Blocking Netflix IPv6 on Internode using a Mikrotik

Currently access to Netflix via Internode is unmetered, but not if you’re using their IPv6 connectivity. I’ve got a Mikrotik router and wanted to see if I could force it down to IPv4 without disabling connectivity for my desktop machine (which I use mainly for Netflix). It seems just blocking one range (currently) is enough:

  • 2001:44b8:b070:25::/64

I’ll update it as I find out more, please feel free to leave comments with IP ranges that need blocking. :)

It seems if you’re running a DNS server that’s capable of it, you might be able to block AAAA responses for “ipv6*.nflxvideo.net” as the request I was seeing was for “ipv6_1.lagg0.c001.syd001.iinet.isp.nflxvideo.net”. Just another idea.

Implementing firewall rules to block the traffic is fairly simple, here’s the method.

From the command line:

From the interface:

Navigate to IPV6, then firewall. From the “Filter Rules” tab click “Add New”

Fill out these details, ignore everything else. It can’t hurt to add a comment as well.

blocknetflixipv6ablocknetflixipv6action

For both options, remember to move the block up higher in your list than other things which may allow the traffic through.

Carb kits here, and that pesky screw is out

The carb rebuild kits arrived yesterday, with all the associated bits and bobs I need to fix most everything on them. I previous mentioned that they included the floats, but they don’t, which hopefully won’t prove to be an issue. The floats look to be in good condition and I’ve seen mention of repairing any pinprick holes with epoxy, which should serve to get the bike on the road at least initially.

IMG_6814

I finally got the screw from the throttle bracket out last night, after trying the method of cutting a slot in it and that not working (soft metal, bad metal!) I used an easy-out again.

I had a poke around in the bottom end of the second carb, finding a lot of green goo from dead fuel. Cleans up OK, and I’m giving the ultrasonic cleaner a workout stripping a lot of the easy stuff off.

Another day, another picture of me derping up the place. I moved that pesky cupboard to improve the view :)

2015-07-01_2115

Another day, another grumpy screw

I’m sick as a dog right now with a sinus infection, but I can’t help try and do something useful on the bike :) The carb rebuilt kits haven’t arrived yet; they still have to come apart and I need to identify what work they need before I can do anything.

They’re already off the bike so I thought I’d take the bottom off to get to the floats and valves. The screws on the fuel bowls are partially obstructed by the bracket which holds the throttle linkage. Four screws, three came out easy. Left hand one of the two in this shot is the grumpy one. :( I’m going to have a go at making it a slot-head screw, and if that doesn’t work it’s time for another application of mister easy-out.

I’m going to make a bracket that allows me to hold the carb by its body in a vice, which means I don’t have to support it on its side or another functional part. This should make it easier to remove parts and service the carbs without accidentally bending things.

Throttle linkage mount
Throttle linkage mount

Thankfully the screws one one of the fuel bowls came out easily – they seem to have been made stainless from the factory or were replaced sometime in the last 18 years. They’re combination phillips/standard and had spring washers to boot.

Fuel bowl screws
Fuel bowl screws

Once I got the bowl off I was able to see the float and its associated valve. There’s a fair bit of corrosion around the valve, and a big weird lump of rust – as seen next to the screwdriver tip. This validates my choice to buy the “full” rebuild kits which include all the little pins and bushes in this section in addition to just the gaskets and a float valve.

Front carb fuel float
Front carb fuel float

Speaking of functional parts – at the other end of the carbs from the fuel bowls are the diaphragms. I tested removing some of those screws tonight and they seem to come out easy enough – possibly because they were pointing upwards and they caught less debris/water over time.

Top of carbs
Top of carbs

In saying that I’m fairly sure I haven’t actually checked them all yet. Let’s hope everything goes well. In any case they’re quite accessible so I can use vice grips and other methods to remove them if they’re pesky!

Upon their removal, they’re going into this cardboard template, which allows me to match up the original placement with the screw, just in case. R’s for rear, F for … front!

Screw template
Screw template

As usual, another workshop shot. I really need to move that cupboard!

2015-06-29_1815

DNS and Censorship

Computers on the internet have IP addresses, and web sites are stored on some of those computers. The Domain Name System – DNS for short – is the way that your computer translates Domain Names (yaleman.org, google.com) into IP addresses. The simplest analogy I can think of is a community-based assistance service which matches people and their street addresses.

A very contrived example:

  • Adam wanted the street address for Betty in Cardiff.
  • He looks in his local address book, and it’s not there.
  • He calls his directory assistance service who don’t have Betty’s address, so they call someone else on his behalf.
  • The “someone else” is one of fourteen international switch boards who direct requests to other local directory services.
  • It directs Adam‘s service to the service for Cardiff.
  • The Cardiff service provides Betty‘s address – 123 Fourth Avenue.
  • Adam visits Betty for tea. Great success!

Replace directory assistance with DNS server, address with IP address, Adam for your PC and Betty with your favourite web site and you get the idea of where we’re going with this.

In Turkey, China and many other countries – now including my home, Australia –  legislation has been enacted to poison this system. This is to “protect” people from kiddie porn and illegal downloading, or block opinions that don’t agree with the people in charge. Modifying DNS is a fairly simple way for the system to be changed at central points and can be targeted geographically.

Back to our example, with a twist:

  • Adam wanted the street address for Betty in Cardiff.
  • He looks in his local address book, and it’s not there.
  • He calls his directory assistance service who say that Betty lives at 456 Blocked Road. This is because the government has decided that Betty is a pernicious influence on society and that she must be stopped.
  • Adam trusts this information and ends up at the local police station, rather confused and missing out on his tea.

terribleblockimage

The weakness of  this method is that it’s so easy to avoid.

DNS isn’t hosted at a single place, so selectively blocking it would likely break large swathes of the internet. Using your Internet Service Provider’s DNS server is the position that most people take because it’s normally fast, reliable and primarily because it’s the default.

In future, Adam knows his directory assistance has been tainted by the government, so he calls someone else for the information.

As in Turkey and other examples, if sites are being blocked by DNS poisoning, the easiest way to circumvent it is by using alternative name servers like Google’s. They’re hosted at 8.8.8.8 and 8.8.4.4. These are just two prime examples and there are many, many places to resolve DNS – including the Root Name Servers (the international directory assistants – but if everyone did that, it’d be a bit of a bad idea).

DNS 8.8.8.8 Alternative 8.8.4.4 Turkey

Let me repeat that:

… if sites are being blocked by DNS poisoning, the easiest way to circumvent it is by using alternative name servers …

Does this sound hard? It’s easier than it looks.

There’s great guides here on OpenDNS’ site. They’re an alternative DNS service who also provide services such as ad blocking and category-based denial if you’ve got kids, and they publicly state that they refuse to be complicit in censorship. You can easily find alternative DNS servers with a quick search.

The government has pushed this change onto us without us asking for it, but we don’t have to accept it. Peaceful protest combined with effective representation should be the way to avoid and resolve these kinds of problems, but sometimes taking a silent stand is another.

My first easy-out

Since the front brakes only worked enough to stop you rolling backwards on a slight incline, I figured I had to at least bleed the brakes. To do that, I needed to take the top off the brake fluid reservoir and flush the fluid out.

One of the screws came out nicely after the usual ‘crack’ of breaking the mechanical lock. The other one, not so much. I used a perfectly sized phillips head screwdriver, which promptly made a mess of the steel of the screw. It was like twisting in butter, sadly.

My first attempt at removing it was to make use of a tiny leftover dremel cutoff wheel that I found, after considering using a larger one and realising the damage it was likely to cause to the cover.

A new use for "used up" cutoff wheels!
A new use for “used up” cutoff wheels!

Unfortunately that didn’t yield any real results – I couldn’t cut deep enough without damaging the cover, and when I did get a few mm of depth the metal just tore away under the flat faced screwdriver I was using.

Before I thought to try the Dremel, I’d bought an easy-out screw remover from Bunnings on my way home. If you haven’t heard of them before, the basic idea is to drill a hole into the middle of the screw, then screw something into that hole which goes in the “undo” direction of the pesky fastener. The Wikipedia page “Screw extractor” has a quite handy description, funnily enough.

And here it goes!

Thankfully that worked, drilling a small hole in the middle all the way through the screw and out the other side, then screwing the fluted extraction tool into the new void.

The removed and the remover
The removed and the remover

Once that was out, I was able to break the seal on the reservoir and view the delicious honey-coloured – and consistency – brake fluid. That’s going to have to bugger right off, as soon as I get my new vacuum pump.

I’m glad it worked, as I’ve never tried to use one before and I’d heard some horror stories about alternative solutions when they don’t work :) Lots of reading, treating the tool gently and a little bit of luck and I was done. On to the next trick!

Nasty brake fluid