Stefan Helander

pfSense port forward to a NAT:ed IP-address located on the other side of a ipsec tunnel

/0 Comments/in /by

This is kind of a special scenario but actually occured for me. A port on the pfSense WAN should be NAT:ed to an IP-address located on a remote subnet via an ipsec tunnel. The problem here was the router on the other end of the tunnel did not route all it’s outgoing traffic over the tunnel. Only a few subnets behind the pfSense went through the tunnel. All other traffic was using the routers normal Internet connection.

In the image above, a port (123 in the example code below) on the pfSense (100.1.1.1) should be NAT:ed and port forwarded to 10.0.0.7. The result was the NAT:ed port forwarded packets reached the intended host (10.0.0.7) but replies probably went straight back on the internet, not going back through the tunnel.

I solved this by setting up a simple proxy on a server using iptables located on a machine in one of the subnets at the pfSense site which was reachable from 10.0.0.7 through the tunnel. See next image.

The proxy was made using iptables in a Ubuntu machine on 10.2.2.2. Both the proxy server on 10.2.2.2 and the host 10.0.0.7 could reach each other over the ipsec tunnel.

In pfSense I changed the NAT / port forward of port 123 from 10.0.0.7 to 10.2.2.2 (and deleted the existing states in pfsense from my previous tries, until I did that, this didn’t work).

The proxy server using IP-tables was set up like this (guide found here):

sudo sysctl -w net.ipv4.ip_forward=1
sudo iptables -t nat -A PREROUTING -i ens160 -p udp --dport 123 -j DNAT --to 10.0.0.7
sudo iptables -t nat -A POSTROUTING -o ens160 -p udp --dport 123 -j SNAT --to-source 10.2.2.2
sudo iptables -t nat -A POSTROUTING -p udp --sport 123 -j SNAT --to-source 10.2.2.2

You will probably want to make sysctl ip_forward and iptables statements persistent over reboots.

Stefan Helander

Ispconfig3 monitor tab not opening when using non-english language [BUG – WORKAROUND]

/0 Comments/in /by

This is caused by a bug when saving the translation file concerning the langauge key for “Let’s Encrypt log”.

When the translation file for the Monitor tab is saved, the necessary backslash before the ‘ in “Let’s” is not saved into the file. The problem is described in this bug report: https://git.ispconfig.org/ispconfig/ispconfig3/-/issues/5881 but for the moment not resolved.

To workaround this problem, manually edit the file /usr/local/ispconfig/interface/web/monitor/lib/lang/XX.lng (where XX is your language). Find the line beginning with: 

$wb['Let's Encrypt log'] =

Insert a backslash like this:

$wb['Let\'s Encrypt log'] =

Save the file and your Monitor tab will work again. This must be repeated each time you edit the translations for monitor.

Water lock in floor drain
Stefan Helander

How to open and clean a water lock in a floor drain looking like this (see photo)

/0 Comments/in /by

In a house in Denmark I needed to clean the water trap in a floor drain looking like the one in the photo. (For some weird reason, these kind of household tasks always end up on the male… But that is another discussion :).)

Water lock in a floor drain in Denmark

I wrongly made the assumption that I needed to unscrew the four screws. Bad decision! This made the upper and lower part of the water lock to separate and the lower part fell into to the waste water pipe. Fortunately there was a bend some 30 centimeters down so it stuck there and I only (!) hade to put my arm into the pipe, grab it and pull it out.

To get the water trap out was actually more simple than anticipated. This how it should have been done: just put your gloves on, stick two fingers in the big hole and a thumb at the edge and pull. When removed and safely away from the waste water pipe, the four screws can be unscrewed in order to separate the two parts of the water lock so it can be cleaned more easily.

Anytone AT-D578UV Toyota Prius installation
Stefan Helander

Anytone AT-D578UV stealth installation in Toyota Prius (2008)

/0 Comments/in /by

I wanted to make a “stealth installation” of my Anytone AT-D578UV radio in my Toyota Prius (2008) so I don’t have to worry so much for burglars when parking the car. Below the FM-radio is a compartment, when removed, leaves a space big enough for the radio.

There is plenty of space behind the compartment. I was a bit worried about that issue becase the radio is longer than the depth of the compartment, but it turned out there is enough empty space behind it.

I installed the radio with the programming cable connected as it will be very hard to connect it after the radio is mounted in the car. The microphone is extended and connected using a flat straight ethernet cable and both cables are dropped downwards and pulled out from behind the panel. That way I can easily hide the microphone when parking the car.

When the compartment under the radio is removed (and saved to be reinstalled when selling the car), the space between the metal plates is to wide, so I took a 5 mm nylon cutting bord that I cut into pieces and glued them together to form a suitable spacer and drilled a hole for the mounting screw. I did not use the mounting screws that came with the radio, instead I used one M4x20 mm and one M4x40 mm. On the right side of the radio I used 2 nylon pieces and on the left side 5 or 6. The screws went into the rear holes on the radio and to get some support for the front I used zip tie straps around the radio through the holes in the metal plates.

The GPS was just tucked up behind the navitor screen, just to the right of the speaker. A note about the GPS antenna connector. After about 6 months after installation, I had no GPS signal on the Anytone AT-D587UV. It turned out that the SMA-connector, that I tightened by hand, hade shaken loose by the vibrations. So do tight it a bit with a small wrench, not overtightening it but enough to keep it from getting loose.

For power, I routed two 6 mm2 wires directly from the battery (with a 30A fuse close to the battery) and routed them through the left trunk panel and inside the side panels below the doors to the front. The antenna cable went the same way and I didn’t want to drill a hole in the car so I used a trunk lid mount even though the performance for those are often not as good.

Anytone AT-D578UV Toyota Prius installation
Work in progress
Anytone AT-D578UV Toyota Prius installation
AT-D578UV under radio
Anytone AT-D578UV Toyota Prius installation
AT-D578UV screw and zip tie
AT-D578UV zip tie
AT-D578UV GPS-antenna
Anytone AT-D578UV Toyota Prius installation
AT-D578UV installed under radio
Anytone AT-D578UV Toyota Prius installation
AT-D578UV invisible
Anytone AT-D578UV Toyota Prius installation
AT-D578UV programming cable and mic extension
Anytone AT-D578UV Toyota Prius installation
Trunk lid antenna mount
Anytone AT-D578UV Toyota Prius installation
Trunk lid antenna mount
Stealth installation of Anytone AT-D578UV in Toyota Prius (2008)

Useful videos

These are some useful tutorial videos as you need to uninstall and reinstall the stereo in order to install the Anytone AT-D578UV below it.

Car stereo removal

How to remove trunk interior, left side, for cable rerouting. Use parts of this video. You don’t have remove all interior as the video shows.
Car stereo removal, parts of this video is very useful
Anytone Talker Alias
Stefan Helander

How to enable Talker Alias on Anytone AT-D878UV / AT-D578UV

/0 Comments/in /by

With the number of assigned DMR ID:s on radioid.net going over 200.000 we are over the limit of the capacity for the Contact List on the older Anytone models. Anytone:s under estimation in design is not the first in history. Remember Bill Gates saying that no-one, ever, is going to need more than 640 kB RAM?

So we need to select which regions of DMR ID:s to incluide in our contact lists in our Anytone radios.

In addition to that it is a good idea to enable Talker Alias to sort of increase the chance of just not seeing a DMR ID in the display. Not all repeaters supports it though.

  1. Make sure your own Radio ID Name is set in the form “CALLSIGN Name” (your callsign and first name separated with a space). Set your radio on a DMR channel, then MENU -> Settings -> Chan Set -> Radio ID -> select your ID -> Option -> Edit Name -> Confirm
  2. MENU -> Talk Group -> Talker Alias -> Alias Tx Set -> On
  3. MENU -> Talk Group -> Talker Alias -> Alias Rx Dis -> Contact First

Stefan Helander

Joomla! T3 Framework based template, module class suffix not working

/0 Comments/in /by

The problem was that module class suffix was not working and the first solution was to make a tpl file override, placed in local/tpls/blocks and change style=”raw” to style=”xhtml” for the module in question. This solution had been working for years, but suddenly the client reported that their site was “looking weird” again.

It turned out the module class suffix had stopped working again.

The solution this time was quite simple. The site had been updated and the T3 system plugin was version 3.0.2. By updating it to 3.0.4 the problem was solved.

Stefan Helander

Microsoft Internet Explorer opens Edge

/0 Comments/in /by

Microsoft is phasing out Internet Explorer and moves over to Edge. In order to facilitate that, some users experience that when they click on the Internet Explorer, it actually opens up Edge. In rare situations, the user might need Internet Explorer instead of Edge.

It is possible to override this.

  • Start Microsoft Edge and open edge://settings/defaultBrowser
  • Find the settings for “Let Internet Explorer open sites in Microsoft Edge” and set it to Never
  • Click on the Internet Explorer icon. Now MSIE should open.
Setting Edge to allow Internet Explorer
Stefan Helander

“There has been a critical error on your website. Learn more about debugging in WordPress.” and web error log reports “Call to undefined function the_field()” [Solved]

/0 Comments/in /by

After an upgrade of WordPress, the site reported “There has been a critical error on your website. Learn more about debugging in WordPress.”. When investigating the web server log files, errors reporting “Call to undefined function the_field()”.

Solution: During the upgrade process, the plugin “Advanced Custom Fields” had been disabled. By activating the plugin, the problem was solved.

Cisco RV160 RFI fix
Stefan Helander

Cisco RV160 RFI-problems [fixed]

/0 Comments/in , /by

Being an amateur radio operator (or HAM-radio operator) I need to use electronic devices with as low radio emissions as possible in order to keep a low noise level on the shortwave bands (or HF-bands). I found out that my Cisco RV160 router was one of the major sources of radio noise (RFI or Radio Frequency Interference) in my home. It turned out it was easily fixed as the culprit was not the router in itself, but it’s power supply.

The router runs on 12 volts DC (original power supply rated up to 1,5A) which is often available in the ham schack already. So in that case, get rid of the original power supply and hook up the router to your 12 volts DC supply in the shack. In my case, the router was located in another part of the house so I just replaced the power supply with another, transformer based power supply. In my case, a Mascot 6823, rated for 12 volts DC, 1A (intermittently up to 1,3A). Even though not the same amp rating as the original, it seems to be sufficient.

Stefan Helander

My experience with HyEndFed 10/15/20/40/80 meter 5 band antenna MK3 End Fed Half Wave antenna

/0 Comments/in /by

For what it is, I think the HyEndFed 5 band antenna works very well. The location where I am using it is my wife’s house so there has been some careful negotiations taking place. 🙂 If it was up to me, a 24 meter tower with several beam antennas in the top would be a reasonable choice. But since it was not my decision I had to go for something more low key, stealthy approach.

The property is about 30×36 meters with one high fur tree along one of the sides. A reasonable way of installing a wire antenna is between the roof of the house and the tree. Distance between them is about 26 meters. I wanted to work the HF bands, including 80 meters, but for 26 meters a multiband dipole was out of the question since 2 x 19 meter is too large. I used Google Maps in satellite view to measure the distance between the tree and the house where the other end of the antenna was going to be.

Using Google Maps to measure the distance between the tree and the house for my End Fed Half Wave antenna.

So I started to look into End Fed Half Wave antennas. This would be very practical as one of the end points of the antenna is on the house. My choice fell on HyEndFed 5-band MK3 for 10/15/20/40/80 meters as this antenna has a length of 23 meters.

The order and delivery was super smooth and quick but I was surprised by the 4% card fee HyEnd company charged. According to my dutch wife, this is very common practise in the Netherlands where HyEnd company is located, but I think they should reconsider this when going on an international market.

The product looks high quality and I ordered the one with mounting plate and strain relief option. The antenna is rated for 200 watts SSB but note, that for CW and digital modes, the limit is only 35 watts! If you want to run these modes, you might want to consider another antenna. On their website, the specifications only mention the SSB limits (“Max. Power : 200 watt PEP, SSB.”). I think they should also be clear about the CW and digital modes limits and mention them in the online specifications!

When delivered, the antenna only needs to be adjusted for the 80 meter band. As delivered it will be resonant at about 3550 kHz. Shortening the 80 meter part of the wire by 1 cm will raise the resonance frequency about 4 kHz. This is mentioned in the supplied installation papers. You should cut the antenna to make it resonant on the frequency where you plan to use it the most on 80 meters. It is also recommended to use an antenna tuner on 80 meters in order to be able to use the entire band.

HyEndFed 5-band MK3 antenna
The antenna ready for installation. Note: the spring is not included. It was added by me.

After making a temporary mount of the antenna at approximately 4 meters (later on it will slope from about 10 to 6 meters height), I tuned in on 20 meters, heard a station from Slovenia calling CQ. I got immediate response and a 59 report. Checking the output power on my radio, it was set to only 20 watts. Looks promising.

The wire is discrete so it is a perfect antenna for “stealthy” installations. The fact that my wife didn’t notice the antenna until after 2 days in place seems to proove this. 🙂

When the feeding point is above 2 meters over the ground, no grounding of the antenna is needed but you should put a wave trap on the coax line with at least 4,2 meters of coax between the antenna box and the wave trap.

But even though I used a wave trap I got problems with HF going into my PC making sparkling noices while transmitting on 80 meters outside the resonant frequency (using a matchbox). This was easy resolved by purchasing a 1,5 meter copper ground rod that I drove into the ground and grounded my radios as well as the chassie of the PC.

Note: Do not connect the ground nut on the antenna box and the radios/pc to the same ground rod simultaneusly. This will overlap the wave trap and you will get HF into the shack, onto your radios and PC.

I’ll add more to this article when it is in final position and when I have worked more QSO:s on it. So far it is looking good though.

EDIT: After writing this article, I decided to replace it with a 8 band EFHW antenna.