Small SMS to Email gateway with Tasker, Android and a webserver
I wanted to forward SMS text messages to email. Tasker has an email action, but it won't automatically send the email, just provide the composing window.
Gladly Tasker can do HTTP-requests and read SMS, so we can forward the SMS to our own webserver to mail it from there.
Tasker part:
- Create Profile "Incoming SMS"
- Make it run Task "SMS2Email" when Event "Received Text SMS" is triggered.
- Create new Task "SMS2Email"
- In Task "SMS2Email:
- Make sure mobile data is turned on
- Do the following HTTP POST Action:
Server: https://www.myserver.com
Path: smsgateway.php
Data / File: sms=%SMSRF / %SMSRN / %SMSRB / %MMSRS / %SMSRD / %SMSRT
Trust any certificate: check
Webserver part on www.myserver.com:
# /var/www/smsgateway.php <?php $sms = $_POST["sms"]; $sms_parts = explode("/", $sms); $sms_num = $sms_parts[0]; $sms_nam = $sms_parts[1]; $sms_txt = $sms_parts[2]; $sms_dat = $sms_parts[4]; $sms_tim = $sms_parts[5]; $body =" $sms_dat $sms_tim $sms_num $sms_nam $sms_txt "; mail("targetemail@myserver.com", "SMS $sms_nam $sms_num", $body, "From: Snappy Sendername <smsservice@myserver.com>"); ?>
Here we go. After receiving a SMS, Tasker makes the HTTP-request, delivering the content of the SMS to the webserver. PHP sends the content out by mail.
If you don't want to forward all SMS, you can add additional filters in Taskers event "Received Text SMS".
Make sure your PHP setup is able to deliver mail. Check if messages go to spam.
Asterisk chan_sip am Vodafone Business IP Anlagenanschluss
Vodafone, Vodafone,
das hat Nerven gekostet. Ein Kunde mit Asterisk Telefonanlage wurde im Zuge der ISDN-Abschaltung auf einen "Vodafone IP Anlagenanschluss" umgestellt. Leider liefert Vodafone weder Konfigurationsbeispiele für gängige Telefonanlagen, noch halten Sie sich an die Standards, die man von anderen SIP-Anbietern seit Jahrzehnten kennt. Nach einer ziemlichen Frickel-Odyssee habe ich eine funktionierende Konfiguration hinbekommen, die ich Euch nicht vorenthalten möchte.
Als Dokumentation bietet Vodafone diese sehr allgemein gehaltene Schnittstellenbeschreibung:
https://www.vodafone.de/media/downloads/pdf/ip-anlagen-anschluss-schnittstellenbesch.pdf
Ausserdem bekommt man von Vodafone folgende Zugangsdaten zum gebuchten Anschluss:
Rufnummernblock: 0211 - 1234567 0,9 (also 0211-12345670-9) SIP-Username/s: (02111234567) SIP-Domain-Name: kundenname.ngn.vodafone.de PBX-IP: (eigene statische externe IP Adresse) 1.2.3.4 SBC-IP: (IP des Vodafone SIP proxys) 5.6.7.8 Port: 5060 Transport-Protokoll: StaticTCP
IP des Asterisk im LAN: 10.10.10.10
Routerkonfiguration
Tief in der Schnittstellendokumentation verborgen findet sich der RTP-Portrange der für die Audio-Kanäle benötigt wird. Dieser ist bei Vodafone leider nicht wie bei vielen anderen SIP-Anbietern 10000-10xxx sondern 55000-Anzahl der Sprachkanäle*2. In meinem Fall waren 5 Sprachkanäle gebucht worden also ist der korrekte Portrange 55.000-55010.
Die SIP-Signalisierung findet Standardmäßig wie sonst gewohnt nicht per UDP sondern per TCP statt. Hier habe ich ewig gehangen, da ich "Transport-Protokoll: StaticTCP" bei den Zugangsdaten geflissentlich überlesen hatte. Da es in 20 Jahren SIP bei keinem Provider über TCP lief, habe ich es wohl einfach ausgeblendet.
Als Ergebnis kam ich zu folgendem Portmapping im Router:
TCP 5060 Eingehend auf 1.2.3.4 -> 10.10.10.10:5060 UDP 55000-55010 eingehend auf 1.2.3.4 -> 10.10.10.10:55000-55010
Zusätzlich habe ich QoS im Router für 10.10.10.10 aktiviert um die Datenpakete der Telefonanlage gegenüber dem anderen Traffic aus dem LAN zu priorisieren.
Asterisk
;/etc/asterisk/rtp.conf ;Vodafone RTP-Range konfigurieren rtpstart=55000 rtpend=55010
#/etc/asterisk/sip.conf [general] ;TCP Transport für SIP in Asterisk aktivieren tcpenable=yes tcpbindaddr=10.10.10.10 ;NAT konfigurieren externaddr=1.2.3.4 media_address=1.2.3.4 localnet=10.10.10.0/255.255.255.0 ;Vodafone erwartet eine Expirytime von mindestens 1800 ansonsten ist keine Verbindung möglich maxexpiry=2000 minexpiry=1800 defaultexpiry=1800 directmedia=no canreinvite=no ;Der Kontext ist notwendig, damit andere SIP-Anrufe an die Anlage nicht irgendwo im Dialplan landen, ;wo man sie nicht haben will. Alternativ kann man auch mit permit/deny Regeln die IP-Adressen einschränken, ;die ASterisk kontaktieren dürfen. context=leer [leer] [vodafone-in-peer] type=peer context=vodafone-in host=5.6.7.8 ;habe hier udp dringelassen, da vodafone angeblich auch udp als fallback anbietet, ;tcp ist aber notwendig, ohne hat es nicht funktioniert transport=tcp,udp disallow=all allow=g722 allow=alaw allow=ulaw [vodafone-out-peer] type=peer defaultuser=02111234567 host=5.6.7.8 transport=tcp,udp disallow=all nat=force_rport,comedia directmedia=no qualify=no disallow=all allow=g722 allow=alaw allow=ulaw
;/etc/asterisk/extensions.conf [vodafone-in] ;test-extension für einen eingehenden Anruf im Rufnummernblock. Hier für die Blocknummer "0" exten => +4921112345670,1,Answer() ; Asterisks Echo Test. Man hört sich selbst, wenn man in den Hörer spricht und alles geklappt hat exten => +4921112345670,n,Echo() exten => +4921112345670,n,Hangup() ;test-extension für einen ausgehenden Anruf [vodafone-out] ;vodafone erwartet das Setzen eines P-Asserted-Identity Headers. ;Weitere Details in der Schnittstellenbeschreibung ;Hier dringend selbst noch mal die Schnittstellenbeschreibung ;studieren, da die Lokalisierung von Notrufen über diesen Wert realisiert wird ;ich selbst habe es noch nicht testen können und weiss nicht, ob Notrufe so funktionieren, ;normale Gespräche funktionieren. exten => 1,1,SipAddHeader(P-Asserted-Identity: <sip:+4921112345670@kundenname.ngn.vodafone.de:5060\;user=phone>) ;Setzen der CLIP (Absenderrufnummer, Vodafone erlaubt hier jede beliegbige Nummer, ;nach TeleKG darf man aber nur eigene oder Weitergeleitete Nummern nutzen ;) ;Auf Protokoll-Ebene wird hier der From: Header im SIP-Dialog gesetzt exten => 1,n,Set(CALLERID(num)=+4921112345670) ;Ausgehender Anruf an eine von Euch gewählte Testnummer exten => 1,n,Dial(SIP/+498001234567@vodafone-out-peer)
Ich komme nicht um den Gedanken herum, dass Vodafone sehr gerne eigenen Service und Telefonanlagen verkaufen möchte und es "Drittanbietern" möglichst schwer gemacht werden soll, indem man kleine Details anders macht als alle anderen und gleichzeitig nur eine sehr allgemeine Dokumentation liefert.
Das wars. Geholfen haben mir diese Posts von Leuten die ähnliche Probleme hatten. Vielen Dank an alle!
https://www.ip-phone-forum.de/threads/vodafone-ip-anlagenanschluss-%C3%BCber-chan_sip-einbinden.305595/
https://www.pascom.net/forum/t/vodafone-anlagenanschluss-keine-ausgehenden-anrufe/2026/5
https://steffenschiffel.de/asterisk-und-vodafone-anlagen-anschluss-plus-trunk/
XIAOMI MI A1 – Lineage – Better gps.conf
Lineages gps.conf for the A1 didn't work good for my device.
This configuration gives me a GPS fix within 10 seconds in Germany.
If you want to use this file in another location, change the NTP servers to local ones for your location.
# /vendor/etc/gps.conf NTP_SERVER=ntp1.fau.de NTP_SERVER=ptbtime2.ptb.de NTP_SERVER=time1.one4vision.de NTP_SERVER=rustime01.rus.uni-stuttgart.de NTP_SERVER=ntp.probe-networks.de NTP_SERVER=ntp2.fau.de NTP_SERVER=atom.uhr.de NTP_SERVER=ntps1-0.fh-mainz.de NTP_SERVER=ntps1-0.cs.tu-berlin.de NTP_SERVER=time.fu-berlin.de NTP_SERVER=ntp.stairweb.de NTP_SERVER=de.pool.ntp.org NTP_SERVER=0.de.pool.ntp.org NTP_SERVER=1.de.pool.ntp.org NTP_SERVER=2.de.pool.ntp.org NTP_SERVER=3.de.pool.ntp.org NTP_SERVER=europe.pool.ntp.org NTP_SERVER=0.europe.pool.ntp.org NTP_SERVER=1.europe.pool.ntp.org NTP_SERVER=2.europe.pool.ntp.org NTP_SERVER=3.europe.pool.ntp.org XTRA_SERVER_1=/data/xtra.bin AGPS=/data/xtra.bin AGPS=http://xtra1.gpsonextra.net/xtra.bin XTRA_SERVER_1=http://xtra1.gpsonextra.net/xtra.bin XTRA_SERVER_2=http://xtra2.gpsonextra.net/xtra.bin XTRA_SERVER_3=http://xtra3.gpsonextra.net/xtra.bin DEFAULT_AGPS_ENABLE=TRUE DEFAULT_USER_PLANE=TRUE REPORT_POSITION_USE_SUPL_REFLOC=1 QOS_ACCURACY=50 QOS_TIME_OUT_STANDALONE=60 QOS_TIME_OUT_agps=89 QosHorizontalThreshold=1000 QosVerticalThreshold=500 AssistMethodType=1 AgpsUse=1 AgpsMtConf=0 AgpsMtResponseType=1 AgpsServerType=1 AgpsServerIp=3232235555 INTERMEDIATE_POS=1 C2K_HOST=c2k.pde.com C2K_PORT=1234 SUPL_HOST=FQDN SUPL_HOST=lbs.geo.t-mobile.com SUPL_HOST=supl.google.com SUPL_PORT=7276 SUPL_SECURE_PORT=7275 SUPL_NO_SECURE_PORT=3425 SUPL_TLS_HOST=FQDN SUPL_TLS_CERT=/etc/SuplRootCert ACCURACY_THRES=5000 CURRENT_CARRIER=common
TUXEDO InfinityBook Pro 14 v5 with Arch Linux
I had a few problems making Arch work properly with the Tuxedo InfinityBook Pro 14 v5.
I will share my problems and fixes here.
Constant high CPU load on one core
After boot one CPU core constantly jumped up to 42% and kept staying there. This drove the fan to insane RPM and drained the battery quickly. I debugged this by checking what caused the load. Using top revealed, that all the load was sys load, which is caused by the kernel. So I checked kernel stats with nmon which brought me to the conclusion, that the problem was related to IRQ. A quick cat /proc/interrupts showed me, that the core in question was taken hostage by tpm0 which is the kernel module for the Trusted Platform Module which I never knowingly used. I disabled loading of the module by blacklisting it. I am not quiet sure if this has any bad consequences but I haven't noticed anything yet. Without the module loaded, the core instantly went back to normal.
cat /etc/modprobe.d/blacklist.conf blacklist tpm blacklist tpm_tis blacklist tpm_crb blacklist tpm_tis_core
Settings for i915 driver (Intel UHD620 integrated graphics)
I guess there is a lot more tuning possible, but this basic setup works fine for me.
Good documentation can be found here.
cat /etc/default/grub | grep GRUB_CMDLINE_LINUX_DEFAULT GRUB_CMDLINE_LINUX_DEFAULT="i915.enable_fbc=1 i915.enable_guc=-1 i915.fastboot=1"
DisplayLink output via Thunderbolt3 port
To enable DisplayLink via the Thunderbolt3 port this BIOS setting needs to be set:
BIOS -> Advances chipset setup -> DDI -> DDI to TBT
After that the instructions from the Arch Wiki made my external screen connected via USB-C work. Follow the instructions for USB3 DisplayLink devices.
Disabling internal microphone
One of the features that are important to me is the possibility to disable the internal mic of the device.
A little bit of paranoia is always good. I bought the device believing that this will be possible directly from the BIOS,
because TUXEDO states this in it's product description. The option is available in the BIOS, but it was a big disappointment.
You actually *can* disable the mic, but not without disabling sound *output* as well. Basicly the whole intel audio chip is being turned off. This is no option, so I wrote a little script as a dirty workaround, that mutes the internal mic every second. I might just disconnect the cables in the future but right now I am not into disassembling the device.
#!/bin/bash while [ 1 ]; do amixer set Capture nocap amixer set Capture 0% sleep 1 done;
Suspend (sleep) on closing the lid
I wanted the notebook to suspend when the lid is closed. XFCEs builtin power manager did not work out of the box. I read that it could interfere with systemds builtin power manager, so i uninstalled it:
pacman -R xfce4-power-manager
I experiemented with many different kernel parameters, until i found the one that worked (acpi_osi=Linux):
cat /etc/default/grub | grep CMD_LINE GRUB_CMDLINE_LINUX_DEFAULT="i915.enable_fbc=1 i915.enable_guc=2 i915.fastboot=1 acpi_osi=Linux"
I am unsure if i really needed to do this, but I uncommented a line in systemds sleep.conf
cat /etc/systemd/sleep.conf [Sleep] SuspendMode=suspend
Finaly i configured systemds logind.conf
[Login] HandleLidSwitch=suspend HandleLidSwitchDocked=suspend LidSwitchIgnoreInhibited=yes
Now the device suspends on every lid close and wakes up again after opening the lid.
Create binaural beats on the fly on the linux command line
I was looking for a quick way to generate binaural beats on the fly from the Linux console.
The "play" command from the sox package makes things pretty easy.
This is my little wrapper script for "play":
#!/usr/bin/php <? # binaural - wrapper script to create binaural beats on the fly if (!$argv[1]) { echo "Binaural beat generator\n"; echo "Usage: binaural basefreq offset length(s)\n\n"; exit; } $freq2 = $argv[1] + $argv[2]; $cmd = "play -n synth $argv[3] sin $argv[1] sin $freq2"; echo $cmd; echo "\n\n”"; passthru($cmd); ?>
So for example if you want to generate a 5 minute binaural sound for the Schumann resonance (7.8HZ) with a base frequency of 120HZ, you would use:
binaural 120 7.8 300
A very comprehensive guide to the different frequencies can be found here:
Android – Increase headphones volume in Android 7 Nougat / Lineage OS
- Mount /etc read/writeable with your favourite file explorer (Root Explorer can do it for example)
- Locate /etc/mixer_paths.xml
- Open it with your favourite text editor.
- Play with the values for "RX1 Digital Volume" and "RX2 Digital Volume" in the "Headphones" path
- Save
- Reboot
- Check the results
Be careful, it can get very loud and noisy if you push it too far. I guess it might even damage your headphones/ears, so start your tests with a low volume. I set mine to 93 on my bullhead device (Nexus 5x) and it's too loud for some of my MP3 at max volume, still great for most of my others.
Shell commands for hardware management in Android 6 Marshmallow / Cyanogenmod 13
If you are using an automation app like Tasker, Llama or Automate, you can toggle / turn on / turn off WIFI, Data, GPS etc. with shell commands. I collected these little sniplets for my own setup. They work on my device (Nexus 5x with Cyanogenmod 13). They should work on other Android 6 devices as well.
Run all shell commands as root.
WIFI
svc wifi enable svc wifi disable
DATA
svc data enable svc data disable
GPS
# turn GPS on settings put secure location_providers_allowed +gps # turn GPS off settings put secure location_providers_allowed -gps
Flightmode
# Flightmode on settings put global airplane_mode_on 1 am broadcast -a android.intent.action.AIRPLANE_MODE # Flightmode off settings put global airplane_mode_on 0 am broadcast -a android.intent.action.AIRPLANE_MODE
Turn off screen without locking device (emulate power button keypress)
input keyevent 26
Toggle Network mode (2G/3G/4G)
I have been searching for a long time, but there seems to be no direct way to do this.
The best solution I have found requires xposed framework and gravitybox installed.
I found the available network types here:
http://android.stackexchange.com/questions/44347/simple-way-to-toggle-between-2g-and-3g-connection
Identify the right settings for your device:
# Disable your automation app, set networking mode with the preferences in your devices GUI. # Then run settings get global preferred_network_mode # The currently set network mode number will be shown in shell
Just send the following intent to toggle network mode:
Send Intent [ Action: gravitybox.intent.action.CHANGE_NETWORK_TYPE Cat: None Mime Type: Data: Extra: networkType:1 Extra: Package: Class: Target: Broadcast Receiver] networkType enum values are: 0: WCDMA Preferred 1: GSM only <-- This would be "2G" on GSM networks 2: WCDMA only <--WCDMA is "3G" on GSM networks. You may know it as HSPA 3: GSM auto (PRL) 4: CDMA auto (PRL) 5: CDMA only <-- This would be "2G" on CDMA networks 6: EvDo only <-- EvDo is "3G" on CDMA networks 7: GSM/CDMA auto (PRL) 8: LTE/CDMA auto (PRL) 9: LTE/GSM auto (PRL) 10: LTE/GSM/CDMA auto (PRL) 11: LTE only 12: "unknown"
Disable captive portal detection
This needs to be set at boottime. It doesn't survive a reboot.
settings put global captive_portal_detection_enabled 0 settings put global captive_portal_server 127.0.0.1
Force a DNS of your choice
Google removed the option to change the DNS for mobile data. (ugly, ugly, ugly)
You can force your device to use your fav DNS with iptables for mobile data:
/system/bin/iptables -t nat -A OUTPUT ! -o wlan0 -p udp --dport 53 -j DNAT --to-destination 213.73.91.35:53
In case you have found a better way to switch network mode, I'd really appreciate your comment 🙂
Simulating a bad connection / packet loss with iptables
This will randomly drop 60% of outgoing packages with a local process as source.
Use it for testing purposes or if you need a good laugh.
#!/bin/bash iptables -A OUTPUT -m statistic --mode random --probability 0.6 -j DROP
Iptables revised
Just a backup of the updated iptables setup for my gateway box:
[CABLE MODEM] - [eth0 GATEWAY eth1] - [LAN SWITCH] - - - [CLIENTS]
Thanks to O'Reilly for this great book that helped me a lot: Linux iptables Pocket Reference
#!/bin/bash wan_nic=eth0 lan_nic=eth1 lan_nic_ip=192.168.1.69 lan_network=192.168.1.0/24 # PORT MAPPING FUNCTION MAP(){ iptables -A PREROUTING -t nat -i $wan_nic -p $1 --dport $2 -j DNAT --to $3:$4 echo "PORTMAP: Mapped a port. localhost:$2 ($1) -> $3:$4 [$5]" } # Del old rules iptables -t filter -F iptables -t nat -F iptables -t mangle -F echo "Deleted old rules" # Default Policies #iptables -P PREROUTING ACCEPT iptables -P FORWARD ACCEPT iptables -P INPUT DROP iptables -P OUTPUT ACCEPT #iptables -P POSTROUTING ACCEPT echo "Set default policies" # Enable NAT echo 1 > /proc/sys/net/ipv4/ip_forward echo "Enabled ip_forward in kernel" ###### INPUT LOCAL # FROM EVERYWHERE iptables -A INPUT -p icmp -j ACCEPT # FROM LOCAL TO LOCAL iptables -A INPUT -i lo -j ACCEPT # FROM LAN TO LOCAL # Needed for DHCP clients (no ip yet so allow interface, not ip range) iptables -A INPUT -i $lan_nic -j ACCEPT # Allow LAN TO LOCAL iptables -A INPUT -s $lan_network -j ACCEPT # ALLOW PACKAGES SENT FROM GW TO WAN TO COME BACK iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT # FROM WAN TO LOCAL iptables -A INPUT ! -s $lan_network -j DROP echo "Configured INPUT CHAIN" ###### OUTPUT LOCAL (done with default policy) # FROM LOCAL TO LAN # FROM LOCAL TO WAN # FROM LOCAL TO LOCAL ###### FORWARD # FORWARD FROM LAN TO WAN # LOCK BAD CLIENTS IN LAN #SONY TV iptables -A FORWARD -s 192.168.1.20 -j DROP #NETGEAR iptables -A FORWARD -s 192.168.1.100 -j DROP #DLINK iptables -A FORWARD -s 192.168.1.101 -j DROP echo "Configured FORWARD chain" # FORWARD FROM WAN TO LAN # NAT the LAN /sbin/iptables -t nat -A POSTROUTING -o $wan_nic -j MASQUERADE echo "Enabled MASQUERADEing" # Don't forward unrelated packages from the outside iptables -A FORWARD -i $wan_nic -m state --state INVALID -j DROP echo "DISABLED FORWARDING for connections from the outside" # Portmappings from WAN to LAN MAP tcp 80 192.168.1.2 80 SRV_HTTP # FINALIZE /etc/init.d/networking restart echo echo dhclient -v eth0 echo echo ping -c1 134.99.128.2 echo echo ping -c1 192.168.1.2 echo echo echo "done"
Disabling Captive Portal in Android Cyanogenmod 13+ Marshmallow
If you have seen that stupid ! beside your WIFI or MobileData icons in Android, you have discovered the "Captive Portal Detection" which has been added in KitKat or so. It's terribly bugged if you are using a firewall in Android plus if you don't, your device connects to Google every time you go online.
Since Marshmallow this behaviour can't be disabled permanently. Captive Portal Detection is being reenabled after every boot.
So use your favourite script runner app (Tasker can do it) to run these commands at boot time to disable the crap:
settings put global captive_portal_detection_enabled 0 settings put global captive_portal_server localhost
Changing DNS for mobile data in Cyanogenmod 12+ and Android Kitkat Marshmallow
You need root for this.
In my (probably never ending) mission to remove Google from my Android device, I recently found out, that I missed a very important detail. When using mobile data, the phone gets its IP and DNS information from the cell provider. With recent android versions, the cell providers DNS is sometimes being ignored and Googles DNS server (8.8.8.8) is used instead. This allows Google to mine data on every DNS request done by many Android devices in the world. The DNS setting for mobile data can't be changed in the GUI. There are older shell commands which used to work in KitKat to change the mobile data DNS on Android but they are being silently ignored. If 8.8.8.8 is not set, your cell providers DNS is used which most probably also mines your resolved domains. If you are into privacy, it's always a good idea to use a trustworthy DNS for your connection. It's kinda creepy, that there is no uncomplicated way to change the mobile data DNS in Android.
But there is a hackish solution that works.
You need AFWall for it. As you reached this article I asume, that you are already using it. It's an iptables fireall implementation for Android that allows you to block internet access for certain apps and run custom iptable commands automatically.
- Open Afwall
- Menu
- Set custom script
You can set 2 custom scripts here. One runs after the firewall is being enabled, the other one runs after the firewall is being stopped.
# Enable script # Route all outgoing traffic with a destination port of 53 (DNS) to another DNS server IT=/system/bin/iptables DNS=your.fav.dns.ip $IT -t nat -A OUTPUT -p tcp --dport 53 -j DNAT --to-destination $DNS:53 $IT -t nat -A OUTPUT -p udp --dport 53 -j DNAT --to-destination $DNS:53
# Disable script # Remove the 2 rules from the NAT table IT=/system/bin/iptables $IT -t nat -D OUTPUT 1 $IT -t nat -D OUTPUT 1
You can check your used DNS server(s) here: https://www.perfect-privacy.com/german/dns-leaktest/
A few more trustworthy DNS servers can be found here (scroll down): https://www.ccc.de/censorship/dns-howto/
Shame on you Google. I have to tinker with iptables to set such a basic thing as a DNS server?
Ugly. Ugly. Ugly.
UPDATE:
The Afwall method didn't work well on my device after some testing. Sometimes I was unable to use DNS at all. Running the iptables rule from any startup script during boot works fine though (Tasker can do it). I changed the script a bit to only affect mobile data DNS because changing it for Wifi as well (in the original script) broke other things in my LAN.
# Enable script # Route all outgoing traffic going thru rmnet interfaces (androids mobile data interfaces) with a destination port of 53 (DNS) to another DNS server IT=/system/bin/iptables DNS=your.fav.dns.ip $IT -t nat -A OUTPUT -i rmnet+ -p tcp --dport 53 -j DNAT --to-destination $DNS:53 $IT -t nat -A OUTPUT -i rmnet+ -p udp --dport 53 -j DNAT --to-destination $DNS:53
Ich hoste eine eigene Searx Instanz
Searx ist eine Meta-Suchmaschine, die man relativ einfach auf dem eigenen Server hosten kann. Searx versucht so gut wie möglich die Privatsphäre der User zu schützen und ein anonymes aber doch bequemes Suchen zu ermöglichen. Die Nutzung von Searx bietet viele Vorteile:
- Paralleles Abfragen von ca. 70 Suchmaschinen
- Stark konfigurierbar
- Nettes Design
- Man hinterlässt seine IP-Adresse nicht auf den Servern der Suchmaschinen und kann so weitestgehend anonym suchen. Die abgefragten Suchmaschinen erhalten lediglich die Adresse des Searx-Servers. Nutzt man einen Server, den viele andere auch nutzen, ist von der Suchmaschine nicht mehr nachvollziehbar, wer gerade was gesucht hat.
- Man bekommt keine Cookies von den Suchmaschinen untergejubelt
Meine Installation bietet die folgenden Features:
- Relativ flott, mit schneller Leitung an mehrere Backbones angebunden
- Searx nutzt 6 CPU-Cores parallel
- Searx selbst loggt nicht
- Mein Webserver loggt nicht die Inhalte der Requests und nur das erste Oktett der IP-Adresse. Eine Zuordnung zu einer bestimmten Person ist so nicht mehr möglich.
Meine Searx-Instanz findet Ihr hier: https://www.perfectpixel.de/searx/
Viele weitere Searx-Instanzen findet Ihr hier: https://github.com/asciimoo/searx/wiki/Searx-instances