Linux gateway/router issues, please help!

By Captain_Rainbowbeard
in Smart Home, Network & Security

 Share

Recommended Posts

Apprentice

Captain_Rainbowbeard

Posted
Posted

Hi all, I posted this issue on another forum and was directed here to seek help, hope I can get some good advice.

I should start by explaining my home network setup... I live in a shared building split into individual flats/rooms with shared internet across the whole building. The ADSL router supplied by our ISP is located in another room which I do not often get access to, this is the access point that all other computers in the house are connected to. I have an ethernet cable running from this room into mine to provide me with network and internet access. It is from this point that I am having trouble...

The cable is connected in my room to a Debian (squeeze) linux box which I am attempting to configure as a gateway/router/firewall. From my linux box a second cable is then connected to my network switch which then distributes the connection to my personal machines in my room, one of which is a Windows server (2008 R2) which I am presently running as a web server with the intention of creating a secure FTP server. The Windows server is also running an SMB share and VNC server.

The problem I am having regards access between my internal machines (in my room) and the external machines (rest of the network). The Debian gateway is successfully supplying internet as all of my internal machines are able to access the web, however when attempting to access the ADSL router configuration page from here my browser tells me 'This web page is not available'. I am also able to use my SMB share and VNC server from my internal machines yet externally the server (or any of my other machines for that matter) are not visible across the network, neither can I see anyone else's (external) computers from here.

I am reasonably certain that I wish to keep the setup as is as I am fairly paranoid about network security and would feel more comfortable if I was separated from the rest of the network and the internet via a secure firewall, though I still require my web server to be able to be accessed from the net (and would also like to be able to remote into it via the web using VNC), I would also like other people in the house to be able to take advantage of my SMB share.

I assume that this is a port forwarding issue? (though can't be certain as this sort of setup is quite new to me). Also as the Debian gateway is providing DHCP to my internal machines I am considering the possibility that this may also be an issue?

I am hoping that someone here has enough knowledge to talk me through preparing the correct configuration to make this work or could offer, if necessary, another practical solution that will provide me with the security I desire.

Thanks all for taking the time to consider my problem, any help is greatly appreciated...

Grand Master

n_K

Posted
Posted

Are you using the same IPs or subnets or what?

If you can access the net fine then the debian 'sever' sounds like it's got NAT routing and is routing fine and you can't access any other PCs so sounds like you might have an IP subnet collision like they're both using the 192.168.1.0/24 range.

You need to post all your IP diagrams and configuration information for anyone to even attempt to diagnose the problem.

Apprentice

Captain_Rainbowbeard

Posted
  • Author
Posted

Are you using the same IPs or subnets or what?

If you can access the net fine then the debian 'sever' sounds like it's got NAT routing and is routing fine and you can't access any other PCs so sounds like you might have an IP subnet collision like they're both using the 192.168.1.0/24 range.

You need to post all your IP diagrams and configuration information for anyone to even attempt to diagnose the problem.

Ok, sounds like a reasonable explanation.

The ADSL router has the IP 192.168.0.1 on 255.255.255.0 subnet.

Linux box appears externally as 192.168.0.23 (interface eth0) and internally as 192.168.0.2 (eth1)

Based on a guide for simple gateway routing I found online my 'iptables.rules' file is as follows:


*nat
-A POSTROUTING -o eth0 -j MASQUERADE
COMMIT
*filter
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --dport 2020 -j ACCEPT
-A INPUT -i eth0 -j DROP
COMMIT
[/CODE]

To clarify port 2020 is the port I use for SSH...

Please advise on any other information that may be required. Thanks you.

Apprentice

Captain_Rainbowbeard

Posted
  • Author
Posted

Figured this would be useful too...

My /etc/network/interfaces file:


auto lo
iface lo inet loopback
pre-up iptables-restore < /etc/iptables.rules
allow-hotplug eth0
iface eth0 inet dhcp
allow-hotplug eth1
iface eth1 inet static
   address 192.168.0.2
   netmask 255.255.255.0
   network 192.168.0.0
   broadcast 192.168.0.255
[/CODE]

and my dnsmasq.conf:

[CODE]
interface=eth1
listen-address=127.0.0.1
dhcp-range=192.168.0.100,192.168.0.110,12h
[/CODE]

Make life easy on yourself and use smoothwall as your linux router/firewall www.smoothwall.org

I will look into it, thanks...

Apprentice

Captain_Rainbowbeard

Posted
  • Author
Posted

@ grabageek:

Seems like smoothwall should be a nice easy setup, not quite what I had in mind. I would like to develop more practical networking knowledge, routing and security is something I would quite like to get to grips with on a technical level and as such why I would like to explore making a working configuration myself. Thanks for the advice though.

Apprentice

Captain_Rainbowbeard

Posted
  • Author
Posted

"The ADSL router has the IP 192.168.0.1 on 255.255.255.0 subnet.

Linux box appears externally as 192.168.0.23 (interface eth0) and internally as 192.168.0.2 (eth1)"

There is your problem and solution.

Please excuse me being so slow (like I said I am still somewhat unfamiliar with more advanced aspects of network configuration) but could you please clarify further? Could you recommend an IP configuration that would work? Bearing in mind my connection comes in from the ADSL router to the device eth0 and is routed out to my network swicth on device eth1.

Thank you.

Grand Master

n_K

Posted
Posted

Certainly. You're using the same IP and subnet for two networks, you're lucky you can even connect to the internet because you're doing a straight in-out NAT, if you were doing an IP based NAT then you wouldn't even have internet working.

You need to change to a different subnet mask for your network, as the subnet mask for the internal ASDL modem is set to 192.168.0.0/24, that means 24 bits of 32 are used for network address and the last 8 bits are used for host addresses, so hosts in the 192.168.0.0/24 network range from 192.168.0.1 - 192.168.0.254 (192.168.0.0 is the network address and 192.168.0.255 is the broadcast address). So if you increment the network address by one to get 192.168.1.0/24, you've got a whole new IP range you can use that won't cause any conflicts.

Your private network will be on 192.168.1.x and the ADSL modem will be on 192.168.0.x and you will be able to communicate between them.

Apprentice

Captain_Rainbowbeard

Posted
  • Author
Posted

Certainly. You're using the same IP and subnet for two networks, you're lucky you can even connect to the internet because you're doing a straight in-out NAT, if you were doing an IP based NAT then you wouldn't even have internet working.

You need to change to a different subnet mask for your network, as the subnet mask for the internal ASDL modem is set to 192.168.0.0/24, that means 24 bits of 32 are used for network address and the last 8 bits are used for host addresses, so hosts in the 192.168.0.0/24 network range from 192.168.0.1 - 192.168.0.254 (192.168.0.0 is the network address and 192.168.0.255 is the broadcast address). So if you increment the network address by one to get 192.168.1.0/24, you've got a whole new IP range you can use that won't cause any conflicts.

Your private network will be on 192.168.1.x and the ADSL modem will be on 192.168.0.x and you will be able to communicate between them.

Thanks, I will give it a go and let you know how I get on...

Apprentice

Captain_Rainbowbeard

Posted
  • Author
Posted

Ok, things are moving in the right direction a little. My linux box still has the IP 192.168.0.23 on eth0 externally (is this ok?) however internally is now on network 192.168.1.0, bcast 192.168.1.255 and supplying DHCP with a range of 192.168.1.2 to 192.168.1.254 with a device IP of 192.168.1.1 on eth1.

I can now successfully get into the ADSL router setup page with no problems however I am still unable to see any external hosts. I am also unable to ping any of my internal hosts from any host on 192.168.0.x ...

Grand Master

+BudMan MVC

Posted
  • MVC
Posted

So how would hosts on 192.168.0 know how to get back to the 192.168.1 network? To ping something? They could ping your ip address of your linux router that is on the 192.168.0 network - but you can not forward icmp to different boxes inside. If you not going to nat and just route, they still don't know how to get to the 192.168.1.0 network -- their default route it the adsl router, and he does not know that 192.168.1 is behind your linux box. You would have to edit his route table to know that, or use a routing protocol to share this info with him, like rip. But to turn that on you would need access to the adsl router as admin and it would have to support it, etc.

So you want to put yourself behind a firewall between other building users that are all on the same 192.168.0 network -- this is far enough and common want.

But not sure why you would go with a standard linux install - why not go with one of the many distro's designed to be a router/firewall.. Of the top as already mentioned smoothwall sure, there is also my fav pfsense, there is ipcop, there is m0n0wall, etc. etc.. There is clearOS which is more a full blown SME, it can run all kinds of services file, email, etc. while protecting you from users on 192.168.0 network.

Not sure what you mean exactly by unable to see "external hosts." Are these on the 192.168.0 network or the internet after the adsl router?

If you would download one of the many firewall/router distros - click click click you would be up and running with a nice web gui to admin your shiny new firewall with.

Apprentice

Captain_Rainbowbeard

Posted
  • Author
Posted

IP tables now reads as such:


*nat
-A POSTROUTING -o eth0 -j MASQUERADE
COMMIT
*filter
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --dport 2020 -j ACCEPT
-A INPUT -i eth0 -j ACCEPT
COMMIT
[/CODE]

Still unable to ping hosts on 192.168.1.x from 192.168.0.x

Are you able to offer advice on how this should look?

Apprentice

Captain_Rainbowbeard

Posted
  • Author
Posted

So how would hosts on 192.168.0 know how to get back to the 192.168.1 network? To ping something? They could ping your ip address of your linux router that is on the 192.168.0 network - but you can not forward icmp to different boxes inside. If you not going to nat and just route, they still don't know how to get to the 192.168.1.0 network -- their default route it the adsl router, and he does not know that 192.168.1 is behind your linux box. You would have to edit his route table to know that, or use a routing protocol to share this info with him, like rip. But to turn that on you would need access to the adsl router as admin and it would have to support it, etc.

So you want to put yourself behind a firewall between other building users that are all on the same 192.168.0 network -- this is far enough and common want.

But not sure why you would go with a standard linux install - why not go with one of the many distro's designed to be a router/firewall.. Of the top as already mentioned smoothwall sure, there is also my fav pfsense, there is ipcop, there is m0n0wall, etc. etc.. There is clearOS which is more a full blown SME, it can run all kinds of services file, email, etc. while protecting you from users on 192.168.0 network.

As I before mentioned I am trying to gain a more advanced understanding of routing and firewall configuration from the CLI as apposed to a GUI based pre-prepared distro. I understand that this will give me (more) headaches however I would never have gained the experience in Linux that I now have if hadn't already spent a great deal of time attempting to play with things that I have no idea how to work. What can I say, I learn better by throwing myself in at the deep end :D

Not sure what you mean exactly by unable to see "external hosts." Are these on the 192.168.0 network or the internet after the adsl router?

My apologies for my inaccurate terminology, I am still learning how to express networking concepts in the correct terms. 'external hosts' I do indeed mean hosts on the 192.168.0 network, and as such 'internal hosts' being those on my 192.168.1 network. Hope this clarifies.

Grand Master

n_K

Posted
Posted

Yes, you are now accepting packets from the 192.168.0.x network to the debian 'sever'.

You need to filter them then either just pass them off out the other interface or use NAT's prerouting to change them to come out the other interface.

(Plus you'll want to use FORWARD not ACCEPT)

Apprentice

Captain_Rainbowbeard

Posted
  • Author
Posted

Yes, you are now accepting packets from the 192.168.0.x network to the debian 'sever'.

You need to filter them then either just pass them off out the other interface or use NAT's prerouting to change them to come out the other interface.

(Plus you'll want to use FORWARD not ACCEPT)

Hmmm, I appear to be having some trouble with the syntax of the IP tables, I attempted to add a FORWARD line and this broke the routing, are you able to be more specific?

Apprentice

Captain_Rainbowbeard

Posted
  • Author
Posted

-A INPUT -i eth0 -j FORWARD

(From what I remember, can't check as the half-NAT I did for a firewall for my server is offline)

This appears to break the routing :(

Anyways, it's getting late and I'm growing tired of this for today. I am going to sleep on it and try again tomorrow.

Grand Master

HawkMan

Posted
Posted

As I before mentioned I am trying to gain a more advanced understanding of routing and firewall configuration from the CLI as apposed to a GUI based pre-prepared distro. I understand that this will give me (more) headaches however I would never have gained the experience in Linux that I now have if hadn't already spent a great deal of time attempting to play with things that I have no idea how to work. What can I say, I learn better by throwing myself in at the deep end :D

Don't think if it as doing it the easy way, think of it as choosing the right tool for the job.

Apprentice

Captain_Rainbowbeard

Posted
  • Author
Posted

Don't think if it as doing it the easy way, think of it as choosing the right tool for the job.

TBH that's quite a fair point, and if I can't make this work within the next couple of days I may consider changing my approach somewhat, however I am a stubborn b*****d and will keep on at this for now at least.

IF I were to consider using a specific firewall distro what are people's genral opinions on the best, most configurable and most secure distro to use?

Mentor

Karl L.

Posted
Posted

I believe pfsense will do nicely for what you are trying to accomplish...has a web based front end with a linux based back end. Probably the best of both worlds for you...you can see where you are screwing up.

I definitely agree that pfSense is a very nice firewall distribution, but it is not Linux based: its based on FreeBSD. In general, networking theory applies equally to both Debian and FreeBSD, but some of the configuration tools are a little different. Since iptables is merely a kernel-level firewall, not a POSIX standard, its specific to the Linux kernel. FreeBSD currently uses the OpenBSD PacketFilter firewall, which is also kernel-level. You can get basic iptables documentation from the Debian Wiki, CentOS Wiki, and RHEL Manual, and basic pf documentation from the FreeBSD Handbook and OpenBSD Wiki.

Grand Master

+BudMan MVC

Posted
  • MVC
Posted

Right tool is the better term yes.

Your not going to learn anything being frustrated having to try and get syntax exactly right! What does that teach you??

Get the concepts down, then you can worry about knowing the exact command to do what you want from a command line.

As mentioned - pfsense would be a great choice, and yes it is freebsd based not linux. But to to be honest from just doing commands, its not any different than any other linux distro. Pretty much all the linux commands are the same, its just you use different tools.

Get your network secured and working - and get the basic concepts down, then you can mess with the inner workings.

Heres the thing if you just route and don't nat - your not going to be able to talk machines on the .0 since you don't have control over their router or the hosts there is no way for you to setup the routing correctly for them to talk between the 2 networks. So your going to need to nat, then every box behind your firewall will just look like another .0 host to the boxes on that network - even their router your just going to look like another one of its clients.

Boxes on the .0 will be able to get to ips on the .1 through the .0.x address of your wan interface on your router/firewall (pfsense) Once you forward the ports you want to the specific .1.x addresses you want to serve up those services to people on the .0 network.

Now the issue your going to have in a double net setup, and without control of the .0 router anyway - is your not going to be able to do any port forwarding from the internet to boxes inside your .1 network - unless you can have whoever controls the .0 router to setup the forwards to your .0 address, etc.

But that is part of the problem with double natting.

  • Captain_Rainbowbeard
  • Like 1
Apprentice

Captain_Rainbowbeard

Posted
  • Author
Posted

@ BUDMAN:

Sure, to be fair you make a very reasonable point and I am definitely swaying to the idea. I will look into pfsense and see how I go, fortunately BSD based distros are no mystery to me, I spent some time playing with a range of UNIX-like systems some time ago and was pleased to see that bash is still the preferred shell. You are entirely correct, of course, that it is most likely the best way I can learn the basic principles of what I am trying to achieve and as +sc302 rightly said it would help me understand where I'm screwing up. Thanks for the good advice guys.

I was also considering another option; A friend of mine has given me his old Cisco 2600 series router and I have been looking into configuring this as a firewall. This would give me an excellent opportunity to get to grips with the Cisco command console though I am unsure of what pros/cons this would have over using a UNIX/GNU based firewall instead. Which do you think would be the most preferable solution for my purposes?

This topic is now closed to further replies.
 Share
Go to topic listing

  • Posts

    • Paint.NET can finally be downloaded from the "right" place

      By Orrelix Organimus · Posted

      I still don't think it's as simple as that. Should Amazon drop "Cloud" from their product/service branding? That's a platform too?
    • Microsoft explains why PowerToys 0.100.0 is faster and slimmer, there are new features too

      By hellowalkman · Posted

      Microsoft explains why PowerToys 0.100.0 is faster and slimmer, there are new features too by Sayan Sen Microsoft has released PowerToys version 0.100.0 today, bringing a sizeable collection of upgrades across the utility suite. While the release contains fixes and improvements for multiple modules, the biggest highlights revolve around performance, reduced package size, Command Palette enhancements, a redesigned Shortcut Guide experience, and further refinements to the recently introduced Power Display utility. For anyone not familiar or who does not read Neowin regularly, Microsoft PowerToys is a free, open-source set of utilities for Windows 10 and 11 that are designed to help with customization that can also in turn boost your productivity. It offers tools such as FancyZones for window layouts, PowerToys Run for quick app launching, Color Picker, PowerRename, and more. The app is primarily meant for power users on Windows, and hence the name. One of the most notable changes in PowerToys 0.100.0 is its migration to .NET 10. Besides modernizing the codebase, the move greatly reduces the application's overall footprint and also claims to improve startup times and general responsiveness. For users who keep PowerToys running continuously in the background, this could mean a smoother experience and lower resource usage over time. It is no fluke for sure as is evident from the download size. While the previous release 0.99.1 was 376MB, the latest release is substantially smaller at just 272MB. That's a 28% drop. Microsoft is also continuing its development of Command Palette as the launcher receives another round of upgrades including a new utility called Extension Gallery. As the name suggests, it lets users browse through and also install various extensions without leaving the Command Palette. It is available within the Command Palette settings. Speaking of new utilities, a newly revamped Shortcut Guide experience has been added. It basically displays available Windows key shortcuts on demand and has been redesigned to make discovering and learning keyboard shortcuts easier. Given that Shortcut Guide was one of the earlier PowerToys features in its open-source era, the refresh brings it more in line with the modern design language Microsoft has been introducing throughout the project. Power Display, the monitor-management utility introduced recently, also receives meaningful improvements. The tool allows users to control supported monitor settings such as brightness, contrast, volume, and color profiles directly from the system tray without reaching for physical monitor buttons. Several existing modules have received smaller but useful improvements as well. Microsoft has continued refining FancyZones, File Locksmith, Advanced Paste, Image Resizer, Mouse utilities, and other components. As usual, the release includes a long list of bug fixes aimed at improving stability, reducing crashes, and addressing user-reported issues across the suite. The full changelog is given below: Advanced Paste Fixed Advanced Paste clipboard-to-JSON conversion so clipboard read failures return an empty result instead of surfacing an exception in #48124 Command Palette Extension Gallery & Extensions Added the Command Palette Extension Gallery so users can discover, browse, install, update, and uninstall community extensions from within Command Palette, with cached gallery data, extension details/screenshots, and WinGet status/progress integration Added Command Palette parameter pages so extensions can prompt for lightweight command inputs directly in the search experience, including sample pages and SDK support for parameter runs Updated Command Palette bookmarks to collect placeholder values as inline parameters, so bookmarked commands can be filled in directly instead of opening a separate placeholders page Improved Command Palette Extension Gallery link handling so only HTTP/HTTPS homepage, author, install, and metadata links are shown or opened from the gallery UI Fixed Command Palette Extension Gallery UI bindings so WinGet operation indicators continue to update correctly without build warnings Fixed an AOT-only Command Palette Extension Gallery crash when opening an extension page with screenshots Updated the Command Palette extension template to use the 0.11 SDK package Improved Command Palette accessibility so Narrator announces checkbox labels on the Installed Apps page in Extensions settings in Dock Added Command Palette Dock support for customizing dock bands separately per monitor, allowing multi-monitor setups to keep independent dock layouts Added Command Palette Dock edit mode support for dragging dock bands between monitors, so pinned commands can move across per-monitor dock layouts Added Command Palette Dock drag-and-drop bookmarking for files and URLs, immediately creating and pinning bookmarks, improving pinned folder bookmarks so they open the Command Palette browse experience Fixed Command Palette dock context menu commands so Page commands and confirmation dialogs open the palette at the dock item when invoked from a dock item menu Fixed Command Palette Dock band tooltips so they refresh when the item title or subtitle changes Fixed Command Palette dock startup animations so items pinned to the End section animate consistently with Start and Center items Fixed Command Palette dock subtitle visibility in compact mode so subtitles refresh correctly after async updates Fixed Command Palette hotkey navigation when the palette is showing a transient dock page Fixed a Command Palette dock window border that occasionally remained visible after disconnect/reconnect, by ensuring the owner HWND is set before frame removal Improved the Command Palette Pin to Dock dialog by reordering controls so they appear above the preview, making the dialog easier to scan Performance Monitor Added a Battery widget to Command Palette Performance Monitor that shows live charge percentage, charging/AC status, and estimated time remaining, updating the dock-band battery icon to reflect current charge level and charging state in Added Command Palette Performance Monitor dock bands for individual metrics like CPU, memory, network, GPU, and battery when available Fixed Command Palette Performance Monitor's CPU dock reading to use a 0–100% system CPU counter, preventing boosted CPUs from showing values above 100% Improved Command Palette Performance Monitor network widgets by giving Send and Receive distinct up/down arrow icons and simplifying their labels Reordered Command Palette Performance Monitor network dock bands to match Task Manager's send/receive order Fixed a Command Palette Performance Monitor crash when a GPU index falls outside the available range Fixed a Command Palette Performance Monitor settings file path collision that could cause widget settings to overwrite one another Calculator Added rand() and randi() to the Command Palette Calculator and improved error messages by distinguishing invalid expressions, NaN, and out-of-range results Fixed Command Palette Calculator parsing for multi-argument functions in cultures where comma is both thousands separator and argument separator, so expressions like max(1,2) and grouped numbers are handled correctly Fixed the Command Palette and Run Calculator 'log' and 'ln' functions when whitespace separates the function name from its argument, so 'log (n)' computes log base 10 and 'ln (n)' no longer errors out Reliability & UX Added a pinned commands section to the Command Palette Home page with context-menu actions for reordering pinned commands Updated Command Palette Shell provider to behave more like Windows Run, improving command execution and suggestions for network paths, NTFS paths, and other edge-case paths Improved Command Palette Window Walker by showing a loading state while open windows are queried during search Improved Command Palette list items by limiting visible tag pills to three and showing a +N overflow badge, preventing tags from crowding out titles Added a Command Palette All Apps setting to hide app description subtitles in search results for a cleaner list view Fixed Command Palette back navigation so the bottom command bar refreshes immediately when returning with Esc or Backspace Fixed Command Palette Extensions settings text so single command and fallback command counts use singular wording Improved Command Palette extension logging by routing extension messages to info, warning, or error logs according to their reported severity Updated Command Palette versioning to 0.11 Added stable Command Palette automation IDs so UI testing tools can reliably target controls and generated list items across sessions Fixed Command Palette Dock positioning when opening palette items from secondary displays, so the palette appears on the correct monitor Updated developer documentation with steps for debugging Command Palette directly through its Visual Studio solution filter Added Command Palette Remote Desktop support for connecting to arbitrary hostnames typed into the list page, in addition to discovered connections Improved Command Palette result scoring by synchronising fallback title and subtitle formatting so similar items rank consistently Added a Command Palette "Show details" / "Hide details" toggle (with an icon) to the context menu, replacing the previous separate entries FancyZones Added translator-comment guidance to the FancyZones Editor strings 'Space around zones' and 'Highlight distance' so localizers translate them as margin/padding and adjacent-zone detection distance, fixing misleading Japanese renderings File Explorer Fixed a Markdown preview crash on UTF-8 files (notably CJK content) that exceeded WebView2's NavigateToString byte limit by switching the size check to count UTF-8 bytes and falling back to the temp-file rendering path when the threshold is exceeded File Locksmith Fixed File Locksmith handling of Unicode file paths when passing paths between normal and elevated runs, preventing certain non-ASCII paths from being corrupted Grab And Move Fixed the LNK2038 C++/WinRT version mismatch breaking GrabAndMove on CI by adding the Microsoft.Windows.CppWinRT NuGet to GrabAndMove.vcxproj so it uses the repo-pinned CppWinRT instead of whatever the Windows SDK ships Removed the "NEW" tag from the Grab And Move entry in Settings now that the module has shipped through a full release Image Resizer Added live settings reload to Image Resizer so external changes to settings.json take effect immediately without relaunching the flow Improved Image Resizer accessibility so Narrator announces the Resize button by name and the window title now reads 'Image Resizer' instead of the generic 'WinUI Desktop' Keyboard Manager Enabled the redesigned Keyboard Manager editor by default, so new installations open the WinUI 3 editor without changing settings Mouse Without Borders Added Mouse Without Borders Refresh Connections to Quick Access and the Settings Dashboard so users can reconnect devices faster Refactored Mouse Without Borders logging cleanup with no intended user-facing behavior change Peek Added a 'Show file preview tooltip' toggle to Peek's Behavior settings so users can disable the on-hover metadata tooltip (filename, type, date modified, size), and fixed the binding so toggling off no longer leaves an empty popup attached PowerDisplay Improved Power Display by automatically disabling the feature after a detected DDC/CI capability crash and showing a Settings warning before users re-enable it Fixed Power Display flyout keyboard handling so pressing Escape closes the window Improved Power Display monitor detection by rescanning displays when the screen wakes and temporarily locking controls until the refresh completes Updated PowerToys documentation to include telemetry events for Grab And Move and Power Display Updated Power Display localization comments so the product name remains untranslated in UI strings, including the system tray tooltip Improved Power Display monitor discovery by distinguishing internal panels from external monitors before applying brightness controls, reducing unnecessary DDC/CI probing on built-in displays Fixed Power Display upgrades so existing per-monitor preferences are carried forward from older monitor IDs to the current stable IDs Added a Power Display Max compatibility mode setting that can find monitors skipped by standard DDC discovery, with an immediate rescan and warning in Settings when enabled Improved Power Display brightness, contrast, and volume sliders by committing changes after a short debounce and allowing mouse-wheel adjustments Fixed Power Display brightness, contrast, and volume controls on monitors whose native DDC/CI ranges are not 0-100 by scaling slider percentages correctly Added a Power Display Settings confirmation prompt before enabling the module and improved monitor diagnostics for troubleshooting Fixed Power Display per-monitor settings so toggles persist across restarts, monitor reordering, and transient discovery failures Added a built-in Power Display monitor blacklist so known problematic displays are skipped during DDC/CI discovery and reported in logs instead of being probed Fixed a Power Display false-positive crash detection when the host process exits cooperatively, so the safety lockout no longer triggers on clean shutdowns Removed the "NEW" tag from the Power Display entry in Settings now that the module has shipped through a full release Reworked the Power Display warning dialog with clearer messaging, distinct warning kinds, and a dedicated dialog view-model so users get more actionable guidance after a DDC/CI issue PowerToys Run Improved PowerToys Run Calculator to return a friendly error for expressions whose result is a complex number (e.g. sqrt(-1)) instead of throwing during decimal conversion Documented the third-party PowerToys Run plugin Community.PowerToys.Run.Plugin.DiskAnalyzer for scanning folders/drives to find the largest files and folders Quick Accent Updated Quick Accent’s popup UI to standard PowerToys styling while keeping the accent selector experience unchanged in #46604 Improved Quick Accent language selection consistency by sharing the same language list between the accent popup and Settings UI in #47211 by @daverayment Added Greek Polytonic as a Quick Accent language, making polytonic Greek characters available from matching letter keys and Settings in #47021 by @daverayment and @guidotorresmx Fixed Quick Accent popup sizing, positioning, and selection glitches on high-DPI or multi-monitor setups, and improved Shift-key detection for navigation in #46593 by @daverayment Settings Added Image Resizer size preset validation so empty or whitespace names are ignored, keeping presets named and easier to understand in #45425 Fixed the Settings UI resource list by removing a duplicate Quick Accent Greek Polytonic language entry, allowing Settings builds to complete cleanly in #48054 Improved Settings UI with refreshed PowerToys imagery, constrained OOBE/SCOOBE layouts, and cleaner General settings controls and icons in #48024 Fixed the Settings “No shortcuts to show” empty-state message so it displays with a single period in #47287 by @daverayment Updated Grab And Move settings localization guidance so the Korean translation for “Activation modifier key” uses the feature activation meaning instead of product activation wording in #47352 Fixed the Quick Access flyout shortcut editor so clicking Reset no longer crashes PowerToys Settings and leaves the shortcut empty cleanly in #47407 Fixed PowerToys auto-update so it now actually relaunches after install with a 'successfully updated' toast, backs up all JSON configs before updating with restore on detected corruption, and defaults AutoDownloadUpdates to true for fresh installs in #46889 Renamed the OOBE overview "Learn" link label to "Documentation" so the call-to-action is clearer to first-time users in #48155 Shortcut Guide Fixed Shortcut Guide key visuals to show readable key names instead of raw numeric key codes, while preserving arrow key glyph behavior in #48037 by @noraa-junker Improved Shortcut Guide V2 reliability and accuracy by showing the configured shortcut, including additional PowerToys module shortcuts, matching app manifests correctly, and exiting cleanly from Esc or the close button in #48043 by @noraa-junker Added Shortcut Guide V2, a redesigned shortcut reference with built-in manifests for Windows, PowerToys, and common apps, plus taskbar/context-aware navigation and updated Settings, OOBE, docs, and installer support in #40834 by @noraa-junker Renamed the Settings UI module label from "Shortcut Guide V2" to "Shortcut Guide" now that V2 is the only shipping version in #48151 Fixed a Shortcut Guide V2 crash that occurred when the per-app Manifests directory was missing or unreadable, by treating the directory as empty in that case in #48171 by @MuyuanMS Reworded the Shortcut Guide module and OOBE descriptions so they better explain what V2 does and how to invoke it in #48248 Workspaces Reworked the Workspaces editor with WPF Fluent theming (dropping ControlzEx and ModernWpf), refined fonts, spacing, and Mica background, and moved action buttons to the top with full-width scrolling in #46172 by @Jay-o-Way ZoomIt Removed a stale Microsoft.Windows.ImplementationLibrary NuGet import from ZoomItBreak.vcxproj that was unused but broke the official build after the .NET 10 upgrade bumped the sibling project's WIL version in #47649 Added webcam capture overlay and multi-clip append-with-transitions support to the ZoomIt recording/trim editor, exposed the new options in the ZoomIt Settings page, and fixed microphone/webcam selection-dialog bugs along the way in #47529 by @foxmsft and @markrussinovich Fixed ZoomIt's record-hotkey registration so when Alt is the only modifier the window-record hotkey (base XOR Alt) is no longer registered as a modifier-less key that had been hijacking every bare keypress in #47388 Exposed ZoomIt's 16:9 aspect-ratio toggle for the screen-region recording hotkey (default Ctrl+Shift+5) in the PowerToys Settings UI in #47695 by @foxmsft Development To download the new release, head over to the official PowerToys GitHub repo here. Build / dependency improvements: Updated PowerToys build and developer tooling to .NET 10, with Visual Studio 2026 now required for building from source in #41280 by @jerone and @snickler Fixed Shortcut Guide v2 release signing by adding the YamlDotNet dependency to the signed binaries list in #48050 Updated shared PowerToys .NET runtime and library packages from 10.0.7 to 10.0.8 for the latest servicing fixes in #48010 by @snickler Improved PowerToys build tooling so build scripts discover Visual Studio 2026 Insiders/Preview installations with C++ tools and skip unusable installs in #47462 Updated PowerToys WinUI platform dependencies, including Windows App SDK 2.0.1 and WebView2, for apps and the Command Palette extension template in #47470 Updated shared PowerToys .NET runtime and library packages from 10.0.6 to 10.0.7 for the latest servicing fixes in #47517 by @snickler Fixed Quick Accent release signing by adding PowerAccent.Common.dll to the signed binaries list in #48058 Fixed Advanced Paste release signing by adding the Google Gemini-related dependency DLLs to the signed binaries list in #48001 Updated Advanced Paste AI dependencies, including Semantic Kernel and provider connectors, to newer package versions in #47819 CI & automation: Added a Telemetry PR Check workflow that detects telemetry event changes in pull requests and posts contributor guidance in #47889 Updated GitHub issue triage automation by renaming the area-labeling workflow and removing the legacy product auto-label workflow in #47911 Added GitHub issue triage automation that applies Product/Area labels to new or reopened issues and supports manual backfill in #47808 Fixed GitHub issue auto-labeling by correcting Product label names so the workflow applies existing repository labels in #48027 Added a GitHub Action and tester for issue triage that applies Product labels from issue template areas, with AI fallback and manual modes in #47485 Fixed GitHub issue auto-labeling so the workflow can authenticate with GitHub Models and apply area labels again in #47820 Updated spell-check CI expectations by removing obsolete tokens, reducing noisy advisory comments on pull requests in #48110 Updated CI to skip automatic builds for draft pull requests until they are ready for review in #47442 Fixed the README roadmap reference for v0.100 so it renders as a clickable milestone link in #47785 Updated README download guidance to point users to release assets and changes the release notes link to the releases page in #47432 Updated the GitHub issue tracker duplicate-resolution reply to more clearly point users to the original tracking issue in #47981 To download the new release, head over to PowerToys official GitHub repo here.
    • Microsoft AI boss no longer believes that AI will replace human workers

      By Co-ords · Posted

      A bunch of clowns!! Lacking resolve entirely & whatever they commit to is typically substandard. I cannot tolerate that organisation & given I am an MCSE, that speaks volumes! 😂
    • Bandizip 7.44

      By Copernic · Posted

      Bandizip 7.44 by Razvan Serea Bandizip is a powerful archiver which provides an ultrafast processing speed and convenient features. Available free of charge, and its paid editions support a variety of advanced features. Main features Supported OS: Windows 7/8/8.1/10/11 (32bit/64bit/arm64) All-inclusive compression / decompression / browsing / editing Archiver Extraction for 30+ formats, including RAR/RAR5/7Z/ZIP Compressing an archive with password and multi-volume Fast compression with multi-core Windows 11 Context Menu support Compression Supported formats: ZIP, 7Z(lzma2), ZIPX(xz), EXE(sfx), TAR, TGZ, LZH(lh7), ISO(joliet), GZ, and XZ ZIP file modification (add/delete/rename) Up to 6 times faster compression using multi-core Encrypted archive creation Supports AES256 encryption algorithm Supports compression of 4GB+ size files Unicode or MBCS filename for ZIP format Multi-volume archive creation of ZIP/7z format Decompression Supported formats: 7Z, ACE, AES, ALZ, ARJ, BH, BIN, BR, BZ, BZ2, CAB, Compound(MSI), DAA(1.0), DEB, EGG, GZ, IMG, ISO, ISZ, LHA, LZ, LZH, LZMA, PMA, RAR, RAR5, SFX(EXE), TAR, TBZ/TBZ2, TGZ, TLZ, TXZ, UDF, WIM, XPI, XZ, Z, ZIP, ZIPX, ZPAQ, PEA, UU, UUE, XXE, ASAR, ZSTD, and NSIS Easy view of an archive's file list Extraction of selected files only. Also supports drag & drop Availability of ZIP & RAR format archive comment One-step extraction of TGZ/TBZ formats Various features File integrity check test to ensure whether an archive is damaged or not Supports Code-page change features Explorer shell menu integration Bandizip 7.44 changelog: Fixed a vulnerability that certain file extensions are not recognized as executable files (KVE-2026-0830) Fixed a vulnerability that could occur when processing hard links in some (specially crafted) TAR archives (KVE-2026-0925) Fixed a vulnerability that could occur when processing symbolic links in some TAR archives (KVE-2026-0932) Fixed a vulnerability related to some ISZ files (Thanks to zzoru) Fixed a vulnerability related to some UDF files (Thanks to zzoru) Other modifications Download: Bandizip 64-bit | Portable | ~7.0 MB (Free, ad-supported) Download: Bandizip 32-bit | 11.0 MB Download Bandizip 6.29 (last freeware version) View: Bandizip Home Page | Bandizip Edition Comparison | Screenshot Get alerted to all of our Software updates on Twitter at @NeowinSoftware
    • Proton releases Proton Drive CLI for Windows, Mac, and Linux

      By Gerowen · Posted

      Holy crap it's about time.

  • Recent Achievements

    • One Year In
      Primer1st earned a badge
      One Year In
    • Experienced
      JayZJay went up a rank
      Experienced
    • Reacting Well
      Sir_Timbit earned a badge
      Reacting Well
    • Week One Done
      rubentuben8 earned a badge
      Week One Done
    • Week One Done
      ARaclen earned a badge
      Week One Done

  • Popular Contributors

    1. 1
      +primortal
      512
    2. 2
      PsYcHoKiLLa
      229
    3. 3
      Edouard
      136
    4. 4
      ATLien_0
      87
    5. 5
      Steven P.
      80
    Show More

  • Tell a friend

    Love Neowin? Tell a friend!