would be good as PeerBox standard for development,
I’ll keep an eye on is development is interesting

@nemecis1000

Looks cool, please do follow news and report. Thanks.

What is the first running ID and pass ?

ok. found
ID: “sunny”
Pass: “peerbox.me”

Well, I finally got my first Raspberry Pi, but unfortunately SSH wasn’t working out-of-the-box for me in v0.23 (v0.22 connects immediately!). After digging around for a spare monitor and keyboard, I discovered that the iptables configuration in the latest version is too restrictive for my home network.

For certain reasons, I use a non-conventional IPv4 range for my private network; however v0.23 Peerbox only allows incoming SSH connections from:
192.168.0.0/24, 192.168.0.1/24, and 10.42.0.0/24

So, after running the following command I was able to connect without further issues: sudo iptables -I INPUT 9 -p tcp -s *MY NETWORK SUBNET* --dport 22 -j ACCEPT

Interestingly, I noticed that the same IP range restrictions are also contained in sshd_config; however the settings there don’t seem to be providing any protection against connections from the alternative IP ranges on my home network…

Thanks, again, peerchemist for your excellent work. My fresh Peerbox node is currently downloading the blockchain, and as soon as it’s complete I’ll post pictures in the bounty thread and request the tip be sent to you!

[quote=“learnmore, post:12, topic:2974”]Well, I finally got my first Raspberry Pi, but unfortunately SSH wasn’t working out-of-the-box for me in v0.23 (v0.22 connects immediately!). After digging around for a spare monitor and keyboard, I discovered that the iptables configuration in the latest version is too restrictive for my home network.

For certain reasons, I use a non-conventional IPv4 range for my private network; however v0.23 Peerbox only allows incoming SSH connections from:
192.168.0.0/24, 192.168.0.1/24, and 10.42.0.0/24

So, after running the following command I was able to connect without further issues: sudo iptables -I INPUT 9 -p tcp -s *MY NETWORK SUBNET* --dport 22 -j ACCEPT

Interestingly, I noticed that the same IP range restrictions are also contained in sshd_config; however the settings there don’t seem to be providing any protection against connections from the alternative IP ranges on my home network…

Thanks, again, peerchemist for your excellent work. My fresh Peerbox node is currently downloading the blockchain, and as soon as it’s complete I’ll post pictures in the bounty thread and request the tip be sent to you![/quote]

I use a non-conventional IPv4 range for my private network

yes, I can not count on every home network configuration possible so I took two most popular.
Please PM me your configuration so I can include it.

however the settings there don't seem to be providing any protection against connections from the alternative IP ranges on my home network...

good to know, I’ll look into that. This is possible serious flaw in open-ssh or my configuration.

I’m glad you like it, you are welcome

[quote=“peerchemist, post:13, topic:2974”]I can not count on every home network configuration possible so I took two most popular.
Please PM me your configuration so I can include it.[/quote]
My situation is pretty unique; maybe the best approach would be to run a short start-up script that detects the current assigned IP and subnet and then writes the iptables dynamically. Honestly, though, most people probably won’t encounter this problem. I think just giving a notice of which IPs are allowed to connect by default is all that is necessary to save others the frustration of trying to figure out why SSH isn’t working.

I think the best way is write in documentation and release note what to do for unconventional LAN configurations, and still keep the actual setup simple. Those who have unconventional configurations probably know what to do once informed.

[quote=“learnmore, post:14, topic:2974”][quote=“peerchemist, post:13, topic:2974”]I can not count on every home network configuration possible so I took two most popular.
Please PM me your configuration so I can include it.[/quote]
My situation is pretty unique; maybe the best approach would be to run a short start-up script that detects the current assigned IP and subnet and then writes the iptables dynamically. Honestly, though, most people probably won’t encounter this problem. I think just giving a notice of which IPs are allowed to connect by default is all that is necessary to save others the frustration of trying to figure out why SSH isn’t working.[/quote]

Yes, I got the same idea last night. To place a script to configure it on first boot. I will do that.

Would it hurt to allow
10.0.0.0/8
172.16.0.0/12
192.168.0.0/16
(private ipv4 networks according to https://tools.ietf.org/html/rfc1918 page 3)?
I mean, those networks are not being routed on the internet and can only be found in a local network.

Automatically detecting the ip address configuration and opening the firewall dynamically can lead to unexpectedly open firewalls in case the peerbox is somehow connected to the internet directly.
I wonder how that may happen, but I think that I need to take into consideration that it could happen…
I’d like to prevent peerbox from having this behaviour as it’s in conflict with the expected security concept

Hey peerchemist,

are you thinking of implementing some kind of optional “plugin” nubits client into peerbox (somewhere down the road)?
Minting NuShares and Peercoin could be really interesting to some of us.

Willy

“uptime”: “31 days, 23:19:45.900000”

Time to switch for 0.24.1 :

Peerbox: { "Peerbox:": "v0.23", "ppcoind": { "blocks": 146354, "connections": 8, "difficulty": 261238298.03699112, "difficulty proof-of-stake": 14.5703529, "errors": "", "keypoololdest": 1413217522, "keypoolsize": 101, "moneysupply": 21910442.218409, "newmint": 0.0, "paytxfee": 0.01, "protocolversion": 60004, "proxy": "", "stake": 0.0, "testnet": false, "version": "v0.4.0ppc-4-g5ace24f-beta", "walletversion": 60000 }, "serial": "xxxxxxxxxxxxxxxx", "uptime": "31 days, 23:19:45.900000" }