Apr.21

Firewall Google server with Windows 10 communication apps

Earlier I wanted to use Windows 10 modern communication apps (Mail, Calendar and People) with my google account. But windows uses svchost.exe for a lot of task including windows update and syncing of email, calendar,.. I use firewall and didn’t wanted to complete outbound access to svchost.exe and wanted to create rule only for Google servers. Here is my research. Hopefully it might help someone.

nslookup -q=TXT _spf.google.com 8.8.8.8

gets us `”v=spf1 include:_netblocks.google.com include:_netblocks2.google.com include:_netblocks3.google.com ~all”`

nslookup -q=TXT _netblocks.google.com 8.8.8.8

nslookup -q=TXT _netblocks2.google.com 8.8.8.8

nslookup -q=TXT _netblocks3.google.com 8.8.8.8

gets us

“v=spf1 ip4:64.18.0.0/20 ip4:64.233.160.0/19 ip4:66.102.0.0/20 ip4:66.249.80.0/20 ip4:72.14.192.0/18 ip4:74.125.0.0/16 ip4:108.177.8.0/21 ip4:173.194.0.0/16 ip4:207.126.144.0/20 ip4:209.85.128.0/17 ip4:216.58.192.0/19 ip4:216.239.32.0/19 ~all”

“v=spf1 ip6:2001:4860:4000::/36 ip6:2404:6800:4000::/36 ip6:2607:f8b0:4000::/36 ip6:2800:3f0:4000::/36 ip6:2a00:1450:4000::/36 ip6:2c0f:fb50:4000::/36 ~all”

“v=spf1 ip4:172.217.0.0/19 ip4:108.177.96.0/19 ~all”

 

I don’t use IPv6 so I am throwing the IPv6 results. Just merge the rest IP ranges by a comma and you will get

`64.18.0.0/20,64.233.160.0/19,66.102.0.0/20,66.249.80.0/20,72.14.192.0/18,74.125.0.0/16,108.177.8.0/21,173.194.0.0/16,207.126.144.0/20,209.85.128.0/17,216.58.192.0/19,216.239.32.0/19,172.217.0.0/19,108.177.96.0/19`

These are google public IP ranges you will ever access.

Now just  create an outbound firewall rule.

– Use these IP range as remote address

– Remote port: 993 (IMAP), 465 (SMTP), 443 (HTTPS), 80 (HTTP)

– Program path: C:\windows\system32\svchost.exe

– Direction: Outbound

 

Just create it and you are good to go.

Uncategorized

Aug.07

How to install Windows Subsystem for Linux (BashOnWindows) offline on Windows

Requirements:

  1. Fiddler
  2. HTTP Web server (Apache/Nginx/Any other)

Downloads:

How To:

  1. First enable Windows Subsystem for Linux from “Program and Features” -> “Turn Windows features on or off”
  2. Restart Windows (MS has a thing for rebooting)
  3. Download one of the image and host it on your local web server if not done already
  4. Start Fiddler and enable “Automatic Breakpoints” (Alt+F11)
  5. Start command prompt and run “lxrun /install /y”
  6. Switch to Fiddler. You will see a request to “https://go.microsoft.com/fwlink/?LinkID=730581”. Click on “Headers” tab -> Right click on “Location” -> “Edit Header” -> Paste your local link URL (i.e. http://localhost/xenial-server-cloudimg-amd64-root.tar.gz) and click on Save -> Run to Completion
  7. There will be another request to “http://localhost/xenial-server-cloudimg-amd64-root.tar.gz”.  Just click on “Run to completion” this time.
  8. After some time, there will again another request to download “ubuntu.ico”. Just allow it.
  9. Create a new user and you are ready to go!

Note for Ubuntu 16.04 users:

There is an issue with “sudo” command in Ubuntu 16.04 build. You will get sudo: no tty present and no askpass program specified. There are two simple possible solutions that I am aware of to fix it.

  • Use “sudo -S” each time. Execute echo $'\n'"alias sudo='sudo -S'" >> ~/.bashrc to create a permanent alias for it
  • Set the default user as root. Execute “LxRun.exe  /setdefaultuser root” in command prompt to do that
Uncategorized