Finding Your Way Home

Like many of us, you may need to host stuff on your home computers and access it via the Internet. If you paid for a static address from your provider, you can map a domain name to it via your ISP’s DNS. But for the majority of us, getting a static address from our provider means paying a good deal more for little to nothing more. For example, my provider (which by the way offers excellent service) is so stable that my IP address changes once a year, or even less often. But for others, the IP address changes more often and it’s difficult to keep track of it.

Some services, like DynDNS, provide you with a script and a couple of tools to access your stuff via a virtual domain name (or something like that). The magic behind DynDNS maps your domain name to your ever-changing provider-specific IP address. But what if you just want to find your way home, without a domain name and without having to deal with an extra service provider?

The solution is to have a script that fetches your Internet address from your router and somehow post it somewhere you can always have access to. One possible solution is to have a script that watches the changing address and sends you a mail whenever it changes. Turns out, that’s not as complicated as it first would seem.

First, you will need to install postfix and mailutils as we discussed here and also package curl. All these are in Ubuntu’s default repositories, and should be easy to find for your distro.

Let us use DynDNS‘s http://checkip.dyndns.org to get the router’s address. There are other ways depending on your router’s configuration and OS to get the router’s address directly, but this one is pretty straightforward: the web page echoes the address it sees the request coming from, and that’s your address. A previous version of the script used wget to log onto the router’s status page (with passwords) to get the IP address, but I find that having to store the router’s username and password in plain text a bad idea. So I replaced that part of the script by DynDNS’s helper page.

The script consists in getting the web page, parsing it to get the IP address, and check if it changed. If the IP address didn’t change, nothing happens, it sleeps a location-specific amount of time (in my case, it could be days or months at a time) before checking again. If it did change, it sends an emails to a list of recipients to warn them of the address change.

The Bash script is as follows:

#!/bin/bash

echo $(date +"%Y/%m/%d %T") === starts | tee -a ip.change.log

while [ true ]
do
    # ideally, I'd like to get rid of dyndns and
    # use something more portable (although not
    # all routers allow probing the WAN address
    # without logging in first) We should also check
    # if curl succeeded!
    #
    ret=$(curl -s http://checkip.dyndns.org)
    rc=$?

    if [ $rc == 0 ]
    then
        my_ip=$(echo $ret | grep [0-9].*[0-9] -o)
    else
        echo Error on curl! returned $rc
        continue
    fi

    # check if it changed.
    #
    if [ -f last_known_ip ]
    then
        last_ip=$(< last_known_ip)
        if [ "$last_ip" == "$my_ip" ]
        then
            changed=false
        else
            changed=true
        fi
    else
        changed=true
    fi

    # if it changed, update the saved ip
    # and notify the recipients using mail
    #
    if [ "${changed}" == true ]
    then
        echo $my_ip > last_known_ip
        echo $(date +"%Y/%m/%d %T") === ${my_ip} | tee -a ip.change.log

        # notify a list of recipients
        # -a "header: value" appends a
        # field into the standard mail
        # header.
        #
        mail \
            -a "from: your.user@yourprovider.com" \
            -s "IP address changed to "${my_ip} \
            -t $(< recipients) \
            < body
    fi

    sleep 30m # m=minutes
done

(The rather elegant grep [0-9].*[0-9] -o hack is a suggestion of Wilfred, a friend of mine.)

The body file is just a plain text message, for example:

This is an automated message.

Reply to this mail to notify
sender of problems or to be
removed from notification list

Or whatever is convenient for you. The recipients file contains a list of email addresses of people that should be notified of the address change. Something like:

your.email@whereever.com
your.friends@elsewhere.org

And you now all set.

*
* *

Now all you have to do is to set your router rules to access your computers and services at home. I do advise you to take some time to check if both your usernames and passwords are ‘strong’, that is, avoid really stupid user/password combination such as user martin and password martin. Prefer things that dictionary attacks will have a hard time to find. I like having usernames with the first letter of the given name and the complete family name, say rmartin, and strong passwords like c9k3am64#$. Make sure also that remote admin (WAN) functions are disabled. Another thing is to move the normal ports for services to random-looking ports. For example, move port 22 to 28512 (or whatever). That also throws off basic network mapping based attacks which will scan for the usual 22, 80, 453, etc.

2 Responses to Finding Your Way Home

  1. EdH says:

    It looks like the link to the postfix & mailutils install is bad, at any rate I just come back to this page.

    ed

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: